View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import java.io.File;
21  import org.junit.After;
22  import static org.junit.Assert.assertEquals;
23  import static org.junit.Assert.assertTrue;
24  import static org.junit.Assert.fail;
25  import org.junit.Assume;
26  import static org.junit.Assume.assumeFalse;
27  import org.junit.Before;
28  import org.junit.Test;
29  import org.owasp.dependencycheck.BaseTest;
30  import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
31  import org.owasp.dependencycheck.dependency.Confidence;
32  import org.owasp.dependencycheck.dependency.Dependency;
33  import org.owasp.dependencycheck.dependency.Evidence;
34  import org.owasp.dependencycheck.utils.Settings;
35  import org.slf4j.Logger;
36  import org.slf4j.LoggerFactory;
37  
38  /**
39   * Tests for the AssemblyAnalyzer.
40   *
41   * @author colezlaw
42   *
43   */
44  public class AssemblyAnalyzerTest extends BaseTest {
45  
46      private static final Logger LOGGER = LoggerFactory.getLogger(AssemblyAnalyzerTest.class);
47  
48      private static final String LOG_KEY = "org.slf4j.simpleLogger.org.owasp.dependencycheck.analyzer.AssemblyAnalyzer";
49  
50      AssemblyAnalyzer analyzer;
51  
52      /**
53       * Sets up the analyzer.
54       *
55       * @throws Exception if anything goes sideways
56       */
57      @Before
58      public void setUp() throws Exception {
59          try {
60              analyzer = new AssemblyAnalyzer();
61              analyzer.accept(new File("test.dll")); // trick into "thinking it is active"
62              analyzer.initialize();
63          } catch (Exception e) {
64              if (e.getMessage().contains("Could not execute .NET AssemblyAnalyzer")) {
65                  LOGGER.warn("Exception setting up AssemblyAnalyzer. Tests will be incomplete");
66              } else {
67                  LOGGER.warn("Exception setting up AssemblyAnalyzer. Tests will be incomplete", e);
68              }
69              Assume.assumeNoException("Is mono installed? TESTS WILL BE INCOMPLETE", e);
70          }
71      }
72  
73      /**
74       * Tests to make sure the name is correct.
75       */
76      @Test
77      public void testGetName() {
78          assertEquals("Assembly Analyzer", analyzer.getName());
79      }
80  
81      @Test
82      public void testAnalysis() throws Exception {
83          //File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("GrokAssembly.exe").getPath());
84          File f = BaseTest.getResourceAsFile(this, "GrokAssembly.exe");
85          Dependency d = new Dependency(f);
86          analyzer.analyze(d, null);
87          boolean foundVendor = false;
88          for (Evidence e : d.getVendorEvidence().getEvidence("grokassembly", "vendor")) {
89              if ("OWASP".equals(e.getValue())) {
90                  foundVendor = true;
91              }
92          }
93          assertTrue(foundVendor);
94  
95          boolean foundProduct = false;
96          for (Evidence e : d.getProductEvidence().getEvidence("grokassembly", "product")) {
97              if ("GrokAssembly".equals(e.getValue())) {
98                  foundProduct = true;
99              }
100         }
101         assertTrue(foundProduct);
102     }
103 
104     @Test
105     public void testLog4Net() throws Exception {
106         //File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("log4net.dll").getPath());
107         File f = BaseTest.getResourceAsFile(this, "log4net.dll");
108 
109         Dependency d = new Dependency(f);
110         analyzer.analyze(d, null);
111         assertTrue(d.getVersionEvidence().getEvidence().contains(new Evidence("grokassembly", "version", "1.2.13.0", Confidence.HIGHEST)));
112         assertTrue(d.getVendorEvidence().getEvidence().contains(new Evidence("grokassembly", "vendor", "The Apache Software Foundation", Confidence.HIGH)));
113         assertTrue(d.getProductEvidence().getEvidence().contains(new Evidence("grokassembly", "product", "log4net", Confidence.HIGH)));
114     }
115 
116     @Test
117     public void testNonexistent() {
118         // Tweak the log level so the warning doesn't show in the console
119         String oldProp = System.getProperty(LOG_KEY, "info");
120         //File f = new File(AssemblyAnalyzerTest.class.getClassLoader().getResource("log4net.dll").getPath());
121         File f = BaseTest.getResourceAsFile(this, "log4net.dll");
122         File test = new File(f.getParent(), "nonexistent.dll");
123         Dependency d = new Dependency(test);
124 
125         try {
126             analyzer.analyze(d, null);
127             fail("Expected an AnalysisException");
128         } catch (AnalysisException ae) {
129             assertEquals("File does not exist", ae.getMessage());
130         } finally {
131             System.setProperty(LOG_KEY, oldProp);
132         }
133     }
134 
135     @Test
136     public void testWithSettingMono() throws Exception {
137 
138         //This test doesn't work on Windows.
139         assumeFalse(System.getProperty("os.name").startsWith("Windows"));
140 
141         String oldValue = Settings.getString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH);
142         // if oldValue is null, that means that neither the system property nor the setting has
143         // been set. If that's the case, then we have to make it such that when we recover,
144         // null still comes back. But you can't put a null value in a HashMap, so we have to set
145         // the system property rather than the setting.
146         if (oldValue == null) {
147             System.setProperty(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, "/yooser/bine/mono");
148         } else {
149             Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, "/yooser/bine/mono");
150         }
151 
152         String oldProp = System.getProperty(LOG_KEY, "info");
153         try {
154             // Tweak the logging to swallow the warning when testing
155             System.setProperty(LOG_KEY, "error");
156             // Have to make a NEW analyzer because during setUp, it would have gotten the correct one
157             AssemblyAnalyzer aanalyzer = new AssemblyAnalyzer();
158             aanalyzer.accept(new File("test.dll")); // trick into "thinking it is active"
159             aanalyzer.initialize();
160             fail("Expected an AnalysisException");
161         } catch (AnalysisException ae) {
162             assertEquals("An error occurred with the .NET AssemblyAnalyzer", ae.getMessage());
163         } finally {
164             System.setProperty(LOG_KEY, oldProp);
165             // Recover the logger
166             // Now recover the way we came in. If we had to set a System property, delete it. Otherwise,
167             // reset the old value
168             if (oldValue == null) {
169                 System.getProperties().remove(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH);
170             } else {
171                 Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, oldValue);
172             }
173         }
174     }
175 
176     @After
177     public void tearDown() throws Exception {
178         analyzer.close();
179     }
180 }