View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import org.junit.Test;
21  import org.owasp.dependencycheck.BaseTest;
22  import org.owasp.dependencycheck.dependency.Dependency;
23  import org.owasp.dependencycheck.dependency.Evidence;
24  
25  import java.io.File;
26  import java.util.ArrayList;
27  import java.util.List;
28  
29  import static org.junit.Assert.assertEquals;
30  import static org.junit.Assert.assertTrue;
31  
32  /**
33   * @author Jeremy Long
34   */
35  public class JarAnalyzerTest extends BaseTest {
36  
37      /**
38       * Test of inspect method, of class JarAnalyzer.
39       *
40       * @throws Exception is thrown when an exception occurs.
41       */
42      @Test
43      public void testAnalyze() throws Exception {
44          //File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
45          File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar");
46          Dependency result = new Dependency(file);
47          JarAnalyzer instance = new JarAnalyzer();
48          instance.analyze(result, null);
49          assertTrue(result.getVendorEvidence().toString().toLowerCase().contains("apache"));
50          assertTrue(result.getVendorEvidence().getWeighting().contains("apache"));
51  
52          //file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath());
53          file = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar");
54          result = new Dependency(file);
55          instance.analyze(result, null);
56          boolean found = false;
57          for (Evidence e : result.getProductEvidence()) {
58              if (e.getName().equalsIgnoreCase("package-title")
59                      && e.getValue().equalsIgnoreCase("org.mortbay.http")) {
60                  found = true;
61                  break;
62              }
63          }
64          assertTrue("package-title of org.mortbay.http not found in org.mortbay.jetty.jar", found);
65  
66          found = false;
67          for (Evidence e : result.getVendorEvidence()) {
68              if (e.getName().equalsIgnoreCase("implementation-url")
69                      && e.getValue().equalsIgnoreCase("http://jetty.mortbay.org")) {
70                  found = true;
71                  break;
72              }
73          }
74          assertTrue("implementation-url of http://jetty.mortbay.org not found in org.mortbay.jetty.jar", found);
75  
76          found = false;
77          for (Evidence e : result.getVersionEvidence()) {
78              if (e.getName().equalsIgnoreCase("Implementation-Version")
79                      && e.getValue().equalsIgnoreCase("4.2.27")) {
80                  found = true;
81                  break;
82              }
83          }
84          assertTrue("implementation-version of 4.2.27 not found in org.mortbay.jetty.jar", found);
85  
86          //file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jmx.jar").getPath());
87          file = BaseTest.getResourceAsFile(this, "org.mortbay.jmx.jar");
88          result = new Dependency(file);
89          instance.analyze(result, null);
90          assertEquals("org.mortbar.jmx.jar has version evidence?", result.getVersionEvidence().size(), 0);
91      }
92  
93      /**
94       * Test of getSupportedExtensions method, of class JarAnalyzer.
95       */
96      @Test
97      public void testAcceptSupportedExtensions() throws Exception {
98          JarAnalyzer instance = new JarAnalyzer();
99          instance.initialize();
100         instance.setEnabled(true);
101         String[] files = {"test.jar", "test.war"};
102         for (String name : files) {
103             assertTrue(name, instance.accept(new File(name)));
104         }
105     }
106 
107     /**
108      * Test of getName method, of class JarAnalyzer.
109      */
110     @Test
111     public void testGetName() {
112         JarAnalyzer instance = new JarAnalyzer();
113         String expResult = "Jar Analyzer";
114         String result = instance.getName();
115         assertEquals(expResult, result);
116     }
117 
118     @Test
119     public void testParseManifest() throws Exception {
120         File file = BaseTest.getResourceAsFile(this, "xalan-2.7.0.jar");
121         Dependency result = new Dependency(file);
122         JarAnalyzer instance = new JarAnalyzer();
123         List<JarAnalyzer.ClassNameInformation> cni = new ArrayList<JarAnalyzer.ClassNameInformation>();
124         instance.parseManifest(result, cni);
125 
126         assertTrue(result.getVersionEvidence().getEvidence("manifest: org/apache/xalan/").size() > 0);
127     }
128 }