View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2015 Institute for Defense Analyses. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import org.junit.After;
21  import org.junit.Assume;
22  import org.junit.Before;
23  import org.junit.Test;
24  import org.owasp.dependencycheck.BaseTest;
25  import org.owasp.dependencycheck.Engine;
26  import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
27  import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
28  import org.owasp.dependencycheck.dependency.Dependency;
29  import org.slf4j.Logger;
30  import org.slf4j.LoggerFactory;
31  
32  import java.io.File;
33  
34  import static org.hamcrest.CoreMatchers.is;
35  import static org.hamcrest.CoreMatchers.not;
36  import static org.junit.Assert.assertThat;
37  
38  /**
39   * Unit tests for {@link RubyBundleAuditAnalyzer}.
40   *
41   * @author Dale Visser <dvisser@ida.org>
42   */
43  public class RubyBundleAuditAnalyzerTest extends BaseTest {
44  
45      private static final Logger LOGGER = LoggerFactory.getLogger(RubyBundleAuditAnalyzerTest.class);
46  
47      /**
48       * The analyzer to test.
49       */
50      RubyBundleAuditAnalyzer analyzer;
51  
52      /**
53       * Correctly setup the analyzer for testing.
54       *
55       * @throws Exception thrown if there is a problem
56       */
57      @Before
58      public void setUp() throws Exception {
59          try {
60              analyzer = new RubyBundleAuditAnalyzer();
61              analyzer.setFilesMatched(true);
62              analyzer.initialize();
63          } catch (Exception e) {
64              //LOGGER.warn("Exception setting up RubyBundleAuditAnalyzer. Tests will be incomplete", e);
65              Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed. Tests will be incomplete", e);
66          }
67      }
68  
69      /**
70       * Cleanup the analyzer's temp files, etc.
71       *
72       * @throws Exception thrown if there is a problem
73       */
74      @After
75      public void tearDown() throws Exception {
76          analyzer.close();
77          analyzer = null;
78      }
79  
80      /**
81       * Test Ruby Gemspec name.
82       */
83      @Test
84      public void testGetName() {
85          assertThat(analyzer.getName(), is("Ruby Bundle Audit Analyzer"));
86      }
87  
88      /**
89       * Test Ruby Bundler Audit file support.
90       */
91      @Test
92      public void testSupportsFiles() {
93          assertThat(analyzer.accept(new File("Gemfile.lock")), is(true));
94      }
95  
96      /**
97       * Test Ruby BundlerAudit analysis.
98       *
99       * @throws AnalysisException is thrown when an exception occurs.
100      */
101     @Test
102     public void testAnalysis() throws AnalysisException, DatabaseException {
103         final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
104                 "ruby/vulnerable/Gemfile.lock"));
105         final Engine engine = new Engine();
106         analyzer.analyze(result, engine);
107         assertThat(engine.getDependencies().size(), is(not(0)));
108     }
109 }