View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2016 Bianca Jiang. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import org.junit.After;
21  import org.junit.Before;
22  import org.junit.Test;
23  import org.owasp.dependencycheck.BaseTest;
24  import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
25  import org.owasp.dependencycheck.dependency.Dependency;
26  
27  import java.io.File;
28  
29  import static org.hamcrest.CoreMatchers.containsString;
30  import static org.hamcrest.CoreMatchers.is;
31  import static org.junit.Assert.*;
32  
33  /**
34   * Unit tests for {@link RubyBundlerAnalyzer}.
35   *
36   * @author Bianca Jiang
37   */
38  public class RubyBundlerAnalyzerTest extends BaseTest {
39  
40      /**
41       * The analyzer to test.
42       */
43      RubyBundlerAnalyzer analyzer;
44  
45      /**
46       * Correctly setup the analyzer for testing.
47       *
48       * @throws Exception thrown if there is a problem
49       */
50      @Before
51      public void setUp() throws Exception {
52          analyzer = new RubyBundlerAnalyzer();
53          analyzer.setFilesMatched(true);
54          analyzer.initialize();
55      }
56  
57      /**
58       * Cleanup the analyzer's temp files, etc.
59       *
60       * @throws Exception thrown if there is a problem
61       */
62      @After
63      public void tearDown() throws Exception {
64          analyzer.close();
65          analyzer = null;
66      }
67  
68      /**
69       * Test Analyzer name.
70       */
71      @Test
72      public void testGetName() {
73          assertThat(analyzer.getName(), is("Ruby Bundler Analyzer"));
74      }
75  
76      /**
77       * Test Ruby Gemspec file support.
78       */
79      @Test
80      public void testSupportsFiles() {
81          assertThat(analyzer.accept(new File("test.gemspec")), is(false));
82          assertThat(analyzer.accept(new File("specifications" + File.separator + "test.gemspec")), is(true));
83      }
84  
85      /**
86       * Test Ruby Bundler created gemspec analysis.
87       *
88       * @throws AnalysisException is thrown when an exception occurs.
89       */
90      @Test
91      public void testAnalyzeGemspec() throws AnalysisException {
92          final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
93                  "ruby/vulnerable/gems/rails-4.1.15/vendor/bundle/ruby/2.2.0/specifications/dalli-2.7.5.gemspec"));
94          analyzer.analyze(result, null);
95          
96          final String vendorString = result.getVendorEvidence().toString();
97          assertThat(vendorString, containsString("Peter M. Goldstein"));
98          assertThat(vendorString, containsString("Mike Perham"));
99          assertThat(vendorString, containsString("peter.m.goldstein@gmail.com"));
100         assertThat(vendorString, containsString("https://github.com/petergoldstein/dalli"));
101         assertThat(vendorString, containsString("MIT"));
102         assertThat(result.getProductEvidence().toString(), containsString("dalli"));
103         assertThat(result.getProductEvidence().toString(), containsString("High performance memcached client for Ruby"));
104         assertThat(result.getVersionEvidence().toString(), containsString("2.7.5"));
105     }
106 }