github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-20 16:24:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Issue #730: Add a test for suppression in an Ant task

Browse Source
This commit is contained in:
Phillip Whittlesea
2017-06-11 16:06:32 +01:00
parent 76218da8d1
commit ed214d05fa
4 changed files with 44 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1,6 +1,7 @@
*/target/** */target/**
# IntelliJ test run side-effects # IntelliJ test run side-effects
dependency-check-core/data/ dependency-check-core/data/
dependency-check-ant/data/
# Intellij project files # Intellij project files
*.iml *.iml
*.ipr *.ipr

14
dependency-check-ant/src/test/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTaskTest.java
View File

@@ -114,4 +114,18 @@ public class DependencyCheckTaskTest {
expectedException.expect(BuildException.class); expectedException.expect(BuildException.class);
buildFileRule.executeTarget("failCVSS"); buildFileRule.executeTarget("failCVSS");
} }
/**
* Test the DependencyCheckTask where a CVE is suppressed.
*/
@Test
public void testSuppressingCVE() {
// GIVEN an ant task with a vulnerability
final String antTaskName = "suppression";
// WHEN executing the ant task
buildFileRule.executeTarget(antTaskName);
// THEN the ant task executed without error
}
} }

23
dependency-check-ant/src/test/resources/build.xml
View File

@@ -61,11 +61,24 @@
<target name="failCVSS"> <target name="failCVSS">
<dependency-check <dependency-check
applicationName="test failCVSS" applicationName="test failCVSS"
reportOutputDirectory="${project.build.directory}" reportOutputDirectory="${project.build.directory}"
reportFormat="XML" reportFormat="XML"
autoupdate="false" autoupdate="false"
failBuildOnCVSS="3"> failBuildOnCVSS="3">
<fileset dir="${project.build.directory}/test-classes/jars">
<include name="axis-1.4.jar"/>
</fileset>
</dependency-check>
</target>
<target name="suppression">
<dependency-check
applicationName="test suppression"
reportOutputDirectory="${project.build.directory}"
autoupdate="false"
failBuildOnCVSS="3"
suppressionFile="${project.build.directory}/test-classes/test-suppression.xml">
<fileset dir="${project.build.directory}/test-classes/jars"> <fileset dir="${project.build.directory}/test-classes/jars">
<include name="axis-1.4.jar"/> <include name="axis-1.4.jar"/>
</fileset> </fileset>

11
dependency-check-ant/src/test/resources/test-suppression.xml Normal file
View File

@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Test suppression file for the DependencyCheckTaskTest#testSuppressingCVE() test -->
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
<suppress>
<notes><![CDATA[
file name: axis-1.4.jar
]]></notes>
<gav regex="true">^org\.apache\.axis:axis:.*$</gav>
<cpe>cpe:/a:apache:axis</cpe>
</suppress>
</suppressions>