View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2015 Institute for Defense Analyses. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import org.junit.After;
21  import org.junit.Before;
22  import org.junit.Test;
23  import org.owasp.dependencycheck.BaseTest;
24  import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
25  import org.owasp.dependencycheck.dependency.Dependency;
26  
27  import java.io.File;
28  
29  import static org.hamcrest.CoreMatchers.containsString;
30  import static org.junit.Assert.*;
31  
32  /**
33   * Unit tests for OpenSSLAnalyzerAnalyzer.
34   *
35   * @author Dale Visser
36   */
37  public class OpenSSLAnalyzerTest extends BaseTest {
38  
39      /**
40       * The package analyzer to test.
41       */
42      private OpenSSLAnalyzer analyzer;
43  
44      /**
45       * Setup the {@link OpenSSLAnalyzer}.
46       *
47       * @throws Exception if there is a problem
48       */
49      @Before
50      public void setUp() throws Exception {
51          analyzer = new OpenSSLAnalyzer();
52          analyzer.setFilesMatched(true);
53          analyzer.initialize();
54      }
55  
56      /**
57       * Cleanup any resources used.
58       *
59       * @throws Exception if there is a problem
60       */
61      @After
62      public void tearDown() throws Exception {
63          analyzer.close();
64          analyzer = null;
65      }
66  
67      /**
68       * Test of getName method, of class OpenSSLAnalyzer.
69       */
70      @Test
71      public void testGetName() {
72          assertEquals("Analyzer name wrong.", "OpenSSL Source Analyzer",
73                  analyzer.getName());
74      }
75  
76      /**
77       * Test of supportsExtension method, of class PythonPackageAnalyzer.
78       */
79      @Test
80      public void testAccept() {
81          assertTrue("Should support files named \"opensslv.h\".",
82                  analyzer.accept(new File("opensslv.h")));
83      }
84  
85      @Test
86      public void testVersionConstantExamples() {
87          final long[] constants = {0x1000203fL, 0x00903000, 0x00903001, 0x00903002l, 0x0090300f, 0x0090301f, 0x0090400f, 0x102031af};
88          final String[] versions = {"1.0.2c",
89              "0.9.3-dev",
90              "0.9.3-beta1",
91              "0.9.3-beta2",
92              "0.9.3",
93              "0.9.3a",
94              "0.9.4",
95              "1.2.3z"};
96          assertEquals(constants.length, versions.length);
97          for (int i = 0; i < constants.length; i++) {
98              assertEquals(versions[i], OpenSSLAnalyzer.getOpenSSLVersion(constants[i]));
99          }
100     }
101 
102     @Test
103     public void testOpenSSLVersionHeaderFile() throws AnalysisException {
104         final Dependency result = new Dependency(BaseTest.getResourceAsFile(
105                 this,
106                 "openssl/opensslv.h"));
107         analyzer.analyze(result, null);
108         assertThat(result.getProductEvidence().toString(), containsString("OpenSSL"));
109         assertThat(result.getVendorEvidence().toString(), containsString("OpenSSL"));
110         assertThat(result.getVersionEvidence().toString(), containsString("1.0.2c"));
111     }
112 }