github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-04-29 11:47:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

releasing updates from private repo

Browse Source 
Former-commit-id: 745279b1fbbfe1e331adbf52ca4ccd9e75a18178
This commit is contained in:
Jeremy Long
2013-07-31 10:21:31 -04:00
parent 5672c86905
commit db46b03d0c
265 changed files with 13533 additions and 3394 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
dependency-check-core/src/test/java/org/owasp/dependencycheck/EngineIntegrationTest.java Normal file
View File

@@ -0,0 +1,70 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.reporting.ReportGenerator;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class EngineIntegrationTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() throws Exception {
org.owasp.dependencycheck.data.nvdcve.BaseDBTestCase.ensureDBExists();
org.owasp.dependencycheck.data.cpe.BaseIndexTestCase.ensureIndexExists();
}
@After
public void tearDown() {
}
/**
* Test of scan method, of class Engine.
*
* @throws Exception is thrown when an exception occurs.
*/
@Test
public void testScan() throws Exception {
String path = "target/test-classes";
Engine instance = new Engine();
instance.scan(path);
assertTrue(instance.getDependencies().size() > 0);
instance.analyzeDependencies();
ReportGenerator rg = new ReportGenerator("DependencyCheck",
instance.getDependencies(), instance.getAnalyzers());
rg.generateReports("./target/", "HTML");
}
}

65
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzerTest.java Normal file
View File

@@ -0,0 +1,65 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import org.owasp.dependencycheck.analyzer.AbstractAnalyzer;
import java.util.Set;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class AbstractAnalyzerTest {
public AbstractAnalyzerTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of newHashSet method, of class AbstractAnalyzer.
*/
@Test
public void testNewHashSet() {
Set result = AbstractAnalyzer.newHashSet("one", "two");
assertEquals(2, result.size());
assertTrue(result.contains("one"));
assertTrue(result.contains("two"));
}
}

75
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AnalyzerServiceTest.java Normal file
View File

@@ -0,0 +1,75 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import org.owasp.dependencycheck.analyzer.AnalyzerService;
import org.owasp.dependencycheck.analyzer.Analyzer;
import java.util.Set;
import java.util.Iterator;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class AnalyzerServiceTest {
public AnalyzerServiceTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of getAnalyzers method, of class AnalyzerService.
*/
@Test
public void testGetAnalyzers() {
AnalyzerService instance = AnalyzerService.getInstance();
Iterator<Analyzer> result = instance.getAnalyzers();
boolean found = false;
while (result.hasNext()) {
Analyzer a = result.next();
Set<String> e = a.getSupportedExtensions();
if (e != null && e.contains("jar")) {
found = true;
}
}
assertTrue("JarAnalyzer loaded", found);
}
}

157
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerTest.java Normal file
View File

@@ -0,0 +1,157 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import java.io.File;
import java.util.HashSet;
import java.util.Set;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.Settings;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class ArchiveAnalyzerTest {
public ArchiveAnalyzerTest() {
}
@BeforeClass
public static void setUpClass() {
}
@AfterClass
public static void tearDownClass() {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of getSupportedExtensions method, of class ArchiveAnalyzer.
*/
@Test
public void testGetSupportedExtensions() {
ArchiveAnalyzer instance = new ArchiveAnalyzer();
Set expResult = new HashSet<String>();
expResult.add("zip");
expResult.add("war");
expResult.add("ear");
Set result = instance.getSupportedExtensions();
assertEquals(expResult, result);
}
/**
* Test of getName method, of class ArchiveAnalyzer.
*/
@Test
public void testGetName() {
ArchiveAnalyzer instance = new ArchiveAnalyzer();
String expResult = "Archive Analyzer";
String result = instance.getName();
assertEquals(expResult, result);
}
/**
* Test of supportsExtension method, of class ArchiveAnalyzer.
*/
@Test
public void testSupportsExtension() {
String extension = "tar"; //not supported
ArchiveAnalyzer instance = new ArchiveAnalyzer();
boolean expResult = false;
boolean result = instance.supportsExtension(extension);
assertEquals(expResult, result);
extension = "war"; //supported
expResult = true;
result = instance.supportsExtension(extension);
assertEquals(expResult, result);
extension = "ear"; //supported
result = instance.supportsExtension(extension);
assertEquals(expResult, result);
extension = "zip"; //supported
result = instance.supportsExtension(extension);
assertEquals(expResult, result);
}
/**
* Test of getAnalysisPhase method, of class ArchiveAnalyzer.
*/
@Test
public void testGetAnalysisPhase() {
ArchiveAnalyzer instance = new ArchiveAnalyzer();
AnalysisPhase expResult = AnalysisPhase.INITIAL;
AnalysisPhase result = instance.getAnalysisPhase();
assertEquals(expResult, result);
}
/**
* Test of initialize and close methods, of class ArchiveAnalyzer.
*/
@Test
public void testInitialize() throws Exception {
ArchiveAnalyzer instance = new ArchiveAnalyzer();
instance.initialize();
instance.close();
//no exception means things worked.
}
/**
* Test of analyze method, of class ArchiveAnalyzer.
*/
@Test
public void testAnalyze() throws Exception {
ArchiveAnalyzer instance = new ArchiveAnalyzer();
try {
instance.initialize();
File file = new File(this.getClass().getClassLoader().getResource("opensso.war").getPath());
Dependency dependency = new Dependency(file);
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
Engine engine = new Engine();
int initial_size = engine.getDependencies().size();
instance.analyze(dependency, engine);
int ending_size = engine.getDependencies().size();
assertTrue(initial_size < ending_size);
} finally {
instance.close();
}
}
}

140
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzerTest.java Normal file
View File

@@ -0,0 +1,140 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import org.owasp.dependencycheck.analyzer.AnalysisPhase;
import org.owasp.dependencycheck.analyzer.FileNameAnalyzer;
import java.io.File;
import java.util.Set;
import org.owasp.dependencycheck.dependency.Dependency;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class FileNameAnalyzerTest {
public FileNameAnalyzerTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of getSupportedExtensions method, of class FileNameAnalyzer.
*/
@Test
public void testGetSupportedExtensions() {
FileNameAnalyzer instance = new FileNameAnalyzer();
Set expResult = null;
Set result = instance.getSupportedExtensions();
assertEquals(expResult, result);
}
/**
* Test of getName method, of class FileNameAnalyzer.
*/
@Test
public void testGetName() {
FileNameAnalyzer instance = new FileNameAnalyzer();
String expResult = "File Name Analyzer";
String result = instance.getName();
assertEquals(expResult, result);
}
/**
* Test of supportsExtension method, of class FileNameAnalyzer.
*/
@Test
public void testSupportsExtension() {
String extension = "any";
FileNameAnalyzer instance = new FileNameAnalyzer();
boolean expResult = true;
boolean result = instance.supportsExtension(extension);
assertEquals(expResult, result);
}
/**
* Test of getAnalysisPhase method, of class FileNameAnalyzer.
*/
@Test
public void testGetAnalysisPhase() {
FileNameAnalyzer instance = new FileNameAnalyzer();
AnalysisPhase expResult = AnalysisPhase.INFORMATION_COLLECTION;
AnalysisPhase result = instance.getAnalysisPhase();
assertEquals(expResult, result);
}
/**
* Test of analyze method, of class FileNameAnalyzer.
*/
@Test
public void testAnalyze() throws Exception {
File struts = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
Dependency resultStruts = new Dependency(struts);
File axis = new File(this.getClass().getClassLoader().getResource("axis2-adb-1.4.1.jar").getPath());
Dependency resultAxis = new Dependency(axis);
FileNameAnalyzer instance = new FileNameAnalyzer();
instance.analyze(resultStruts, null);
assertTrue(resultStruts.getVendorEvidence().toString().toLowerCase().contains("struts"));
instance.analyze(resultAxis, null);
assertTrue(resultStruts.getVersionEvidence().toString().toLowerCase().contains("2.1.2"));
}
/**
* Test of initialize method, of class FileNameAnalyzer.
*/
@Test
public void testInitialize() throws Exception {
FileNameAnalyzer instance = new FileNameAnalyzer();
instance.initialize();
assertTrue(true); //initialize does nothing.
}
/**
* Test of close method, of class FileNameAnalyzer.
*/
@Test
public void testClose() throws Exception {
FileNameAnalyzer instance = new FileNameAnalyzer();
instance.close();
assertTrue(true); //close does nothing.
}
}

159
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java Normal file
View File

@@ -0,0 +1,159 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import java.util.Properties;
import org.owasp.dependencycheck.analyzer.JarAnalyzer;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import java.util.HashSet;
import java.io.File;
import java.util.Set;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class JarAnalyzerTest {
public JarAnalyzerTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of inspect method, of class JarAnalyzer.
*
* @throws Exception is thrown when an exception occurs.
*/
@Test
public void testAnalyze() throws Exception {
File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
Dependency result = new Dependency(file);
JarAnalyzer instance = new JarAnalyzer();
instance.analyze(result, null);
assertTrue(result.getVendorEvidence().toString().toLowerCase().contains("apache"));
assertTrue(result.getVendorEvidence().getWeighting().contains("apache"));
file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath());
result = new Dependency(file);
instance.analyze(result, null);
boolean found = false;
for (Evidence e : result.getProductEvidence()) {
if (e.getName().equalsIgnoreCase("package-title")
&& e.getValue().equalsIgnoreCase("org.mortbay.http")) {
found = true;
break;
}
}
assertTrue("package-title of org.mortbay.http not found in org.mortbay.jetty.jar", found);
found = false;
for (Evidence e : result.getVendorEvidence()) {
if (e.getName().equalsIgnoreCase("implementation-url")
&& e.getValue().equalsIgnoreCase("http://jetty.mortbay.org")) {
found = true;
break;
}
}
assertTrue("implementation-url of http://jetty.mortbay.org not found in org.mortbay.jetty.jar", found);
found = false;
for (Evidence e : result.getVersionEvidence()) {
if (e.getName().equalsIgnoreCase("Implementation-Version")
&& e.getValue().equalsIgnoreCase("4.2.27")) {
found = true;
break;
}
}
assertTrue("implementation-version of 4.2.27 not found in org.mortbay.jetty.jar", found);
file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jmx.jar").getPath());
result = new Dependency(file);
instance.analyze(result, null);
assertEquals("org.mortbar,jmx.jar has version evidence?", result.getVersionEvidence().size(), 0);
}
/**
* Test of getSupportedExtensions method, of class JarAnalyzer.
*/
@Test
public void testGetSupportedExtensions() {
JarAnalyzer instance = new JarAnalyzer();
Set expResult = new HashSet();
expResult.add("jar");
Set result = instance.getSupportedExtensions();
assertEquals(expResult, result);
}
/**
* Test of getName method, of class JarAnalyzer.
*/
@Test
public void testGetName() {
JarAnalyzer instance = new JarAnalyzer();
String expResult = "Jar Analyzer";
String result = instance.getName();
assertEquals(expResult, result);
}
/**
* Test of supportsExtension method, of class JarAnalyzer.
*/
@Test
public void testSupportsExtension() {
String extension = "jar";
JarAnalyzer instance = new JarAnalyzer();
boolean expResult = true;
boolean result = instance.supportsExtension(extension);
assertEquals(expResult, result);
}
@Test
public void testInterpolateString() {
Properties prop = new Properties();
prop.setProperty("key", "value");
prop.setProperty("nested", "nested ${key}");
String text = "This is a test of '${key}' '${nested}'";
String expResults = "This is a test of 'value' 'nested value'";
JarAnalyzer instance = new JarAnalyzer();
String results = instance.interpolateString(text, prop);
assertEquals(expResults, results);
}
}

139
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/cpe/BaseIndexTestCase.java Normal file
View File

@@ -0,0 +1,139 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.cpe;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.owasp.dependencycheck.data.nvdcve.BaseDBTestCase;
import org.owasp.dependencycheck.utils.Settings;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public abstract class BaseIndexTestCase {
protected static final int BUFFER_SIZE = 2048;
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() throws Exception {
ensureIndexExists();
BaseDBTestCase.ensureDBExists();
}
@After
public void tearDown() throws Exception {
}
protected static File getDataDirectory() throws IOException {
final String fileName = Settings.getString(Settings.KEYS.CPE_DATA_DIRECTORY);
final String dataDirectory = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
return new File(dataDirectory, fileName);
//return FileUtils.getDataDirectory(fileName, Index.class);
}
public static void ensureIndexExists() throws Exception {
//String indexPath = Settings.getString(Settings.KEYS.CPE_DATA_DIRECTORY);
String indexPath = getDataDirectory().getCanonicalPath();
java.io.File f = new File(indexPath);
if (!f.exists() || (f.isDirectory() && f.listFiles().length == 0)) {
f.mkdirs();
FileInputStream fis = null;
ZipInputStream zin = null;
try {
File path = new File(BaseIndexTestCase.class.getClassLoader().getResource("index.cpe.zip").getPath());
fis = new FileInputStream(path);
zin = new ZipInputStream(new BufferedInputStream(fis));
ZipEntry entry;
while ((entry = zin.getNextEntry()) != null) {
if (entry.isDirectory()) {
continue;
}
FileOutputStream fos = null;
BufferedOutputStream dest = null;
try {
File o = new File(indexPath, entry.getName());
o.createNewFile();
fos = new FileOutputStream(o, false);
dest = new BufferedOutputStream(fos, BUFFER_SIZE);
byte data[] = new byte[BUFFER_SIZE];
int count;
while ((count = zin.read(data, 0, BUFFER_SIZE)) != -1) {
dest.write(data, 0, count);
}
} catch (Exception ex) {
Logger.getLogger(BaseIndexTestCase.class.getName()).log(Level.FINEST, null, ex);
} finally {
if (dest != null) {
try {
dest.flush();
dest.close();
} catch (Throwable ex) {
Logger.getLogger(BaseIndexTestCase.class.getName()).log(Level.FINEST, null, ex);
}
}
if (fos != null) {
try {
fos.close();
} catch (Throwable ex) {
Logger.getLogger(BaseIndexTestCase.class.getName()).log(Level.FINEST, null, ex);
}
}
}
}
} finally {
try {
if (zin != null) {
zin.close();
}
} catch (Throwable ex) {
Logger.getLogger(BaseIndexTestCase.class.getName()).log(Level.FINEST, null, ex);
}
try {
if (fis != null) {
fis.close();
}
} catch (Throwable ex) {
Logger.getLogger(BaseIndexTestCase.class.getName()).log(Level.FINEST, null, ex);
}
}
}
}
}

254
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/cpe/CPEAnalyzerTest.java Normal file
View File

@@ -0,0 +1,254 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.cpe;
import org.owasp.dependencycheck.data.cpe.IndexEntry;
import org.owasp.dependencycheck.data.cpe.CPEAnalyzer;
import java.io.File;
import java.io.IOException;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.apache.lucene.index.CorruptIndexException;
import org.apache.lucene.queryparser.classic.ParseException;
import org.junit.After;
import org.junit.AfterClass;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.analyzer.JarAnalyzer;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer;
import org.owasp.dependencycheck.analyzer.FileNameAnalyzer;
import org.owasp.dependencycheck.analyzer.HintAnalyzer;
import static org.owasp.dependencycheck.data.cpe.BaseIndexTestCase.ensureIndexExists;
import org.owasp.dependencycheck.dependency.Identifier;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class CPEAnalyzerTest extends BaseIndexTestCase {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() throws Exception {
super.setUp();
}
@After
public void tearDown() throws Exception {
super.tearDown();
}
/**
* Tests of buildSearch of class CPEAnalyzer.
*
* @throws IOException is thrown when an IO Exception occurs.
* @throws CorruptIndexException is thrown when the index is corrupt.
* @throws ParseException is thrown when a parse exception occurs
*/
@Test
public void testBuildSearch() throws IOException, CorruptIndexException, ParseException {
Set<String> productWeightings = new HashSet<String>(1);
productWeightings.add("struts2");
Set<String> vendorWeightings = new HashSet<String>(1);
vendorWeightings.add("apache");
String vendor = "apache software foundation";
String product = "struts 2 core";
String version = "2.1.2";
CPEAnalyzer instance = new CPEAnalyzer();
String queryText = instance.buildSearch(vendor, product, null, null);
String expResult = " product:( struts 2 core ) AND vendor:( apache software foundation ) ";
Assert.assertTrue(expResult.equals(queryText));
queryText = instance.buildSearch(vendor, product, null, productWeightings);
expResult = " product:( struts^5 struts2^5 2 core ) AND vendor:( apache software foundation ) ";
Assert.assertTrue(expResult.equals(queryText));
queryText = instance.buildSearch(vendor, product, vendorWeightings, null);
expResult = " product:( struts 2 core ) AND vendor:( apache^5 software foundation ) ";
Assert.assertTrue(expResult.equals(queryText));
queryText = instance.buildSearch(vendor, product, vendorWeightings, productWeightings);
expResult = " product:( struts^5 struts2^5 2 core ) AND vendor:( apache^5 software foundation ) ";
Assert.assertTrue(expResult.equals(queryText));
}
/**
* Test of open method, of class CPEAnalyzer.
*
* @throws Exception is thrown when an exception occurs
*/
@Test
public void testOpen() throws Exception {
CPEAnalyzer instance = new CPEAnalyzer();
Assert.assertFalse(instance.isOpen());
instance.open();
Assert.assertTrue(instance.isOpen());
instance.close();
Assert.assertFalse(instance.isOpen());
}
/**
* Test of determineCPE method, of class CPEAnalyzer.
*
* @throws Exception is thrown when an exception occurs
*/
@Test
public void testDetermineCPE_full() throws Exception {
callDetermineCPE_full("spring-context-support-2.5.5.jar", "cpe:/a:vmware:springsource_spring_framework:2.5.5");
callDetermineCPE_full("spring-core-3.0.0.RELEASE.jar", "cpe:/a:vmware:springsource_spring_framework:3.0.0");
callDetermineCPE_full("org.mortbay.jetty.jar", "cpe:/a:mortbay_jetty:jetty:4.2");
callDetermineCPE_full("jaxb-xercesImpl-1.5.jar", null);
callDetermineCPE_full("ehcache-core-2.2.0.jar", null);
}
/**
* Test of determineCPE method, of class CPEAnalyzer.
*
* @throws Exception is thrown when an exception occurs
*/
public void callDetermineCPE_full(String depName, String expResult) throws Exception {
File file = new File(this.getClass().getClassLoader().getResource(depName).getPath());
Dependency dep = new Dependency(file);
FileNameAnalyzer fnAnalyzer = new FileNameAnalyzer();
fnAnalyzer.analyze(dep, null);
JarAnalyzer jarAnalyzer = new JarAnalyzer();
jarAnalyzer.analyze(dep, null);
HintAnalyzer hAnalyzer = new HintAnalyzer();
hAnalyzer.analyze(dep, null);
CPEAnalyzer instance = new CPEAnalyzer();
instance.open();
instance.analyze(dep, null);
instance.close();
FalsePositiveAnalyzer fp = new FalsePositiveAnalyzer();
fp.analyze(dep, null);
// for (Identifier i : dep.getIdentifiers()) {
// System.out.println(i.getValue());
// }
if (expResult != null) {
Identifier expIdentifier = new Identifier("cpe", expResult, expResult);
Assert.assertTrue("Incorrect match: { dep:'" + dep.getFileName() + "' }", dep.getIdentifiers().contains(expIdentifier));
} else {
Assert.assertTrue("Match found when an Identifier should not have been found: { dep:'" + dep.getFileName() + "' }", dep.getIdentifiers().isEmpty());
}
}
/**
* Test of determineCPE method, of class CPEAnalyzer.
*
* @throws Exception is thrown when an exception occurs
*/
@Test
public void testDetermineCPE() throws Exception {
File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
//File file = new File(this.getClass().getClassLoader().getResource("axis2-adb-1.4.1.jar").getPath());
Dependency struts = new Dependency(file);
FileNameAnalyzer fnAnalyzer = new FileNameAnalyzer();
fnAnalyzer.analyze(struts, null);
JarAnalyzer jarAnalyzer = new JarAnalyzer();
jarAnalyzer.analyze(struts, null);
File fileCommonValidator = new File(this.getClass().getClassLoader().getResource("commons-validator-1.4.0.jar").getPath());
Dependency commonValidator = new Dependency(fileCommonValidator);
jarAnalyzer.analyze(commonValidator, null);
File fileSpring = new File(this.getClass().getClassLoader().getResource("spring-core-2.5.5.jar").getPath());
Dependency spring = new Dependency(fileSpring);
jarAnalyzer.analyze(spring, null);
File fileSpring3 = new File(this.getClass().getClassLoader().getResource("spring-core-3.0.0.RELEASE.jar").getPath());
Dependency spring3 = new Dependency(fileSpring3);
jarAnalyzer.analyze(spring3, null);
CPEAnalyzer instance = new CPEAnalyzer();
instance.open();
instance.determineCPE(commonValidator);
instance.determineCPE(struts);
instance.determineCPE(spring);
instance.determineCPE(spring3);
instance.close();
String expResult = "cpe:/a:apache:struts:2.1.2";
Identifier expIdentifier = new Identifier("cpe", expResult, expResult);
String expResultSpring = "cpe:/a:springsource:spring_framework:2.5.5";
String expResultSpring3 = "cpe:/a:vmware:springsource_spring_framework:3.0.0";
Assert.assertTrue("Apache Common Validator - found an identifier?", commonValidator.getIdentifiers().isEmpty());
Assert.assertTrue("Incorrect match size - struts", struts.getIdentifiers().size() >= 1);
Assert.assertTrue("Incorrect match - struts", struts.getIdentifiers().contains(expIdentifier));
Assert.assertTrue("Incorrect match size - spring3 - " + spring3.getIdentifiers().size(), spring3.getIdentifiers().size() >= 1);
//the following two only work if the HintAnalyzer is used.
//Assert.assertTrue("Incorrect match size - spring", spring.getIdentifiers().size() == 1);
//Assert.assertTrue("Incorrect match - spring", spring.getIdentifiers().get(0).getValue().equals(expResultSpring));
}
/**
* Test of searchCPE method, of class CPEAnalyzer.
*
* @throws Exception is thrown when an exception occurs
*/
@Test
public void testSearchCPE() throws Exception {
String vendor = "apache software foundation";
String product = "struts 2 core";
String version = "2.1.2";
String expResult = "cpe:/a:apache:struts:2.1.2";
CPEAnalyzer instance = new CPEAnalyzer();
instance.open();
//TODO - yeah, not a very good test as the results are the same with or without weighting...
Set<String> productWeightings = new HashSet<String>(1);
productWeightings.add("struts2");
Set<String> vendorWeightings = new HashSet<String>(1);
vendorWeightings.add("apache");
List<IndexEntry> result = instance.searchCPE(vendor, product, productWeightings, vendorWeightings);
//TODO fix this assert
//Assert.assertEquals(expResult, result.get(0).getName());
instance.close();
}
}

66
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/cpe/IndexEntryTest.java Normal file
View File

@@ -0,0 +1,66 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.cpe;
import org.owasp.dependencycheck.data.cpe.IndexEntry;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.Assert;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class IndexEntryTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of setName method, of class IndexEntry.
*
* @throws Exception is thrown when an exception occurs.
*/
@Test
public void testSetName() throws Exception {
String name = "cpe:/a:apache:struts:1.1:rc2";
IndexEntry instance = new IndexEntry();
instance.parseName(name);
Assert.assertEquals("apache", instance.getVendor());
Assert.assertEquals("struts", instance.getProduct());
}
}

75
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/cpe/IndexIntegrationTest.java Normal file
View File

@@ -0,0 +1,75 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.cpe;
import java.io.File;
import java.io.IOException;
import org.apache.lucene.store.Directory;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class IndexIntegrationTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of update method, of class Index.
*/
@Test
public void testUpdate() throws Exception {
//deprecated
//Index instance = new Index();
//instance.update();
}
/**
* Test of updateNeeded method, of class Index.
*/
@Test
public void testUpdateNeeded() throws Exception {
//deprecated
//Index instance = new Index();
//instance.updateNeeded();
//if an exception is thrown this test fails. However, because it depends on the
// order of the tests what this will return I am just testing for the exception.
//assertTrue(expResult < result);
}
}

103
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/cpe/IndexTest.java Normal file
View File

@@ -0,0 +1,103 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.cpe;
import org.owasp.dependencycheck.data.cpe.Index;
import java.io.File;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.lucene.document.Document;
import org.apache.lucene.queryparser.classic.ParseException;
import org.apache.lucene.search.ScoreDoc;
import org.apache.lucene.search.TopDocs;
import org.apache.lucene.store.Directory;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class IndexTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of open method, of class Index.
*/
@Test
public void testOpen() {
Index instance = new Index();
try {
instance.open();
//TODO research why are we getting multiple documents for the same documentId. is the update method not working?
// try {
// instance.createSearchingAnalyzer();
// TopDocs docs = instance.search("product:( project\\-open )", 20);
// for (ScoreDoc d : docs.scoreDocs) {
// final Document doc = instance.getDocument(d.doc);
// String vendor = doc.getField(Fields.VENDOR).stringValue();
// String product = doc.getField(Fields.PRODUCT).stringValue();
// System.out.print(d.doc);
// System.out.print(" : ");
// System.out.print(vendor + ":");
// System.out.println(product);
// }
// } catch (ParseException ex) {
// Logger.getLogger(IndexTest.class.getName()).log(Level.SEVERE, null, ex);
// }
} catch (IOException ex) {
assertNull(ex.getMessage(), ex);
}
instance.close();
}
/**
* Test of getDirectory method, of class Index.
*
* @throws Exception
*/
@Test
public void testGetDirectory() throws Exception {
Index index = new Index();
Directory result = index.getDirectory();
String exp = File.separatorChar + "target" + File.separatorChar + "data" + File.separatorChar + "cpe";
assertTrue(result.toString().contains(exp));
}
}

84
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/cwe/CweDBTest.java Normal file
View File

@@ -0,0 +1,84 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.cwe;
import org.owasp.dependencycheck.data.cwe.CweDB;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class CweDBTest {
public CweDBTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Method to serialize the CWE HashMap. This is not used in production; this
* is only used once during dev to create the serialized HashMap.
*/
// @Test
// public void testUpdate() throws Exception {
// SAXParserFactory factory = SAXParserFactory.newInstance();
// SAXParser saxParser = factory.newSAXParser();
//
// CweHandler handler = new CweHandler();
// File file = new File(this.getClass().getClassLoader().getResource("cwe.2000.xml").getPath());
//
// saxParser.parse(file, handler);
// System.out.println("Found " + handler.getCwe().size() + " cwe entries.");
// Map<String,String> cwe = handler.getCwe();
// FileOutputStream fout = new FileOutputStream("src/main/resources/data/cwe.hashmap.serialized");
// ObjectOutputStream objOut = new ObjectOutputStream(fout);
// objOut.writeObject(cwe);
// objOut.close();
// }
/**
* Test of getCweName method, of class CweDB.
*/
@Test
public void testGetCweName() {
String cweId = "CWE-16";
String expResult = "Configuration";
String result = CweDB.getCweName(cweId);
assertEquals(expResult, result);
}
}

131
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzerTest.java Normal file
View File

@@ -0,0 +1,131 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.lucene;
import org.owasp.dependencycheck.data.lucene.SearchFieldAnalyzer;
import org.owasp.dependencycheck.data.lucene.FieldAnalyzer;
import org.apache.lucene.analysis.miscellaneous.PerFieldAnalyzerWrapper;
import java.util.HashMap;
import org.apache.lucene.queryparser.classic.QueryParser;
import org.apache.lucene.analysis.standard.StandardAnalyzer;
import org.apache.lucene.analysis.Analyzer;
import org.apache.lucene.search.ScoreDoc;
import org.apache.lucene.search.TopScoreDocCollector;
import org.apache.lucene.search.IndexSearcher;
import org.apache.lucene.index.IndexReader;
import org.apache.lucene.search.Query;
import java.io.IOException;
import org.apache.lucene.document.Field;
import org.apache.lucene.document.TextField;
import org.apache.lucene.document.Document;
import org.apache.lucene.index.DirectoryReader;
import org.apache.lucene.index.IndexWriter;
import org.apache.lucene.index.IndexWriterConfig;
import org.apache.lucene.store.RAMDirectory;
import org.apache.lucene.store.Directory;
import org.apache.lucene.util.Version;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class FieldAnalyzerTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
@Test
public void testAnalyzers() throws Exception {
Analyzer analyzer = new FieldAnalyzer(Version.LUCENE_43);
Directory index = new RAMDirectory();
String field1 = "product";
String text1 = "springframework";
String field2 = "vendor";
String text2 = "springsource";
createIndex(analyzer, index, field1, text1, field2, text2);
//Analyzer searchingAnalyzer = new SearchFieldAnalyzer(Version.LUCENE_43);
String querystr = "product:\"(Spring Framework Core)\" vendor:(SpringSource)";
SearchFieldAnalyzer searchAnalyzerProduct = new SearchFieldAnalyzer(Version.LUCENE_43);
SearchFieldAnalyzer searchAnalyzerVendor = new SearchFieldAnalyzer(Version.LUCENE_43);
HashMap<String, Analyzer> map = new HashMap<String, Analyzer>();
map.put(field1, searchAnalyzerProduct);
map.put(field2, searchAnalyzerVendor);
PerFieldAnalyzerWrapper wrapper = new PerFieldAnalyzerWrapper(new StandardAnalyzer(Version.LUCENE_43), map);
QueryParser parser = new QueryParser(Version.LUCENE_43, field1, wrapper);
Query q = parser.parse(querystr);
//System.out.println(q.toString());
int hitsPerPage = 10;
IndexReader reader = DirectoryReader.open(index);
IndexSearcher searcher = new IndexSearcher(reader);
TopScoreDocCollector collector = TopScoreDocCollector.create(hitsPerPage, true);
searcher.search(q, collector);
ScoreDoc[] hits = collector.topDocs().scoreDocs;
assertEquals("Did not find 1 document?", 1, hits.length);
searchAnalyzerProduct.clear(); //ensure we don't have anything left over from the previous search.
searchAnalyzerVendor.clear();
querystr = "product:(Apache Struts) vendor:(Apache)";
Query q2 = parser.parse(querystr);
//System.out.println(q2.toString());
assertFalse("second parsing contains previousWord from the TokenPairConcatenatingFilter", q2.toString().contains("core"));
}
private void createIndex(Analyzer analyzer, Directory index, String field1, String text1, String field2, String text2) throws IOException {
IndexWriterConfig config = new IndexWriterConfig(Version.LUCENE_43, analyzer);
IndexWriter w = new IndexWriter(index, config);
addDoc(w, field1, text1, field2, text2);
w.close();
}
private static void addDoc(IndexWriter w, String field1, String text1, String field2, String text2) throws IOException {
Document doc = new Document();
doc.add(new TextField(field1, text1, Field.Store.YES));
doc.add(new TextField(field2, text2, Field.Store.YES));
w.addDocument(doc);
}
}

95
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/lucene/LuceneUtilsTest.java Normal file
View File

@@ -0,0 +1,95 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.lucene;
import org.owasp.dependencycheck.data.lucene.LuceneUtils;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class LuceneUtilsTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of appendEscapedLuceneQuery method, of class LuceneUtils.
*/
@Test
public void testAppendEscapedLuceneQuery() {
StringBuilder buf = new StringBuilder();
CharSequence text = "test encoding + - & | ! ( ) { } [ ] ^ \" ~ * ? : \\";
String expResult = "test encoding \\+ \\- \\& \\| \\! \\( \\) \\{ \\} \\[ \\] \\^ \\\" \\~ \\* \\? \\: \\\\";
LuceneUtils.appendEscapedLuceneQuery(buf, text);
assertEquals(expResult, buf.toString());
}
/**
* Test of appendEscapedLuceneQuery method, of class LuceneUtils.
*/
@Test
public void testAppendEscapedLuceneQuery_null() {
StringBuilder buf = new StringBuilder();
CharSequence text = null;
LuceneUtils.appendEscapedLuceneQuery(buf, text);
assertEquals(0, buf.length());
}
/**
* Test of escapeLuceneQuery method, of class LuceneUtils.
*/
@Test
public void testEscapeLuceneQuery() {
CharSequence text = "test encoding + - & | ! ( ) { } [ ] ^ \" ~ * ? : \\";
String expResult = "test encoding \\+ \\- \\& \\| \\! \\( \\) \\{ \\} \\[ \\] \\^ \\\" \\~ \\* \\? \\: \\\\";
String result = LuceneUtils.escapeLuceneQuery(text);
assertEquals(expResult, result);
}
/**
* Test of escapeLuceneQuery method, of class LuceneUtils.
*/
@Test
public void testEscapeLuceneQuery_null() {
CharSequence text = null;
String expResult = null;
String result = LuceneUtils.escapeLuceneQuery(text);
assertEquals(expResult, result);
}
}

80
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilterTest.java Normal file
View File

@@ -0,0 +1,80 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.owasp.dependencycheck.data.lucene;
import java.io.IOException;
import java.io.Reader;
import org.apache.lucene.analysis.Analyzer;
import org.apache.lucene.analysis.BaseTokenStreamTestCase;
import static org.apache.lucene.analysis.BaseTokenStreamTestCase.assertAnalyzesTo;
import static org.apache.lucene.analysis.BaseTokenStreamTestCase.checkOneTerm;
import org.apache.lucene.analysis.MockTokenizer;
import org.apache.lucene.analysis.Tokenizer;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class TokenPairConcatenatingFilterTest extends BaseTokenStreamTestCase {
private Analyzer analyzer;
public TokenPairConcatenatingFilterTest() {
analyzer = new Analyzer() {
@Override
protected Analyzer.TokenStreamComponents createComponents(String fieldName,
Reader reader) {
Tokenizer source = new MockTokenizer(reader, MockTokenizer.WHITESPACE, false);
return new Analyzer.TokenStreamComponents(source, new TokenPairConcatenatingFilter(source));
}
};
}
@BeforeClass
public static void setUpClass() {
}
@AfterClass
public static void tearDownClass() {
}
@Before
public void setUp() throws Exception {
super.setUp();
}
@After
public void tearDown() throws Exception {
super.tearDown();
}
/**
* test some examples
*/
public void testExamples() throws IOException {
//TODO figure outwhy I am getting "Failed: incrementtoken() called while in wrong state"
// String[] expected = new String[3];
// expected[0] = "one";
// expected[1] = "onetwo";
// expected[2] = "two";
// checkOneTerm(analyzer, "one", "one");
// assertAnalyzesTo(analyzer, "two", new String[]{"onetwo", "two"});
//checkOneTerm(analyzer, "two", "onetwo");
//checkOneTerm(analyzer, "three", "two");
}
/**
* Test of clear method, of class TokenPairConcatenatingFilter.
*/
@Test
public void testClear() {
}
}

94
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/lucene/UrlTokenizingFilterTest.java Normal file
View File

@@ -0,0 +1,94 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.owasp.dependencycheck.data.lucene;
import java.io.IOException;
import java.io.Reader;
import org.apache.lucene.analysis.Analyzer;
import org.apache.lucene.analysis.Analyzer.TokenStreamComponents;
import org.apache.lucene.analysis.BaseTokenStreamTestCase;
import static org.apache.lucene.analysis.BaseTokenStreamTestCase.checkOneTerm;
import org.apache.lucene.analysis.MockTokenizer;
import org.apache.lucene.analysis.Tokenizer;
import org.apache.lucene.analysis.core.KeywordTokenizer;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class UrlTokenizingFilterTest extends BaseTokenStreamTestCase {
private Analyzer analyzer;
public UrlTokenizingFilterTest() {
analyzer = new Analyzer() {
@Override
protected TokenStreamComponents createComponents(String fieldName,
Reader reader) {
Tokenizer source = new MockTokenizer(reader, MockTokenizer.WHITESPACE, false);
return new TokenStreamComponents(source, new UrlTokenizingFilter(source));
}
};
}
@BeforeClass
public static void setUpClass() {
}
@AfterClass
public static void tearDownClass() {
}
@Before
public void setUp() throws Exception {
super.setUp();
}
@After
public void tearDown() throws Exception {
super.tearDown();
}
/**
* test some example domains
*/
public void testExamples() throws IOException {
String[] expected = new String[2];
expected[0] = "domain";
expected[1] = "test";
assertAnalyzesTo(analyzer, "http://www.domain.com/test.php", expected);
checkOneTerm(analyzer, "https://apache.org", "apache");
}
/**
* copied from
* http://svn.apache.org/repos/asf/lucene/dev/trunk/lucene/analysis/common/src/test/org/apache/lucene/analysis/en/TestEnglishMinimalStemFilter.java
* blast some random strings through the analyzer
*/
public void testRandomStrings() throws Exception {
checkRandomData(random(), analyzer, 1000 * RANDOM_MULTIPLIER);
}
/**
* copied from
* http://svn.apache.org/repos/asf/lucene/dev/trunk/lucene/analysis/common/src/test/org/apache/lucene/analysis/en/TestEnglishMinimalStemFilter.java
*
* @throws IOException
*/
public void testEmptyTerm() throws IOException {
Analyzer a = new Analyzer() {
@Override
protected TokenStreamComponents createComponents(String fieldName, Reader reader) {
Tokenizer tokenizer = new KeywordTokenizer(reader);
return new TokenStreamComponents(tokenizer, new UrlTokenizingFilter(tokenizer));
}
};
checkOneTermReuse(a, "", "");
}
}

121
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/BaseDBTestCase.java Normal file
View File

@@ -0,0 +1,121 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.nvdcve;
import org.owasp.dependencycheck.data.cpe.*;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import junit.framework.TestCase;
import org.owasp.dependencycheck.utils.Settings;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public abstract class BaseDBTestCase extends TestCase {
protected final static int BUFFER_SIZE = 2048;
@Override
protected void setUp() throws Exception {
super.setUp();
ensureDBExists();
}
protected static File getDataDirectory() throws IOException {
final String fileName = Settings.getString(Settings.KEYS.CVE_DATA_DIRECTORY);
final String dataDirectory = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
return new File(dataDirectory, fileName);
}
public static void ensureDBExists() throws Exception {
String indexPath = getDataDirectory().getCanonicalPath();
java.io.File f = new File(indexPath);
if (!f.exists() || (f.isDirectory() && f.listFiles().length == 0)) {
f.mkdirs();
FileInputStream fis = null;
ZipInputStream zin = null;
try {
File path = new File(BaseDBTestCase.class.getClassLoader().getResource("db.cve.zip").getPath());
fis = new FileInputStream(path);
zin = new ZipInputStream(new BufferedInputStream(fis));
ZipEntry entry;
while ((entry = zin.getNextEntry()) != null) {
if (entry.isDirectory()) {
continue;
}
FileOutputStream fos = null;
BufferedOutputStream dest = null;
try {
File o = new File(indexPath, entry.getName());
o.createNewFile();
fos = new FileOutputStream(o, false);
dest = new BufferedOutputStream(fos, BUFFER_SIZE);
byte data[] = new byte[BUFFER_SIZE];
int count;
while ((count = zin.read(data, 0, BUFFER_SIZE)) != -1) {
dest.write(data, 0, count);
}
} catch (Exception ex) {
Logger.getLogger(BaseDBTestCase.class.getName()).log(Level.FINEST, null, ex);
} finally {
try {
if (dest != null) {
dest.flush();
dest.close();
}
} catch (Throwable ex) {
Logger.getLogger(BaseDBTestCase.class.getName()).log(Level.FINEST, null, ex);
}
try {
if (fos != null) {
fos.close();
}
} catch (Throwable ex) {
Logger.getLogger(BaseDBTestCase.class.getName()).log(Level.FINEST, null, ex);
}
}
}
} finally {
try {
if (zin != null) {
zin.close();
}
} catch (Throwable ex) {
Logger.getLogger(BaseDBTestCase.class.getName()).log(Level.FINEST, null, ex);
}
try {
if (fis != null) {
fis.close();
}
} catch (Throwable ex) {
Logger.getLogger(BaseDBTestCase.class.getName()).log(Level.FINEST, null, ex);
}
}
}
}
}

105
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/CveDBTest.java Normal file
View File

@@ -0,0 +1,105 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.nvdcve;
import java.io.File;
import java.io.IOException;
import java.sql.SQLException;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class CveDBTest extends BaseDBTestCase {
@BeforeClass
public static void setUpClass() {
}
@AfterClass
public static void tearDownClass() {
}
@Before
@Override
public void setUp() throws Exception {
super.setUp();
}
@After
@Override
public void tearDown() throws Exception {
super.tearDown();
}
/**
* Pretty useless tests of open, commit, and close methods, of class CveDB.
*/
@Test
public void testOpen() throws Exception {
CveDB instance = new CveDB();
instance.open();
instance.commit();
instance.close();
}
/**
* Test of getCPEs method, of class CveDB.
*/
@Test
public void testGetCPEs() throws Exception {
CveDB instance = new CveDB();
try {
String vendor = "apache";
String product = "struts";
instance.open();
Set<VulnerableSoftware> result = instance.getCPEs(vendor, product);
assertTrue(result.size() > 5);
} finally {
instance.close();
}
}
/**
* Test of getVulnerabilities method, of class CveDB.
*/
@Test
public void testGetVulnerabilities() throws Exception {
String cpeStr = "cpe:/a:apache:struts:2.1.2";
CveDB instance = new CveDB();
try {
instance.open();
List result = instance.getVulnerabilities(cpeStr);
assertTrue(result.size() > 5);
} finally {
instance.close();
}
}
}

63
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/xml/DatabaseUpdaterIntegrationTest.java Normal file
View File

@@ -0,0 +1,63 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.nvdcve.xml;
import org.owasp.dependencycheck.data.nvdcve.xml.DatabaseUpdater;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class DatabaseUpdaterIntegrationTest {
public DatabaseUpdaterIntegrationTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of update method, of class DatabaseUpdater.
*
* @throws Exception
*/
@Test
public void testUpdate() throws Exception {
DatabaseUpdater instance = new DatabaseUpdater();
instance.update();
}
}

72
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/xml/NvdCve_1_2_HandlerTest.java Normal file
View File

@@ -0,0 +1,72 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.nvdcve.xml;
import org.owasp.dependencycheck.data.nvdcve.xml.NvdCve12Handler;
import java.io.File;
import java.util.List;
import java.util.Map;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class NvdCve_1_2_HandlerTest {
public NvdCve_1_2_HandlerTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
@Test
public void testParse() throws Exception {
SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser saxParser = factory.newSAXParser();
File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2012.xml").getPath());
NvdCve12Handler instance = new NvdCve12Handler();
saxParser.parse(file, instance);
Map<String, List<VulnerableSoftware>> results = instance.getVulnerabilities();
assertTrue("No vulnerable software identified with a previous version in 2012 CVE 1.2?", !results.isEmpty());
}
}

78
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/xml/NvdCve_2_0_HandlerTest.java Normal file
View File

@@ -0,0 +1,78 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.nvdcve.xml;
import org.owasp.dependencycheck.data.nvdcve.xml.NvdCve20Handler;
import java.io.File;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class NvdCve_2_0_HandlerTest {
public NvdCve_2_0_HandlerTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
@Test
public void testParse() {
Exception results = null;
try {
SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser saxParser = factory.newSAXParser();
File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2.0-2012.xml").getPath());
NvdCve20Handler instance = new NvdCve20Handler();
saxParser.parse(file, instance);
} catch (Exception ex) {
results = ex;
}
assertTrue("Exception thrown during parse of 2012 CVE version 2.0?", results == null);
if (results != null) {
System.err.println(results);
}
}
}

301
dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java Normal file
View File

@@ -0,0 +1,301 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.dependency;
import java.util.Set;
import org.owasp.dependencycheck.dependency.EvidenceCollection;
import org.owasp.dependencycheck.dependency.Identifier;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import java.io.File;
import java.util.List;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class DependencyTest {
public DependencyTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of getFileName method, of class Dependency.
*/
@Test
public void testGetFileName() {
Dependency instance = new Dependency();
String expResult = "filename";
instance.setFileName(expResult);
String result = instance.getFileName();
assertEquals(expResult, result);
}
/**
* Test of setFileName method, of class Dependency.
*/
@Test
public void testSetFileName() {
String fileName = "test.file";
Dependency instance = new Dependency();
instance.setFileName(fileName);
assertEquals(fileName, instance.getFileName());
}
/**
* Test of setActualFilePath method, of class Dependency.
*/
@Test
public void testSetActualFilePath() {
String actualFilePath = "test.file";
Dependency instance = new Dependency();
instance.setActualFilePath(actualFilePath);
assertEquals(actualFilePath, instance.getActualFilePath());
}
/**
* Test of getActualFilePath method, of class Dependency.
*/
@Test
public void testGetActualFilePath() {
Dependency instance = new Dependency();
String expResult = "test.file";
instance.setActualFilePath(expResult);
String result = instance.getActualFilePath();
assertEquals(expResult, result);
}
/**
* Test of setFilePath method, of class Dependency.
*/
@Test
public void testSetFilePath() {
String filePath = "test.file";
Dependency instance = new Dependency();
instance.setFilePath(filePath);
assertEquals(filePath, instance.getFilePath());
}
/**
* Test of getFilePath method, of class Dependency.
*/
@Test
public void testGetFilePath() {
Dependency instance = new Dependency();
String expResult = "path/test.file";
instance.setFilePath(expResult);
String result = instance.getFilePath();
assertEquals(expResult, result);
}
/**
* Test of setFileExtension method, of class Dependency.
*/
@Test
public void testSetFileExtension() {
String fileExtension = "jar";
Dependency instance = new Dependency();
instance.setFileExtension(fileExtension);
assertEquals(fileExtension, instance.getFileExtension());
}
/**
* Test of getFileExtension method, of class Dependency.
*/
@Test
public void testGetFileExtension() {
Dependency instance = new Dependency();
String expResult = "jar";
instance.setFileExtension(expResult);
String result = instance.getFileExtension();
assertEquals(expResult, result);
}
/**
* Test of getMd5sum method, of class Dependency.
*/
@Test
public void testGetMd5sum() {
File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
Dependency instance = new Dependency(file);
// assertEquals("89CE9E36AA9A9E03F1450936D2F4F8DD0F961F8B", result.getSha1sum());
String expResult = "C30B57142E1CCBC1EFD5CD15F307358F";
String result = instance.getMd5sum();
assertEquals(expResult, result);
}
/**
* Test of setMd5sum method, of class Dependency.
*/
@Test
public void testSetMd5sum() {
String md5sum = "test";
Dependency instance = new Dependency();
instance.setMd5sum(md5sum);
assertEquals(md5sum, instance.getMd5sum());
}
/**
* Test of getSha1sum method, of class Dependency.
*/
@Test
public void testGetSha1sum() {
File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
Dependency instance = new Dependency(file);
String expResult = "89CE9E36AA9A9E03F1450936D2F4F8DD0F961F8B";
String result = instance.getSha1sum();
assertEquals(expResult, result);
}
/**
* Test of setSha1sum method, of class Dependency.
*/
@Test
public void testSetSha1sum() {
String sha1sum = "test";
Dependency instance = new Dependency();
instance.setSha1sum(sha1sum);
assertEquals(sha1sum, instance.getSha1sum());
}
/**
* Test of getIdentifiers method, of class Dependency.
*/
@Test
public void testGetIdentifiers() {
Dependency instance = new Dependency();
List expResult = null;
Set<Identifier> result = instance.getIdentifiers();
assertTrue(true); //this is just a getter setter pair.
}
/**
* Test of setIdentifiers method, of class Dependency.
*/
@Test
public void testSetIdentifiers() {
Set<Identifier> identifiers = null;
Dependency instance = new Dependency();
instance.setIdentifiers(identifiers);
assertTrue(true); //this is just a getter setter pair.
}
/**
* Test of addIdentifier method, of class Dependency.
*/
@Test
public void testAddIdentifier() {
String type = "cpe";
String value = "cpe:/a:apache:struts:2.1.2";
String url = "http://somewhere";
Identifier expResult = new Identifier(type, value, url);
Dependency instance = new Dependency();
instance.addIdentifier(type, value, url);
assertEquals(1, instance.getIdentifiers().size());
assertTrue("Identifier doesn't contain expected result.", instance.getIdentifiers().contains(expResult));
}
/**
* Test of getEvidence method, of class Dependency.
*/
@Test
public void testGetEvidence() {
Dependency instance = new Dependency();
EvidenceCollection expResult = null;
EvidenceCollection result = instance.getEvidence();
assertTrue(true); //this is just a getter setter pair.
}
/**
* Test of getEvidenceUsed method, of class Dependency.
*/
@Test
public void testGetEvidenceUsed() {
Dependency instance = new Dependency();
String expResult = "used";
instance.getProductEvidence().addEvidence("used", "used", "used", Evidence.Confidence.HIGH);
instance.getProductEvidence().addEvidence("not", "not", "not", Evidence.Confidence.MEDIUM);
for (Evidence e : instance.getProductEvidence().iterator(Evidence.Confidence.HIGH)) {
String use = e.getValue();
}
EvidenceCollection result = instance.getEvidenceUsed();
assertEquals(1, result.size());
assertTrue(result.containsUsedString(expResult));
}
/**
* Test of getVendorEvidence method, of class Dependency.
*/
@Test
public void testGetVendorEvidence() {
Dependency instance = new Dependency();
EvidenceCollection expResult = null;
EvidenceCollection result = instance.getVendorEvidence();
assertTrue(true); //this is just a getter setter pair.
}
/**
* Test of getProductEvidence method, of class Dependency.
*/
@Test
public void testGetProductEvidence() {
Dependency instance = new Dependency();
EvidenceCollection expResult = null;
EvidenceCollection result = instance.getProductEvidence();
assertTrue(true); //this is just a getter setter pair.
}
/**
* Test of getVersionEvidence method, of class Dependency.
*/
@Test
public void testGetVersionEvidence() {
Dependency instance = new Dependency();
EvidenceCollection expResult = null;
EvidenceCollection result = instance.getVersionEvidence();
assertTrue(true); //this is just a getter setter pair.
}
}

92
dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java Normal file
View File

@@ -0,0 +1,92 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.dependency;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class VulnerableSoftwareTest {
public VulnerableSoftwareTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of equals method, of class VulnerableSoftware.
*/
@Test
public void testEquals() {
VulnerableSoftware obj = new VulnerableSoftware();
obj.setCpe("cpe:/a:mortbay:jetty:6.1.0");
VulnerableSoftware instance = new VulnerableSoftware();
instance.setCpe("cpe:/a:mortbay:jetty:6.1");
boolean expResult = false;
boolean result = instance.equals(obj);
assertEquals(expResult, result);
}
/**
* Test of hashCode method, of class VulnerableSoftware.
*/
@Test
public void testHashCode() {
VulnerableSoftware instance = new VulnerableSoftware();
instance.setCpe("cpe:/a:mortbay:jetty:6.1");
int expResult = 1849413912;
int result = instance.hashCode();
assertEquals(expResult, result);
}
/**
* Test of compareTo method, of class VulnerableSoftware.
*/
@Test
public void testCompareTo() {
VulnerableSoftware vs = new VulnerableSoftware();
vs.setCpe("cpe:/a:mortbay:jetty:6.1.0");
VulnerableSoftware instance = new VulnerableSoftware();
instance.setCpe("cpe:/a:mortbay:jetty:6.1");
int expResult = -2;
int result = instance.compareTo(vs);
assertEquals(expResult, result);
}
}

110
dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorTest.java Normal file
View File

@@ -0,0 +1,110 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.reporting;
import org.owasp.dependencycheck.data.cpe.BaseIndexTestCase;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class ReportGeneratorTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of generateReport method, of class ReportGenerator.
*
* @throws Exception is thrown when an exception occurs.
*/
@Test
public void testGenerateReport() throws Exception {
String templateName = "HtmlReport";
// File f = new File("target/test-reports");
// if (!f.exists()) {
// f.mkdir();
// }
// String writeTo = "target/test-reports/Report.html";
// Map<String, Object> properties = new HashMap<String, Object>();
// Dependency d = new Dependency();
// d.setFileName("FileName.jar");
// d.setActualFilePath("lib/FileName.jar");
// d.addCPEentry("cpe://a:/some:cpe:1.0");
//
// List<Dependency> dependencies = new ArrayList<Dependency>();
// d.getProductEvidence().addEvidence("jar","filename","<test>test", Confidence.HIGH);
// d.getProductEvidence().addEvidence("manifest","vendor","<test>test", Confidence.HIGH);
//
// for (Evidence e : d.getProductEvidence().iterator(Confidence.HIGH)) {
// String t = e.getValue();
// }
// dependencies.add(d);
//
// Dependency d2 = new Dependency();
// d2.setFileName("Another.jar");
// d2.setActualFilePath("lib/Another.jar");
// d2.addCPEentry("cpe://a:/another:cpe:1.0");
// d2.addCPEentry("cpe://a:/another:cpe:1.1");
// d2.addCPEentry("cpe://a:/another:cpe:1.2");
// d2.getProductEvidence().addEvidence("jar","filename","another.jar", Confidence.HIGH);
// d2.getProductEvidence().addEvidence("manifest","vendor","Company A", Confidence.MEDIUM);
//
// for (Evidence e : d2.getProductEvidence().iterator(Confidence.HIGH)) {
// String t = e.getValue();
// }
//
// dependencies.add(d2);
//
// Dependency d3 = new Dependency();
// d3.setFileName("Third.jar");
// d3.setActualFilePath("lib/Third.jar");
// d3.getProductEvidence().addEvidence("jar","filename","third.jar", Confidence.HIGH);
//
// for (Evidence e : d3.getProductEvidence().iterator(Confidence.HIGH)) {
// String t = e.getValue();
// }
//
// dependencies.add(d3);
//
// properties.put("dependencies",dependencies);
//
// ReportGenerator instance = new ReportGenerator();
// instance.generateReport(templateName, writeTo, properties);
//assertTrue("need to add a real check here", false);
}
}

150
dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/ChecksumTest.java Normal file
View File

@@ -0,0 +1,150 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.utils;
import org.owasp.dependencycheck.utils.Checksum;
import java.io.File;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class ChecksumTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() throws Exception {
}
@After
public void tearDown() throws Exception {
}
/**
* Test of getChecksum method, of class Checksum.
*
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testGetChecksum() throws Exception {
String algorithm = "MD5";
File file = new File(this.getClass().getClassLoader().getResource("checkSumTest.file").getPath());
byte[] expResult = {-16, -111, 92, 95, 70, -72, -49, -94, -125, -27, -83, 103, -96, -101, 55, -109};
byte[] result = Checksum.getChecksum(algorithm, file);
boolean arraysAreEqual = true;
if (expResult.length == result.length) {
for (int i = 0; arraysAreEqual && i < result.length; i++) {
arraysAreEqual = result[i] == expResult[i];
}
} else {
Assert.fail("Checksum results do not match expected results.");
}
Assert.assertTrue(arraysAreEqual);
}
/**
* Test of getChecksum method, of class Checksum. This checks that an
* exception is thrown when an invalid path is specified.
*
* @throws Exception is thrown when an exception occurs.
*/
@Test
public void testGetChecksum_FileNotFound() throws Exception {
String algorithm = "MD5";
File file = new File("not a valid file");
boolean exceptionThrown = false;
try {
byte[] result = Checksum.getChecksum(algorithm, file);
} catch (IOException ex) {
exceptionThrown = true;
}
Assert.assertTrue(exceptionThrown);
}
/**
* Test of getChecksum method, of class Checksum. This checks that an
* exception is thrown when an invalid algorithm is specified.
*
* @throws Exception is thrown when an exception occurs.
*/
@Test
public void testGetChecksum_NoSuchAlgorithm() throws Exception {
String algorithm = "some unknown algorithm";
File file = new File(this.getClass().getClassLoader().getResource("checkSumTest.file").getPath());
boolean exceptionThrown = false;
try {
byte[] result = Checksum.getChecksum(algorithm, file);
} catch (NoSuchAlgorithmException ex) {
exceptionThrown = true;
}
Assert.assertTrue(exceptionThrown);
}
/**
* Test of getMD5Checksum method, of class Checksum.
*
* @throws Exception is thrown when an exception occurs.
*/
@Test
public void testGetMD5Checksum() throws Exception {
File file = new File(this.getClass().getClassLoader().getResource("checkSumTest.file").getPath());
String expResult = "F0915C5F46B8CFA283E5AD67A09B3793";
String result = Checksum.getMD5Checksum(file);
Assert.assertEquals(expResult, result);
}
/**
* Test of getSHA1Checksum method, of class Checksum.
*
* @throws Exception is thrown when an exception occurs.
*/
@Test
public void testGetSHA1Checksum() throws Exception {
File file = new File(this.getClass().getClassLoader().getResource("checkSumTest.file").getPath());
String expResult = "B8A9FF28B21BCB1D0B50E24A5243D8B51766851A";
String result = Checksum.getSHA1Checksum(file);
Assert.assertEquals(expResult, result);
}
/**
* Test of getHex method, of class Checksum.
*/
@Test
public void testGetHex() {
byte[] raw = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16};
String expResult = "000102030405060708090A0B0C0D0E0F10";
String result = Checksum.getHex(raw);
Assert.assertEquals(expResult, result);
}
}

177
dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionTest.java Normal file
View File

@@ -0,0 +1,177 @@
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package org.owasp.dependencycheck.utils;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class DependencyVersionTest {
public DependencyVersionTest() {
}
@BeforeClass
public static void setUpClass() {
}
@AfterClass
public static void tearDownClass() {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of parseVersion method, of class DependencyVersion.
*/
@Test
public void testParseVersion() {
String version = "1.2r1";
DependencyVersion instance = new DependencyVersion();
instance.parseVersion(version);
List<String> parts = instance.getVersionParts();
assertEquals(3, parts.size());
assertEquals("1", parts.get(0));
assertEquals("2", parts.get(1));
assertEquals("r1", parts.get(2));
instance.parseVersion("x6.0");
parts = instance.getVersionParts();
assertEquals(2, parts.size());
assertEquals("x6", parts.get(0));
assertEquals("0", parts.get(1));
//assertEquals("0", parts.get(2));
}
/**
* Test of iterator method, of class DependencyVersion.
*/
@Test
public void testIterator() {
DependencyVersion instance = new DependencyVersion("1.2.3");
Iterator result = instance.iterator();
int count = 1;
while (result.hasNext()) {
String v = (String) result.next();
assertTrue(String.valueOf(count++).equals(v));
}
}
/**
* Test of toString method, of class DependencyVersion.
*/
@Test
public void testToString() {
DependencyVersion instance = new DependencyVersion("1.2.3r1");
String expResult = "1.2.3.r1";
String result = instance.toString();
assertEquals(expResult, result);
}
/**
* Test of equals method, of class DependencyVersion.
*/
@Test
public void testEquals() {
DependencyVersion obj = new DependencyVersion("1.2.3.r1");
DependencyVersion instance = new DependencyVersion("1.2.3");
boolean expResult = false;
boolean result = instance.equals(obj);
assertEquals(expResult, result);
obj = new DependencyVersion("1.2.3");
expResult = true;
result = instance.equals(obj);
assertEquals(expResult, result);
}
/**
* Test of hashCode method, of class DependencyVersion.
*/
@Test
public void testHashCode() {
System.out.println("hashCode");
DependencyVersion instance = new DependencyVersion("3.2.1");
int expResult = 80756;
int result = instance.hashCode();
assertEquals(expResult, result);
}
/**
* Test of matchesAtLeastThreeLevels method, of class DependencyVersion.
*/
@Test
public void testMatchesAtLeastThreeLevels() {
DependencyVersion instance = new DependencyVersion("1.2.3.4");
DependencyVersion version = new DependencyVersion("1.2.3.5");
//true tests
assertEquals(true, instance.matchesAtLeastThreeLevels(version));
version = new DependencyVersion("1.2");
assertEquals(true, instance.matchesAtLeastThreeLevels(version));
//false tests
version = new DependencyVersion("1.2.2.5");
assertEquals(false, instance.matchesAtLeastThreeLevels(version));
version = new DependencyVersion("2");
assertEquals(false, instance.matchesAtLeastThreeLevels(version));
}
/**
* Test of compareTo method, of class DependencyVersion.
*/
@Test
public void testCompareTo() {
DependencyVersion instance = new DependencyVersion("1.2.3");
DependencyVersion version = new DependencyVersion("1.2.3");
int expResult = 0;
assertEquals(0, instance.compareTo(version));
version = new DependencyVersion("1.1");
assertEquals(1, instance.compareTo(version));
version = new DependencyVersion("1.2");
assertEquals(1, instance.compareTo(version));
version = new DependencyVersion("1.3");
assertEquals(-1, instance.compareTo(version));
version = new DependencyVersion("1.2.3.1");
assertEquals(-1, instance.compareTo(version));
DependencyVersion[] dv = new DependencyVersion[7];
dv[0] = new DependencyVersion("2.1.3");
dv[1] = new DependencyVersion("2.1.3.r2");
dv[2] = new DependencyVersion("2.1.3.r1");
dv[3] = new DependencyVersion("1.2.3.1");
dv[4] = new DependencyVersion("1.2.3");
dv[5] = new DependencyVersion("2");
dv[6] = new DependencyVersion("-");
DependencyVersion[] expected = new DependencyVersion[7];
expected[0] = new DependencyVersion("-");
expected[1] = new DependencyVersion("1.2.3");
expected[2] = new DependencyVersion("1.2.3.1");
expected[3] = new DependencyVersion("2");
expected[4] = new DependencyVersion("2.1.3");
expected[5] = new DependencyVersion("2.1.3.r1");
expected[6] = new DependencyVersion("2.1.3.r2");
java.util.Arrays.sort(dv);
assertArrayEquals(expected, dv);
}
}

81
dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionUtilTest.java Normal file
View File

@@ -0,0 +1,81 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.utils;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class DependencyVersionUtilTest {
public DependencyVersionUtilTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of parseVersion method, of class DependencyVersionUtil.
*/
@Test
public void testParseVersionFromFileName() {
final String[] fileName = {"something-0.9.5.jar", "lib2-1.1.jar", "lib1.5r4-someflag-R26.jar",
"lib-1.2.5-dev-20050313.jar", "testlib_V4.4.0.jar", "lib-core-2.0.0-RC1-SNAPSHOT.jar",
"lib-jsp-2.0.1_R114940.jar", "dev-api-2.3.11_R121413.jar", "lib-api-3.7-SNAPSHOT.jar",
"-", "", "1.3-beta", "6"};
final String[] expResult = {"0.9.5", "1.1", "1.5.r4", "1.2.5", "4.4.0", "2.0.0.rc1",
"2.0.1.r114940", "2.3.11.r121413", "3.7", "-", null, "1.3.beta", "6"};
for (int i = 0; i < fileName.length; i++) {
final DependencyVersion version = DependencyVersionUtil.parseVersion(fileName[i]);
String result = null;
if (version != null) {
result = version.toString();
}
assertEquals("Failed extraction on \"" + fileName[i] + "\".", expResult[i], result);
}
String[] failingNames = {"no-version-identified.jar", "somelib-04aug2000r7-dev.jar", /*"no.version15.jar",*/
"lib_1.0_spec-1.1.jar", "lib-api_1.0_spec-1.0.1.jar"};
for (String failingName : failingNames) {
final DependencyVersion version = DependencyVersionUtil.parseVersion(failingName);
assertNull("Found version in name that should have failed \"" + failingName + "\".", version);
}
}
}

82
dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java Normal file
View File

@@ -0,0 +1,82 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.utils;
import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.utils.Downloader;
import java.net.URL;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class DownloaderIntegrationTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of fetchFile method, of class Downloader.
*
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testFetchFile() throws Exception {
// Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, "1000");
// Settings.setString(Settings.KEYS.PROXY_PORT, "8080");
// Settings.setString(Settings.KEYS.PROXY_URL, "127.0.0.1");
URL url = new URL(Settings.getString(Settings.KEYS.CPE_URL));
String outputPath = "target/downloaded_cpe.xml";
Downloader.fetchFile(url, outputPath, true);
url = new URL("http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2010.xml");
outputPath = "target/downloaded_cve.xml";
Downloader.fetchFile(url, outputPath, false);
}
@Test
public void testGetLastModified() throws Exception {
URL url = new URL("http://nvd.nist.gov/download/nvdcve-2012.xml");
long timestamp = Downloader.getLastModified(url);
assertTrue("timestamp equal to zero?", timestamp > 0);
}
}

81
dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java Normal file
View File

@@ -0,0 +1,81 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.utils;
import java.io.File;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class FileUtilsTest {
public FileUtilsTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of getFileExtension method, of class FileUtils.
*/
@Test
public void testGetFileExtension() {
String[] fileName = {"something-0.9.5.jar", "lib2-1.1.js"};
String[] expResult = {"jar", "js"};
for (int i = 0; i < fileName.length; i++) {
String result = FileUtils.getFileExtension(fileName[i]);
assertEquals("Failed extraction on \"" + fileName[i] + "\".", expResult[i], result);
}
}
/**
* Test of delete method, of class FileUtils.
*/
@Test
public void testDelete() throws Exception {
File file = File.createTempFile("tmp", "deleteme");
if (!file.exists()) {
fail("Unable to create a temporary file.");
}
FileUtils.delete(file);
assertFalse("Temporary file exists after attempting deletion", file.exists());
}
}

94
dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/FilterTest.java Normal file
View File

@@ -0,0 +1,94 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.utils;
import org.owasp.dependencycheck.utils.Filter;
import java.util.List;
import java.util.ArrayList;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class FilterTest {
public FilterTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of passes method, of class Filter.
*/
@Test
public void testPasses() {
String keep = "keep";
String fail = "fail";
assertTrue("String contained keep - but passes returned false.", TEST_FILTER.passes(keep));
assertFalse("String contained fail - but passes returned true.", TEST_FILTER.passes(fail));
}
/**
* Test of filter method, of class Filter.
*/
@Test
public void testFilter_Iterable() {
List<String> testData = new ArrayList<String>();
testData.add("keep");
testData.add("remove");
testData.add("keep");
List<String> expResults = new ArrayList<String>();
expResults.add("keep");
expResults.add("keep");
List<String> actResults = new ArrayList<String>();
for (String s : TEST_FILTER.filter(testData)) {
actResults.add(s);
}
assertArrayEquals(expResults.toArray(), actResults.toArray());
}
private static final Filter<String> TEST_FILTER =
new Filter<String>() {
public boolean passes(String str) {
return str.contains("keep");
}
};
}

166
dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java Normal file
View File

@@ -0,0 +1,166 @@
/*
* This file is part of dependency-check-core.
*
* Dependency-check-core is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-check-core is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* dependency-check-core. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.utils;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings;
import java.io.File;
import java.io.IOException;
import java.net.URISyntaxException;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class SettingsTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() throws Exception {
}
@After
public void tearDown() throws Exception {
}
/**
* Test of getString method, of class Settings.
*/
@Test
public void testGetString() {
String key = Settings.KEYS.CPE_DATA_DIRECTORY;
String expResult = "cpe";
String result = Settings.getString(key);
Assert.assertTrue(result.endsWith(expResult));
}
/**
* Test of getFile method, of class Settings.
*/
@Test
public void testGetFile() {
String key = Settings.KEYS.CPE_DATA_DIRECTORY;
String expResult = "data" + File.separator + "cpe";
File result = Settings.getFile(key);
Assert.assertTrue(result.getAbsolutePath().endsWith(expResult));
key = "an invalid key!!!";
result = Settings.getFile(key, expResult);
Assert.assertTrue(result.getAbsolutePath().endsWith(expResult));
}
/**
* Test of mergeProperties method, of class Settings.
*/
@Test
public void testMergeProperties_String() throws IOException, URISyntaxException {
String key = Settings.KEYS.PROXY_PORT;
String expResult = Settings.getString(key);
File f = new File(this.getClass().getClassLoader().getResource("test.properties").toURI());
//InputStream in = this.getClass().getClassLoader().getResourceAsStream("test.properties");
Settings.mergeProperties(f.getAbsolutePath());
String result = Settings.getString(key);
Assert.assertTrue("setting didn't change?", (expResult == null && result != null) || !expResult.equals(result));
}
/**
* Test of setString method, of class Settings.
*/
@Test
public void testSetString() {
String key = "newProperty";
String value = "someValue";
Settings.setString(key, value);
String expResults = Settings.getString(key);
Assert.assertEquals(expResults, value);
}
/**
* Test of getString method, of class Settings.
*/
@Test
public void testGetString_String_String() {
String key = "key That Doesn't Exist";
String defaultValue = "blue bunny";
String expResult = "blue bunny";
String result = Settings.getString(key);
Assert.assertTrue(result == null);
result = Settings.getString(key, defaultValue);
Assert.assertEquals(expResult, result);
}
/**
* Test of getString method, of class Settings.
*/
@Test
public void testGetString_String() {
String key = Settings.KEYS.CONNECTION_TIMEOUT;
String result = Settings.getString(key);
Assert.assertTrue(result == null);
}
/**
* Test of getInt method, of class Settings.
*/
@Test
public void testGetInt() throws InvalidSettingException {
String key = "SomeNumber";
int expResult = 85;
Settings.setString(key, "85");
int result = Settings.getInt(key);
Assert.assertEquals(expResult, result);
}
/**
* Test of getLong method, of class Settings.
*/
@Test
public void testGetLong() throws InvalidSettingException {
String key = "SomeNumber";
long expResult = 300L;
Settings.setString(key, "300");
long result = Settings.getLong(key);
Assert.assertEquals(expResult, result);
}
/**
* Test of getBoolean method, of class Settings.
*/
@Test
public void testGetBoolean() throws InvalidSettingException {
String key = "SomeBoolean";
Settings.setString(key, "false");
boolean expResult = false;
boolean result = Settings.getBoolean(key);
Assert.assertEquals(expResult, result);
}
}

189
dependency-check-core/src/test/resources/MANIFEST.MF Normal file
View File

@@ -0,0 +1,189 @@
Manifest-Version: 1.0
Archiver-Version: Plexus Archiver
Created-By: 1.5.0_10 (Sun Microsystems Inc.)
Built-By: dbrown
Build-Jdk: 1.5.0_10
Bundle-License: http://www.apache.org/licenses/LICENSE-2.0.txt
Import-Package: com.opensymphony.xwork2,com.opensymphony.xwork2.config
,com.opensymphony.xwork2.config.entities,com.opensymphony.xwork2.conf
ig.providers,com.opensymphony.xwork2.conversion,com.opensymphony.xwor
k2.conversion.impl,com.opensymphony.xwork2.inject,com.opensymphony.xw
ork2.interceptor,com.opensymphony.xwork2.ognl,com.opensymphony.xwork2
.util,com.opensymphony.xwork2.util.location,com.opensymphony.xwork2.u
til.logging,com.opensymphony.xwork2.util.profiling,com.opensymphony.x
work2.util.reflection,com.opensymphony.xwork2.validator,freemarker.ca
che,freemarker.core,freemarker.ext.beans,freemarker.ext.jsp,freemarke
r.ext.servlet,freemarker.ext.util,freemarker.template,javax.servlet,j
avax.servlet.http,javax.servlet.jsp,javax.servlet.jsp.tagext,javax.xm
l.transform,javax.xml.transform.dom,javax.xml.transform.stream,ognl,o
rg.apache.commons.fileupload;version="1.2",org.apache.commons.fileupl
oad.disk;version="1.2",org.apache.commons.fileupload.servlet;version=
"1.2",org.apache.struts2;version="2.1.2",org.apache.struts2.component
s;version="2.1.2",org.apache.struts2.components.template;version="2.1
.2",org.apache.struts2.config;version="2.1.2",org.apache.struts2.disp
atcher;version="2.1.2",org.apache.struts2.dispatcher.mapper;version="
2.1.2",org.apache.struts2.dispatcher.multipart;version="2.1.2",org.ap
ache.struts2.impl;version="2.1.2",org.apache.struts2.interceptor;vers
ion="2.1.2",org.apache.struts2.interceptor.debugging;version="2.1.2",
org.apache.struts2.interceptor.validation;version="2.1.2",org.apache.
struts2.servlet.interceptor;version="2.1.2",org.apache.struts2.static
;version="2.1.2",org.apache.struts2.util;version="2.1.2",org.apache.s
truts2.views;version="2.1.2",org.apache.struts2.views.annotations;ver
sion="2.1.2",org.apache.struts2.views.freemarker;version="2.1.2",org.
apache.struts2.views.freemarker.tags;version="2.1.2",org.apache.strut
s2.views.jsp;version="2.1.2",org.apache.struts2.views.jsp.iterator;ve
rsion="2.1.2",org.apache.struts2.views.jsp.ui;version="2.1.2",org.apa
che.struts2.views.jsp.ui.table;version="2.1.2",org.apache.struts2.vie
ws.util;version="2.1.2",org.apache.struts2.views.velocity;version="2.
1.2",org.apache.struts2.views.velocity.components;version="2.1.2",org
.apache.struts2.views.xslt;version="2.1.2",org.apache.velocity,org.ap
ache.velocity.app,org.apache.velocity.context,org.apache.velocity.exc
eption,org.apache.velocity.runtime.directive,org.apache.velocity.runt
ime.parser.node,org.apache.velocity.runtime.resource.loader,org.apach
e.velocity.tools.view,org.apache.velocity.tools.view.context,org.apac
he.velocity.tools.view.servlet,org.w3c.dom,org.xml.sax,template.archi
ve.ajax;version="2.1.2",template.archive.simple;version="2.1.2",templ
ate.archive.xhtml;version="2.1.2",template.css_xhtml;version="2.1.2",
template.simple;version="2.1.2",template.xhtml;version="2.1.2"
Bnd-LastModified: 1209700736700
Export-Package: org.apache.struts2.views.xslt;uses:="javax.servlet.htt
p,com.opensymphony.xwork2,org.xml.sax,org.apache.struts2,org.w3c.dom,
com.opensymphony.xwork2.util.logging,javax.xml.transform,javax.xml.tr
ansform.dom,com.opensymphony.xwork2.util,javax.servlet,com.opensympho
ny.xwork2.inject,javax.xml.transform.stream";version="2.1.2",org.apac
he.struts2.static;version="2.1.2",org.apache.struts2.views;uses:="org
.apache.struts2.views.freemarker.tags,javax.servlet.http,com.opensymp
hony.xwork2.util,javax.servlet,org.apache.struts2.views.velocity.comp
onents";version="2.1.2",org.apache.struts2.views.freemarker.tags;uses
:="freemarker.ext.beans,freemarker.template,javax.servlet.http,com.op
ensymphony.xwork2.util,org.apache.struts2.components,com.opensymphony
.xwork2.util.logging,com.opensymphony.xwork2.inject";version="2.1.2",
template.archive.xhtml;version="2.1.2",org.apache.struts2.dispatcher.
mapper;uses:="javax.servlet.http,com.opensymphony.xwork2,com.opensymp
hony.xwork2.config,org.apache.struts2,com.opensymphony.xwork2.util.lo
gging,org.apache.struts2.dispatcher,org.apache.struts2.util,com.opens
ymphony.xwork2.config.entities,com.opensymphony.xwork2.inject";versio
n="2.1.2",org.apache.struts2;uses:="com.opensymphony.xwork2,javax.ser
vlet.http,com.opensymphony.xwork2.util,org.apache.struts2.dispatcher.
mapper,javax.servlet,javax.servlet.jsp,com.opensymphony.xwork2.util.l
ocation";version="2.1.2",template.css_xhtml;version="2.1.2",template.
archive.ajax;version="2.1.2",org.apache.struts2.interceptor;uses:="co
m.opensymphony.xwork2,javax.servlet.http,org.apache.struts2.servlet.i
nterceptor,org.apache.struts2.dispatcher.mapper,org.apache.struts2,co
m.opensymphony.xwork2.util.logging,org.apache.struts2.dispatcher,com.
opensymphony.xwork2.util,javax.servlet,org.apache.struts2.util,com.op
ensymphony.xwork2.config.entities,com.opensymphony.xwork2.util.profil
ing,com.opensymphony.xwork2.inject,org.apache.struts2.dispatcher.mult
ipart,com.opensymphony.xwork2.interceptor";version="2.1.2",org.apache
.struts2.dispatcher;uses:="org.apache.struts2.views,javax.servlet.htt
p,org.apache.struts2.dispatcher.mapper,com.opensymphony.xwork2.config
,org.apache.struts2,com.opensymphony.xwork2.config.providers,org.apac
he.struts2.views.freemarker,freemarker.template,javax.servlet,org.apa
che.struts2.views.velocity,org.apache.struts2.util,com.opensymphony.x
work2.config.entities,org.apache.velocity.app,org.apache.velocity,org
.apache.velocity.context,com.opensymphony.xwork2.inject,com.opensymph
ony.xwork2.util.location,com.opensymphony.xwork2,com.opensymphony.xwo
rk2.util.logging,com.opensymphony.xwork2.util.reflection,javax.servle
t.jsp,org.apache.struts2.views.util,org.apache.struts2.config,com.ope
nsymphony.xwork2.util,com.opensymphony.xwork2.util.profiling,org.apac
he.struts2.dispatcher.multipart";version="2.1.2",org.apache.struts2.v
iews.freemarker;uses:="com.opensymphony.xwork2,javax.servlet.http,org
.apache.struts2.views,freemarker.ext.jsp,freemarker.cache,org.apache.
struts2,freemarker.ext.util,com.opensymphony.xwork2.util.logging,org.
apache.struts2.dispatcher,org.apache.struts2.views.util,freemarker.ex
t.servlet,freemarker.ext.beans,freemarker.template,freemarker.core,co
m.opensymphony.xwork2.util,javax.servlet,com.opensymphony.xwork2.inje
ct";version="2.1.2",org.apache.struts2.interceptor.validation;uses:="
com.opensymphony.xwork2,javax.servlet.http,org.apache.struts2,com.ope
nsymphony.xwork2.validator,com.opensymphony.xwork2.util.logging,com.o
pensymphony.xwork2.interceptor";version="2.1.2",org.apache.struts2.ut
il;uses:="javax.servlet.http,com.opensymphony.xwork2,com.opensymphony
.xwork2.conversion.impl,com.opensymphony.xwork2.util.logging,org.apac
he.struts2.dispatcher,org.apache.struts2.views.util,javax.servlet.jsp
,org.apache.velocity.exception,com.opensymphony.xwork2.util,javax.ser
vlet,org.apache.struts2.views.jsp.ui,org.apache.velocity.app,org.apac
he.velocity.context,com.opensymphony.xwork2.inject";version="2.1.2",o
rg.apache.struts2.views.velocity;uses:="javax.servlet.http,org.apache
.struts2.views,com.opensymphony.xwork2,org.apache.velocity.tools.view
,org.apache.struts2,com.opensymphony.xwork2.util.logging,org.apache.s
truts2.views.util,org.apache.velocity.tools.view.servlet,org.apache.v
elocity.tools.view.context,org.apache.velocity.exception,org.apache.v
elocity.runtime.resource.loader,com.opensymphony.xwork2.util,javax.se
rvlet,org.apache.struts2.util,org.apache.velocity.app,com.opensymphon
y.xwork2.inject,org.apache.velocity.context,org.apache.velocity";vers
ion="2.1.2",template.simple;version="2.1.2",org.apache.struts2.interc
eptor.debugging;uses:="com.opensymphony.xwork2,javax.servlet.http,org
.apache.struts2,com.opensymphony.xwork2.util.logging,com.opensymphony
.xwork2.util.reflection,org.apache.struts2.views.freemarker,com.opens
ymphony.xwork2.util,com.opensymphony.xwork2.inject,com.opensymphony.x
work2.interceptor";version="2.1.2",org.apache.struts2.views.jsp.ui;us
es:="javax.servlet.http,com.opensymphony.xwork2.util,org.apache.strut
s2.components,javax.servlet.jsp.tagext,org.apache.struts2.views.jsp,c
om.opensymphony.xwork2.inject,ognl,javax.servlet.jsp,com.opensymphony
.xwork2.ognl";version="2.1.2",org.apache.struts2.views.annotations;ve
rsion="2.1.2",template.archive.simple;version="2.1.2",org.apache.stru
ts2.servlet.interceptor;uses:="javax.servlet.http,org.apache.struts2.
interceptor";version="2.1.2",org.apache.struts2.components;uses:="jav
ax.servlet.http,org.apache.struts2.dispatcher.mapper,com.opensymphony
.xwork2.config,org.apache.struts2,org.apache.struts2.dispatcher,javax
.servlet,org.apache.struts2.util,com.opensymphony.xwork2.config.entit
ies,com.opensymphony.xwork2.inject,org.apache.struts2.views.annotatio
ns,com.opensymphony.xwork2.interceptor,com.opensymphony.xwork2,org.ap
ache.struts2.views.jsp,org.apache.struts2.components.template,com.ope
nsymphony.xwork2.util.logging,com.opensymphony.xwork2.validator,com.o
pensymphony.xwork2.util.reflection,javax.servlet.jsp,org.apache.strut
s2.views.util,com.opensymphony.xwork2.util";version="2.1.2",org.apach
e.struts2.views.jsp.iterator;uses:="javax.servlet.http,com.opensympho
ny.xwork2.util,org.apache.struts2.util,org.apache.struts2.components,
org.apache.struts2.views.jsp,com.opensymphony.xwork2.util.logging,jav
ax.servlet.jsp,org.apache.struts2.views.annotations";version="2.1.2",
org.apache.struts2.components.template;uses:="com.opensymphony.xwork2
,javax.servlet.http,freemarker.cache,org.apache.struts2.components,co
m.opensymphony.xwork2.config,com.opensymphony.xwork2.util.logging,jav
ax.servlet.jsp,org.apache.struts2.views.freemarker,freemarker.templat
e,com.opensymphony.xwork2.util,freemarker.core,javax.servlet,org.apac
he.struts2.views.velocity,org.apache.velocity.app,org.apache.velocity
.context,org.apache.velocity,com.opensymphony.xwork2.inject";version=
"2.1.2",org.apache.struts2.views.jsp;uses:="com.opensymphony.xwork2,j
avax.servlet.http,org.apache.struts2.dispatcher.mapper,org.apache.str
uts2.components,com.opensymphony.xwork2.config,javax.servlet.jsp.tage
xt,org.apache.struts2,com.opensymphony.xwork2.util.logging,org.apache
.struts2.dispatcher,org.apache.struts2.views.util,javax.servlet.jsp,c
om.opensymphony.xwork2.util,javax.servlet,org.apache.struts2.util,com
.opensymphony.xwork2.inject";version="2.1.2",org.apache.struts2.views
.velocity.components;uses:="org.apache.velocity.exception,javax.servl
et.http,com.opensymphony.xwork2.util,org.apache.velocity.runtime.pars
er.node,org.apache.struts2.components,com.opensymphony.xwork2.inject,
org.apache.velocity.context,org.apache.velocity.runtime.directive";ve
rsion="2.1.2",org.apache.struts2.config;uses:="com.opensymphony.xwork
2,org.apache.struts2.dispatcher.mapper,com.opensymphony.xwork2.conver
sion.impl,org.apache.struts2.components,com.opensymphony.xwork2.confi
g,org.apache.struts2,com.opensymphony.xwork2.util.logging,com.opensym
phony.xwork2.validator,com.opensymphony.xwork2.util.reflection,com.op
ensymphony.xwork2.config.providers,com.opensymphony.xwork2.conversion
,org.apache.struts2.views.freemarker,com.opensymphony.xwork2.util,jav
ax.servlet,org.apache.struts2.util,org.apache.struts2.views.velocity,
com.opensymphony.xwork2.inject,org.apache.struts2.dispatcher.multipar
t,com.opensymphony.xwork2.util.location";version="2.1.2",org.apache.s
truts2.views.util;uses:="javax.servlet.http,com.opensymphony.xwork2,o
rg.apache.struts2,com.opensymphony.xwork2.util.logging,com.opensympho
ny.xwork2.util,org.apache.struts2.util,org.apache.struts2.views.jsp.u
i,com.opensymphony.xwork2.inject";version="2.1.2",org.apache.struts2.
impl;uses:="com.opensymphony.xwork2,com.opensymphony.xwork2.config.en
tities,com.opensymphony.xwork2.config,com.opensymphony.xwork2.inject,
com.opensymphony.xwork2.util.reflection,com.opensymphony.xwork2.inter
ceptor";version="2.1.2",org.apache.struts2.views.jsp.ui.table;version
="2.1.2",template.xhtml;version="2.1.2",org.apache.struts2.dispatcher
.multipart;uses:="javax.servlet.http,javax.servlet,org.apache.commons
.fileupload.servlet,com.opensymphony.xwork2.util.logging,com.opensymp
hony.xwork2.inject,org.apache.struts2.dispatcher,org.apache.commons.f
ileupload.disk,org.apache.commons.fileupload";version="2.1.2"
Bundle-Version: 2.1.2
Bundle-Description: Apache Struts 2
Bundle-Name: Struts 2 Core
Bundle-DocURL: http://www.apache.org
Bundle-ManifestVersion: 2
Bundle-Vendor: Apache Software Foundation
Bundle-SymbolicName: org.apache.struts.struts2-core
Tool: Bnd-0.0.238

1
dependency-check-core/src/test/resources/checkSumTest.file Normal file
View File

@@ -0,0 +1 @@
this is a test file used to check the checksums.

176610
dependency-check-core/src/test/resources/cwe.2000.xml Normal file
View File

File diff suppressed because it is too large Load Diff

33
dependency-check-core/src/test/resources/dependencycheck.properties Normal file
View File

@@ -0,0 +1,33 @@
application.name=${pom.name}
application.version=${pom.version}
autoupdate=true
#temp.directory defaults to System.getProperty("java.io.tmpdir")
#temp.directory=[path to temp directory]
# the path to the data directory
data.directory=data
# the path to the lucene index to store the cpe data
data.cpe=cpe
# the path to the h2 database to store the nvd cve data
data.cve=cve
# the path to the cpe xml file
cpe.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.2.xml.gz
# the path to the cpe meta data file.
cpe.meta.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.2.meta
# the number of days that the modified nvd cve data holds data for. We don't need
# to update the other files if we are within this timespan. Per NIST this file
# holds 8 days of updates, we are using 7 just to be safe.
cve.url.modified.validfordays=7
# the path to the modified nvd cve xml file.
cve.url-1.2.modified=http://nvd.nist.gov/download/nvdcve-modified.xml
cve.url-2.0.modified=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml
cve.startyear=2002
cve.url-2.0.base=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml
cve.url-1.2.base=http://nvd.nist.gov/download/nvdcve-%d.xml
#cve.url-2.0.base=file:///C:/data/xml/nvdcve-2.0-%d.xml
#cve.url-1.2.base=file:///C:/data/xml/nvdcve-1.2-%d.xml

21
dependency-check-core/src/test/resources/log.properties Normal file
View File

@@ -0,0 +1,21 @@
handlers=java.util.logging.ConsoleHandler, java.util.logging.FileHandler
# logging levels
# FINEST, FINER, FINE, CONFIG, INFO, WARNING and SEVERE.
# Configure the ConsoleHandler.
java.util.logging.ConsoleHandler.level=SEVERE
# Configure the FileHandler.
java.util.logging.FileHandler.formatter=java.util.logging.SimpleFormatter
java.util.logging.FileHandler.level=FINEST
# The following special tokens can be used in the pattern property
# which specifies the location and name of the log file.
# / - standard path separator
# %t - system temporary directory
# %h - value of the user.home system property
# %g - generation number for rotating logs
# %u - unique number to avoid conflicts
# FileHandler writes to %h/demo0.log by default.
java.util.logging.FileHandler.pattern=./logs/DependencyCheck%g.log

2706
dependency-check-core/src/test/resources/nvdcve-2.0-2012.xml Normal file
View File

File diff suppressed because it is too large Load Diff

1454
dependency-check-core/src/test/resources/nvdcve-2012.xml Normal file
View File

File diff suppressed because it is too large Load Diff

1
dependency-check-core/src/test/resources/test.properties Normal file
View File

@@ -0,0 +1 @@
proxy.port=80