View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2015 Institute for Defense Analyses. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import org.junit.After;
21  import org.junit.Before;
22  import org.junit.Test;
23  import org.owasp.dependencycheck.BaseTest;
24  import org.owasp.dependencycheck.Engine;
25  import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
26  import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
27  import org.owasp.dependencycheck.dependency.Dependency;
28  
29  import java.io.File;
30  import java.util.List;
31  import java.util.regex.Pattern;
32  
33  import static org.hamcrest.CoreMatchers.equalTo;
34  import static org.hamcrest.CoreMatchers.is;
35  import static org.junit.Assert.*;
36  import org.owasp.dependencycheck.BaseDBTestCase;
37  
38  /**
39   * Unit tests for CmakeAnalyzer.
40   *
41   * @author Dale Visser
42   */
43  public class CMakeAnalyzerTest extends BaseDBTestCase {
44  
45      /**
46       * The package analyzer to test.
47       */
48      CMakeAnalyzer analyzer;
49  
50      /**
51       * Setup the CmakeAnalyzer.
52       *
53       * @throws Exception if there is a problem
54       */
55      @Override
56      @Before
57      public void setUp() throws Exception {
58          super.setUp();
59          analyzer = new CMakeAnalyzer();
60          analyzer.setFilesMatched(true);
61          analyzer.initialize();
62      }
63  
64      /**
65       * Cleanup any resources used.
66       *
67       * @throws Exception if there is a problem
68       */
69      @After
70      public void tearDown() throws Exception {
71          analyzer.close();
72          analyzer = null;
73      }
74  
75      /**
76       * Test of getName method, of class PythonPackageAnalyzer.
77       */
78      @Test
79      public void testGetName() {
80          assertThat(analyzer.getName(), is(equalTo("CMake Analyzer")));
81      }
82  
83      /**
84       * Test of supportsExtension method, of class PythonPackageAnalyzer.
85       */
86      @Test
87      public void testAccept() {
88          assertTrue("Should support \"CMakeLists.txt\" name.",
89                  analyzer.accept(new File("CMakeLists.txt")));
90          assertTrue("Should support \"cmake\" extension.",
91                  analyzer.accept(new File("test.cmake")));
92      }
93  
94      /**
95       * Test whether expected evidence is gathered from OpenCV's CMakeLists.txt.
96       *
97       * @throws AnalysisException is thrown when an exception occurs.
98       */
99      @Test
100     public void testAnalyzeCMakeListsOpenCV() throws AnalysisException {
101         final Dependency result = new Dependency(BaseTest.getResourceAsFile(
102                 this, "cmake/opencv/CMakeLists.txt"));
103         analyzer.analyze(result, null);
104         final String product = "OpenCV";
105         assertProductEvidence(result, product);
106     }
107 
108     /**
109      * Test whether expected evidence is gathered from OpenCV's CMakeLists.txt.
110      *
111      * @throws AnalysisException is thrown when an exception occurs.
112      */
113     @Test
114     public void testAnalyzeCMakeListsZlib() throws AnalysisException {
115         final Dependency result = new Dependency(BaseTest.getResourceAsFile(
116                 this, "cmake/zlib/CMakeLists.txt"));
117         analyzer.analyze(result, null);
118         final String product = "zlib";
119         assertProductEvidence(result, product);
120     }
121 
122     private void assertProductEvidence(Dependency result, String product) {
123         assertTrue("Expected product evidence to contain \"" + product + "\".",
124                 result.getProductEvidence().toString().contains(product));
125     }
126 
127     /**
128      * Test whether expected version evidence is gathered from OpenCV's third party cmake files.
129      *
130      * @throws AnalysisException is thrown when an exception occurs.
131      */
132     @Test
133     public void testAnalyzeCMakeListsOpenCV3rdParty() throws AnalysisException, DatabaseException {
134         final Dependency result = new Dependency(BaseTest.getResourceAsFile(
135                 this, "cmake/opencv/3rdparty/ffmpeg/ffmpeg_version.cmake"));
136         final Engine engine = new Engine();
137         analyzer.analyze(result, engine);
138         assertProductEvidence(result, "libavcodec");
139         assertVersionEvidence(result, "55.18.102");
140         assertFalse("ALIASOF_ prefix shouldn't be present.",
141                 Pattern.compile("\\bALIASOF_\\w+").matcher(result.getProductEvidence().toString()).find());
142         final List<Dependency> dependencies = engine.getDependencies();
143         assertEquals("Number of additional dependencies should be 4.", 4, dependencies.size());
144         final Dependency last = dependencies.get(3);
145         assertProductEvidence(last, "libavresample");
146         assertVersionEvidence(last, "1.0.1");
147     }
148 
149     private void assertVersionEvidence(Dependency result, String version) {
150         assertTrue("Expected version evidence to contain \"" + version + "\".",
151                 result.getVersionEvidence().toString().contains(version));
152     }
153 }