View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import org.junit.Test;
21  import org.owasp.dependencycheck.BaseTest;
22  import org.owasp.dependencycheck.dependency.Dependency;
23  import org.owasp.dependencycheck.dependency.Evidence;
24  
25  import java.io.File;
26  
27  import static org.junit.Assert.assertEquals;
28  import static org.junit.Assert.assertTrue;
29  
30  /**
31   * @author Jeremy Long
32   */
33  public class JarAnalyzerTest extends BaseTest {
34  
35      /**
36       * Test of inspect method, of class JarAnalyzer.
37       *
38       * @throws Exception is thrown when an exception occurs.
39       */
40      @Test
41      public void testAnalyze() throws Exception {
42          //File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
43          File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar");
44          Dependency result = new Dependency(file);
45          JarAnalyzer instance = new JarAnalyzer();
46          instance.analyze(result, null);
47          assertTrue(result.getVendorEvidence().toString().toLowerCase().contains("apache"));
48          assertTrue(result.getVendorEvidence().getWeighting().contains("apache"));
49  
50          //file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath());
51          file = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar");
52          result = new Dependency(file);
53          instance.analyze(result, null);
54          boolean found = false;
55          for (Evidence e : result.getProductEvidence()) {
56              if (e.getName().equalsIgnoreCase("package-title")
57                      && e.getValue().equalsIgnoreCase("org.mortbay.http")) {
58                  found = true;
59                  break;
60              }
61          }
62          assertTrue("package-title of org.mortbay.http not found in org.mortbay.jetty.jar", found);
63  
64          found = false;
65          for (Evidence e : result.getVendorEvidence()) {
66              if (e.getName().equalsIgnoreCase("implementation-url")
67                      && e.getValue().equalsIgnoreCase("http://jetty.mortbay.org")) {
68                  found = true;
69                  break;
70              }
71          }
72          assertTrue("implementation-url of http://jetty.mortbay.org not found in org.mortbay.jetty.jar", found);
73  
74          found = false;
75          for (Evidence e : result.getVersionEvidence()) {
76              if (e.getName().equalsIgnoreCase("Implementation-Version")
77                      && e.getValue().equalsIgnoreCase("4.2.27")) {
78                  found = true;
79                  break;
80              }
81          }
82          assertTrue("implementation-version of 4.2.27 not found in org.mortbay.jetty.jar", found);
83  
84          //file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jmx.jar").getPath());
85          file = BaseTest.getResourceAsFile(this, "org.mortbay.jmx.jar");
86          result = new Dependency(file);
87          instance.analyze(result, null);
88          assertEquals("org.mortbar.jmx.jar has version evidence?", result.getVersionEvidence().size(), 0);
89      }
90  
91      /**
92       * Test of getSupportedExtensions method, of class JarAnalyzer.
93       */
94      @Test
95      public void testAcceptSupportedExtensions() throws Exception {
96          JarAnalyzer instance = new JarAnalyzer();
97          instance.initialize();
98          instance.setEnabled(true);
99          String[] files = {"test.jar", "test.war"};
100         for (String name : files) {
101             assertTrue(name, instance.accept(new File(name)));
102         }
103     }
104 
105     /**
106      * Test of getName method, of class JarAnalyzer.
107      */
108     @Test
109     public void testGetName() {
110         JarAnalyzer instance = new JarAnalyzer();
111         String expResult = "Jar Analyzer";
112         String result = instance.getName();
113         assertEquals(expResult, result);
114     }
115 
116 }