Moved some of the utility classes from core to a new utils module

Former-commit-id: 2e6ff9631ff4c843f10db1e022e41e728394e420

dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/BaseTest.java

@@ -0,0 +1,36 @@
+/*
+ * Copyright 2014 OWASP.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.owasp.dependencycheck.utils;
+
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+
+/**
+ *
+ * @author Jeremy Long <jeremy.long@owasp.org>
+ */
+public class BaseTest {
+
+    @BeforeClass
+    public static void setUpClass() throws Exception {
+        Settings.initialize();
+    }
+
+    @AfterClass
+    public static void tearDownClass() throws Exception {
+        Settings.cleanup(true);
+    }
+}

dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java

@@ -0,0 +1,54 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.utils;
+
+import java.io.File;
+import java.net.URL;
+import static org.junit.Assert.assertTrue;
+import org.junit.Test;
+
+/**
+ *
+ * @author Jeremy Long <jeremy.long@owasp.org>
+ */
+public class DownloaderIntegrationTest extends BaseTest {
+
+    /**
+     * Test of fetchFile method, of class Downloader.
+     *
+     * @throws Exception thrown when an exception occurs.
+     */
+    @Test
+    public void testFetchFile() throws Exception {
+
+//        Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, "1000");
+//        Settings.setString(Settings.KEYS.PROXY_PORT, "8080");
+//        Settings.setString(Settings.KEYS.PROXY_URL, "127.0.0.1");
+        URL url = new URL(Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL));
+        File outputPath = new File("target/downloaded_cve.xml");
+        Downloader.fetchFile(url, outputPath);
+
+    }
+
+    @Test
+    public void testGetLastModified() throws Exception {
+        URL url = new URL("http://nvd.nist.gov/download/nvdcve-2012.xml");
+        long timestamp = Downloader.getLastModified(url);
+        assertTrue("timestamp equal to zero?", timestamp > 0);
+    }
+}

dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/DownloaderTest.java

@@ -0,0 +1,39 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.utils;
+
+import java.io.File;
+import java.net.URL;
+import static org.junit.Assert.assertTrue;
+import org.junit.Test;
+import org.owasp.dependencycheck.utils.Downloader;
+
+/**
+ *
+ * @author Jeremy Long <jeremy.long@owasp.org>
+ */
+public class DownloaderTest {
+
+    @Test
+    public void testGetLastModified_file() throws Exception {
+        File f = new File("target/test-classes/dependencycheck.properties");
+        URL url = new URL("file:///" + f.getCanonicalPath());
+        long timestamp = Downloader.getLastModified(url);
+        assertTrue("timestamp equal to zero?", timestamp > 0);
+    }
+}

dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java

@@ -0,0 +1,61 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.utils;
+
+import java.io.File;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import org.junit.Test;
+
+/**
+ *
+ * @author Jeremy Long <jeremy.long@owasp.org>
+ */
+public class FileUtilsTest extends BaseTest {
+
+    /**
+     * Test of getFileExtension method, of class FileUtils.
+     */
+    @Test
+    public void testGetFileExtension() {
+        String[] fileName = {"something-0.9.5.jar", "lib2-1.1.js"};
+        String[] expResult = {"jar", "js"};
+
+        for (int i = 0; i < fileName.length; i++) {
+            String result = FileUtils.getFileExtension(fileName[i]);
+            assertEquals("Failed extraction on \"" + fileName[i] + "\".", expResult[i], result);
+        }
+    }
+
+    /**
+     * Test of delete method, of class FileUtils.
+     */
+    @Test
+    public void testDelete() throws Exception {
+
+        File file = File.createTempFile("tmp", "deleteme", Settings.getTempDirectory());
+        if (!file.exists()) {
+            fail("Unable to create a temporary file.");
+        }
+        boolean status = FileUtils.delete(file);
+        assertTrue("delete returned a failed status", status);
+        assertFalse("Temporary file exists after attempting deletion", file.exists());
+    }
+}

dependency-check-utils/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java

@@ -0,0 +1,160 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.utils;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.URISyntaxException;
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ *
+ * @author Jeremy Long <jeremy.long@owasp.org>
+ */
+public class SettingsTest extends BaseTest {
+
+    /**
+     * Test of getString method, of class Settings.
+     */
+    @Test
+    public void testGetString() {
+        String key = Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS;
+        String expResult = "7";
+        String result = Settings.getString(key);
+        Assert.assertTrue(result.endsWith(expResult));
+    }
+
+    /**
+     * Test of getDataFile method, of class Settings.
+     */
+    @Test
+    public void testGetDataFile() throws IOException {
+        String key = Settings.KEYS.DATA_DIRECTORY;
+        String expResult = "data";
+        File result = Settings.getDataFile(key);
+        Assert.assertTrue(result.getAbsolutePath().endsWith(expResult));
+    }
+
+    /**
+     * Test of mergeProperties method, of class Settings.
+     */
+    @Test
+    public void testMergeProperties_String() throws IOException, URISyntaxException {
+        String key = Settings.KEYS.PROXY_PORT;
+        String expResult = Settings.getString(key);
+        File f = new File(this.getClass().getClassLoader().getResource("test.properties").toURI());
+        //InputStream in = this.getClass().getClassLoader().getResourceAsStream("test.properties");
+        Settings.mergeProperties(f.getAbsolutePath());
+        String result = Settings.getString(key);
+        Assert.assertTrue("setting didn't change?", (expResult == null && result != null) || !expResult.equals(result));
+    }
+
+    /**
+     * Test of setString method, of class Settings.
+     */
+    @Test
+    public void testSetString() {
+        String key = "newProperty";
+        String value = "someValue";
+        Settings.setString(key, value);
+        String expResults = Settings.getString(key);
+        Assert.assertEquals(expResults, value);
+    }
+
+    /**
+     * Test of getString method, of class Settings.
+     */
+    @Test
+    public void testGetString_String_String() {
+        String key = "key That Doesn't Exist";
+        String defaultValue = "blue bunny";
+        String expResult = "blue bunny";
+        String result = Settings.getString(key);
+        Assert.assertTrue(result == null);
+        result = Settings.getString(key, defaultValue);
+        Assert.assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of getString method, of class Settings.
+     */
+    @Test
+    public void testGetString_String() {
+        String key = Settings.KEYS.CONNECTION_TIMEOUT;
+        String result = Settings.getString(key);
+        Assert.assertTrue(result == null);
+    }
+
+    /**
+     * Test of getInt method, of class Settings.
+     */
+    @Test
+    public void testGetInt() throws InvalidSettingException {
+        String key = "SomeNumber";
+        int expResult = 85;
+        Settings.setString(key, "85");
+        int result = Settings.getInt(key);
+        Assert.assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of getLong method, of class Settings.
+     */
+    @Test
+    public void testGetLong() throws InvalidSettingException {
+        String key = "SomeNumber";
+        long expResult = 300L;
+        Settings.setString(key, "300");
+        long result = Settings.getLong(key);
+        Assert.assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of getBoolean method, of class Settings.
+     */
+    @Test
+    public void testGetBoolean() throws InvalidSettingException {
+        String key = "SomeBoolean";
+        Settings.setString(key, "false");
+        boolean expResult = false;
+        boolean result = Settings.getBoolean(key);
+        Assert.assertEquals(expResult, result);
+
+        key = "something that does not exist";
+        expResult = true;
+        result = Settings.getBoolean(key, true);
+        Assert.assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of removeProperty method, of class Settings.
+     */
+    @Test
+    public void testRemoveProperty() {
+        String key = "SomeKey";
+        String value = "value";
+        String dfault = "default";
+        Settings.setString(key, value);
+        String ret = Settings.getString(key);
+        Assert.assertEquals(value, ret);
+        Settings.removeProperty(key);
+        ret = Settings.getString(key, dfault);
+        Assert.assertEquals(dfault, ret);
+    }
+}

dependency-check-utils/src/test/resources/dependencycheck.properties

@@ -0,0 +1,57 @@
+application.name=${pom.name}
+application.version=${pom.version}
+autoupdate=true
+max.download.threads=3
+
+#temp.directory defaults to System.getProperty("java.io.tmpdir")
+#temp.directory=[path to temp directory]
+
+# the path to the data directory; the [JAR] signifies to use the relative path
+# to the dependency-check-core JAR file. This path is only used to construct
+# the connection string for the H2 driver (or other drivers that require a file path
+# to be supplied. If you are using another database (MySQL, Oracle, etc.) this property
+# will not be used. The data.directory will be resolved and if the connection string
+# below contains a %s then the data.directory will replace the %s.
+data.directory=[JAR]/data
+data.connection_string=jdbc:h2:file:%s;FILE_LOCK=SERIALIZED;AUTOCOMMIT=ON;
+#data.connection_string=jdbc:h2:file:%s;AUTO_SERVER=TRUE;AUTOCOMMIT=ON;
+#data.connection_string=jdbc:mysql://localhost:3306/dependencycheck
+
+# user name and password for the database connection. The inherent case is to use H2.
+# As such, this unsecure username/password exist.
+data.user=dcuser
+data.password=DC-Pass1337!
+# The following are only used if the DB Driver is not JDBC4 compliant and/or the driver
+# is not in the current classpath. Setting these properties will add the give path(s) to
+# the class loader and then register the driver with the DriverManager. If the class is
+# not in the path you must specify both the driver name (aka the fully qualified driver name)
+# and the driver path. The driver path can be a semi-colon separated list of files/directories
+# to ensure any and all needed files can be added to the classpath to load the driver.
+# For non-JDBC4 drivers in the classpath only the driver_name needs to be set.
+# For MOST situations these properties likely do not need to be set.
+data.driver_name=org.h2.Driver
+data.driver_path=
+
+# the path to the cpe xml file
+cpe.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.2.xml.gz
+# the path to the cpe meta data file.
+cpe.meta.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.2.meta
+
+# the number of days that the modified nvd cve data holds data for. We don't need
+# to update the other files if we are within this timespan. Per NIST this file
+# holds 8 days of updates, we are using 7 just to be safe.
+cve.url.modified.validfordays=7
+
+# the path to the modified nvd cve xml file.
+cve.url-1.2.modified=http://nvd.nist.gov/download/nvdcve-modified.xml
+cve.url-2.0.modified=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml
+cve.startyear=2014
+cve.url-2.0.base=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml
+cve.url-1.2.base=http://nvd.nist.gov/download/nvdcve-%d.xml
+
+# the URL for searching Nexus for SHA-1 hashes and whether it's enabled
+analyzer.nexus.enabled=true
+analyzer.nexus.url=https://repository.sonatype.org/service/local/
+# If set to true, the proxy will still ONLY be used if the proxy properties (proxy.url, proxy.port)
+# are configured
+analyzer.nexus.proxy=true

dependency-check-utils/src/test/resources/test.properties

@@ -0,0 +1 @@
+proxy.port=80