View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import java.io.File;
21  import org.junit.After;
22  import static org.junit.Assert.assertEquals;
23  import static org.junit.Assert.assertTrue;
24  import static org.junit.Assert.fail;
25  import org.junit.Assume;
26  import static org.junit.Assume.assumeFalse;
27  import org.junit.Before;
28  import org.junit.Test;
29  import org.owasp.dependencycheck.BaseTest;
30  import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
31  import org.owasp.dependencycheck.dependency.Confidence;
32  import org.owasp.dependencycheck.dependency.Dependency;
33  import org.owasp.dependencycheck.dependency.Evidence;
34  import org.owasp.dependencycheck.exception.InitializationException;
35  import org.owasp.dependencycheck.utils.Settings;
36  import org.slf4j.Logger;
37  import org.slf4j.LoggerFactory;
38  
39  /**
40   * Tests for the AssemblyAnalyzer.
41   *
42   * @author colezlaw
43   *
44   */
45  public class AssemblyAnalyzerTest extends BaseTest {
46  
47      private static final Logger LOGGER = LoggerFactory.getLogger(AssemblyAnalyzerTest.class);
48  
49      private static final String LOG_KEY = "org.slf4j.simpleLogger.org.owasp.dependencycheck.analyzer.AssemblyAnalyzer";
50  
51      AssemblyAnalyzer analyzer;
52  
53      /**
54       * Sets up the analyzer.
55       *
56       * @throws Exception if anything goes sideways
57       */
58      @Before
59      public void setUp() throws Exception {
60          try {
61              analyzer = new AssemblyAnalyzer();
62              analyzer.accept(new File("test.dll")); // trick into "thinking it is active"
63              analyzer.initialize();
64          } catch (Exception e) {
65              if (e.getMessage().contains("Could not execute .NET AssemblyAnalyzer")) {
66                  LOGGER.warn("Exception setting up AssemblyAnalyzer. Tests will be incomplete");
67              } else {
68                  LOGGER.warn("Exception setting up AssemblyAnalyzer. Tests will be incomplete");
69              }
70              Assume.assumeNoException("Is mono installed? TESTS WILL BE INCOMPLETE", e);
71          }
72      }
73  
74      /**
75       * Tests to make sure the name is correct.
76       */
77      @Test
78      public void testGetName() {
79          assertEquals("Assembly Analyzer", analyzer.getName());
80      }
81  
82      @Test
83      public void testAnalysis() throws Exception {
84          //File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("GrokAssembly.exe").getPath());
85          File f = BaseTest.getResourceAsFile(this, "GrokAssembly.exe");
86          Dependency d = new Dependency(f);
87          analyzer.analyze(d, null);
88          boolean foundVendor = false;
89          for (Evidence e : d.getVendorEvidence().getEvidence("grokassembly", "vendor")) {
90              if ("OWASP".equals(e.getValue())) {
91                  foundVendor = true;
92              }
93          }
94          assertTrue(foundVendor);
95  
96          boolean foundProduct = false;
97          for (Evidence e : d.getProductEvidence().getEvidence("grokassembly", "product")) {
98              if ("GrokAssembly".equals(e.getValue())) {
99                  foundProduct = true;
100             }
101         }
102         assertTrue(foundProduct);
103     }
104 
105     @Test
106     public void testLog4Net() throws Exception {
107         //File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("log4net.dll").getPath());
108         File f = BaseTest.getResourceAsFile(this, "log4net.dll");
109 
110         Dependency d = new Dependency(f);
111         analyzer.analyze(d, null);
112         assertTrue(d.getVersionEvidence().getEvidence().contains(new Evidence("grokassembly", "version", "1.2.13.0", Confidence.HIGHEST)));
113         assertTrue(d.getVendorEvidence().getEvidence().contains(new Evidence("grokassembly", "vendor", "The Apache Software Foundation", Confidence.HIGH)));
114         assertTrue(d.getProductEvidence().getEvidence().contains(new Evidence("grokassembly", "product", "log4net", Confidence.HIGH)));
115     }
116 
117     @Test
118     public void testNonexistent() {
119         // Tweak the log level so the warning doesn't show in the console
120         String oldProp = System.getProperty(LOG_KEY, "info");
121         //File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("log4net.dll").getPath());
122         File f = BaseTest.getResourceAsFile(this, "log4net.dll");
123         File test = new File(f.getParent(), "nonexistent.dll");
124         Dependency d = new Dependency(test);
125 
126         try {
127             analyzer.analyze(d, null);
128             fail("Expected an AnalysisException");
129         } catch (AnalysisException ae) {
130             assertEquals("File does not exist", ae.getMessage());
131         } finally {
132             System.setProperty(LOG_KEY, oldProp);
133         }
134     }
135 
136     @Test
137     public void testWithSettingMono() throws Exception {
138 
139         //This test doesn't work on Windows.
140         assumeFalse(System.getProperty("os.name").startsWith("Windows"));
141 
142         String oldValue = Settings.getString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH);
143         // if oldValue is null, that means that neither the system property nor the setting has
144         // been set. If that's the case, then we have to make it such that when we recover,
145         // null still comes back. But you can't put a null value in a HashMap, so we have to set
146         // the system property rather than the setting.
147         if (oldValue == null) {
148             System.setProperty(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, "/yooser/bine/mono");
149         } else {
150             Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, "/yooser/bine/mono");
151         }
152 
153         String oldProp = System.getProperty(LOG_KEY, "info");
154         try {
155             // Tweak the logging to swallow the warning when testing
156             System.setProperty(LOG_KEY, "error");
157             // Have to make a NEW analyzer because during setUp, it would have gotten the correct one
158             AssemblyAnalyzer aanalyzer = new AssemblyAnalyzer();
159             aanalyzer.accept(new File("test.dll")); // trick into "thinking it is active"
160             aanalyzer.initialize();
161             fail("Expected an InitializationException");
162         } catch (InitializationException ae) {
163             assertEquals("An error occurred with the .NET AssemblyAnalyzer", ae.getMessage());
164         } finally {
165             System.setProperty(LOG_KEY, oldProp);
166             // Recover the logger
167             // Now recover the way we came in. If we had to set a System property, delete it. Otherwise,
168             // reset the old value
169             if (oldValue == null) {
170                 System.getProperties().remove(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH);
171             } else {
172                 Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, oldValue);
173             }
174         }
175     }
176 
177     @After
178     public void tearDown() throws Exception {
179         analyzer.close();
180     }
181 }