View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2015 Institute for Defense Analyses. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import mockit.Mock;
21  import mockit.MockUp;
22  import org.junit.After;
23  import org.junit.Before;
24  import org.junit.Test;
25  import org.owasp.dependencycheck.BaseDBTestCase;
26  import org.owasp.dependencycheck.BaseTest;
27  import org.owasp.dependencycheck.Engine;
28  import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
29  import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
30  import org.owasp.dependencycheck.dependency.Dependency;
31  import org.owasp.dependencycheck.exception.InitializationException;
32  
33  import java.io.File;
34  import java.security.MessageDigest;
35  import java.security.NoSuchAlgorithmException;
36  import java.util.List;
37  import java.util.regex.Pattern;
38  
39  import static org.hamcrest.CoreMatchers.equalTo;
40  import static org.hamcrest.CoreMatchers.is;
41  import static org.junit.Assert.assertEquals;
42  import static org.junit.Assert.assertFalse;
43  import static org.junit.Assert.assertThat;
44  import static org.junit.Assert.assertTrue;
45  
46  /**
47   * Unit tests for CmakeAnalyzer.
48   *
49   * @author Dale Visser
50   */
51  public class CMakeAnalyzerTest extends BaseDBTestCase {
52  
53      /**
54       * The package analyzer to test.
55       */
56      CMakeAnalyzer analyzer;
57  
58      /**
59       * Setup the CmakeAnalyzer.
60       *
61       * @throws Exception if there is a problem
62       */
63      @Override
64      @Before
65      public void setUp() throws Exception {
66          super.setUp();
67          analyzer = new CMakeAnalyzer();
68          analyzer.setFilesMatched(true);
69          analyzer.initialize();
70      }
71  
72      /**
73       * Cleanup any resources used.
74       *
75       * @throws Exception if there is a problem
76       */
77      @After
78      public void tearDown() throws Exception {
79          analyzer.close();
80          analyzer = null;
81      }
82  
83      /**
84       * Test of getName method, of class PythonPackageAnalyzer.
85       */
86      @Test
87      public void testGetName() {
88          assertThat(analyzer.getName(), is(equalTo("CMake Analyzer")));
89      }
90  
91      /**
92       * Test of supportsExtension method, of class PythonPackageAnalyzer.
93       */
94      @Test
95      public void testAccept() {
96          assertTrue("Should support \"CMakeLists.txt\" name.",
97                  analyzer.accept(new File("CMakeLists.txt")));
98          assertTrue("Should support \"cmake\" extension.",
99                  analyzer.accept(new File("test.cmake")));
100     }
101 
102     /**
103      * Test whether expected evidence is gathered from OpenCV's CMakeLists.txt.
104      *
105      * @throws AnalysisException is thrown when an exception occurs.
106      */
107     @Test
108     public void testAnalyzeCMakeListsOpenCV() throws AnalysisException {
109         final Dependency result = new Dependency(BaseTest.getResourceAsFile(
110                 this, "cmake/opencv/CMakeLists.txt"));
111         analyzer.analyze(result, null);
112         final String product = "OpenCV";
113         assertProductEvidence(result, product);
114     }
115 
116     /**
117      * Test whether expected evidence is gathered from OpenCV's CMakeLists.txt.
118      *
119      * @throws AnalysisException is thrown when an exception occurs.
120      */
121     @Test
122     public void testAnalyzeCMakeListsZlib() throws AnalysisException {
123         final Dependency result = new Dependency(BaseTest.getResourceAsFile(
124                 this, "cmake/zlib/CMakeLists.txt"));
125         analyzer.analyze(result, null);
126         final String product = "zlib";
127         assertProductEvidence(result, product);
128     }
129 
130     private void assertProductEvidence(Dependency result, String product) {
131         assertTrue("Expected product evidence to contain \"" + product + "\".",
132                 result.getProductEvidence().toString().contains(product));
133     }
134 
135     /**
136      * Test whether expected version evidence is gathered from OpenCV's third party cmake files.
137      *
138      * @throws AnalysisException is thrown when an exception occurs.
139      */
140     @Test
141     public void testAnalyzeCMakeListsOpenCV3rdParty() throws AnalysisException, DatabaseException {
142         final Dependency result = new Dependency(BaseTest.getResourceAsFile(
143                 this, "cmake/opencv/3rdparty/ffmpeg/ffmpeg_version.cmake"));
144         final Engine engine = new Engine();
145         analyzer.analyze(result, engine);
146         assertProductEvidence(result, "libavcodec");
147         assertVersionEvidence(result, "55.18.102");
148         assertFalse("ALIASOF_ prefix shouldn't be present.",
149                 Pattern.compile("\\bALIASOF_\\w+").matcher(result.getProductEvidence().toString()).find());
150         final List<Dependency> dependencies = engine.getDependencies();
151         assertEquals("Number of additional dependencies should be 4.", 4, dependencies.size());
152         final Dependency last = dependencies.get(3);
153         assertProductEvidence(last, "libavresample");
154         assertVersionEvidence(last, "1.0.1");
155     }
156 
157     private void assertVersionEvidence(Dependency result, String version) {
158         assertTrue("Expected version evidence to contain \"" + version + "\".",
159                 result.getVersionEvidence().toString().contains(version));
160     }
161 
162     @Test(expected = InitializationException.class)
163     public void analyzerIsDisabledInCaseOfMissingMessageDigest() throws InitializationException {
164         new MockUp<MessageDigest>() {
165             @Mock
166             MessageDigest getInstance(String ignore) throws NoSuchAlgorithmException {
167                 throw new NoSuchAlgorithmException();
168             }
169         };
170 
171         analyzer = new CMakeAnalyzer();
172         analyzer.setFilesMatched(true);
173         assertTrue(analyzer.isEnabled());
174         analyzer.initialize();
175 
176         assertFalse(analyzer.isEnabled());
177     }
178 }