From da82f975e49e457d00958f468d3643e7ad40725d Mon Sep 17 00:00:00 2001
From: bjiang <bjiang@us.ibm.com>
Date: Fri, 15 Apr 2016 12:30:14 -0400
Subject: [PATCH] Add test for project url from pom.xml

---
 .../dependencycheck/analyzer/JarAnalyzer.java |   2 +-
 .../analyzer/JarAnalyzerTest.java             |  29 +++++++++++++-----
 .../src/test/resources/dwr.jar                | Bin 0 -> 2087 bytes
 3 files changed, 23 insertions(+), 8 deletions(-)
 create mode 100644 dependency-check-core/src/test/resources/dwr.jar

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
index 22549e6c9..51bf51724 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -568,7 +568,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
         
         String projectURL = pom.getProjectURL();
         if(projectURL != null && !projectURL.trim().isEmpty()) {
-            dependency.getVersionEvidence().addEvidence("pom", "url", projectURL, Confidence.HIGHEST);
+            dependency.getVendorEvidence().addEvidence("pom", "url", projectURL, Confidence.HIGHEST);
         }
 
         extractLicense(pom, dependency);
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java
index de85050be..9c8b44cf6 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java
@@ -17,23 +17,25 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import org.junit.Test;
-import org.owasp.dependencycheck.BaseTest;
-import org.owasp.dependencycheck.dependency.Dependency;
-import org.owasp.dependencycheck.dependency.Evidence;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
 
 import java.io.File;
 import java.util.ArrayList;
 import java.util.List;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
+import org.junit.Test;
+import org.owasp.dependencycheck.BaseTest;
+import org.owasp.dependencycheck.dependency.Dependency;
+import org.owasp.dependencycheck.dependency.Evidence;
 
 /**
  * @author Jeremy Long
  */
 public class JarAnalyzerTest extends BaseTest {
 
+//    private static final Logger LOGGER = LoggerFactory.getLogger(JarAnalyzerTest.class);
+    
     /**
      * Test of inspect method, of class JarAnalyzer.
      *
@@ -48,12 +50,25 @@ public class JarAnalyzerTest extends BaseTest {
         instance.analyze(result, null);
         assertTrue(result.getVendorEvidence().toString().toLowerCase().contains("apache"));
         assertTrue(result.getVendorEvidence().getWeighting().contains("apache"));
+        
+        file = BaseTest.getResourceAsFile(this, "dwr.jar");
+        result = new Dependency(file);
+        instance.analyze(result, null);
+        boolean found = false;
+        for (Evidence e : result.getVendorEvidence()) {
+            if (e.getName().equals("url")) {
+            	assertEquals("Project url was not as expected in dwr.jar", e.getValue(), "http://getahead.ltd.uk/dwr");
+                found = true;
+                break;
+            }
+        }
+        assertTrue("Project url was not found in dwr.jar", found);
 
         //file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath());
         file = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar");
         result = new Dependency(file);
         instance.analyze(result, null);
-        boolean found = false;
+        found = false;
         for (Evidence e : result.getProductEvidence()) {
             if (e.getName().equalsIgnoreCase("package-title")
                     && e.getValue().equalsIgnoreCase("org.mortbay.http")) {
diff --git a/dependency-check-core/src/test/resources/dwr.jar b/dependency-check-core/src/test/resources/dwr.jar
new file mode 100644
index 0000000000000000000000000000000000000000..cbe768ad601f9b3a32955a0d1350f48cb07eeda0
GIT binary patch
literal 2087
zcmZ{lcT^MBAH^dfY!Ims_E12PS;I8O03kpK!ITEsVTNfMWLT)Q0+AUuD3l?}7Lg5t
z$`C{<OTv<ftgyGi1Qewddiqn^bAI=nci#7$ckg@m{q@13f$S#%TwGj$0M{f_z!7l+
z*Z~+M&OjAqVXXdVHvj+xV9}ghhYq%XY}o%BK6&8y8paq{pp20};?yw4A27W==4e$l
zDnDBFTz~KDT1$;#$n?Cwni)m~g`ozOv2)ujiM_~{Q1<!=R#03lJg2(|7M=qu+yUJ7
z-STJnAN#w+xOUbZ#K99r2kTo2-~ar8^WfBvL{tkVUhNZiB#mpo|FzYSYa7?*n(BcN
zEM0j50@{_^r<5yiYhnj!#fTI(6b%)<x5GdS5tM3H>rmJ>;myRI&Zo1v>2oY1sz8ei
zrF$bNP)J4w+2)TIYzPiwGG04*E}B#h6$*udn#@`$`Gs?!f!244OqENCN#6~V#quMk
zgIEowtJ#@lr|@Cz=r&}8_$|41!xX*#+jtR)lzYy^0lti6ywH7+NuDgF;@+Iu>TOxd
z_wslKQ+{+`s7^rhto}j-uDe_v?uaxp4x4vmdPI^6^uSc;vzON*3@_AHifB5XvvQOj
z_99|RNy%1&)BI8?HBmd6GobXga$il{Bnm|E34vg_w*b+^V051Ygu-jnrF=O~K1K_q
zK;>Lqdu$xG#-4v7mfJ<oW@4X1WpHSA7J_+0rk(D%<<qriT$qZ#4VaTn=z#mc+?kX2
zPm?#lteclZW~=!uiH@J&Is1yxJFF1l$QF6uv5pgOf^1z4E|IBptr2*uFA_gujQCD9
zF{zf5pYO@k3!Qj|9rRW350`XStE_*@2#19+<ytwqmDi<OOF(riDW@E-ee@(R^Dj9o
zBBvmmx<+{yD;7mG+Us6z>~nN?vO%`Q#^+F2(sKQzrHez6`LyL7z=CFj)voPqzHd^f
zQEp&ve!8<Zy)aA2nM%mLwnYr&xwGL;m`qR3ffQ57v<KnfPj+~mVxhi+N?;Qf?ro|*
zt(JVhx=4BKDdD5~PQc!uQ$m&Dor<gR5B4!AQMbm+%d_==93w=K<e5DxTg7K=F<w-h
zEqb$pLv6#-og!jKBO7E~tR(sr@Pl<~+MDKM;~UwDn=Hw7DZl2(v{O2^FOv~H><L49
z(q>O@O4R0gcz8y<+=li)yJGdIB~w{smjj{KX_-ZF&qkN9WRA~}M0@Sz+}3hr8?D-U
zSt?Jjdh7GcFG&WbzOd=BGhAcyBZG5T;xP?#4McL$?|oMF6XuQb<EdakR-95>r%8z$
zkegkE6NIPkL_dV6lmt;xyy43f@KR)R-+I~jt*EDUXG}yx?h#Hx6~qT%?soGM6ZjWs
ztHBd=k>Msz*51$~f}oQ%urg|ZGk8?K)MW%E#i-@&ey9pFVeYyz)PNkP()3(1v&P>s
z>mgG)*Y!<s)L#rD-2GM=jSXTNJt4Lycw84uyIe0W#a<5bo!pEa|7aH>%M*u-6*t$_
zT1_-|5)P;-Mf#b9#P85iUuqr{!Ri8H5uX=jLyc*QrKDZyyUBJF&CMD;fiiHYL_p`B
zhvi+jG9a)nY~ho=s4J}Tu@X>1K+v1V;Q0sjz^R@}IXnGM7IoPu1V<UCS5*$Xyp{B?
zs}E~Z<GaC|&>ELy9lXC=g}~SP!_N9Zs|sNzY!jU{NurL~_YSWVtebDd&BU*mLAr1&
zgF`Cz3^J@(_;t{-aHas1vGbC?R3<FtNQ&vs5bMex^XVm5PnP~d&*qsR$bJrd+mN#%
z#QTVQbkg~zfHeYsRqg_b>s}b4GH%!^TsU+(eeP$ap+~jLHxM>{ueNpIStPhk02>(o
z$0N6XF?|Uz7<)`PY(6)@9=n)TEafl~Uuy8PXmNCj=rV7%e6UzvQc+7U%P8%M^aSiN
z#NH`aY0n(0tbBiw)g<lpoOvSc?S;2AjvCZ$%&%&jBQza8Sbd+a%anl2%I5y{kTBbY
z^GykR&;)O?WFMckdo=PiVPM&byG0Rn^0;o)mIX!2k$$WAu1866M@C}O%5Fr4=R*|Y
zVrL;Y{8AD3<7YXVZS<1M)63~_jRHuU`K8sI{<+XWK}uf#boD5`dN?C1GOPc6l>7NQ
zi`frn${%(n4*RjEaa^1c^Ws+U^f&(G>e4!9Zgc)#uJ$=;0skQnnzcytj)h#64il7G
zudOq?Zuoj2>gvZUJP9#ls@s!_MKV$aef`f3SyC2#zO@zc>&ftURY~WLnMw=cq90@D
zFWejzeq+-h|9i;u3g^M%FrS(fSmMp#bWPit(Bb+$KNiLn&zrx|;#za|S;<uxT_bjV
zCkElhvei7U=gIR^Nl7M2ruX?1vC-c5XL`FrTHQX|llQMUPmU-27UOsNdXJn^OiKak
ziiB2_3~f&qdY-VVbiJZ%8u=rsN~>V$oxsE0H=z!*3<tncUbT0SLwv|Mv?BYi`(7UE
z%ke`(F7bU@^Wp#iuE-t2=@{Edz`p_eKYAVl_TTzS%tPG%H+qzLhj{%a*unTUdIYvd
jZ#ZP*(PD>e{HFGU@gGuR(V&CwhqMO*Y7Ta%zny;pQ9X(h

literal 0
HcmV?d00001