github-mirrors/odc-analyzer
1
0
Fork 0
mirror of https://github.com/ysoftdevs/odc-analyzer.git synced 2026-03-14 14:11:52 +01:00
Code Issues 2 Packages Projects Releases Wiki Activity

Add support for newer ODC

Browse Source
This commit is contained in:
Šesták Vít
2020-01-31 00:53:40 +01:00
parent 237f6638a0
commit 52c3228ac3
11 changed files with 194 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
test/ParserSpec.scala Normal file
View File

@@ -0,0 +1,60 @@
import java.io.{ByteArrayOutputStream, InputStream}
import org.specs2.mutable.Specification
import com.ysoft.odc._
class ParserSpec extends Specification {
private def readStream(in: InputStream): Array[Byte] = {
val buff = new Array[Byte](1024)
val out = new ByteArrayOutputStream()
var n = 0
while({
n = in.read(buff)
n != -1
}){
out.write(buff, 0, n)
}
out.toByteArray
}
private def parseReport(reportResourceName: String) = {
val reportBytes: Array[Byte] = readStream(getClass.getResourceAsStream(reportResourceName))
OdcParser.parseXmlReport(reportBytes)
}
private def findDependency(identifierType: String, name: String)(implicit report: Analysis) = {
val found = report.dependencies.filter(_.identifiers.exists(i => i.identifierType == identifierType && i.name == name))
found.size match {
case 0 => sys.error(s"Dependency $identifierType: $name not found")
case 1 => (found.toSeq)(0)
case _ => sys.error(s"Multiple dependencies $identifierType: $name found: $found")
}
}
private def shouldHaveIdentifier(dep: Dependency, identifierType: String, name: String) = s"should have identifier $identifierType: $name" >> {
(dep.identifiers.exists((i: Identifier) => (i.identifierType == identifierType) && (i.name == name))) should beTrue
}
"Maven report" >> {
implicit val report = parseReport("dependency-check-report-maven.xml")
"groupId" >> {report.groupId shouldEqual "com.ysoft.security"}
println(report.dependencies.map(_.identifiers).mkString("\n\n"))
"commons-collections" >> {
val dep = findDependency("maven", "commons-collections:commons-collections:3.2.1")
dep.vulnerabilities.size shouldEqual 3
//shouldHaveIdentifier(dep, "cpe", "cpe:/a:apache:commons_collections:3.2.1")
}
"commons-cli" >> {
val dep = findDependency("maven", "commons-cli:commons-cli:1.4")
dep.vulnerabilities.size shouldEqual 0
//shouldHaveIdentifier(dep, "cpe", "cpe:/a:cli_project:cli:1.4")
}
"jackson-databind" >> {
val dep = findDependency("maven", "com.fasterxml.jackson.core:jackson-databind:2.9.7")
dep.vulnerabilities.size shouldEqual 15
//shouldHaveIdentifier(dep, "cpe", "cpe:/a:fasterxml:jackson:2.9.7")
//shouldHaveIdentifier(dep, "cpe", "cpe:/a:fasterxml:jackson-databind:2.9.7")
}
}
}