github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-23 17:41:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix test case due to new CPE/CVEs

Browse Source
This commit is contained in:
Jeremy Long
2017-11-25 11:48:34 -05:00
parent 082ac5d229
commit f7a72489d4
2 changed files with 28 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml
View File

@@ -855,4 +855,19 @@
<gav regex="true">^com\.unboundid:unboundid-ldapsdk:.*$</gav> <gav regex="true">^com\.unboundid:unboundid-ldapsdk:.*$</gav>
<cpe>cpe:/a:id:id-software</cpe> <cpe>cpe:/a:id:id-software</cpe>
</suppress> </suppress>
<suppress base="true">
<notes><![CDATA[
jaxb-xerces and jaxb-xerces2 are completely different dependencies.
]]></notes>
<gav regex="true">^activesoap:jaxb-xercesImpl:[01].*$</gav>
<cpe>cpe:/a:apache:xerces2_java</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
jaxb-xerces and jaxb-xerces2 are completely different dependencies - the sha1
is primarily for testing.
]]></notes>
<sha1>73a51faadb407dccdbd77234e0d5a0a648665692</sha1>
<cpe>cpe:/a:apache:xerces2_java</cpe>
</suppress>
</suppressions> </suppressions>

21
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIT.java
View File

@@ -103,13 +103,17 @@ public class CPEAnalyzerIT extends BaseDBTestCase {
fp.initialize(getSettings()); fp.initialize(getSettings());
fp.prepare(e); fp.prepare(e);
callDetermineCPE_full("hazelcast-2.5.jar", null, cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp); CpeSuppressionAnalyzer cpeSuppression = new CpeSuppressionAnalyzer();
callDetermineCPE_full("spring-context-support-2.5.5.jar", "cpe:/a:springsource:spring_framework:2.5.5", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp); cpeSuppression.initialize(getSettings());
callDetermineCPE_full("spring-core-3.0.0.RELEASE.jar", "cpe:/a:vmware:springsource_spring_framework:3.0.0", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp); cpeSuppression.prepare(e);
callDetermineCPE_full("jaxb-xercesImpl-1.5.jar", null, cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp);
callDetermineCPE_full("ehcache-core-2.2.0.jar", null, cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp); callDetermineCPE_full("hazelcast-2.5.jar", null, cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp, cpeSuppression);
callDetermineCPE_full("org.mortbay.jetty.jar", "cpe:/a:mortbay_jetty:jetty:4.2.27", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp); callDetermineCPE_full("spring-context-support-2.5.5.jar", "cpe:/a:springsource:spring_framework:2.5.5", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp, cpeSuppression);
callDetermineCPE_full("xstream-1.4.8.jar", "cpe:/a:x-stream:xstream:1.4.8", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp); callDetermineCPE_full("spring-core-3.0.0.RELEASE.jar", "cpe:/a:vmware:springsource_spring_framework:3.0.0", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp, cpeSuppression);
callDetermineCPE_full("jaxb-xercesImpl-1.5.jar", null, cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp, cpeSuppression);
callDetermineCPE_full("ehcache-core-2.2.0.jar", null, cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp, cpeSuppression);
callDetermineCPE_full("org.mortbay.jetty.jar", "cpe:/a:mortbay_jetty:jetty:4.2.27", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp, cpeSuppression);
callDetermineCPE_full("xstream-1.4.8.jar", "cpe:/a:x-stream:xstream:1.4.8", cpeAnalyzer, fnAnalyzer, jarAnalyzer, hAnalyzer, fp, cpeSuppression);
} finally { } finally {
cpeAnalyzer.close(); cpeAnalyzer.close();
} }
@@ -121,7 +125,7 @@ public class CPEAnalyzerIT extends BaseDBTestCase {
* @throws Exception is thrown when an exception occurs * @throws Exception is thrown when an exception occurs
*/ */
public void callDetermineCPE_full(String depName, String expResult, CPEAnalyzer cpeAnalyzer, FileNameAnalyzer fnAnalyzer, public void callDetermineCPE_full(String depName, String expResult, CPEAnalyzer cpeAnalyzer, FileNameAnalyzer fnAnalyzer,
JarAnalyzer jarAnalyzer, HintAnalyzer hAnalyzer, FalsePositiveAnalyzer fp) throws Exception { JarAnalyzer jarAnalyzer, HintAnalyzer hAnalyzer, FalsePositiveAnalyzer fp, CpeSuppressionAnalyzer cpeSuppression) throws Exception {
//File file = new File(this.getClass().getClassLoader().getResource(depName).getPath()); //File file = new File(this.getClass().getClassLoader().getResource(depName).getPath());
File file = BaseTest.getResourceAsFile(this, depName); File file = BaseTest.getResourceAsFile(this, depName);
@@ -133,6 +137,7 @@ public class CPEAnalyzerIT extends BaseDBTestCase {
hAnalyzer.analyze(dep, null); hAnalyzer.analyze(dep, null);
cpeAnalyzer.analyze(dep, null); cpeAnalyzer.analyze(dep, null);
fp.analyze(dep, null); fp.analyze(dep, null);
cpeSuppression.analyze(dep, null);
if (expResult != null) { if (expResult != null) {
boolean found = false; boolean found = false;