View Javadoc
1   /*
2    * Copyright 2014 OWASP.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.owasp.dependencycheck.analyzer;
17  
18  import java.io.File;
19  import java.util.Set;
20  import static org.junit.Assert.assertEquals;
21  import static org.junit.Assert.assertFalse;
22  import static org.junit.Assert.assertTrue;
23  
24  import org.junit.Test;
25  import org.owasp.dependencycheck.BaseTest;
26  import org.owasp.dependencycheck.Engine;
27  import org.owasp.dependencycheck.BaseDBTestCase;
28  import org.owasp.dependencycheck.dependency.Confidence;
29  import org.owasp.dependencycheck.dependency.Dependency;
30  import org.owasp.dependencycheck.dependency.Evidence;
31  import org.owasp.dependencycheck.utils.Settings;
32  
33  /**
34   *
35   * @author Jeremy Long
36   */
37  public class HintAnalyzerTest extends BaseDBTestCase {
38  
39      /**
40       * Test of getName method, of class HintAnalyzer.
41       */
42      @Test
43      public void testGetName() {
44          HintAnalyzer instance = new HintAnalyzer();
45          String expResult = "Hint Analyzer";
46          String result = instance.getName();
47          assertEquals(expResult, result);
48      }
49  
50      /**
51       * Test of getAnalysisPhase method, of class HintAnalyzer.
52       */
53      @Test
54      public void testGetAnalysisPhase() {
55          HintAnalyzer instance = new HintAnalyzer();
56          AnalysisPhase expResult = AnalysisPhase.PRE_IDENTIFIER_ANALYSIS;
57          AnalysisPhase result = instance.getAnalysisPhase();
58          assertEquals(expResult, result);
59      }
60  
61      /**
62       * Test of analyze method, of class HintAnalyzer.
63       */
64      @Test
65      public void testAnalyze() throws Exception {
66          HintAnalyzer instance = new HintAnalyzer();
67  
68          //File guice = new File(this.getClass().getClassLoader().getResource("guice-3.0.jar").getPath());
69          File guice = BaseTest.getResourceAsFile(this, "guice-3.0.jar");
70          //Dependency guice = new Dependency(fileg);
71          //File spring = new File(this.getClass().getClassLoader().getResource("spring-core-3.0.0.RELEASE.jar").getPath());
72          File spring = BaseTest.getResourceAsFile(this, "spring-core-3.0.0.RELEASE.jar");
73          //Dependency spring = new Dependency(files);
74          Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
75          Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
76          Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
77          Engine engine = new Engine();
78  
79          engine.scan(guice);
80          engine.scan(spring);
81          engine.analyzeDependencies();
82          Dependency gdep = null;
83          Dependency sdep = null;
84          for (Dependency d : engine.getDependencies()) {
85              if (d.getActualFile().equals(guice)) {
86                  gdep = d;
87              } else if (d.getActualFile().equals(spring)) {
88                  sdep = d;
89              }
90          }
91          final Evidence springTest1 = new Evidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH);
92          final Evidence springTest2 = new Evidence("hint analyzer", "vendor", "SpringSource", Confidence.HIGH);
93          final Evidence springTest3 = new Evidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
94          final Evidence springTest4 = new Evidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH);
95          final Evidence springTest5 = new Evidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
96  
97          Set<Evidence> evidence = gdep.getEvidence().getEvidence();
98          assertFalse(evidence.contains(springTest1));
99          assertFalse(evidence.contains(springTest2));
100         assertFalse(evidence.contains(springTest3));
101         assertFalse(evidence.contains(springTest4));
102         assertFalse(evidence.contains(springTest5));
103 
104         evidence = sdep.getEvidence().getEvidence();
105         assertTrue(evidence.contains(springTest1));
106         assertTrue(evidence.contains(springTest2));
107         assertTrue(evidence.contains(springTest3));
108         //assertTrue(evidence.contains(springTest4));
109         //assertTrue(evidence.contains(springTest5));
110     }
111 
112 }