View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import static org.junit.Assert.assertEquals;
21  import static org.junit.Assert.assertTrue;
22  
23  import java.io.File;
24  import java.util.ArrayList;
25  import java.util.List;
26  
27  import org.junit.Test;
28  import org.owasp.dependencycheck.BaseTest;
29  import org.owasp.dependencycheck.dependency.Dependency;
30  import org.owasp.dependencycheck.dependency.Evidence;
31  
32  /**
33   * @author Jeremy Long
34   */
35  public class JarAnalyzerTest extends BaseTest {
36  
37  //    private static final Logger LOGGER = LoggerFactory.getLogger(JarAnalyzerTest.class);
38      
39      /**
40       * Test of inspect method, of class JarAnalyzer.
41       *
42       * @throws Exception is thrown when an exception occurs.
43       */
44      @Test
45      public void testAnalyze() throws Exception {
46          //File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
47          File file = BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar");
48          Dependency result = new Dependency(file);
49          JarAnalyzer instance = new JarAnalyzer();
50          instance.analyze(result, null);
51          assertTrue(result.getVendorEvidence().toString().toLowerCase().contains("apache"));
52          assertTrue(result.getVendorEvidence().getWeighting().contains("apache"));
53          
54          file = BaseTest.getResourceAsFile(this, "dwr.jar");
55          result = new Dependency(file);
56          instance.analyze(result, null);
57          boolean found = false;
58          for (Evidence e : result.getVendorEvidence()) {
59              if (e.getName().equals("url")) {
60              	assertEquals("Project url was not as expected in dwr.jar", e.getValue(), "http://getahead.ltd.uk/dwr");
61                  found = true;
62                  break;
63              }
64          }
65          assertTrue("Project url was not found in dwr.jar", found);
66  
67          //file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath());
68          file = BaseTest.getResourceAsFile(this, "org.mortbay.jetty.jar");
69          result = new Dependency(file);
70          instance.analyze(result, null);
71          found = false;
72          for (Evidence e : result.getProductEvidence()) {
73              if (e.getName().equalsIgnoreCase("package-title")
74                      && e.getValue().equalsIgnoreCase("org.mortbay.http")) {
75                  found = true;
76                  break;
77              }
78          }
79          assertTrue("package-title of org.mortbay.http not found in org.mortbay.jetty.jar", found);
80  
81          found = false;
82          for (Evidence e : result.getVendorEvidence()) {
83              if (e.getName().equalsIgnoreCase("implementation-url")
84                      && e.getValue().equalsIgnoreCase("http://jetty.mortbay.org")) {
85                  found = true;
86                  break;
87              }
88          }
89          assertTrue("implementation-url of http://jetty.mortbay.org not found in org.mortbay.jetty.jar", found);
90  
91          found = false;
92          for (Evidence e : result.getVersionEvidence()) {
93              if (e.getName().equalsIgnoreCase("Implementation-Version")
94                      && e.getValue().equalsIgnoreCase("4.2.27")) {
95                  found = true;
96                  break;
97              }
98          }
99          assertTrue("implementation-version of 4.2.27 not found in org.mortbay.jetty.jar", found);
100 
101         //file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jmx.jar").getPath());
102         file = BaseTest.getResourceAsFile(this, "org.mortbay.jmx.jar");
103         result = new Dependency(file);
104         instance.analyze(result, null);
105         assertEquals("org.mortbar.jmx.jar has version evidence?", result.getVersionEvidence().size(), 0);
106     }
107 
108     /**
109      * Test of getSupportedExtensions method, of class JarAnalyzer.
110      */
111     @Test
112     public void testAcceptSupportedExtensions() throws Exception {
113         JarAnalyzer instance = new JarAnalyzer();
114         instance.initialize();
115         instance.setEnabled(true);
116         String[] files = {"test.jar", "test.war"};
117         for (String name : files) {
118             assertTrue(name, instance.accept(new File(name)));
119         }
120     }
121 
122     /**
123      * Test of getName method, of class JarAnalyzer.
124      */
125     @Test
126     public void testGetName() {
127         JarAnalyzer instance = new JarAnalyzer();
128         String expResult = "Jar Analyzer";
129         String result = instance.getName();
130         assertEquals(expResult, result);
131     }
132 
133     @Test
134     public void testParseManifest() throws Exception {
135         File file = BaseTest.getResourceAsFile(this, "xalan-2.7.0.jar");
136         Dependency result = new Dependency(file);
137         JarAnalyzer instance = new JarAnalyzer();
138         List<JarAnalyzer.ClassNameInformation> cni = new ArrayList<JarAnalyzer.ClassNameInformation>();
139         instance.parseManifest(result, cni);
140 
141         assertTrue(result.getVersionEvidence().getEvidence("manifest: org/apache/xalan/").size() > 0);
142     }
143 }