View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import java.io.File;
21  import java.util.HashSet;
22  import java.util.Set;
23  import static org.junit.Assert.*;
24  import org.junit.Test;
25  import org.owasp.dependencycheck.BaseTest;
26  import org.owasp.dependencycheck.Engine;
27  import org.owasp.dependencycheck.BaseDBTestCase;
28  import org.owasp.dependencycheck.dependency.Dependency;
29  import org.owasp.dependencycheck.utils.Settings;
30  
31  /**
32   *
33   * @author Jeremy Long
34   */
35  public class ArchiveAnalyzerIntegrationTest extends BaseDBTestCase {
36  
37      /**
38       * Test of getSupportedExtensions method, of class ArchiveAnalyzer.
39       */
40      @Test
41      public void testSupportsExtensions() {
42          ArchiveAnalyzer instance = new ArchiveAnalyzer();
43          Set<String> expResult = new HashSet<String>();
44          expResult.add("zip");
45          expResult.add("war");
46          expResult.add("ear");
47          expResult.add("jar");
48          expResult.add("sar");
49          expResult.add("apk");
50          expResult.add("nupkg");
51          expResult.add("tar");
52          expResult.add("gz");
53          expResult.add("tgz");
54          expResult.add("bz2");
55          expResult.add("tbz2");
56          for (String ext : expResult) {
57              assertTrue(ext, instance.accept(new File("test." + ext)));
58          }
59      }
60  
61      /**
62       * Test of getName method, of class ArchiveAnalyzer.
63       */
64      @Test
65      public void testGetName() {
66          ArchiveAnalyzer instance = new ArchiveAnalyzer();
67          String expResult = "Archive Analyzer";
68          String result = instance.getName();
69          assertEquals(expResult, result);
70      }
71  
72      /**
73       * Test of supportsExtension method, of class ArchiveAnalyzer.
74       */
75      @Test
76      public void testSupportsExtension() {
77          String extension = "test.7z"; //not supported
78          ArchiveAnalyzer instance = new ArchiveAnalyzer();
79          assertFalse(extension, instance.accept(new File(extension)));
80      }
81  
82      /**
83       * Test of getAnalysisPhase method, of class ArchiveAnalyzer.
84       */
85      @Test
86      public void testGetAnalysisPhase() {
87          ArchiveAnalyzer instance = new ArchiveAnalyzer();
88          AnalysisPhase expResult = AnalysisPhase.INITIAL;
89          AnalysisPhase result = instance.getAnalysisPhase();
90          assertEquals(expResult, result);
91      }
92  
93      /**
94       * Test of initialize and close methods, of class ArchiveAnalyzer.
95       */
96      @Test
97      public void testInitialize() throws Exception {
98          ArchiveAnalyzer instance = new ArchiveAnalyzer();
99          instance.setEnabled(true);
100         instance.setFilesMatched(true);
101         instance.initialize();
102 
103         instance.close();
104 
105         //no exception means things worked.
106     }
107 
108     /**
109      * Test of analyze method, of class ArchiveAnalyzer.
110      */
111     @Test
112     public void testAnalyze() throws Exception {
113         ArchiveAnalyzer instance = new ArchiveAnalyzer();
114         //trick the analyzer into thinking it is active.
115         instance.accept(new File("test.ear"));
116         try {
117             instance.initialize();
118             File file = BaseTest.getResourceAsFile(this, "daytrader-ear-2.1.7.ear");
119             Dependency dependency = new Dependency(file);
120             Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
121             Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
122             Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
123             Engine engine = new Engine();
124 
125             int initial_size = engine.getDependencies().size();
126             instance.analyze(dependency, engine);
127             int ending_size = engine.getDependencies().size();
128 
129             engine.cleanup();
130 
131             assertTrue(initial_size < ending_size);
132 
133         } finally {
134             instance.close();
135         }
136     }
137 
138     /**
139      * Test of analyze method, of class ArchiveAnalyzer, with an executable jar.
140      */
141     @Test
142     public void testAnalyzeExecutableJar() throws Exception {
143         ArchiveAnalyzer instance = new ArchiveAnalyzer();
144         //trick the analyzer into thinking it is active.
145         instance.accept(new File("test.ear"));
146         try {
147             instance.initialize();
148             File file = BaseTest.getResourceAsFile(this, "bootable-0.1.0.jar");
149             Dependency dependency = new Dependency(file);
150             Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
151             Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
152             Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
153             Engine engine = new Engine();
154 
155             int initial_size = engine.getDependencies().size();
156             instance.analyze(dependency, engine);
157             int ending_size = engine.getDependencies().size();
158 
159             engine.cleanup();
160 
161             assertTrue(initial_size < ending_size);
162 
163         } finally {
164             instance.close();
165         }
166     }
167     
168     /**
169      * Test of analyze method, of class ArchiveAnalyzer.
170      */
171     @Test
172     public void testAnalyzeTar() throws Exception {
173         ArchiveAnalyzer instance = new ArchiveAnalyzer();
174         //trick the analyzer into thinking it is active so that it will initialize
175         instance.accept(new File("test.tar"));
176         try {
177             instance.initialize();
178 
179             //File file = new File(this.getClass().getClassLoader().getResource("file.tar").getPath());
180             //File file = new File(this.getClass().getClassLoader().getResource("stagedhttp-modified.tar").getPath());
181             File file = BaseTest.getResourceAsFile(this, "stagedhttp-modified.tar");
182             Dependency dependency = new Dependency(file);
183             Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
184             Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
185             Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
186             Engine engine = new Engine();
187 
188             int initial_size = engine.getDependencies().size();
189             instance.analyze(dependency, engine);
190             int ending_size = engine.getDependencies().size();
191             engine.cleanup();
192 
193             assertTrue(initial_size < ending_size);
194 
195         } finally {
196             instance.close();
197         }
198     }
199 
200     /**
201      * Test of analyze method, of class ArchiveAnalyzer.
202      */
203     @Test
204     public void testAnalyzeTarGz() throws Exception {
205         ArchiveAnalyzer instance = new ArchiveAnalyzer();
206         instance.accept(new File("zip")); //ensure analyzer is "enabled"
207         try {
208             instance.initialize();
209 
210             //File file = new File(this.getClass().getClassLoader().getResource("file.tar.gz").getPath());
211             File file = BaseTest.getResourceAsFile(this, "file.tar.gz");
212             //Dependency dependency = new Dependency(file);
213             Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
214             Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
215             Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
216             Engine engine = new Engine();
217 
218             int initial_size = engine.getDependencies().size();
219             //instance.analyze(dependency, engine);
220             engine.scan(file);
221             engine.analyzeDependencies();
222             int ending_size = engine.getDependencies().size();
223             engine.cleanup();
224             assertTrue(initial_size < ending_size);
225 
226         } finally {
227             instance.close();
228         }
229     }
230 
231     /**
232      * Test of analyze method, of class ArchiveAnalyzer.
233      */
234     @Test
235     public void testAnalyzeTarBz2() throws Exception {
236         ArchiveAnalyzer instance = new ArchiveAnalyzer();
237         instance.accept(new File("zip")); //ensure analyzer is "enabled"
238         try {
239             instance.initialize();
240             File file = BaseTest.getResourceAsFile(this, "file.tar.bz2");
241             Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
242             Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
243             Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
244             Engine engine = new Engine();
245             int initial_size = engine.getDependencies().size();
246             engine.scan(file);
247             engine.analyzeDependencies();
248             int ending_size = engine.getDependencies().size();
249             engine.cleanup();
250             assertTrue(initial_size < ending_size);
251         } finally {
252             instance.close();
253         }
254     }
255 
256     /**
257      * Test of analyze method, of class ArchiveAnalyzer.
258      */
259     @Test
260     public void testAnalyzeTgz() throws Exception {
261         ArchiveAnalyzer instance = new ArchiveAnalyzer();
262         instance.accept(new File("zip")); //ensure analyzer is "enabled"
263         try {
264             instance.initialize();
265 
266             //File file = new File(this.getClass().getClassLoader().getResource("file.tgz").getPath());
267             File file = BaseTest.getResourceAsFile(this, "file.tgz");
268             Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
269             Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
270             Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
271             Engine engine = new Engine();
272 
273             int initial_size = engine.getDependencies().size();
274             engine.scan(file);
275             engine.analyzeDependencies();
276             int ending_size = engine.getDependencies().size();
277             engine.cleanup();
278             assertTrue(initial_size < ending_size);
279 
280         } finally {
281             instance.close();
282         }
283     }
284 
285     /**
286      * Test of analyze method, of class ArchiveAnalyzer.
287      */
288     @Test
289     public void testAnalyzeTbz2() throws Exception {
290         ArchiveAnalyzer instance = new ArchiveAnalyzer();
291         instance.accept(new File("zip")); //ensure analyzer is "enabled"
292         try {
293             instance.initialize();
294             File file = BaseTest.getResourceAsFile(this, "file.tbz2");
295             Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
296             Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
297             Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
298             Engine engine = new Engine();
299             int initial_size = engine.getDependencies().size();
300             engine.scan(file);
301             engine.analyzeDependencies();
302             int ending_size = engine.getDependencies().size();
303             engine.cleanup();
304             assertTrue(initial_size < ending_size);
305         } finally {
306             instance.close();
307         }
308     }
309 
310     /**
311      * Test of analyze method, of class ArchiveAnalyzer.
312      */
313     @Test
314     public void testAnalyze_badZip() throws Exception {
315         ArchiveAnalyzer instance = new ArchiveAnalyzer();
316         try {
317             instance.initialize();
318 
319             //File file = new File(this.getClass().getClassLoader().getResource("test.zip").getPath());
320             File file = BaseTest.getResourceAsFile(this, "test.zip");
321             Dependency dependency = new Dependency(file);
322             Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
323             Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
324             Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
325             Engine engine = new Engine();
326             int initial_size = engine.getDependencies().size();
327 //            boolean failed = false;
328 //            try {
329             instance.analyze(dependency, engine);
330 //            } catch (java.lang.UnsupportedClassVersionError ex) {
331 //                failed = true;
332 //            }
333 //            assertTrue(failed);
334             int ending_size = engine.getDependencies().size();
335             engine.cleanup();
336             assertEquals(initial_size, ending_size);
337         } finally {
338             instance.close();
339         }
340     }
341 }