View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import java.io.File;
21  import java.util.HashSet;
22  import java.util.Set;
23  import static org.junit.Assert.*;
24  import org.junit.Test;
25  import org.owasp.dependencycheck.BaseTest;
26  import org.owasp.dependencycheck.Engine;
27  import org.owasp.dependencycheck.BaseDBTestCase;
28  import org.owasp.dependencycheck.dependency.Dependency;
29  import org.owasp.dependencycheck.utils.Settings;
30  
31  /**
32   *
33   * @author Jeremy Long
34   */
35  public class ArchiveAnalyzerIntegrationTest extends BaseDBTestCase {
36  
37      /**
38       * Test of getSupportedExtensions method, of class ArchiveAnalyzer.
39       */
40      @Test
41      public void testSupportsExtensions() {
42          ArchiveAnalyzer instance = new ArchiveAnalyzer();
43          Set<String> expResult = new HashSet<String>();
44          expResult.add("zip");
45          expResult.add("war");
46          expResult.add("ear");
47          expResult.add("jar");
48          expResult.add("sar");
49          expResult.add("apk");
50          expResult.add("nupkg");
51          expResult.add("tar");
52          expResult.add("gz");
53          expResult.add("tgz");
54          expResult.add("bz2");
55          expResult.add("tbz2");
56          for (String ext : expResult) {
57              assertTrue(ext, instance.accept(new File("test." + ext)));
58          }
59      }
60  
61      /**
62       * Test of getName method, of class ArchiveAnalyzer.
63       */
64      @Test
65      public void testGetName() {
66          ArchiveAnalyzer instance = new ArchiveAnalyzer();
67          String expResult = "Archive Analyzer";
68          String result = instance.getName();
69          assertEquals(expResult, result);
70      }
71  
72      /**
73       * Test of supportsExtension method, of class ArchiveAnalyzer.
74       */
75      @Test
76      public void testSupportsExtension() {
77          String extension = "test.7z"; //not supported
78          ArchiveAnalyzer instance = new ArchiveAnalyzer();
79          assertFalse(extension, instance.accept(new File(extension)));
80      }
81  
82      /**
83       * Test of getAnalysisPhase method, of class ArchiveAnalyzer.
84       */
85      @Test
86      public void testGetAnalysisPhase() {
87          ArchiveAnalyzer instance = new ArchiveAnalyzer();
88          AnalysisPhase expResult = AnalysisPhase.INITIAL;
89          AnalysisPhase result = instance.getAnalysisPhase();
90          assertEquals(expResult, result);
91      }
92  
93      /**
94       * Test of initialize and close methods, of class ArchiveAnalyzer.
95       */
96      @Test
97      public void testInitialize() throws Exception {
98          ArchiveAnalyzer instance = new ArchiveAnalyzer();
99          instance.setEnabled(true);
100         instance.setFilesMatched(true);
101         instance.initialize();
102 
103         instance.close();
104 
105         //no exception means things worked.
106     }
107 
108     /**
109      * Test of analyze method, of class ArchiveAnalyzer.
110      */
111     @Test
112     public void testAnalyze() throws Exception {
113         ArchiveAnalyzer instance = new ArchiveAnalyzer();
114         //trick the analyzer into thinking it is active.
115         instance.accept(new File("test.ear"));
116         try {
117             instance.initialize();
118             File file = BaseTest.getResourceAsFile(this, "daytrader-ear-2.1.7.ear");
119             //File file = new File(this.getClass().getClassLoader().getResource("daytrader-ear-2.1.7.ear").getPath());
120             Dependency dependency = new Dependency(file);
121             Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
122             Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
123             Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
124             Engine engine = new Engine();
125 
126             int initial_size = engine.getDependencies().size();
127             instance.analyze(dependency, engine);
128             int ending_size = engine.getDependencies().size();
129 
130             engine.cleanup();
131 
132             assertTrue(initial_size < ending_size);
133 
134         } finally {
135             instance.close();
136         }
137     }
138 
139     /**
140      * Test of analyze method, of class ArchiveAnalyzer.
141      */
142     @Test
143     public void testAnalyzeTar() throws Exception {
144         ArchiveAnalyzer instance = new ArchiveAnalyzer();
145         //trick the analyzer into thinking it is active so that it will initialize
146         instance.accept(new File("test.tar"));
147         try {
148             instance.initialize();
149 
150             //File file = new File(this.getClass().getClassLoader().getResource("file.tar").getPath());
151             //File file = new File(this.getClass().getClassLoader().getResource("stagedhttp-modified.tar").getPath());
152             File file = BaseTest.getResourceAsFile(this, "stagedhttp-modified.tar");
153             Dependency dependency = new Dependency(file);
154             Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
155             Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
156             Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
157             Engine engine = new Engine();
158 
159             int initial_size = engine.getDependencies().size();
160             instance.analyze(dependency, engine);
161             int ending_size = engine.getDependencies().size();
162             engine.cleanup();
163 
164             assertTrue(initial_size < ending_size);
165 
166         } finally {
167             instance.close();
168         }
169     }
170 
171     /**
172      * Test of analyze method, of class ArchiveAnalyzer.
173      */
174     @Test
175     public void testAnalyzeTarGz() throws Exception {
176         ArchiveAnalyzer instance = new ArchiveAnalyzer();
177         instance.accept(new File("zip")); //ensure analyzer is "enabled"
178         try {
179             instance.initialize();
180 
181             //File file = new File(this.getClass().getClassLoader().getResource("file.tar.gz").getPath());
182             File file = BaseTest.getResourceAsFile(this, "file.tar.gz");
183             //Dependency dependency = new Dependency(file);
184             Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
185             Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
186             Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
187             Engine engine = new Engine();
188 
189             int initial_size = engine.getDependencies().size();
190             //instance.analyze(dependency, engine);
191             engine.scan(file);
192             engine.analyzeDependencies();
193             int ending_size = engine.getDependencies().size();
194             engine.cleanup();
195             assertTrue(initial_size < ending_size);
196 
197         } finally {
198             instance.close();
199         }
200     }
201 
202     /**
203      * Test of analyze method, of class ArchiveAnalyzer.
204      */
205     @Test
206     public void testAnalyzeTarBz2() throws Exception {
207         ArchiveAnalyzer instance = new ArchiveAnalyzer();
208         instance.accept(new File("zip")); //ensure analyzer is "enabled"
209         try {
210             instance.initialize();
211             File file = BaseTest.getResourceAsFile(this, "file.tar.bz2");
212             Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
213             Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
214             Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
215             Engine engine = new Engine();
216             int initial_size = engine.getDependencies().size();
217             engine.scan(file);
218             engine.analyzeDependencies();
219             int ending_size = engine.getDependencies().size();
220             engine.cleanup();
221             assertTrue(initial_size < ending_size);
222         } finally {
223             instance.close();
224         }
225     }
226 
227     /**
228      * Test of analyze method, of class ArchiveAnalyzer.
229      */
230     @Test
231     public void testAnalyzeTgz() throws Exception {
232         ArchiveAnalyzer instance = new ArchiveAnalyzer();
233         instance.accept(new File("zip")); //ensure analyzer is "enabled"
234         try {
235             instance.initialize();
236 
237             //File file = new File(this.getClass().getClassLoader().getResource("file.tgz").getPath());
238             File file = BaseTest.getResourceAsFile(this, "file.tgz");
239             Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
240             Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
241             Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
242             Engine engine = new Engine();
243 
244             int initial_size = engine.getDependencies().size();
245             engine.scan(file);
246             engine.analyzeDependencies();
247             int ending_size = engine.getDependencies().size();
248             engine.cleanup();
249             assertTrue(initial_size < ending_size);
250 
251         } finally {
252             instance.close();
253         }
254     }
255 
256     /**
257      * Test of analyze method, of class ArchiveAnalyzer.
258      */
259     @Test
260     public void testAnalyzeTbz2() throws Exception {
261         ArchiveAnalyzer instance = new ArchiveAnalyzer();
262         instance.accept(new File("zip")); //ensure analyzer is "enabled"
263         try {
264             instance.initialize();
265             File file = BaseTest.getResourceAsFile(this, "file.tbz2");
266             Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
267             Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
268             Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
269             Engine engine = new Engine();
270             int initial_size = engine.getDependencies().size();
271             engine.scan(file);
272             engine.analyzeDependencies();
273             int ending_size = engine.getDependencies().size();
274             engine.cleanup();
275             assertTrue(initial_size < ending_size);
276         } finally {
277             instance.close();
278         }
279     }
280 
281     /**
282      * Test of analyze method, of class ArchiveAnalyzer.
283      */
284     @Test
285     public void testAnalyze_badZip() throws Exception {
286         ArchiveAnalyzer instance = new ArchiveAnalyzer();
287         try {
288             instance.initialize();
289 
290             //File file = new File(this.getClass().getClassLoader().getResource("test.zip").getPath());
291             File file = BaseTest.getResourceAsFile(this, "test.zip");
292             Dependency dependency = new Dependency(file);
293             Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
294             Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
295             Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, false);
296             Engine engine = new Engine();
297             int initial_size = engine.getDependencies().size();
298 //            boolean failed = false;
299 //            try {
300             instance.analyze(dependency, engine);
301 //            } catch (java.lang.UnsupportedClassVersionError ex) {
302 //                failed = true;
303 //            }
304 //            assertTrue(failed);
305             int ending_size = engine.getDependencies().size();
306             engine.cleanup();
307             assertEquals(initial_size, ending_size);
308         } finally {
309             instance.close();
310         }
311     }
312 }