updated test case per issue #792

2026-01-14 07:43:40 +01:00 · 2017-07-16 08:46:48 -04:00
parent d4c1a9ea08
commit ed56eb2ec1
2 changed files with 26 additions and 1 deletions
--- a/dependency-check-maven/src/it/629-jackson-dataformat/pom.xml
+++ b/dependency-check-maven/src/it/629-jackson-dataformat/pom.xml
@@ -43,5 +43,25 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved.
            <artifactId>jackson-dataformat-xml</artifactId>
            <version>2.4.5</version>
        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.module</groupId>
+            <artifactId>jackson-module-kotlin</artifactId>
+            <version>2.8.9</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.dataformat</groupId>
+            <artifactId>jackson-dataformat-ion</artifactId>
+            <version>2.8.9</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.datatype</groupId>
+            <artifactId>jackson-datatype-hppc</artifactId>
+            <version>2.8.9</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.jaxrs</groupId>
+            <artifactId>jackson-jaxrs-yaml-provider</artifactId>
+            <version>2.8.9</version>
+        </dependency>
    </dependencies>
 </project>
--- a/dependency-check-maven/src/it/629-jackson-dataformat/postbuild.groovy
+++ b/dependency-check-maven/src/it/629-jackson-dataformat/postbuild.groovy
@@ -24,7 +24,12 @@ import java.nio.charset.Charset;
 // Check to see if jackson-dataformat-xml-2.4.5.jar was identified.
 //TODO change this to xpath and check for CVE-2016-3720
 String log = FileUtils.readFileToString(new File(basedir, "target/dependency-check-report.xml"), Charset.defaultCharset().name());
-int count = StringUtils.countMatches(log, "<fileName>jackson-dataformat-xml-2.4.5.jar</fileName>");
+int count = StringUtils.countMatches(log, "<name>CVE-2016-7051</name>");
+if (count == 0){
+    System.out.println(String.format("jackson-dataformat-xml was identified %s times, expected 1", count));
+    return false;
+}
+count = StringUtils.countMatches(log, "<name>CVE-2016-3720</name>");
 if (count == 0){
    System.out.println(String.format("jackson-dataformat-xml was identified %s times, expected 1", count));
    return false;