diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerabilityTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerabilityTest.java new file mode 100644 index 000000000..550540b67 --- /dev/null +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerabilityTest.java @@ -0,0 +1,138 @@ +/* + * This file is part of dependency-check-core. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright (c) 2013 Jeremy Long. All Rights Reserved. + */ +package org.owasp.dependencycheck.dependency; + +import org.junit.After; +import org.junit.AfterClass; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.assertFalse; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.owasp.dependencycheck.BaseTest; + +/** + * + * @author Jens Hausherr + */ +public class VulnerabilityTest extends BaseTest { + + /** + * Test of equals method, of class VulnerableSoftware. + */ + @Test + public void testDuplicateVersions() { + Vulnerability obj = new Vulnerability(); + + obj.addVulnerableSoftware("cpe:/a:mortbay:jetty:6.1.0"); + obj.addVulnerableSoftware("cpe:/a:mortbay:jetty:6.1.1"); + obj.addVulnerableSoftware("cpe:/a:mortbay:jetty:6.1.0"); + + assertEquals(2, obj.getVulnerableSoftware().size()); + } + + @Test + public void testDpulicateVersionsWithPreviousVersion() { + Vulnerability obj = new Vulnerability(); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.0",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.1",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.2",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.10",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.11",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.12",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.13",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.14",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.15",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.16",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.17",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.18",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.19",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.20",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.21",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.22",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.23",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.0",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.0:alpha",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.1",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.10",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.10a",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.11",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.12",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.13",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.15",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.19",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.1a",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.2",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.3",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.4",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.5.0.21",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.6",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.9",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.21",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.22",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.23",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.24",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.24a",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.25",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.30",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.32",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.33",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.36",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.37",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.38",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.3a",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.41",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.42",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.44",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.45",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.4a",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.50",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.51",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.52",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.54",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.56",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.23a","1"); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.3",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.4",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.5",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.5a",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.6",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.7",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.9",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.11",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.12",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.14",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.15",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.16",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.17",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.18",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.19",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.20",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.21",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.22",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.23",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.23a",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.0",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.1",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.2",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.3",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.4",null); + assertEquals(82, obj.getVulnerableSoftware().size()); + } +} diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java index 69e38fd15..8789d25d1 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java @@ -20,6 +20,8 @@ package org.owasp.dependencycheck.dependency; import org.junit.After; import org.junit.AfterClass; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.assertFalse; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; @@ -40,9 +42,20 @@ public class VulnerableSoftwareTest extends BaseTest { obj.setCpe("cpe:/a:mortbay:jetty:6.1.0"); VulnerableSoftware instance = new VulnerableSoftware(); instance.setCpe("cpe:/a:mortbay:jetty:6.1"); - boolean expResult = false; - boolean result = instance.equals(obj); - assertEquals(expResult, result); + assertFalse(instance.equals(obj)); + } + + /** + * Test of equals method, of class VulnerableSoftware. + */ + @Test + public void testEquals2() { + VulnerableSoftware obj = new VulnerableSoftware(); + obj.setCpe("cpe:/a:mortbay:jetty:6.1.0"); + VulnerableSoftware instance = new VulnerableSoftware(); + instance.setCpe("cpe:/a:mortbay:jetty:6.1.0"); + obj.setPreviousVersion("1"); + assertTrue(instance.equals(obj)); } /** @@ -79,13 +92,36 @@ public class VulnerableSoftwareTest extends BaseTest { assertEquals(expResult, result); } + @Test + public void testCompareToNonNumerical(){ + VulnerableSoftware vs = new VulnerableSoftware(); + vs.setCpe("cpe:/a:mysql:mysql:5.1.23a"); + VulnerableSoftware vs1 = new VulnerableSoftware(); + vs1.setCpe("cpe:/a:mysql:mysql:5.1.23a"); + vs1.setPreviousVersion("1"); + assertEquals(0, vs.compareTo(vs1)); + assertEquals(0, vs1.compareTo(vs)); + } + + @Test + public void testEqualsPreviousVersion() { + VulnerableSoftware vs = new VulnerableSoftware(); + vs.setCpe("cpe:/a:mysql:mysql:5.1.23a"); + VulnerableSoftware vs1 = new VulnerableSoftware(); + vs1.setCpe("cpe:/a:mysql:mysql:5.1.23a"); + vs1.setPreviousVersion("1"); + assertEquals(vs,vs1); + assertEquals(vs1,vs); + + } + @Test public void testParseCPE() { VulnerableSoftware vs = new VulnerableSoftware(); /* Version for test taken from CVE-2008-2079 */ - vs.setCpe("cpe:/a:mysql:mysql:5.0.0:alpha"); + vs.setCpe("cpe:/a:mysql:mysql:5.1.23a"); assertEquals("mysql", vs.getVendor()); assertEquals("mysql", vs.getProduct()); - assertEquals("5.0.0:alpha", vs.getVersion()); + assertEquals("5.1.23a", vs.getVersion()); } }