View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import static org.junit.Assert.assertEquals;
21  import static org.junit.Assert.assertTrue;
22  
23  import java.io.File;
24  import java.util.ArrayList;
25  import java.util.List;
26  
27  import org.junit.Test;
28  import org.owasp.dependencycheck.BaseTest;
29  import org.owasp.dependencycheck.dependency.Dependency;
30  import org.owasp.dependencycheck.dependency.Evidence;
31  
32  /**
33   * @author Jeremy Long
34   */
35  public class JarAnalyzerTest extends BaseTest {
36  
37  //    private static final Logger LOGGER = LoggerFactory.getLogger(JarAnalyzerTest.class);
38      
39      /**
40       * Test of inspect method, of class JarAnalyzer.
41       *
42       * @throws Exception is thrown when an exception occurs.
43       */
44      @Test
45      public void testAnalyze() throws Exception {
46          //File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
47          File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar");
48          Dependency result = new Dependency(file);
49          JarAnalyzer instance = new JarAnalyzer();
50          instance.initializeFileTypeAnalyzer();
51          instance.analyze(result, null);
52          assertTrue(result.getVendorEvidence().toString().toLowerCase().contains("apache"));
53          assertTrue(result.getVendorEvidence().getWeighting().contains("apache"));
54          
55          file = BaseTest.getResourceAsFile(this, "dwr.jar");
56          result = new Dependency(file);
57          instance.analyze(result, null);
58          boolean found = false;
59          for (Evidence e : result.getVendorEvidence()) {
60              if (e.getName().equals("url")) {
61              	assertEquals("Project url was not as expected in dwr.jar", e.getValue(), "http://getahead.ltd.uk/dwr");
62                  found = true;
63                  break;
64              }
65          }
66          assertTrue("Project url was not found in dwr.jar", found);
67  
68          //file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath());
69          file = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar");
70          result = new Dependency(file);
71          instance.analyze(result, null);
72          found = false;
73          for (Evidence e : result.getProductEvidence()) {
74              if (e.getName().equalsIgnoreCase("package-title")
75                      && e.getValue().equalsIgnoreCase("org.mortbay.http")) {
76                  found = true;
77                  break;
78              }
79          }
80          assertTrue("package-title of org.mortbay.http not found in org.mortbay.jetty.jar", found);
81  
82          found = false;
83          for (Evidence e : result.getVendorEvidence()) {
84              if (e.getName().equalsIgnoreCase("implementation-url")
85                      && e.getValue().equalsIgnoreCase("http://jetty.mortbay.org")) {
86                  found = true;
87                  break;
88              }
89          }
90          assertTrue("implementation-url of http://jetty.mortbay.org not found in org.mortbay.jetty.jar", found);
91  
92          found = false;
93          for (Evidence e : result.getVersionEvidence()) {
94              if (e.getName().equalsIgnoreCase("Implementation-Version")
95                      && e.getValue().equalsIgnoreCase("4.2.27")) {
96                  found = true;
97                  break;
98              }
99          }
100         assertTrue("implementation-version of 4.2.27 not found in org.mortbay.jetty.jar", found);
101 
102         //file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jmx.jar").getPath());
103         file = BaseTest.getResourceAsFile(this, "org.mortbay.jmx.jar");
104         result = new Dependency(file);
105         instance.analyze(result, null);
106         assertEquals("org.mortbar.jmx.jar has version evidence?", result.getVersionEvidence().size(), 0);
107     }
108 
109     /**
110      * Test of getSupportedExtensions method, of class JarAnalyzer.
111      */
112     @Test
113     public void testAcceptSupportedExtensions() throws Exception {
114         JarAnalyzer instance = new JarAnalyzer();
115         instance.initialize();
116         instance.setEnabled(true);
117         String[] files = {"test.jar", "test.war"};
118         for (String name : files) {
119             assertTrue(name, instance.accept(new File(name)));
120         }
121     }
122 
123     /**
124      * Test of getName method, of class JarAnalyzer.
125      */
126     @Test
127     public void testGetName() {
128         JarAnalyzer instance = new JarAnalyzer();
129         String expResult = "Jar Analyzer";
130         String result = instance.getName();
131         assertEquals(expResult, result);
132     }
133 
134     @Test
135     public void testParseManifest() throws Exception {
136         File file = BaseTest.getResourceAsFile(this, "xalan-2.7.0.jar");
137         Dependency result = new Dependency(file);
138         JarAnalyzer instance = new JarAnalyzer();
139         List<JarAnalyzer.ClassNameInformation> cni = new ArrayList<JarAnalyzer.ClassNameInformation>();
140         instance.parseManifest(result, cni);
141 
142         assertTrue(result.getVersionEvidence().getEvidence("manifest: org/apache/xalan/").size() > 0);
143     }
144 }