View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.dependency;
19  
20  import static org.junit.Assert.assertEquals;
21  import static org.junit.Assert.assertTrue;
22  import static org.junit.Assert.assertFalse;
23  
24  import org.junit.Test;
25  import org.owasp.dependencycheck.BaseTest;
26  
27  /**
28   *
29   * @author Jeremy Long
30   */
31  public class VulnerableSoftwareTest extends BaseTest {
32  
33      /**
34       * Test of equals method, of class VulnerableSoftware.
35       */
36      @Test
37      public void testEquals() {
38          VulnerableSoftware obj = new VulnerableSoftware();
39          obj.setCpe("cpe:/a:mortbay:jetty:6.1.0");
40          VulnerableSoftware instance = new VulnerableSoftware();
41          instance.setCpe("cpe:/a:mortbay:jetty:6.1");
42          assertFalse(instance.equals(obj));
43      }
44  
45      /**
46       * Test of equals method, of class VulnerableSoftware.
47       */
48      @Test
49      public void testEquals2() {
50          VulnerableSoftware obj = new VulnerableSoftware();
51          obj.setCpe("cpe:/a:mortbay:jetty:6.1.0");
52          VulnerableSoftware instance = new VulnerableSoftware();
53          instance.setCpe("cpe:/a:mortbay:jetty:6.1.0");
54          obj.setPreviousVersion("1");
55          assertTrue(instance.equals(obj));
56      }
57  
58      /**
59       * Test of hashCode method, of class VulnerableSoftware.
60       */
61      @Test
62      public void testHashCode() {
63          VulnerableSoftware instance = new VulnerableSoftware();
64          instance.setCpe("cpe:/a:mortbay:jetty:6.1");
65          int expResult = 1849413912;
66          int result = instance.hashCode();
67          assertEquals(expResult, result);
68      }
69  
70      /**
71       * Test of compareTo method, of class VulnerableSoftware.
72       */
73      @Test
74      public void testCompareTo() {
75          VulnerableSoftware vs = new VulnerableSoftware();
76          vs.setCpe("cpe:/a:mortbay:jetty:6.1.0");
77          VulnerableSoftware instance = new VulnerableSoftware();
78          instance.setCpe("cpe:/a:mortbay:jetty:6.1");
79          int expResult = -2;
80          int result = instance.compareTo(vs);
81          assertEquals(expResult, result);
82  
83          vs = new VulnerableSoftware();
84          vs.setCpe("cpe:/a:yahoo:toolbar:3.1.0.20130813024103");
85          instance = new VulnerableSoftware();
86          instance.setCpe("cpe:/a:yahoo:toolbar:3.1.0.20130813024104");
87          expResult = 1;
88          result = instance.compareTo(vs);
89          assertEquals(expResult, result);
90      }
91  
92      @Test
93      public void testCompareToNonNumerical() {
94          VulnerableSoftware vs = new VulnerableSoftware();
95          vs.setCpe("cpe:/a:mysql:mysql:5.1.23a");
96          VulnerableSoftware vs1 = new VulnerableSoftware();
97          vs1.setCpe("cpe:/a:mysql:mysql:5.1.23a");
98          vs1.setPreviousVersion("1");
99          assertEquals(0, vs.compareTo(vs1));
100         assertEquals(0, vs1.compareTo(vs));
101     }
102 
103     @Test
104     public void testCompareToComplex() {
105         VulnerableSoftware vs = new VulnerableSoftware();
106         VulnerableSoftware vs1 = new VulnerableSoftware();
107 
108         vs.setCpe("2.1");
109         vs1.setCpe("2.1.10");
110         assertTrue(vs.compareTo(vs1) < 0);
111 
112         vs.setCpe("2.1.42");
113         vs1.setCpe("2.3.21");
114         assertTrue(vs.compareTo(vs1) < 0);
115 
116         vs.setCpe("cpe:/a:hp:system_management_homepage:2.1.1");
117         vs1.setCpe("cpe:/a:hp:system_management_homepage:2.1.10");
118         assertTrue(vs.compareTo(vs1) < 0);
119 
120         vs.setCpe("10");
121         vs1.setCpe("10-186");
122         assertTrue(vs.compareTo(vs1) < 0);
123 
124         vs.setCpe("2.1.10");
125         vs1.setCpe("2.1.10-186");
126         assertTrue(vs.compareTo(vs1) < 0);
127         
128         vs.setCpe("cpe:/a:hp:system_management_homepage:2.1.10");
129         vs1.setCpe("cpe:/a:hp:system_management_homepage:2.1.10-186");
130         assertTrue(vs.compareTo(vs1) < 0);
131         //assertTrue(vs1.compareTo(vs)>0);
132 
133         vs.setCpe("cpe:/a:ibm:security_guardium_database_activity_monitor:10.01");
134         vs1.setCpe("cpe:/a:ibm:security_guardium_database_activity_monitor:10.1");
135         assertTrue(vs.compareTo(vs1) < 0);
136 
137         vs.setCpe("2.0");
138         vs1.setCpe("2.1");
139         assertTrue(vs.compareTo(vs1) < 0);
140     }
141 
142     @Test
143     public void testEqualsPreviousVersion() {
144         VulnerableSoftware vs = new VulnerableSoftware();
145         vs.setCpe("cpe:/a:mysql:mysql:5.1.23a");
146         VulnerableSoftware vs1 = new VulnerableSoftware();
147         vs1.setCpe("cpe:/a:mysql:mysql:5.1.23a");
148         vs1.setPreviousVersion("1");
149         assertEquals(vs, vs1);
150         assertEquals(vs1, vs);
151 
152     }
153 
154     @Test
155     public void testParseCPE() {
156         VulnerableSoftware vs = new VulnerableSoftware();
157         /* Version for test taken from CVE-2008-2079 */
158         vs.setCpe("cpe:/a:mysql:mysql:5.1.23a");
159         assertEquals("mysql", vs.getVendor());
160         assertEquals("mysql", vs.getProduct());
161         assertEquals("5.1.23a", vs.getVersion());
162     }
163 
164     @Test
165     public void testIspositiveInteger() {
166         assertTrue(VulnerableSoftware.isPositiveInteger("1"));
167         assertTrue(VulnerableSoftware.isPositiveInteger("10"));
168         assertTrue(VulnerableSoftware.isPositiveInteger("666"));
169         assertTrue(VulnerableSoftware.isPositiveInteger("0"));
170 
171         assertFalse(VulnerableSoftware.isPositiveInteger("+1"));
172         assertFalse(VulnerableSoftware.isPositiveInteger("-1"));
173         assertFalse(VulnerableSoftware.isPositiveInteger("2.1"));
174         assertFalse(VulnerableSoftware.isPositiveInteger("01"));
175         assertFalse(VulnerableSoftware.isPositiveInteger("00"));
176     }
177 }