github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-16 16:46:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

releasing updates from private repo

Browse Source 
Former-commit-id: 745279b1fbbfe1e331adbf52ca4ccd9e75a18178
This commit is contained in:
Jeremy Long
2013-07-31 10:21:31 -04:00
parent 5672c86905
commit db46b03d0c
265 changed files with 13533 additions and 3394 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
src/test/java/org/owasp/dependencycheck/EngineIntegrationTest.java
View File

@@ -1,72 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.reporting.ReportGenerator;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class EngineIntegrationTest {
public EngineIntegrationTest() throws Exception {
org.owasp.dependencycheck.data.nvdcve.BaseDBTestCase.ensureDBExists();
org.owasp.dependencycheck.data.cpe.BaseIndexTestCase.ensureIndexExists();
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of scan method, of class Engine.
* @throws Exception is thrown when an exception occurs.
*/
@Test
public void testScan() throws Exception {
String path = "./src/test/resources/";
Engine instance = new Engine();
instance.scan(path);
assertTrue(instance.getDependencies().size() > 0);
instance.analyzeDependencies();
ReportGenerator rg = new ReportGenerator("DependencyCheck",
instance.getDependencies(), instance.getAnalyzers());
rg.generateReports("./target/", "HTML");
}
}

65
src/test/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzerTest.java
View File

@@ -1,65 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import org.owasp.dependencycheck.analyzer.AbstractAnalyzer;
import java.util.Set;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class AbstractAnalyzerTest {
public AbstractAnalyzerTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of newHashSet method, of class AbstractAnalyzer.
*/
@Test
public void testNewHashSet() {
Set result = AbstractAnalyzer.newHashSet("one","two");
assertEquals(2, result.size());
assertTrue(result.contains("one"));
assertTrue(result.contains("two"));
}
}

75
src/test/java/org/owasp/dependencycheck/analyzer/AnalyzerServiceTest.java
View File

@@ -1,75 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import org.owasp.dependencycheck.analyzer.AnalyzerService;
import org.owasp.dependencycheck.analyzer.Analyzer;
import java.util.Set;
import java.util.Iterator;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class AnalyzerServiceTest {
public AnalyzerServiceTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of getAnalyzers method, of class AnalyzerService.
*/
@Test
public void testGetAnalyzers() {
AnalyzerService instance = AnalyzerService.getInstance();
Iterator<Analyzer> result = instance.getAnalyzers();
boolean found = false;
while (result.hasNext()) {
Analyzer a = result.next();
Set<String> e = a.getSupportedExtensions();
if (e != null && e.contains("jar")) {
found = true;
}
}
assertTrue("JarAnalyzer loaded", found);
}
}

134
src/test/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzerTest.java
View File

@@ -1,134 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import org.owasp.dependencycheck.analyzer.AnalysisPhase;
import org.owasp.dependencycheck.analyzer.FileNameAnalyzer;
import java.io.File;
import java.util.Set;
import org.owasp.dependencycheck.dependency.Dependency;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class FileNameAnalyzerTest {
public FileNameAnalyzerTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of getSupportedExtensions method, of class FileNameAnalyzer.
*/
@Test
public void testGetSupportedExtensions() {
FileNameAnalyzer instance = new FileNameAnalyzer();
Set expResult = null;
Set result = instance.getSupportedExtensions();
assertEquals(expResult, result);
}
/**
* Test of getName method, of class FileNameAnalyzer.
*/
@Test
public void testGetName() {
FileNameAnalyzer instance = new FileNameAnalyzer();
String expResult = "File Name Analyzer";
String result = instance.getName();
assertEquals(expResult, result);
}
/**
* Test of supportsExtension method, of class FileNameAnalyzer.
*/
@Test
public void testSupportsExtension() {
String extension = "any";
FileNameAnalyzer instance = new FileNameAnalyzer();
boolean expResult = true;
boolean result = instance.supportsExtension(extension);
assertEquals(expResult, result);
}
/**
* Test of getAnalysisPhase method, of class FileNameAnalyzer.
*/
@Test
public void testGetAnalysisPhase() {
FileNameAnalyzer instance = new FileNameAnalyzer();
AnalysisPhase expResult = AnalysisPhase.INFORMATION_COLLECTION;
AnalysisPhase result = instance.getAnalysisPhase();
assertEquals(expResult, result);
}
/**
* Test of analyze method, of class FileNameAnalyzer.
*/
@Test
public void testAnalyze() throws Exception {
File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
Dependency result = new Dependency(file);
FileNameAnalyzer instance = new FileNameAnalyzer();
instance.analyze(result, null);
assertTrue(result.getVendorEvidence().toString().toLowerCase().contains("struts"));
}
/**
* Test of initialize method, of class FileNameAnalyzer.
*/
@Test
public void testInitialize() throws Exception {
FileNameAnalyzer instance = new FileNameAnalyzer();
instance.initialize();
assertTrue(true); //initialize does nothing.
}
/**
* Test of close method, of class FileNameAnalyzer.
*/
@Test
public void testClose() throws Exception {
FileNameAnalyzer instance = new FileNameAnalyzer();
instance.close();
assertTrue(true); //close does nothing.
}
}

158
src/test/java/org/owasp/dependencycheck/analyzer/JarAnalyzerTest.java
View File

@@ -1,158 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import java.util.Properties;
import org.owasp.dependencycheck.analyzer.JarAnalyzer;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import java.util.HashSet;
import java.io.File;
import java.util.Set;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class JarAnalyzerTest {
public JarAnalyzerTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of inspect method, of class JarAnalyzer.
* @throws Exception is thrown when an exception occurs.
*/
@Test
public void testAnalyze() throws Exception {
File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
Dependency result = new Dependency(file);
JarAnalyzer instance = new JarAnalyzer();
instance.analyze(result, null);
assertTrue(result.getVendorEvidence().toString().toLowerCase().contains("apache"));
assertTrue(result.getVendorEvidence().getWeighting().contains("apache"));
file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath());
result = new Dependency(file);
instance.analyze(result, null);
boolean found = false;
for (Evidence e : result.getProductEvidence()) {
if (e.getName().equalsIgnoreCase("package-title")
&& e.getValue().equalsIgnoreCase("org.mortbay.http")) {
found = true;
break;
}
}
assertTrue("package-title of org.mortbay.http not found in org.mortbay.jetty.jar", found);
found = false;
for (Evidence e : result.getVendorEvidence()) {
if (e.getName().equalsIgnoreCase("implementation-url")
&& e.getValue().equalsIgnoreCase("http://jetty.mortbay.org")) {
found = true;
break;
}
}
assertTrue("implementation-url of http://jetty.mortbay.org not found in org.mortbay.jetty.jar", found);
found = false;
for (Evidence e : result.getVersionEvidence()) {
if (e.getName().equalsIgnoreCase("Implementation-Version")
&& e.getValue().equalsIgnoreCase("4.2.27")) {
found = true;
break;
}
}
assertTrue("implementation-version of 4.2.27 not found in org.mortbay.jetty.jar", found);
file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jmx.jar").getPath());
result = new Dependency(file);
instance.analyze(result, null);
assertEquals("org.mortbar,jmx.jar has version evidence?", result.getVersionEvidence().size(), 0);
}
/**
* Test of getSupportedExtensions method, of class JarAnalyzer.
*/
@Test
public void testGetSupportedExtensions() {
JarAnalyzer instance = new JarAnalyzer();
Set expResult = new HashSet();
expResult.add("jar");
Set result = instance.getSupportedExtensions();
assertEquals(expResult, result);
}
/**
* Test of getName method, of class JarAnalyzer.
*/
@Test
public void testGetName() {
JarAnalyzer instance = new JarAnalyzer();
String expResult = "Jar Analyzer";
String result = instance.getName();
assertEquals(expResult, result);
}
/**
* Test of supportsExtension method, of class JarAnalyzer.
*/
@Test
public void testSupportsExtension() {
String extension = "jar";
JarAnalyzer instance = new JarAnalyzer();
boolean expResult = true;
boolean result = instance.supportsExtension(extension);
assertEquals(expResult, result);
}
@Test
public void testInterpolateString() {
Properties prop = new Properties();
prop.setProperty("key", "value");
prop.setProperty("nested", "nested ${key}");
String text = "This is a test of '${key}' '${nested}'";
String expResults = "This is a test of 'value' 'nested value'";
JarAnalyzer instance = new JarAnalyzer();
String results = instance.interpolateString(text, prop);
assertEquals(expResults, results);
}
}

129
src/test/java/org/owasp/dependencycheck/data/cpe/BaseIndexTestCase.java
View File

@@ -1,129 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.cpe;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.Settings;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public abstract class BaseIndexTestCase {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() throws Exception {
ensureIndexExists();
}
@After
public void tearDown() throws Exception {
}
protected static File getDataDirectory() throws IOException {
String fileName = Settings.getString(Settings.KEYS.CPE_INDEX);
return FileUtils.getDataDirectory(fileName, Index.class);
}
public static void ensureIndexExists() throws Exception {
//String indexPath = Settings.getString(Settings.KEYS.CPE_INDEX);
String indexPath = getDataDirectory().getCanonicalPath();
java.io.File f = new File(indexPath);
if (!f.exists()) {
f.mkdirs();
FileInputStream fis = null;
ZipInputStream zin = null;
try {
File path = new File(BaseIndexTestCase.class.getClassLoader().getResource("index.cpe.zip").getPath());
fis = new FileInputStream(path);
zin = new ZipInputStream(new BufferedInputStream(fis));
ZipEntry entry;
while ((entry = zin.getNextEntry()) != null) {
if (entry.isDirectory()) {
continue;
}
int BUFFER = 2048;
String outputName = indexPath + File.separatorChar + entry.getName();
FileOutputStream fos = null;
BufferedOutputStream dest = null;
try {
File o = new File(outputName);
// File oPath = new File(o.getParent());
// if (!oPath.exists()) {
// oPath.mkdir();
// }
o.createNewFile();
fos = new FileOutputStream(o,false);
dest = new BufferedOutputStream(fos, BUFFER);
byte data[] = new byte[BUFFER];
int count;
while ((count = zin.read(data, 0, BUFFER)) != -1) {
dest.write(data, 0, count);
}
} catch (Exception ex) {
String ignore = ex.getMessage();
} finally {
try {
dest.flush();
dest.close();
dest = null;
} catch (Throwable ex) { String ignore = ex.getMessage(); }
try {
fos.close();
fos = null;
} catch (Throwable ex) { String ignore = ex.getMessage(); }
}
}
} finally {
try {
if (zin!=null) {
zin.close();
}
zin = null;
} catch (Throwable ex) { String ignore = ex.getMessage(); }
try {
if (fis!=null) {
fis.close();
}
fis = null;
} catch (Throwable ex) { String ignore = ex.getMessage(); }
}
}
}
}

166
src/test/java/org/owasp/dependencycheck/data/cpe/CPEAnalyzerTest.java
View File

@@ -1,166 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.cpe;
import org.owasp.dependencycheck.data.cpe.Entry;
import org.owasp.dependencycheck.data.cpe.CPEAnalyzer;
import java.io.File;
import java.io.IOException;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.apache.lucene.index.CorruptIndexException;
import org.apache.lucene.queryparser.classic.ParseException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.analyzer.JarAnalyzer;
import org.junit.Assert;
import org.junit.Test;
import org.owasp.dependencycheck.dependency.Identifier;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class CPEAnalyzerTest extends BaseIndexTestCase {
/**
* Tests of buildSearch of class CPEAnalyzer.
* @throws IOException is thrown when an IO Exception occurs.
* @throws CorruptIndexException is thrown when the index is corrupt.
* @throws ParseException is thrown when a parse exception occurs
*/
@Test
public void testBuildSearch() throws IOException, CorruptIndexException, ParseException {
Set<String> productWeightings = new HashSet<String>(1);
productWeightings.add("struts2");
Set<String> vendorWeightings = new HashSet<String>(1);
vendorWeightings.add("apache");
String vendor = "apache software foundation";
String product = "struts 2 core";
String version = "2.1.2";
CPEAnalyzer instance = new CPEAnalyzer();
String queryText = instance.buildSearch(vendor, product, version, null, null);
String expResult = " product:( struts 2 core ) AND vendor:( apache software foundation ) AND version:(2.1.2^0.7 )";
Assert.assertTrue(expResult.equals(queryText));
queryText = instance.buildSearch(vendor, product, version, null, productWeightings);
expResult = " product:( struts^5 struts2^5 2 core ) AND vendor:( apache software foundation ) AND version:(2.1.2^0.2 )";
Assert.assertTrue(expResult.equals(queryText));
queryText = instance.buildSearch(vendor, product, version, vendorWeightings, null);
expResult = " product:( struts 2 core ) AND vendor:( apache^5 software foundation ) AND version:(2.1.2^0.2 )";
Assert.assertTrue(expResult.equals(queryText));
queryText = instance.buildSearch(vendor, product, version, vendorWeightings, productWeightings);
expResult = " product:( struts^5 struts2^5 2 core ) AND vendor:( apache^5 software foundation ) AND version:(2.1.2^0.2 )";
Assert.assertTrue(expResult.equals(queryText));
}
/**
* Test of open method, of class CPEAnalyzer.
* @throws Exception is thrown when an exception occurs
*/
@Test
public void testOpen() throws Exception {
CPEAnalyzer instance = new CPEAnalyzer();
Assert.assertFalse(instance.isOpen());
instance.open();
Assert.assertTrue(instance.isOpen());
instance.close();
Assert.assertFalse(instance.isOpen());
}
/**
* Test of determineCPE method, of class CPEAnalyzer.
* @throws Exception is thrown when an exception occurs
*/
@Test
public void testDetermineCPE() throws Exception {
File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
JarAnalyzer jarAnalyzer = new JarAnalyzer();
Dependency depends = new Dependency(file);
jarAnalyzer.analyze(depends, null);
File fileCommonValidator = new File(this.getClass().getClassLoader().getResource("commons-validator-1.4.0.jar").getPath());
Dependency commonValidator = new Dependency(fileCommonValidator);
jarAnalyzer.analyze(commonValidator, null);
File fileSpring = new File(this.getClass().getClassLoader().getResource("spring-core-2.5.5.jar").getPath());
Dependency spring = new Dependency(fileSpring);
jarAnalyzer.analyze(spring, null);
File fileSpring3 = new File(this.getClass().getClassLoader().getResource("spring-core-3.0.0.RELEASE.jar").getPath());
Dependency spring3 = new Dependency(fileSpring3);
jarAnalyzer.analyze(spring3, null);
CPEAnalyzer instance = new CPEAnalyzer();
instance.open();
instance.determineCPE(commonValidator);
instance.determineCPE(depends);
instance.determineCPE(spring);
instance.determineCPE(spring3);
instance.close();
String expResult = "cpe:/a:apache:struts:2.1.2";
Identifier expIdentifier = new Identifier("cpe", expResult, expResult);
String expResultSpring = "cpe:/a:springsource:spring_framework:2.5.5";
String expResultSpring3 = "cpe:/a:vmware:springsource_spring_framework:3.0.0";
Assert.assertTrue("Apache Common Validator - found an identifier?", commonValidator.getIdentifiers().isEmpty());
Assert.assertTrue("Incorrect match size - struts", depends.getIdentifiers().size() >= 1);
Assert.assertTrue("Incorrect match - struts", depends.getIdentifiers().contains(expIdentifier));
Assert.assertTrue("Incorrect match size - spring3 - " + spring3.getIdentifiers().size(), spring3.getIdentifiers().size() >= 1);
//the following two only work if the HintAnalyzer is used.
//Assert.assertTrue("Incorrect match size - spring", spring.getIdentifiers().size() == 1);
//Assert.assertTrue("Incorrect match - spring", spring.getIdentifiers().get(0).getValue().equals(expResultSpring));
}
/**
* Test of searchCPE method, of class CPEAnalyzer.
* @throws Exception is thrown when an exception occurs
*/
@Test
public void testSearchCPE() throws Exception {
String vendor = "apache software foundation";
String product = "struts 2 core";
String version = "2.1.2";
String expResult = "cpe:/a:apache:struts:2.1.2";
CPEAnalyzer instance = new CPEAnalyzer();
instance.open();
//TODO - yeah, not a very good test as the results are the same with or without weighting...
Set<String> productWeightings = new HashSet<String>(1);
productWeightings.add("struts2");
Set<String> vendorWeightings = new HashSet<String>(1);
vendorWeightings.add("apache");
List<Entry> result = instance.searchCPE(vendor, product, version, productWeightings, vendorWeightings);
Assert.assertEquals(expResult, result.get(0).getName());
instance.close();
}
}

67
src/test/java/org/owasp/dependencycheck/data/cpe/EntryTest.java
View File

@@ -1,67 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.cpe;
import org.owasp.dependencycheck.data.cpe.Entry;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.Assert;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class EntryTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of setName method, of class Entry.
* @throws Exception is thrown when an exception occurs.
*/
@Test
public void testSetName() throws Exception {
String name = "cpe:/a:apache:struts:1.1:rc2";
Entry instance = new Entry();
instance.parseName(name);
Assert.assertEquals(name,instance.getName());
Assert.assertEquals("apache", instance.getVendor());
Assert.assertEquals("struts", instance.getProduct());
Assert.assertEquals("1.1", instance.getVersion());
Assert.assertEquals("rc2", instance.getRevision());
}
}

75
src/test/java/org/owasp/dependencycheck/data/cpe/IndexIntegrationTest.java
View File

@@ -1,75 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.cpe;
import java.io.File;
import java.io.IOException;
import org.apache.lucene.store.Directory;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class IndexIntegrationTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of update method, of class Index.
*/
@Test
public void testUpdate() throws Exception {
//deprecated
//Index instance = new Index();
//instance.update();
}
/**
* Test of updateNeeded method, of class Index.
*/
@Test
public void testUpdateNeeded() throws Exception {
//deprecated
//Index instance = new Index();
//instance.updateNeeded();
//if an exception is thrown this test fails. However, because it depends on the
// order of the tests what this will return I am just testing for the exception.
//assertTrue(expResult < result);
}
}

83
src/test/java/org/owasp/dependencycheck/data/cpe/IndexTest.java
View File

@@ -1,83 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.cpe;
import org.owasp.dependencycheck.data.cpe.Index;
import java.io.File;
import java.io.IOException;
import junit.framework.Assert;
import org.apache.lucene.store.Directory;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class IndexTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of open method, of class Index.
*/
@Test
public void testOpen() {
Index instance = new Index();
try {
instance.open();
} catch (IOException ex) {
assertNull(ex.getMessage(), ex);
//Assert.fail(ex.getMessage());
}
instance.close();
}
/**
* Test of getDirectory method, of class Index.
* @throws Exception
*/
@Test
public void testGetDirectory() throws Exception {
Index index = new Index();
Directory result = index.getDirectory();
String exp = File.separatorChar + "target" + File.separatorChar + "data" + File.separatorChar + "cpe";
assertTrue(result.toString().contains(exp));
}
}

86
src/test/java/org/owasp/dependencycheck/data/cwe/CweDBTest.java
View File

@@ -1,86 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.cwe;
import org.owasp.dependencycheck.data.cwe.CweDB;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class CweDBTest {
public CweDBTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Method to serialize the CWE HashMap. This is not used in
* production; this is only used once during dev to create
* the serialized HashMap.
*/
// @Test
// public void testUpdate() throws Exception {
// SAXParserFactory factory = SAXParserFactory.newInstance();
// SAXParser saxParser = factory.newSAXParser();
//
// CweHandler handler = new CweHandler();
// File file = new File(this.getClass().getClassLoader().getResource("cwe.2000.xml").getPath());
//
// saxParser.parse(file, handler);
// System.out.println("Found " + handler.getCwe().size() + " cwe entries.");
// Map<String,String> cwe = handler.getCwe();
// FileOutputStream fout = new FileOutputStream("src/main/resources/data/cwe.hashmap.serialized");
// ObjectOutputStream objOut = new ObjectOutputStream(fout);
// objOut.writeObject(cwe);
// objOut.close();
// }
/**
* Test of getCweName method, of class CweDB.
*/
@Test
public void testGetCweName() {
String cweId = "CWE-16";
String expResult = "Configuration";
String result = CweDB.getCweName(cweId);
assertEquals(expResult, result);
}
}

131
src/test/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzerTest.java
View File

@@ -1,131 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.lucene;
import org.owasp.dependencycheck.data.lucene.SearchFieldAnalyzer;
import org.owasp.dependencycheck.data.lucene.FieldAnalyzer;
import org.apache.lucene.analysis.miscellaneous.PerFieldAnalyzerWrapper;
import java.util.HashMap;
import org.apache.lucene.queryparser.classic.QueryParser;
import org.apache.lucene.analysis.standard.StandardAnalyzer;
import org.apache.lucene.analysis.Analyzer;
import org.apache.lucene.search.ScoreDoc;
import org.apache.lucene.search.TopScoreDocCollector;
import org.apache.lucene.search.IndexSearcher;
import org.apache.lucene.index.IndexReader;
import org.apache.lucene.search.Query;
import java.io.IOException;
import org.apache.lucene.document.Field;
import org.apache.lucene.document.TextField;
import org.apache.lucene.document.Document;
import org.apache.lucene.index.DirectoryReader;
import org.apache.lucene.index.IndexWriter;
import org.apache.lucene.index.IndexWriterConfig;
import org.apache.lucene.store.RAMDirectory;
import org.apache.lucene.store.Directory;
import org.apache.lucene.util.Version;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class FieldAnalyzerTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
@Test
public void testAnalyzers() throws Exception {
Analyzer analyzer = new FieldAnalyzer(Version.LUCENE_40);
Directory index = new RAMDirectory();
String field1 = "product";
String text1 = "springframework";
String field2 = "vendor";
String text2 = "springsource";
createIndex(analyzer, index, field1, text1, field2, text2);
//Analyzer searchingAnalyzer = new SearchFieldAnalyzer(Version.LUCENE_40);
String querystr = "product:\"(Spring Framework Core)\" vendor:(SpringSource)";
SearchFieldAnalyzer searchAnalyzerProduct = new SearchFieldAnalyzer(Version.LUCENE_40);
SearchFieldAnalyzer searchAnalyzerVendor = new SearchFieldAnalyzer(Version.LUCENE_40);
HashMap<String,Analyzer> map = new HashMap<String,Analyzer>();
map.put(field1, searchAnalyzerProduct);
map.put(field2, searchAnalyzerVendor);
PerFieldAnalyzerWrapper wrapper = new PerFieldAnalyzerWrapper(new StandardAnalyzer(Version.LUCENE_40), map);
QueryParser parser = new QueryParser(Version.LUCENE_40, field1, wrapper);
Query q = parser.parse(querystr);
//System.out.println(q.toString());
int hitsPerPage = 10;
IndexReader reader = DirectoryReader.open(index);
IndexSearcher searcher = new IndexSearcher(reader);
TopScoreDocCollector collector = TopScoreDocCollector.create(hitsPerPage, true);
searcher.search(q, collector);
ScoreDoc[] hits = collector.topDocs().scoreDocs;
assertEquals("Did not find 1 document?", 1, hits.length);
searchAnalyzerProduct.clear(); //ensure we don't have anything left over from the previous search.
searchAnalyzerVendor.clear();
querystr = "product:(Apache Struts) vendor:(Apache)";
Query q2 = parser.parse(querystr);
//System.out.println(q2.toString());
assertFalse("second parsing contains previousWord from the TokenPairConcatenatingFilter", q2.toString().contains("core"));
}
private void createIndex(Analyzer analyzer, Directory index, String field1, String text1, String field2, String text2) throws IOException {
IndexWriterConfig config = new IndexWriterConfig(Version.LUCENE_40, analyzer);
IndexWriter w = new IndexWriter(index, config);
addDoc(w, field1, text1, field2, text2);
w.close();
}
private static void addDoc(IndexWriter w, String field1, String text1, String field2, String text2) throws IOException {
Document doc = new Document();
doc.add(new TextField(field1, text1, Field.Store.YES));
doc.add(new TextField(field2, text2, Field.Store.YES));
w.addDocument(doc);
}
}

93
src/test/java/org/owasp/dependencycheck/data/lucene/LuceneUtilsTest.java
View File

@@ -1,93 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.lucene;
import org.owasp.dependencycheck.data.lucene.LuceneUtils;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class LuceneUtilsTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of appendEscapedLuceneQuery method, of class LuceneUtils.
*/
@Test
public void testAppendEscapedLuceneQuery() {
StringBuilder buf = new StringBuilder();
CharSequence text = "test encoding + - & | ! ( ) { } [ ] ^ \" ~ * ? : \\";
String expResult = "test encoding \\+ \\- \\& \\| \\! \\( \\) \\{ \\} \\[ \\] \\^ \\\" \\~ \\* \\? \\: \\\\";
LuceneUtils.appendEscapedLuceneQuery(buf, text);
assertEquals(expResult, buf.toString());
}
/**
* Test of appendEscapedLuceneQuery method, of class LuceneUtils.
*/
@Test
public void testAppendEscapedLuceneQuery_null() {
StringBuilder buf = new StringBuilder();
CharSequence text = null;
LuceneUtils.appendEscapedLuceneQuery(buf, text);
assertEquals(0, buf.length());
}
/**
* Test of escapeLuceneQuery method, of class LuceneUtils.
*/
@Test
public void testEscapeLuceneQuery() {
CharSequence text = "test encoding + - & | ! ( ) { } [ ] ^ \" ~ * ? : \\";
String expResult = "test encoding \\+ \\- \\& \\| \\! \\( \\) \\{ \\} \\[ \\] \\^ \\\" \\~ \\* \\? \\: \\\\";
String result = LuceneUtils.escapeLuceneQuery(text);
assertEquals(expResult, result);
}
/**
* Test of escapeLuceneQuery method, of class LuceneUtils.
*/
@Test
public void testEscapeLuceneQuery_null() {
CharSequence text = null;
String expResult = null;
String result = LuceneUtils.escapeLuceneQuery(text);
assertEquals(expResult, result);
}
}

128
src/test/java/org/owasp/dependencycheck/data/nvdcve/BaseDBTestCase.java
View File

@@ -1,128 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.nvdcve;
import org.owasp.dependencycheck.data.cpe.*;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import junit.framework.TestCase;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.Settings;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public abstract class BaseDBTestCase extends TestCase {
public BaseDBTestCase(String testName) {
super(testName);
}
@Override
protected void setUp() throws Exception {
super.setUp();
ensureDBExists();
}
protected static File getDataDirectory() throws IOException {
String fileName = Settings.getString(Settings.KEYS.CVE_INDEX);
return FileUtils.getDataDirectory(fileName, Index.class);
}
public static void ensureDBExists() throws Exception {
//String indexPath = Settings.getString(Settings.KEYS.CVE_INDEX);
String indexPath = getDataDirectory().getCanonicalPath();
java.io.File f = new File(indexPath);
if (!f.exists()) {
f.mkdirs();
FileInputStream fis = null;
ZipInputStream zin = null;
try {
File path = new File(BaseDBTestCase.class.getClassLoader().getResource("db.nvdcve.zip").getPath());
fis = new FileInputStream(path);
zin = new ZipInputStream(new BufferedInputStream(fis));
ZipEntry entry;
while ((entry = zin.getNextEntry()) != null) {
if (entry.isDirectory()) {
continue;
}
int BUFFER = 2048;
String outputName = indexPath + File.separatorChar + entry.getName();
FileOutputStream fos = null;
BufferedOutputStream dest = null;
try {
File o = new File(outputName);
// File oPath = new File(o.getParent());
// if (!oPath.exists()) {
// oPath.mkdir();
// }
o.createNewFile();
fos = new FileOutputStream(o, false);
dest = new BufferedOutputStream(fos, BUFFER);
byte data[] = new byte[BUFFER];
int count;
while ((count = zin.read(data, 0, BUFFER)) != -1) {
dest.write(data, 0, count);
}
} catch (Exception ex) {
String ignore = ex.getMessage();
} finally {
try {
dest.flush();
dest.close();
dest = null;
} catch (Throwable ex) {
String ignore = ex.getMessage();
}
try {
fos.close();
fos = null;
} catch (Throwable ex) {
String ignore = ex.getMessage();
}
}
}
} finally {
try {
if (zin != null) {
zin.close();
}
zin = null;
} catch (Throwable ex) {
String ignore = ex.getMessage();
}
try {
if (fis != null) {
fis.close();
}
fis = null;
} catch (Throwable ex) {
String ignore = ex.getMessage();
}
}
}
}
}

62
src/test/java/org/owasp/dependencycheck/data/nvdcve/xml/DatabaseUpdaterIntegrationTest.java
View File

@@ -1,62 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.nvdcve.xml;
import org.owasp.dependencycheck.data.nvdcve.xml.DatabaseUpdater;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class DatabaseUpdaterIntegrationTest {
public DatabaseUpdaterIntegrationTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of update method, of class DatabaseUpdater.
* @throws Exception
*/
@Test
public void testUpdate() throws Exception {
DatabaseUpdater instance = new DatabaseUpdater();
instance.update();
}
}

72
src/test/java/org/owasp/dependencycheck/data/nvdcve/xml/NvdCve_1_2_HandlerTest.java
View File

@@ -1,72 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.nvdcve.xml;
import org.owasp.dependencycheck.data.nvdcve.xml.NvdCve12Handler;
import java.io.File;
import java.util.List;
import java.util.Map;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class NvdCve_1_2_HandlerTest {
public NvdCve_1_2_HandlerTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
@Test
public void testParse() throws Exception {
SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser saxParser = factory.newSAXParser();
File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2012.xml").getPath());
NvdCve12Handler instance = new NvdCve12Handler();
saxParser.parse(file, instance);
Map<String, List<VulnerableSoftware>> results = instance.getVulnerabilities();
assertTrue("No vulnerable software identified with a previous version in 2012 CVE 1.2?", !results.isEmpty());
}
}

78
src/test/java/org/owasp/dependencycheck/data/nvdcve/xml/NvdCve_2_0_HandlerTest.java
View File

@@ -1,78 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.nvdcve.xml;
import org.owasp.dependencycheck.data.nvdcve.xml.NvdCve20Handler;
import java.io.File;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class NvdCve_2_0_HandlerTest {
public NvdCve_2_0_HandlerTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
@Test
public void testParse() {
Exception results = null;
try {
SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser saxParser = factory.newSAXParser();
File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2.0-2012.xml").getPath());
NvdCve20Handler instance = new NvdCve20Handler();
saxParser.parse(file, instance);
} catch (Exception ex) {
results = ex;
}
assertTrue("Exception thrown during parse of 2012 CVE version 2.0?", results == null);
if (results != null) {
System.err.println(results);
}
}
}

325
src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java
View File

@@ -1,325 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.dependency;
import java.util.Set;
import org.owasp.dependencycheck.dependency.EvidenceCollection;
import org.owasp.dependencycheck.dependency.Identifier;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import java.io.File;
import java.util.List;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class DependencyTest {
public DependencyTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of containsUsedString method, of class Dependency.
*/
@Test
public void testContainsUsedString() {
String str = "apache";
String str2 = "owasp";
Dependency instance = new Dependency();
instance.getVendorEvidence().addEvidence("manifest", "something", "apache", Evidence.Confidence.HIGH);
instance.getVendorEvidence().addEvidence("manifest", "something", "owasp", Evidence.Confidence.MEDIUM);
assertFalse(instance.containsUsedString(str));
assertFalse(instance.containsUsedString(str2));
for (Evidence i : instance.getVendorEvidence().iterator(Evidence.Confidence.HIGH)) {
String readValue = i.getValue();
}
assertTrue(instance.containsUsedString(str));
assertFalse(instance.containsUsedString(str2));
for (Evidence i : instance.getVendorEvidence().iterator(Evidence.Confidence.MEDIUM)) {
String readValue = i.getValue();
}
assertTrue(instance.containsUsedString(str));
assertTrue(instance.containsUsedString(str2));
}
/**
* Test of getFileName method, of class Dependency.
*/
@Test
public void testGetFileName() {
Dependency instance = new Dependency();
String expResult = "filename";
instance.setFileName(expResult);
String result = instance.getFileName();
assertEquals(expResult, result);
}
/**
* Test of setFileName method, of class Dependency.
*/
@Test
public void testSetFileName() {
String fileName = "test.file";
Dependency instance = new Dependency();
instance.setFileName(fileName);
assertEquals(fileName,instance.getFileName());
}
/**
* Test of setActualFilePath method, of class Dependency.
*/
@Test
public void testSetActualFilePath() {
String actualFilePath = "test.file";
Dependency instance = new Dependency();
instance.setActualFilePath(actualFilePath);
assertEquals(actualFilePath,instance.getActualFilePath());
}
/**
* Test of getActualFilePath method, of class Dependency.
*/
@Test
public void testGetActualFilePath() {
Dependency instance = new Dependency();
String expResult = "test.file";
instance.setActualFilePath(expResult);
String result = instance.getActualFilePath();
assertEquals(expResult, result);
}
/**
* Test of setFilePath method, of class Dependency.
*/
@Test
public void testSetFilePath() {
String filePath = "test.file";
Dependency instance = new Dependency();
instance.setFilePath(filePath);
assertEquals(filePath,instance.getFilePath());
}
/**
* Test of getFilePath method, of class Dependency.
*/
@Test
public void testGetFilePath() {
Dependency instance = new Dependency();
String expResult = "path/test.file";
instance.setFilePath(expResult);
String result = instance.getFilePath();
assertEquals(expResult, result);
}
/**
* Test of setFileExtension method, of class Dependency.
*/
@Test
public void testSetFileExtension() {
String fileExtension = "jar";
Dependency instance = new Dependency();
instance.setFileExtension(fileExtension);
assertEquals(fileExtension,instance.getFileExtension());
}
/**
* Test of getFileExtension method, of class Dependency.
*/
@Test
public void testGetFileExtension() {
Dependency instance = new Dependency();
String expResult = "jar";
instance.setFileExtension(expResult);
String result = instance.getFileExtension();
assertEquals(expResult, result);
}
/**
* Test of getMd5sum method, of class Dependency.
*/
@Test
public void testGetMd5sum() {
File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
Dependency instance = new Dependency(file);
// assertEquals("89CE9E36AA9A9E03F1450936D2F4F8DD0F961F8B", result.getSha1sum());
String expResult = "C30B57142E1CCBC1EFD5CD15F307358F";
String result = instance.getMd5sum();
assertEquals(expResult, result);
}
/**
* Test of setMd5sum method, of class Dependency.
*/
@Test
public void testSetMd5sum() {
String md5sum = "test";
Dependency instance = new Dependency();
instance.setMd5sum(md5sum);
assertEquals(md5sum,instance.getMd5sum());
}
/**
* Test of getSha1sum method, of class Dependency.
*/
@Test
public void testGetSha1sum() {
File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
Dependency instance = new Dependency(file);
String expResult = "89CE9E36AA9A9E03F1450936D2F4F8DD0F961F8B";
String result = instance.getSha1sum();
assertEquals(expResult, result);
}
/**
* Test of setSha1sum method, of class Dependency.
*/
@Test
public void testSetSha1sum() {
String sha1sum = "test";
Dependency instance = new Dependency();
instance.setSha1sum(sha1sum);
assertEquals(sha1sum,instance.getSha1sum());
}
/**
* Test of getIdentifiers method, of class Dependency.
*/
@Test
public void testGetIdentifiers() {
Dependency instance = new Dependency();
List expResult = null;
Set<Identifier> result = instance.getIdentifiers();
assertTrue(true); //this is just a getter setter pair.
}
/**
* Test of setIdentifiers method, of class Dependency.
*/
@Test
public void testSetIdentifiers() {
Set<Identifier> identifiers = null;
Dependency instance = new Dependency();
instance.setIdentifiers(identifiers);
assertTrue(true); //this is just a getter setter pair.
}
/**
* Test of addIdentifier method, of class Dependency.
*/
@Test
public void testAddIdentifier() {
String type = "cpe";
String value = "cpe:/a:apache:struts:2.1.2";
String url = "http://somewhere";
Identifier expResult = new Identifier(type,value,url);
Dependency instance = new Dependency();
instance.addIdentifier(type, value, url);
assertEquals(1,instance.getIdentifiers().size());
assertTrue("Identifier doesn't contain expected result.", instance.getIdentifiers().contains(expResult));
}
/**
* Test of getEvidence method, of class Dependency.
*/
@Test
public void testGetEvidence() {
Dependency instance = new Dependency();
EvidenceCollection expResult = null;
EvidenceCollection result = instance.getEvidence();
assertTrue(true); //this is just a getter setter pair.
}
/**
* Test of getEvidenceUsed method, of class Dependency.
*/
@Test
public void testGetEvidenceUsed() {
Dependency instance = new Dependency();
String expResult = "used";
instance.getProductEvidence().addEvidence("used", "used", "used", Evidence.Confidence.HIGH);
instance.getProductEvidence().addEvidence("not", "not", "not", Evidence.Confidence.MEDIUM);
for (Evidence e : instance.getProductEvidence().iterator(Evidence.Confidence.HIGH)) {
String use = e.getValue();
}
EvidenceCollection result = instance.getEvidenceUsed();
assertEquals(1, result.size());
assertTrue(result.containsUsedString(expResult));
}
/**
* Test of getVendorEvidence method, of class Dependency.
*/
@Test
public void testGetVendorEvidence() {
Dependency instance = new Dependency();
EvidenceCollection expResult = null;
EvidenceCollection result = instance.getVendorEvidence();
assertTrue(true); //this is just a getter setter pair.
}
/**
* Test of getProductEvidence method, of class Dependency.
*/
@Test
public void testGetProductEvidence() {
Dependency instance = new Dependency();
EvidenceCollection expResult = null;
EvidenceCollection result = instance.getProductEvidence();
assertTrue(true); //this is just a getter setter pair.
}
/**
* Test of getVersionEvidence method, of class Dependency.
*/
@Test
public void testGetVersionEvidence() {
Dependency instance = new Dependency();
EvidenceCollection expResult = null;
EvidenceCollection result = instance.getVersionEvidence();
assertTrue(true); //this is just a getter setter pair.
}
}

93
src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java
View File

@@ -1,93 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.dependency;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class VulnerableSoftwareTest {
public VulnerableSoftwareTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of equals method, of class VulnerableSoftware.
*/
@Test
public void testEquals() {
VulnerableSoftware obj = new VulnerableSoftware();
obj.setCpe("cpe:/a:mortbay:jetty:6.1.0");
VulnerableSoftware instance = new VulnerableSoftware();
instance.setCpe("cpe:/a:mortbay:jetty:6.1");
boolean expResult = false;
boolean result = instance.equals(obj);
assertEquals(expResult, result);
}
/**
* Test of hashCode method, of class VulnerableSoftware.
*/
@Test
public void testHashCode() {
VulnerableSoftware instance = new VulnerableSoftware();
instance.setCpe("cpe:/a:mortbay:jetty:6.1");
int expResult = 1849413912;
int result = instance.hashCode();
assertEquals(expResult, result);
}
/**
* Test of compareTo method, of class VulnerableSoftware.
*/
@Test
public void testCompareTo() {
VulnerableSoftware vs = new VulnerableSoftware();
vs.setCpe("cpe:/a:mortbay:jetty:6.1.0");
VulnerableSoftware instance = new VulnerableSoftware();
instance.setCpe("cpe:/a:mortbay:jetty:6.1");
int expResult = -2;
int result = instance.compareTo(vs);
assertEquals(expResult, result);
}
}

109
src/test/java/org/owasp/dependencycheck/reporting/ReportGeneratorTest.java
View File

@@ -1,109 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.reporting;
import org.owasp.dependencycheck.data.cpe.BaseIndexTestCase;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class ReportGeneratorTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of generateReport method, of class ReportGenerator.
* @throws Exception is thrown when an exception occurs.
*/
@Test
public void testGenerateReport() throws Exception {
String templateName = "HtmlReport";
// File f = new File("target/test-reports");
// if (!f.exists()) {
// f.mkdir();
// }
// String writeTo = "target/test-reports/Report.html";
// Map<String, Object> properties = new HashMap<String, Object>();
// Dependency d = new Dependency();
// d.setFileName("FileName.jar");
// d.setActualFilePath("lib/FileName.jar");
// d.addCPEentry("cpe://a:/some:cpe:1.0");
//
// List<Dependency> dependencies = new ArrayList<Dependency>();
// d.getProductEvidence().addEvidence("jar","filename","<test>test", Confidence.HIGH);
// d.getProductEvidence().addEvidence("manifest","vendor","<test>test", Confidence.HIGH);
//
// for (Evidence e : d.getProductEvidence().iterator(Confidence.HIGH)) {
// String t = e.getValue();
// }
// dependencies.add(d);
//
// Dependency d2 = new Dependency();
// d2.setFileName("Another.jar");
// d2.setActualFilePath("lib/Another.jar");
// d2.addCPEentry("cpe://a:/another:cpe:1.0");
// d2.addCPEentry("cpe://a:/another:cpe:1.1");
// d2.addCPEentry("cpe://a:/another:cpe:1.2");
// d2.getProductEvidence().addEvidence("jar","filename","another.jar", Confidence.HIGH);
// d2.getProductEvidence().addEvidence("manifest","vendor","Company A", Confidence.MEDIUM);
//
// for (Evidence e : d2.getProductEvidence().iterator(Confidence.HIGH)) {
// String t = e.getValue();
// }
//
// dependencies.add(d2);
//
// Dependency d3 = new Dependency();
// d3.setFileName("Third.jar");
// d3.setActualFilePath("lib/Third.jar");
// d3.getProductEvidence().addEvidence("jar","filename","third.jar", Confidence.HIGH);
//
// for (Evidence e : d3.getProductEvidence().iterator(Confidence.HIGH)) {
// String t = e.getValue();
// }
//
// dependencies.add(d3);
//
// properties.put("dependencies",dependencies);
//
// ReportGenerator instance = new ReportGenerator();
// instance.generateReport(templateName, writeTo, properties);
//assertTrue("need to add a real check here", false);
}
}

147
src/test/java/org/owasp/dependencycheck/utils/ChecksumTest.java
View File

@@ -1,147 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.utils;
import org.owasp.dependencycheck.utils.Checksum;
import java.io.File;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class ChecksumTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() throws Exception {
}
@After
public void tearDown() throws Exception {
}
/**
* Test of getChecksum method, of class Checksum.
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testGetChecksum() throws Exception {
String algorithm = "MD5";
File file = new File(this.getClass().getClassLoader().getResource("checkSumTest.file").getPath());
byte[] expResult = {-16, -111, 92, 95, 70, -72, -49, -94, -125, -27, -83, 103, -96, -101, 55, -109};
byte[] result = Checksum.getChecksum(algorithm, file);
boolean arraysAreEqual = true;
if (expResult.length == result.length) {
for (int i = 0; arraysAreEqual && i < result.length; i++) {
arraysAreEqual = result[i] == expResult[i];
}
} else {
Assert.fail("Checksum results do not match expected results.");
}
Assert.assertTrue(arraysAreEqual);
}
/**
* Test of getChecksum method, of class Checksum. This checks that an
* exception is thrown when an invalid path is specified.
*
* @throws Exception is thrown when an exception occurs.
*/
@Test
public void testGetChecksum_FileNotFound() throws Exception {
String algorithm = "MD5";
File file = new File("not a valid file");
boolean exceptionThrown = false;
try {
byte[] result = Checksum.getChecksum(algorithm, file);
} catch (IOException ex) {
exceptionThrown = true;
}
Assert.assertTrue(exceptionThrown);
}
/**
* Test of getChecksum method, of class Checksum. This checks that an
* exception is thrown when an invalid algorithm is specified.
*
* @throws Exception is thrown when an exception occurs.
*/
@Test
public void testGetChecksum_NoSuchAlgorithm() throws Exception {
String algorithm = "some unknown algorithm";
File file = new File(this.getClass().getClassLoader().getResource("checkSumTest.file").getPath());
boolean exceptionThrown = false;
try {
byte[] result = Checksum.getChecksum(algorithm, file);
} catch (NoSuchAlgorithmException ex) {
exceptionThrown = true;
}
Assert.assertTrue(exceptionThrown);
}
/**
* Test of getMD5Checksum method, of class Checksum.
* @throws Exception is thrown when an exception occurs.
*/
@Test
public void testGetMD5Checksum() throws Exception {
File file = new File(this.getClass().getClassLoader().getResource("checkSumTest.file").getPath());
String expResult = "F0915C5F46B8CFA283E5AD67A09B3793";
String result = Checksum.getMD5Checksum(file);
Assert.assertEquals(expResult, result);
}
/**
* Test of getSHA1Checksum method, of class Checksum.
* @throws Exception is thrown when an exception occurs.
*/
@Test
public void testGetSHA1Checksum() throws Exception {
File file = new File(this.getClass().getClassLoader().getResource("checkSumTest.file").getPath());
String expResult = "B8A9FF28B21BCB1D0B50E24A5243D8B51766851A";
String result = Checksum.getSHA1Checksum(file);
Assert.assertEquals(expResult, result);
}
/**
* Test of getHex method, of class Checksum.
*/
@Test
public void testGetHex() {
byte[] raw = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16};
String expResult = "000102030405060708090A0B0C0D0E0F10";
String result = Checksum.getHex(raw);
Assert.assertEquals(expResult, result);
}
}

262
src/test/java/org/owasp/dependencycheck/utils/CliParserTest.java
View File

@@ -1,262 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.utils;
import org.owasp.dependencycheck.utils.CliParser;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.PrintStream;
import org.apache.commons.cli.ParseException;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class CliParserTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() throws Exception {
}
@After
public void tearDown() throws Exception {
}
/**
* Test of parse method, of class CliParser.
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse() throws Exception {
String[] args = {};
PrintStream out = System.out;
ByteArrayOutputStream baos = new ByteArrayOutputStream();
System.setOut(new PrintStream(baos));
CliParser instance = new CliParser();
instance.parse(args);
Assert.assertFalse(instance.isGetVersion());
Assert.assertFalse(instance.isGetHelp());
Assert.assertFalse(instance.isRunScan());
}
/**
* Test of parse method with help arg, of class CliParser.
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_help() throws Exception {
String[] args = {"-help"};
PrintStream out = System.out;
CliParser instance = new CliParser();
instance.parse(args);
Assert.assertFalse(instance.isGetVersion());
Assert.assertTrue(instance.isGetHelp());
Assert.assertFalse(instance.isRunScan());
}
/**
* Test of parse method with version arg, of class CliParser.
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_version() throws Exception {
String[] args = {"-version"};
CliParser instance = new CliParser();
instance.parse(args);
Assert.assertTrue(instance.isGetVersion());
Assert.assertFalse(instance.isGetHelp());
Assert.assertFalse(instance.isRunScan());
}
/**
* Test of parse method with jar and cpe args, of class CliParser.
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_unknown() throws Exception {
String[] args = {"-unknown"};
PrintStream out = System.out;
PrintStream err = System.err;
ByteArrayOutputStream baos_out = new ByteArrayOutputStream();
ByteArrayOutputStream baos_err = new ByteArrayOutputStream();
System.setOut(new PrintStream(baos_out));
System.setErr(new PrintStream(baos_err));
CliParser instance = new CliParser();
try {
instance.parse(args);
} catch (ParseException ex) {
Assert.assertTrue(ex.getMessage().contains("Unrecognized option"));
}
Assert.assertFalse(instance.isGetVersion());
Assert.assertFalse(instance.isGetHelp());
Assert.assertFalse(instance.isRunScan());
}
/**
* Test of parse method with scan arg, of class CliParser.
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_scan() throws Exception {
String[] args = {"-scan"};
CliParser instance = new CliParser();
try {
instance.parse(args);
} catch (ParseException ex) {
Assert.assertTrue(ex.getMessage().contains("Missing argument"));
}
Assert.assertFalse(instance.isGetVersion());
Assert.assertFalse(instance.isGetHelp());
Assert.assertFalse(instance.isRunScan());
}
/**
* Test of parse method with jar arg, of class CliParser.
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_scan_unknownFile() throws Exception {
String[] args = {"-scan", "jar.that.does.not.exist", "-app", "test"};
CliParser instance = new CliParser();
try {
instance.parse(args);
} catch (FileNotFoundException ex) {
Assert.assertTrue(ex.getMessage().contains("Invalid file argument"));
}
Assert.assertFalse(instance.isGetVersion());
Assert.assertFalse(instance.isGetHelp());
Assert.assertFalse(instance.isRunScan());
}
/**
* Test of parse method with jar arg, of class CliParser.
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_scan_withFileExists() throws Exception {
File path = new File(this.getClass().getClassLoader().getResource("checkSumTest.file").getPath());
String[] args = {"-scan", path.getCanonicalPath(), "-out", "./", "-app", "test"};
CliParser instance = new CliParser();
instance.parse(args);
Assert.assertEquals(path.getCanonicalPath(), instance.getScanFiles()[0]);
Assert.assertFalse(instance.isGetVersion());
Assert.assertFalse(instance.isGetHelp());
Assert.assertTrue(instance.isRunScan());
}
/**
* Test of printVersionInfo, of class CliParser.
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_printVersionInfo() throws Exception {
PrintStream out = System.out;
ByteArrayOutputStream baos = new ByteArrayOutputStream();
System.setOut(new PrintStream(baos));
CliParser instance = new CliParser();
instance.printVersionInfo();
try {
baos.flush();
String text = (new String(baos.toByteArray())).toLowerCase();
String[] lines = text.split(System.getProperty("line.separator"));
Assert.assertEquals(1, lines.length);
Assert.assertTrue(text.contains("version"));
Assert.assertTrue(!text.contains("unknown"));
} catch (IOException ex) {
System.setOut(out);
Assert.fail("CliParser.printVersionInfo did not write anything to system.out.");
} finally {
System.setOut(out);
}
}
/**
* Test of printHelp, of class CliParser.
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testParse_printHelp() throws Exception {
PrintStream out = System.out;
ByteArrayOutputStream baos = new ByteArrayOutputStream();
System.setOut(new PrintStream(baos));
CliParser instance = new CliParser();
String[] args = {"-h"};
instance.parse(args);
instance.printHelp();
args[0] = "-ah";
instance.parse(args);
instance.printHelp();
try {
baos.flush();
String text = (new String(baos.toByteArray()));
String[] lines = text.split(System.getProperty("line.separator"));
Assert.assertTrue(lines[0].startsWith("usage: "));
Assert.assertTrue((lines.length > 2));
} catch (IOException ex) {
System.setOut(out);
Assert.fail("CliParser.printVersionInfo did not write anything to system.out.");
} finally {
System.setOut(out);
}
}
}

80
src/test/java/org/owasp/dependencycheck/utils/DependencyVersionUtilTest.java
View File

@@ -1,80 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.utils;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class DependencyVersionUtilTest {
public DependencyVersionUtilTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of parseVersionFromFileName method, of class DependencyVersionUtil.
*/
@Test
public void testParseVersionFromFileName() {
final String[] fileName = {"something-0.9.5.jar", "lib2-1.1.jar", "lib1.5r4-someflag-R26.jar",
"lib-1.2.5-dev-20050313.jar", "testlib_V4.4.0.jar", "lib-core-2.0.0-RC1-SNAPSHOT.jar",
"lib-jsp-2.0.1_R114940.jar", "dev-api-2.3.11_R121413.jar", "lib-api-3.7-SNAPSHOT.jar"};
final String[] expResult = {"0.9.5", "1.1", "1.5.r4", "1.2.5", "4.4.0", "2.0.0.rc1",
"2.0.1.r114940", "2.3.11.r121413", "3.7"};
for (int i = 0; i < fileName.length; i++) {
final DependencyVersion version = DependencyVersionUtil.parseVersionFromFileName(fileName[i]);
String result = null;
if (version != null) {
result = version.toString();
}
assertEquals("Failed extraction on \"" + fileName[i] + "\".", expResult[i], result);
}
String[] failingNames = { "no-version-identified.jar", "somelib-04aug2000r7-dev.jar", "no.version15.jar",
"lib_1.0_spec-1.1.jar", "lib-api_1.0_spec-1.0.1.jar" };
for (String failingName : failingNames) {
final DependencyVersion version = DependencyVersionUtil.parseVersionFromFileName(failingName);
assertNull("Found version in name that should have failed \"" + failingName + "\".", version);
}
}
}

81
src/test/java/org/owasp/dependencycheck/utils/DownloaderIntegrationTest.java
View File

@@ -1,81 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.utils;
import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.utils.Downloader;
import java.net.URL;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class DownloaderIntegrationTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of fetchFile method, of class Downloader.
* @throws Exception thrown when an exception occurs.
*/
@Test
public void testFetchFile() throws Exception {
// Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, "1000");
// Settings.setString(Settings.KEYS.PROXY_PORT, "8080");
// Settings.setString(Settings.KEYS.PROXY_URL, "127.0.0.1");
URL url = new URL(Settings.getString(Settings.KEYS.CPE_URL));
String outputPath = "target\\downloaded_cpe.xml";
Downloader.fetchFile(url, outputPath, true);
url = new URL("http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2010.xml");
outputPath = "target\\downloaded_cve.xml";
Downloader.fetchFile(url, outputPath, false);
}
@Test
public void testGetLastModified() throws Exception {
URL url = new URL("http://nvd.nist.gov/download/nvdcve-2012.xml");
long timestamp = Downloader.getLastModified(url);
assertTrue("timestamp equal to zero?", timestamp>0);
}
}

81
src/test/java/org/owasp/dependencycheck/utils/FileUtilsTest.java
View File

@@ -1,81 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.utils;
import java.io.File;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class FileUtilsTest {
public FileUtilsTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of getFileExtension method, of class FileUtils.
*/
@Test
public void testGetFileExtension() {
String[] fileName = { "something-0.9.5.jar", "lib2-1.1.js" };
String[] expResult = { "jar", "js" };
for (int i = 0; i < fileName.length; i++) {
String result = FileUtils.getFileExtension(fileName[i]);
assertEquals("Failed extraction on \"" + fileName[i] + "\".", expResult[i], result);
}
}
/**
* Test of delete method, of class FileUtils.
*/
@Test
public void testDelete() throws Exception {
File file = File.createTempFile("tmp", "deleteme");
if (!file.exists()) {
fail("Unable to create a temporary file.");
}
FileUtils.delete(file);
assertFalse("Temporary file exists after attempting deletion", file.exists());
}
}

95
src/test/java/org/owasp/dependencycheck/utils/FilterTest.java
View File

@@ -1,95 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.utils;
import org.owasp.dependencycheck.utils.Filter;
import java.util.List;
import java.util.ArrayList;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class FilterTest {
public FilterTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of passes method, of class Filter.
*/
@Test
public void testPasses() {
String keep = "keep";
String fail = "fail";
assertTrue("String contained keep - but passes returned false.", TEST_FILTER.passes(keep));
assertFalse("String contained fail - but passes returned true.", TEST_FILTER.passes(fail));
}
/**
* Test of filter method, of class Filter.
*/
@Test
public void testFilter_Iterable() {
List<String> testData = new ArrayList<String>();
testData.add("keep");
testData.add("remove");
testData.add("keep");
List<String> expResults = new ArrayList<String>();
expResults.add("keep");
expResults.add("keep");
List<String> actResults = new ArrayList<String>();
for (String s : TEST_FILTER.filter(testData)) {
actResults.add(s);
}
assertArrayEquals(expResults.toArray(), actResults.toArray());
}
private static final Filter<String> TEST_FILTER =
new Filter<String>() {
public boolean passes(String str) {
return str.contains("keep");
}
};
}

151
src/test/java/org/owasp/dependencycheck/utils/SettingsTest.java
View File

@@ -1,151 +0,0 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.utils;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings;
import java.io.File;
import java.io.IOException;
import java.net.URISyntaxException;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class SettingsTest {
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() throws Exception {
}
@After
public void tearDown() throws Exception {
}
/**
* Test of getString method, of class Settings.
*/
@Test
public void testGetString() {
String key = Settings.KEYS.CPE_INDEX;
String expResult = "target/data/cpe";
String result = Settings.getString(key);
Assert.assertTrue(result.endsWith(expResult));
}
/**
* Test of mergeProperties method, of class Settings.
*/
@Test
public void testMergeProperties_String() throws IOException, URISyntaxException {
String key = Settings.KEYS.PROXY_PORT;
String expResult = Settings.getString(key);
File f = new File(this.getClass().getClassLoader().getResource("test.properties").toURI());
//InputStream in = this.getClass().getClassLoader().getResourceAsStream("test.properties");
Settings.mergeProperties(f.getAbsolutePath());
String result = Settings.getString(key);
Assert.assertTrue("setting didn't change?", (expResult == null && result != null) || !expResult.equals(result));
}
/**
* Test of setString method, of class Settings.
*/
@Test
public void testSetString() {
String key = "newProperty";
String value = "someValue";
Settings.setString(key, value);
String expResults = Settings.getString(key);
Assert.assertEquals(expResults, value);
}
/**
* Test of getString method, of class Settings.
*/
@Test
public void testGetString_String_String() {
String key = "key That Doesn't Exist";
String defaultValue = "blue bunny";
String expResult = "blue bunny";
String result = Settings.getString(key);
Assert.assertTrue(result == null);
result = Settings.getString(key, defaultValue);
Assert.assertEquals(expResult, result);
}
/**
* Test of getString method, of class Settings.
*/
@Test
public void testGetString_String() {
String key = Settings.KEYS.CONNECTION_TIMEOUT;
String result = Settings.getString(key);
Assert.assertTrue(result == null);
}
/**
* Test of getInt method, of class Settings.
*/
@Test
public void testGetInt() throws InvalidSettingException {
String key = "SomeNumber";
int expResult = 85;
Settings.setString(key, "85");
int result = Settings.getInt(key);
Assert.assertEquals(expResult, result);
}
/**
* Test of getLong method, of class Settings.
*/
@Test
public void testGetLong() throws InvalidSettingException {
String key = "SomeNumber";
long expResult = 300L;
Settings.setString(key, "300");
long result = Settings.getLong(key);
Assert.assertEquals(expResult, result);
}
/**
* Test of getBoolean method, of class Settings.
*/
@Test
public void testGetBoolean() throws InvalidSettingException {
String key = "SomeBoolean";
Settings.setString(key, "false");
boolean expResult = false;
boolean result = Settings.getBoolean(key);
Assert.assertEquals(expResult, result);
}
}

189
src/test/resources/MANIFEST.MF
View File

@@ -1,189 +0,0 @@
Manifest-Version: 1.0
Archiver-Version: Plexus Archiver
Created-By: 1.5.0_10 (Sun Microsystems Inc.)
Built-By: dbrown
Build-Jdk: 1.5.0_10
Bundle-License: http://www.apache.org/licenses/LICENSE-2.0.txt
Import-Package: com.opensymphony.xwork2,com.opensymphony.xwork2.config
,com.opensymphony.xwork2.config.entities,com.opensymphony.xwork2.conf
ig.providers,com.opensymphony.xwork2.conversion,com.opensymphony.xwor
k2.conversion.impl,com.opensymphony.xwork2.inject,com.opensymphony.xw
ork2.interceptor,com.opensymphony.xwork2.ognl,com.opensymphony.xwork2
.util,com.opensymphony.xwork2.util.location,com.opensymphony.xwork2.u
til.logging,com.opensymphony.xwork2.util.profiling,com.opensymphony.x
work2.util.reflection,com.opensymphony.xwork2.validator,freemarker.ca
che,freemarker.core,freemarker.ext.beans,freemarker.ext.jsp,freemarke
r.ext.servlet,freemarker.ext.util,freemarker.template,javax.servlet,j
avax.servlet.http,javax.servlet.jsp,javax.servlet.jsp.tagext,javax.xm
l.transform,javax.xml.transform.dom,javax.xml.transform.stream,ognl,o
rg.apache.commons.fileupload;version="1.2",org.apache.commons.fileupl
oad.disk;version="1.2",org.apache.commons.fileupload.servlet;version=
"1.2",org.apache.struts2;version="2.1.2",org.apache.struts2.component
s;version="2.1.2",org.apache.struts2.components.template;version="2.1
.2",org.apache.struts2.config;version="2.1.2",org.apache.struts2.disp
atcher;version="2.1.2",org.apache.struts2.dispatcher.mapper;version="
2.1.2",org.apache.struts2.dispatcher.multipart;version="2.1.2",org.ap
ache.struts2.impl;version="2.1.2",org.apache.struts2.interceptor;vers
ion="2.1.2",org.apache.struts2.interceptor.debugging;version="2.1.2",
org.apache.struts2.interceptor.validation;version="2.1.2",org.apache.
struts2.servlet.interceptor;version="2.1.2",org.apache.struts2.static
;version="2.1.2",org.apache.struts2.util;version="2.1.2",org.apache.s
truts2.views;version="2.1.2",org.apache.struts2.views.annotations;ver
sion="2.1.2",org.apache.struts2.views.freemarker;version="2.1.2",org.
apache.struts2.views.freemarker.tags;version="2.1.2",org.apache.strut
s2.views.jsp;version="2.1.2",org.apache.struts2.views.jsp.iterator;ve
rsion="2.1.2",org.apache.struts2.views.jsp.ui;version="2.1.2",org.apa
che.struts2.views.jsp.ui.table;version="2.1.2",org.apache.struts2.vie
ws.util;version="2.1.2",org.apache.struts2.views.velocity;version="2.
1.2",org.apache.struts2.views.velocity.components;version="2.1.2",org
.apache.struts2.views.xslt;version="2.1.2",org.apache.velocity,org.ap
ache.velocity.app,org.apache.velocity.context,org.apache.velocity.exc
eption,org.apache.velocity.runtime.directive,org.apache.velocity.runt
ime.parser.node,org.apache.velocity.runtime.resource.loader,org.apach
e.velocity.tools.view,org.apache.velocity.tools.view.context,org.apac
he.velocity.tools.view.servlet,org.w3c.dom,org.xml.sax,template.archi
ve.ajax;version="2.1.2",template.archive.simple;version="2.1.2",templ
ate.archive.xhtml;version="2.1.2",template.css_xhtml;version="2.1.2",
template.simple;version="2.1.2",template.xhtml;version="2.1.2"
Bnd-LastModified: 1209700736700
Export-Package: org.apache.struts2.views.xslt;uses:="javax.servlet.htt
p,com.opensymphony.xwork2,org.xml.sax,org.apache.struts2,org.w3c.dom,
com.opensymphony.xwork2.util.logging,javax.xml.transform,javax.xml.tr
ansform.dom,com.opensymphony.xwork2.util,javax.servlet,com.opensympho
ny.xwork2.inject,javax.xml.transform.stream";version="2.1.2",org.apac
he.struts2.static;version="2.1.2",org.apache.struts2.views;uses:="org
.apache.struts2.views.freemarker.tags,javax.servlet.http,com.opensymp
hony.xwork2.util,javax.servlet,org.apache.struts2.views.velocity.comp
onents";version="2.1.2",org.apache.struts2.views.freemarker.tags;uses
:="freemarker.ext.beans,freemarker.template,javax.servlet.http,com.op
ensymphony.xwork2.util,org.apache.struts2.components,com.opensymphony
.xwork2.util.logging,com.opensymphony.xwork2.inject";version="2.1.2",
template.archive.xhtml;version="2.1.2",org.apache.struts2.dispatcher.
mapper;uses:="javax.servlet.http,com.opensymphony.xwork2,com.opensymp
hony.xwork2.config,org.apache.struts2,com.opensymphony.xwork2.util.lo
gging,org.apache.struts2.dispatcher,org.apache.struts2.util,com.opens
ymphony.xwork2.config.entities,com.opensymphony.xwork2.inject";versio
n="2.1.2",org.apache.struts2;uses:="com.opensymphony.xwork2,javax.ser
vlet.http,com.opensymphony.xwork2.util,org.apache.struts2.dispatcher.
mapper,javax.servlet,javax.servlet.jsp,com.opensymphony.xwork2.util.l
ocation";version="2.1.2",template.css_xhtml;version="2.1.2",template.
archive.ajax;version="2.1.2",org.apache.struts2.interceptor;uses:="co
m.opensymphony.xwork2,javax.servlet.http,org.apache.struts2.servlet.i
nterceptor,org.apache.struts2.dispatcher.mapper,org.apache.struts2,co
m.opensymphony.xwork2.util.logging,org.apache.struts2.dispatcher,com.
opensymphony.xwork2.util,javax.servlet,org.apache.struts2.util,com.op
ensymphony.xwork2.config.entities,com.opensymphony.xwork2.util.profil
ing,com.opensymphony.xwork2.inject,org.apache.struts2.dispatcher.mult
ipart,com.opensymphony.xwork2.interceptor";version="2.1.2",org.apache
.struts2.dispatcher;uses:="org.apache.struts2.views,javax.servlet.htt
p,org.apache.struts2.dispatcher.mapper,com.opensymphony.xwork2.config
,org.apache.struts2,com.opensymphony.xwork2.config.providers,org.apac
he.struts2.views.freemarker,freemarker.template,javax.servlet,org.apa
che.struts2.views.velocity,org.apache.struts2.util,com.opensymphony.x
work2.config.entities,org.apache.velocity.app,org.apache.velocity,org
.apache.velocity.context,com.opensymphony.xwork2.inject,com.opensymph
ony.xwork2.util.location,com.opensymphony.xwork2,com.opensymphony.xwo
rk2.util.logging,com.opensymphony.xwork2.util.reflection,javax.servle
t.jsp,org.apache.struts2.views.util,org.apache.struts2.config,com.ope
nsymphony.xwork2.util,com.opensymphony.xwork2.util.profiling,org.apac
he.struts2.dispatcher.multipart";version="2.1.2",org.apache.struts2.v
iews.freemarker;uses:="com.opensymphony.xwork2,javax.servlet.http,org
.apache.struts2.views,freemarker.ext.jsp,freemarker.cache,org.apache.
struts2,freemarker.ext.util,com.opensymphony.xwork2.util.logging,org.
apache.struts2.dispatcher,org.apache.struts2.views.util,freemarker.ex
t.servlet,freemarker.ext.beans,freemarker.template,freemarker.core,co
m.opensymphony.xwork2.util,javax.servlet,com.opensymphony.xwork2.inje
ct";version="2.1.2",org.apache.struts2.interceptor.validation;uses:="
com.opensymphony.xwork2,javax.servlet.http,org.apache.struts2,com.ope
nsymphony.xwork2.validator,com.opensymphony.xwork2.util.logging,com.o
pensymphony.xwork2.interceptor";version="2.1.2",org.apache.struts2.ut
il;uses:="javax.servlet.http,com.opensymphony.xwork2,com.opensymphony
.xwork2.conversion.impl,com.opensymphony.xwork2.util.logging,org.apac
he.struts2.dispatcher,org.apache.struts2.views.util,javax.servlet.jsp
,org.apache.velocity.exception,com.opensymphony.xwork2.util,javax.ser
vlet,org.apache.struts2.views.jsp.ui,org.apache.velocity.app,org.apac
he.velocity.context,com.opensymphony.xwork2.inject";version="2.1.2",o
rg.apache.struts2.views.velocity;uses:="javax.servlet.http,org.apache
.struts2.views,com.opensymphony.xwork2,org.apache.velocity.tools.view
,org.apache.struts2,com.opensymphony.xwork2.util.logging,org.apache.s
truts2.views.util,org.apache.velocity.tools.view.servlet,org.apache.v
elocity.tools.view.context,org.apache.velocity.exception,org.apache.v
elocity.runtime.resource.loader,com.opensymphony.xwork2.util,javax.se
rvlet,org.apache.struts2.util,org.apache.velocity.app,com.opensymphon
y.xwork2.inject,org.apache.velocity.context,org.apache.velocity";vers
ion="2.1.2",template.simple;version="2.1.2",org.apache.struts2.interc
eptor.debugging;uses:="com.opensymphony.xwork2,javax.servlet.http,org
.apache.struts2,com.opensymphony.xwork2.util.logging,com.opensymphony
.xwork2.util.reflection,org.apache.struts2.views.freemarker,com.opens
ymphony.xwork2.util,com.opensymphony.xwork2.inject,com.opensymphony.x
work2.interceptor";version="2.1.2",org.apache.struts2.views.jsp.ui;us
es:="javax.servlet.http,com.opensymphony.xwork2.util,org.apache.strut
s2.components,javax.servlet.jsp.tagext,org.apache.struts2.views.jsp,c
om.opensymphony.xwork2.inject,ognl,javax.servlet.jsp,com.opensymphony
.xwork2.ognl";version="2.1.2",org.apache.struts2.views.annotations;ve
rsion="2.1.2",template.archive.simple;version="2.1.2",org.apache.stru
ts2.servlet.interceptor;uses:="javax.servlet.http,org.apache.struts2.
interceptor";version="2.1.2",org.apache.struts2.components;uses:="jav
ax.servlet.http,org.apache.struts2.dispatcher.mapper,com.opensymphony
.xwork2.config,org.apache.struts2,org.apache.struts2.dispatcher,javax
.servlet,org.apache.struts2.util,com.opensymphony.xwork2.config.entit
ies,com.opensymphony.xwork2.inject,org.apache.struts2.views.annotatio
ns,com.opensymphony.xwork2.interceptor,com.opensymphony.xwork2,org.ap
ache.struts2.views.jsp,org.apache.struts2.components.template,com.ope
nsymphony.xwork2.util.logging,com.opensymphony.xwork2.validator,com.o
pensymphony.xwork2.util.reflection,javax.servlet.jsp,org.apache.strut
s2.views.util,com.opensymphony.xwork2.util";version="2.1.2",org.apach
e.struts2.views.jsp.iterator;uses:="javax.servlet.http,com.opensympho
ny.xwork2.util,org.apache.struts2.util,org.apache.struts2.components,
org.apache.struts2.views.jsp,com.opensymphony.xwork2.util.logging,jav
ax.servlet.jsp,org.apache.struts2.views.annotations";version="2.1.2",
org.apache.struts2.components.template;uses:="com.opensymphony.xwork2
,javax.servlet.http,freemarker.cache,org.apache.struts2.components,co
m.opensymphony.xwork2.config,com.opensymphony.xwork2.util.logging,jav
ax.servlet.jsp,org.apache.struts2.views.freemarker,freemarker.templat
e,com.opensymphony.xwork2.util,freemarker.core,javax.servlet,org.apac
he.struts2.views.velocity,org.apache.velocity.app,org.apache.velocity
.context,org.apache.velocity,com.opensymphony.xwork2.inject";version=
"2.1.2",org.apache.struts2.views.jsp;uses:="com.opensymphony.xwork2,j
avax.servlet.http,org.apache.struts2.dispatcher.mapper,org.apache.str
uts2.components,com.opensymphony.xwork2.config,javax.servlet.jsp.tage
xt,org.apache.struts2,com.opensymphony.xwork2.util.logging,org.apache
.struts2.dispatcher,org.apache.struts2.views.util,javax.servlet.jsp,c
om.opensymphony.xwork2.util,javax.servlet,org.apache.struts2.util,com
.opensymphony.xwork2.inject";version="2.1.2",org.apache.struts2.views
.velocity.components;uses:="org.apache.velocity.exception,javax.servl
et.http,com.opensymphony.xwork2.util,org.apache.velocity.runtime.pars
er.node,org.apache.struts2.components,com.opensymphony.xwork2.inject,
org.apache.velocity.context,org.apache.velocity.runtime.directive";ve
rsion="2.1.2",org.apache.struts2.config;uses:="com.opensymphony.xwork
2,org.apache.struts2.dispatcher.mapper,com.opensymphony.xwork2.conver
sion.impl,org.apache.struts2.components,com.opensymphony.xwork2.confi
g,org.apache.struts2,com.opensymphony.xwork2.util.logging,com.opensym
phony.xwork2.validator,com.opensymphony.xwork2.util.reflection,com.op
ensymphony.xwork2.config.providers,com.opensymphony.xwork2.conversion
,org.apache.struts2.views.freemarker,com.opensymphony.xwork2.util,jav
ax.servlet,org.apache.struts2.util,org.apache.struts2.views.velocity,
com.opensymphony.xwork2.inject,org.apache.struts2.dispatcher.multipar
t,com.opensymphony.xwork2.util.location";version="2.1.2",org.apache.s
truts2.views.util;uses:="javax.servlet.http,com.opensymphony.xwork2,o
rg.apache.struts2,com.opensymphony.xwork2.util.logging,com.opensympho
ny.xwork2.util,org.apache.struts2.util,org.apache.struts2.views.jsp.u
i,com.opensymphony.xwork2.inject";version="2.1.2",org.apache.struts2.
impl;uses:="com.opensymphony.xwork2,com.opensymphony.xwork2.config.en
tities,com.opensymphony.xwork2.config,com.opensymphony.xwork2.inject,
com.opensymphony.xwork2.util.reflection,com.opensymphony.xwork2.inter
ceptor";version="2.1.2",org.apache.struts2.views.jsp.ui.table;version
="2.1.2",template.xhtml;version="2.1.2",org.apache.struts2.dispatcher
.multipart;uses:="javax.servlet.http,javax.servlet,org.apache.commons
.fileupload.servlet,com.opensymphony.xwork2.util.logging,com.opensymp
hony.xwork2.inject,org.apache.struts2.dispatcher,org.apache.commons.f
ileupload.disk,org.apache.commons.fileupload";version="2.1.2"
Bundle-Version: 2.1.2
Bundle-Description: Apache Struts 2
Bundle-Name: Struts 2 Core
Bundle-DocURL: http://www.apache.org
Bundle-ManifestVersion: 2
Bundle-Vendor: Apache Software Foundation
Bundle-SymbolicName: org.apache.struts.struts2-core
Tool: Bnd-0.0.238

1
src/test/resources/checkSumTest.file
View File

@@ -1 +0,0 @@
this is a test file used to check the checksums.

176610
src/test/resources/cwe.2000.xml
View File

File diff suppressed because it is too large Load Diff

BIN
src/test/resources/daytrader-ear-1.1.ear Normal file
View File

Binary file not shown.

BIN
src/test/resources/ehcache-core-2.2.0.jar Normal file
View File

Binary file not shown.

21
src/test/resources/log.properties
View File

@@ -1,21 +0,0 @@
handlers=java.util.logging.ConsoleHandler, java.util.logging.FileHandler
# logging levels
# FINEST, FINER, FINE, CONFIG, INFO, WARNING and SEVERE.
# Configure the ConsoleHandler.
java.util.logging.ConsoleHandler.level=SEVERE
# Configure the FileHandler.
java.util.logging.FileHandler.formatter=java.util.logging.SimpleFormatter
java.util.logging.FileHandler.level=FINEST
# The following special tokens can be used in the pattern property
# which specifies the location and name of the log file.
# / - standard path separator
# %t - system temporary directory
# %h - value of the user.home system property
# %g - generation number for rotating logs
# %u - unique number to avoid conflicts
# FileHandler writes to %h/demo0.log by default.
java.util.logging.FileHandler.pattern=./logs/DependencyCheck%g.log

2706
src/test/resources/nvdcve-2.0-2012.xml
View File

File diff suppressed because it is too large Load Diff

1454
src/test/resources/nvdcve-2012.xml
View File

File diff suppressed because it is too large Load Diff

1
src/test/resources/opensso.war.REMOVED.git-id Normal file
View File

@@ -0,0 +1 @@
a1ef6c9d9d985c8e28b9fb238005a6de04b6d4f1

1
src/test/resources/test.properties
View File

@@ -1 +0,0 @@
proxy.port=80