From ce48823d38591ed9c6fb1c00dbf31edbdefaeb74 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Wed, 21 May 2014 06:29:46 -0400 Subject: [PATCH] Moved some of the utility classes from core to a new utils module Former-commit-id: 2e6ff9631ff4c843f10db1e022e41e728394e420 --- dependency-check-ant/pom.xml | 5 + dependency-check-cli/pom.xml | 5 + dependency-check-core/pom.xml | 10 + .../dependencycheck/utils/ExtractionUtil.java | 145 +++++++++ dependency-check-maven/pom.xml | 5 + dependency-check-utils/pom.xml | 280 ++++++++++++++++++ .../utils/DownloadFailedException.java | 0 .../dependencycheck/utils/Downloader.java | 0 .../utils/ExtractionException.java | 0 .../dependencycheck/utils/FileUtils.java | 106 ------- .../utils/InvalidSettingException.java | 0 .../dependencycheck/utils/LogFilter.java | 0 .../owasp/dependencycheck/utils/LogUtils.java | 0 .../owasp/dependencycheck/utils/Settings.java | 1 + .../utils/URLConnectionFactory.java | 0 .../utils/URLConnectionFailureException.java | 0 .../dependencycheck/utils/package-info.java | 11 + .../owasp/dependencycheck/utils/BaseTest.java | 36 +++ .../utils/DownloaderIntegrationTest.java | 1 - .../dependencycheck/utils/DownloaderTest.java | 23 +- .../dependencycheck/utils/FileUtilsTest.java | 1 - .../dependencycheck/utils/SettingsTest.java | 1 - .../test/resources/dependencycheck.properties | 57 ++++ .../src/test/resources/test.properties | 1 + pom.xml | 9 +- 25 files changed, 563 insertions(+), 134 deletions(-) create mode 100644 dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java create mode 100644 dependency-check-utils/pom.xml rename {dependency-check-core => dependency-check-utils}/src/main/java/org/owasp/dependencycheck/utils/DownloadFailedException.java (100%) rename {dependency-check-core => dependency-check-utils}/src/main/java/org/owasp/dependencycheck/utils/Downloader.java (100%) rename {dependency-check-core => dependency-check-utils}/src/main/java/org/owasp/dependencycheck/utils/ExtractionException.java (100%) rename {dependency-check-core => dependency-check-utils}/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java (55%) rename {dependency-check-core => dependency-check-utils}/src/main/java/org/owasp/dependencycheck/utils/InvalidSettingException.java (100%) rename {dependency-check-core => dependency-check-utils}/src/main/java/org/owasp/dependencycheck/utils/LogFilter.java (100%) rename {dependency-check-core => dependency-check-utils}/src/main/java/org/owasp/dependencycheck/utils/LogUtils.java (100%) rename {dependency-check-core => dependency-check-utils}/src/main/java/org/owasp/dependencycheck/utils/Settings.java (99%) rename {dependency-check-core => dependency-check-utils}/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java (100%) rename {dependency-check-core => dependency-check-utils}/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFailureException.java (100%) create mode 100644 dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/package-info.java create mode 100644 dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/BaseTest.java rename {dependency-check-core => dependency-check-utils}/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java (97%) rename {dependency-check-core => dependency-check-utils}/src/test/java/org/owasp/dependencycheck/utils/DownloaderTest.java (73%) rename {dependency-check-core => dependency-check-utils}/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java (97%) rename {dependency-check-core => dependency-check-utils}/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java (99%) create mode 100644 dependency-check-utils/src/test/resources/dependencycheck.properties create mode 100644 dependency-check-utils/src/test/resources/test.properties diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml index 95162aed7..0f4061ed0 100644 --- a/dependency-check-ant/pom.xml +++ b/dependency-check-ant/pom.xml @@ -439,6 +439,11 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved. dependency-check-core ${project.parent.version} + + org.owasp + dependency-check-utils + ${project.parent.version} + org.owasp dependency-check-core diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml index eedd992d0..a28b61086 100644 --- a/dependency-check-cli/pom.xml +++ b/dependency-check-cli/pom.xml @@ -341,5 +341,10 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved. dependency-check-core ${project.parent.version} + + org.owasp + dependency-check-utils + ${project.parent.version} + diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml index ca5478bc5..a7b640d91 100644 --- a/dependency-check-core/pom.xml +++ b/dependency-check-core/pom.xml @@ -220,6 +220,11 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved. data.directory ${project.build.directory}/data + + temp.directory + ${project.build.directory}/temp + + **/*IntegrationTest.java @@ -399,6 +404,11 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved. + + org.owasp + dependency-check-utils + ${project.parent.version} + org.apache.lucene lucene-test-framework diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java new file mode 100644 index 000000000..aae31e6f3 --- /dev/null +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionUtil.java @@ -0,0 +1,145 @@ +/* + * Copyright 2014 OWASP. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.owasp.dependencycheck.utils; + +import java.io.BufferedInputStream; +import java.io.BufferedOutputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.FileOutputStream; +import java.io.IOException; +import java.util.logging.Level; +import java.util.logging.Logger; +import java.util.zip.ZipEntry; +import java.util.zip.ZipInputStream; +import org.owasp.dependencycheck.Engine; +import static org.owasp.dependencycheck.utils.FileUtils.getFileExtension; + +/** + * + * @author Jeremy Long + */ +public class ExtractionUtil { + + /** + * The logger. + */ + private static final Logger LOGGER = Logger.getLogger(ExtractionUtil.class.getName()); + /** + * The buffer size to use when extracting files from the archive. + */ + private static final int BUFFER_SIZE = 4096; + + /** + * Private constructor for a utility class. + */ + private ExtractionUtil() { + } + + /** + * Extracts the contents of an archive into the specified directory. + * + * @param archive an archive file such as a WAR or EAR + * @param extractTo a directory to extract the contents to + * @throws ExtractionException thrown if an exception occurs while extracting the files + */ + public static void extractFiles(File archive, File extractTo) throws ExtractionException { + extractFiles(archive, extractTo, null); + } + + /** + * Extracts the contents of an archive into the specified directory. The files are only extracted if they are + * supported by the analyzers loaded into the specified engine. If the engine is specified as null then all files + * are extracted. + * + * @param archive an archive file such as a WAR or EAR + * @param extractTo a directory to extract the contents to + * @param engine the scanning engine + * @throws ExtractionException thrown if there is an error extracting the files + */ + public static void extractFiles(File archive, File extractTo, Engine engine) throws ExtractionException { + if (archive == null || extractTo == null) { + return; + } + + FileInputStream fis = null; + ZipInputStream zis = null; + + try { + fis = new FileInputStream(archive); + } catch (FileNotFoundException ex) { + LOGGER.log(Level.FINE, null, ex); + throw new ExtractionException("Archive file was not found.", ex); + } + zis = new ZipInputStream(new BufferedInputStream(fis)); + ZipEntry entry; + try { + while ((entry = zis.getNextEntry()) != null) { + if (entry.isDirectory()) { + final File d = new File(extractTo, entry.getName()); + if (!d.exists() && !d.mkdirs()) { + final String msg = String.format("Unable to create '%s'.", d.getAbsolutePath()); + throw new ExtractionException(msg); + } + } else { + final File file = new File(extractTo, entry.getName()); + final String ext = getFileExtension(file.getName()); + if (engine == null || engine.supportsExtension(ext)) { + BufferedOutputStream bos = null; + FileOutputStream fos; + try { + fos = new FileOutputStream(file); + bos = new BufferedOutputStream(fos, BUFFER_SIZE); + int count; + final byte data[] = new byte[BUFFER_SIZE]; + while ((count = zis.read(data, 0, BUFFER_SIZE)) != -1) { + bos.write(data, 0, count); + } + bos.flush(); + } catch (FileNotFoundException ex) { + LOGGER.log(Level.FINE, null, ex); + final String msg = String.format("Unable to find file '%s'.", file.getName()); + throw new ExtractionException(msg, ex); + } catch (IOException ex) { + LOGGER.log(Level.FINE, null, ex); + final String msg = String.format("IO Exception while parsing file '%s'.", file.getName()); + throw new ExtractionException(msg, ex); + } finally { + if (bos != null) { + try { + bos.close(); + } catch (IOException ex) { + LOGGER.log(Level.FINEST, null, ex); + } + } + } + } + } + } + } catch (IOException ex) { + final String msg = String.format("Exception reading archive '%s'.", archive.getName()); + LOGGER.log(Level.FINE, msg, ex); + throw new ExtractionException(msg, ex); + } finally { + try { + zis.close(); + } catch (IOException ex) { + LOGGER.log(Level.FINEST, null, ex); + } + } + } +} diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml index 91904fbc8..513dc79c2 100644 --- a/dependency-check-maven/pom.xml +++ b/dependency-check-maven/pom.xml @@ -277,6 +277,11 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. dependency-check-core ${project.parent.version} + + org.owasp + dependency-check-utils + ${project.parent.version} + org.apache.maven maven-plugin-api diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml new file mode 100644 index 000000000..535feaa03 --- /dev/null +++ b/dependency-check-utils/pom.xml @@ -0,0 +1,280 @@ + + + 4.0.0 + + org.owasp + dependency-check-parent + 1.2.2-SNAPSHOT + + + dependency-check-utils + Dependency-Check Utils + Dependency-check-utils a collection of common utlity classs used within dependency-check. + + + + github-pages-site + Deployment through GitHub's site deployment plugin + ${basedir}/../target/site/${project.version}/dependency-check-ant + + + + + + UTF-8 + + + + + org.codehaus.mojo + cobertura-maven-plugin + 2.6 + + + true + + + 85 + 85 + false + 85 + 85 + 85 + 85 + + + .*\$.* + 0 + 0 + + + + + + + + clean + + + + + + org.apache.maven.plugins + maven-surefire-plugin + 2.16 + + + + temp.directory + ${project.build.directory}/temp + + + + **/*IntegrationTest.java + + + + + org.apache.maven.plugins + maven-failsafe-plugin + 2.16 + + + + temp.directory + ${project.build.directory}/temp + + + + **/*IntegrationTest.java + + + + + + integration-test + verify + + + + + + org.apache.maven.plugins + maven-compiler-plugin + 3.1 + + false + 1.6 + 1.6 + + + + org.apache.maven.plugins + maven-site-plugin + 3.3 + + + org.apache.maven.doxia + doxia-module-markdown + 1.5 + + + + true + + + org.apache.maven.plugins + maven-project-info-reports-plugin + 2.7 + + + + index + summary + license + help + + + + + + org.apache.maven.plugins + maven-javadoc-plugin + 2.9.1 + + + default + + javadoc + + + + + + org.codehaus.mojo + versions-maven-plugin + 2.1 + + + + dependency-updates-report + plugin-updates-report + + + + + + org.apache.maven.plugins + maven-jxr-plugin + 2.4 + + + org.codehaus.mojo + cobertura-maven-plugin + 2.6 + + + org.apache.maven.plugins + maven-surefire-report-plugin + 2.16 + + + + report-only + + + + + + org.codehaus.mojo + taglist-maven-plugin + 2.4 + + + + + Todo Work + + + todo + ignoreCase + + + FIXME + exact + + + + + + + + + org.apache.maven.plugins + maven-checkstyle-plugin + 2.11 + + false + ${basedir}/../src/main/config/checkstyle-checks.xml + ${basedir}/../src/main/config/checkstyle-header.txt + ${basedir}/../src/main/config/checkstyle-suppressions.xml + checkstyle.suppressions.file + + + + org.apache.maven.plugins + maven-pmd-plugin + 3.0.1 + + 1.6 + true + utf-8 + + ../src/main/config/dcrules.xml + /rulesets/java/basic.xml + /rulesets/java/imports.xml + /rulesets/java/unusedcode.xml + + + + + org.codehaus.mojo + findbugs-maven-plugin + 2.5.3 + + + + + + + + + commons-io + commons-io + 2.4 + + + junit + junit + 4.11 + test + + + diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DownloadFailedException.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/DownloadFailedException.java similarity index 100% rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DownloadFailedException.java rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/DownloadFailedException.java diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java similarity index 100% rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionException.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExtractionException.java similarity index 100% rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/ExtractionException.java rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/ExtractionException.java diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java similarity index 55% rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java index cfa7242e9..34727e9b1 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/FileUtils.java @@ -17,21 +17,13 @@ */ package org.owasp.dependencycheck.utils; -import java.io.BufferedInputStream; -import java.io.BufferedOutputStream; import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.FileOutputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.URLDecoder; import java.util.UUID; import java.util.logging.Level; import java.util.logging.Logger; -import java.util.zip.ZipEntry; -import java.util.zip.ZipInputStream; -import org.owasp.dependencycheck.Engine; /** * A collection of utilities for processing information about files. @@ -54,11 +46,6 @@ public final class FileUtils { */ private static final String BIT_BUCKET_WIN = "NUL"; - /** - * The buffer size to use when extracting files from the archive. - */ - private static final int BUFFER_SIZE = 4096; - /** * Private constructor for a utility class. */ @@ -155,99 +142,6 @@ public final class FileUtils { return jarPath.getParentFile(); } - /** - * Extracts the contents of an archive into the specified directory. - * - * @param archive an archive file such as a WAR or EAR - * @param extractTo a directory to extract the contents to - * @throws ExtractionException thrown if an exception occurs while extracting the files - */ - public static void extractFiles(File archive, File extractTo) throws ExtractionException { - extractFiles(archive, extractTo, null); - } - - /** - * Extracts the contents of an archive into the specified directory. The files are only extracted if they are - * supported by the analyzers loaded into the specified engine. If the engine is specified as null then all files - * are extracted. - * - * @param archive an archive file such as a WAR or EAR - * @param extractTo a directory to extract the contents to - * @param engine the scanning engine - * @throws ExtractionException thrown if there is an error extracting the files - */ - public static void extractFiles(File archive, File extractTo, Engine engine) throws ExtractionException { - if (archive == null || extractTo == null) { - return; - } - - FileInputStream fis = null; - ZipInputStream zis = null; - - try { - fis = new FileInputStream(archive); - } catch (FileNotFoundException ex) { - LOGGER.log(Level.FINE, null, ex); - throw new ExtractionException("Archive file was not found.", ex); - } - zis = new ZipInputStream(new BufferedInputStream(fis)); - ZipEntry entry; - try { - while ((entry = zis.getNextEntry()) != null) { - if (entry.isDirectory()) { - final File d = new File(extractTo, entry.getName()); - if (!d.exists() && !d.mkdirs()) { - final String msg = String.format("Unable to create '%s'.", d.getAbsolutePath()); - throw new ExtractionException(msg); - } - } else { - final File file = new File(extractTo, entry.getName()); - final String ext = getFileExtension(file.getName()); - if (engine == null || engine.supportsExtension(ext)) { - BufferedOutputStream bos = null; - FileOutputStream fos; - try { - fos = new FileOutputStream(file); - bos = new BufferedOutputStream(fos, BUFFER_SIZE); - int count; - final byte data[] = new byte[BUFFER_SIZE]; - while ((count = zis.read(data, 0, BUFFER_SIZE)) != -1) { - bos.write(data, 0, count); - } - bos.flush(); - } catch (FileNotFoundException ex) { - LOGGER.log(Level.FINE, null, ex); - final String msg = String.format("Unable to find file '%s'.", file.getName()); - throw new ExtractionException(msg, ex); - } catch (IOException ex) { - LOGGER.log(Level.FINE, null, ex); - final String msg = String.format("IO Exception while parsing file '%s'.", file.getName()); - throw new ExtractionException(msg, ex); - } finally { - if (bos != null) { - try { - bos.close(); - } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); - } - } - } - } - } - } - } catch (IOException ex) { - final String msg = String.format("Exception reading archive '%s'.", archive.getName()); - LOGGER.log(Level.FINE, msg, ex); - throw new ExtractionException(msg, ex); - } finally { - try { - zis.close(); - } catch (IOException ex) { - LOGGER.log(Level.FINEST, null, ex); - } - } - } - /** * Return the bit bucket for the OS. '/dev/null' for Unix and 'NUL' for Windows * diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/InvalidSettingException.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/InvalidSettingException.java similarity index 100% rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/InvalidSettingException.java rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/InvalidSettingException.java diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/LogFilter.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/LogFilter.java similarity index 100% rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/LogFilter.java rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/LogFilter.java diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/LogUtils.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/LogUtils.java similarity index 100% rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/LogUtils.java rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/LogUtils.java diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java similarity index 99% rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java index a3f1d3b29..0af35de4e 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -30,6 +30,7 @@ import java.util.Enumeration; import java.util.Properties; import java.util.logging.Level; import java.util.logging.Logger; +import org.owasp.dependencycheck.utils.FileUtils; /** * A simple settings container that wraps the dependencycheck.properties file. diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java similarity index 100% rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFailureException.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFailureException.java similarity index 100% rename from dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFailureException.java rename to dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFailureException.java diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/package-info.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/package-info.java new file mode 100644 index 000000000..0c92c24b5 --- /dev/null +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/package-info.java @@ -0,0 +1,11 @@ +/** + * + * + * org.owasp.dependencycheck.utils + * + * + * Includes various utility classes such as a Settings wrapper, utilities to make URL Connections, etc. + * + * + */ +package org.owasp.dependencycheck.utils; diff --git a/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/BaseTest.java b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/BaseTest.java new file mode 100644 index 000000000..a5b990c41 --- /dev/null +++ b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/BaseTest.java @@ -0,0 +1,36 @@ +/* + * Copyright 2014 OWASP. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.owasp.dependencycheck.utils; + +import org.junit.AfterClass; +import org.junit.BeforeClass; + +/** + * + * @author Jeremy Long + */ +public class BaseTest { + + @BeforeClass + public static void setUpClass() throws Exception { + Settings.initialize(); + } + + @AfterClass + public static void tearDownClass() throws Exception { + Settings.cleanup(true); + } +} diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java similarity index 97% rename from dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java rename to dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java index 20ab85e00..7feeaeb6a 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java +++ b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java @@ -21,7 +21,6 @@ import java.io.File; import java.net.URL; import static org.junit.Assert.assertTrue; import org.junit.Test; -import org.owasp.dependencycheck.BaseTest; /** * diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderTest.java b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderTest.java similarity index 73% rename from dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderTest.java rename to dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderTest.java index b04fee4c0..b539befcf 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderTest.java +++ b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderTest.java @@ -19,12 +19,9 @@ package org.owasp.dependencycheck.utils; import java.io.File; import java.net.URL; -import org.junit.After; -import org.junit.AfterClass; import static org.junit.Assert.assertTrue; -import org.junit.Before; -import org.junit.BeforeClass; import org.junit.Test; +import org.owasp.dependencycheck.utils.Downloader; /** * @@ -32,25 +29,9 @@ import org.junit.Test; */ public class DownloaderTest { - @BeforeClass - public static void setUpClass() throws Exception { - } - - @AfterClass - public static void tearDownClass() throws Exception { - } - - @Before - public void setUp() { - } - - @After - public void tearDown() { - } - @Test public void testGetLastModified_file() throws Exception { - File f = new File("target/test-classes/nvdcve-2.0-2012.xml"); + File f = new File("target/test-classes/dependencycheck.properties"); URL url = new URL("file:///" + f.getCanonicalPath()); long timestamp = Downloader.getLastModified(url); assertTrue("timestamp equal to zero?", timestamp > 0); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java similarity index 97% rename from dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java rename to dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java index b94c8273a..d5c68b0c2 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java +++ b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java @@ -23,7 +23,6 @@ import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import org.junit.Test; -import org.owasp.dependencycheck.BaseTest; /** * diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java similarity index 99% rename from dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java rename to dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java index 4c8b99216..fec2b026e 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java +++ b/dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java @@ -22,7 +22,6 @@ import java.io.IOException; import java.net.URISyntaxException; import org.junit.Assert; import org.junit.Test; -import org.owasp.dependencycheck.BaseTest; /** * diff --git a/dependency-check-utils/src/test/resources/dependencycheck.properties b/dependency-check-utils/src/test/resources/dependencycheck.properties new file mode 100644 index 000000000..70e0d45ab --- /dev/null +++ b/dependency-check-utils/src/test/resources/dependencycheck.properties @@ -0,0 +1,57 @@ +application.name=${pom.name} +application.version=${pom.version} +autoupdate=true +max.download.threads=3 + +#temp.directory defaults to System.getProperty("java.io.tmpdir") +#temp.directory=[path to temp directory] + +# the path to the data directory; the [JAR] signifies to use the relative path +# to the dependency-check-core JAR file. This path is only used to construct +# the connection string for the H2 driver (or other drivers that require a file path +# to be supplied. If you are using another database (MySQL, Oracle, etc.) this property +# will not be used. The data.directory will be resolved and if the connection string +# below contains a %s then the data.directory will replace the %s. +data.directory=[JAR]/data +data.connection_string=jdbc:h2:file:%s;FILE_LOCK=SERIALIZED;AUTOCOMMIT=ON; +#data.connection_string=jdbc:h2:file:%s;AUTO_SERVER=TRUE;AUTOCOMMIT=ON; +#data.connection_string=jdbc:mysql://localhost:3306/dependencycheck + +# user name and password for the database connection. The inherent case is to use H2. +# As such, this unsecure username/password exist. +data.user=dcuser +data.password=DC-Pass1337! +# The following are only used if the DB Driver is not JDBC4 compliant and/or the driver +# is not in the current classpath. Setting these properties will add the give path(s) to +# the class loader and then register the driver with the DriverManager. If the class is +# not in the path you must specify both the driver name (aka the fully qualified driver name) +# and the driver path. The driver path can be a semi-colon separated list of files/directories +# to ensure any and all needed files can be added to the classpath to load the driver. +# For non-JDBC4 drivers in the classpath only the driver_name needs to be set. +# For MOST situations these properties likely do not need to be set. +data.driver_name=org.h2.Driver +data.driver_path= + +# the path to the cpe xml file +cpe.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.2.xml.gz +# the path to the cpe meta data file. +cpe.meta.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.2.meta + +# the number of days that the modified nvd cve data holds data for. We don't need +# to update the other files if we are within this timespan. Per NIST this file +# holds 8 days of updates, we are using 7 just to be safe. +cve.url.modified.validfordays=7 + +# the path to the modified nvd cve xml file. +cve.url-1.2.modified=http://nvd.nist.gov/download/nvdcve-modified.xml +cve.url-2.0.modified=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml +cve.startyear=2014 +cve.url-2.0.base=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml +cve.url-1.2.base=http://nvd.nist.gov/download/nvdcve-%d.xml + +# the URL for searching Nexus for SHA-1 hashes and whether it's enabled +analyzer.nexus.enabled=true +analyzer.nexus.url=https://repository.sonatype.org/service/local/ +# If set to true, the proxy will still ONLY be used if the proxy properties (proxy.url, proxy.port) +# are configured +analyzer.nexus.proxy=true diff --git a/dependency-check-utils/src/test/resources/test.properties b/dependency-check-utils/src/test/resources/test.properties new file mode 100644 index 000000000..dec474f6f --- /dev/null +++ b/dependency-check-utils/src/test/resources/test.properties @@ -0,0 +1 @@ +proxy.port=80 \ No newline at end of file diff --git a/pom.xml b/pom.xml index be2e9cf3b..515c8ca17 100644 --- a/pom.xml +++ b/pom.xml @@ -1,3 +1,4 @@ + - +--> 4.0.0 org.owasp @@ -29,7 +29,8 @@ Copyright (c) 2012 - Jeremy Long dependency-check-ant dependency-check-maven dependency-check-jenkins - + dependency-check-utils + Dependency-Check https://github.com/jeremylong/DependencyCheck.git dependency-check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. This tool can be part of the solution to the OWASP Top 10 2013: A9 - Using Components with Known Vulnerabilities. @@ -244,4 +245,4 @@ Copyright (c) 2012 - Jeremy Long jar - + \ No newline at end of file