Package org.owasp.dependencycheck.analyzer

Source Code of org.owasp.dependencycheck.analyzer.HintAnalyzerTest

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
/*
* Copyright 2014 OWASP.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*      http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.owasp.dependencycheck.analyzer;

import java.io.File;
import java.util.Set;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import org.junit.Before;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.utils.Settings;

/**
*
* @author Jeremy Long <jeremy.long@owasp.org>
*/
public class HintAnalyzerTest extends BaseTest {

    @Before
    public void setUp() throws Exception {
        org.owasp.dependencycheck.data.nvdcve.BaseDBTestCase.ensureDBExists();
    }

    /**
     * Test of getName method, of class HintAnalyzer.
     */
    @Test
    public void testGetName() {
        HintAnalyzer instance = new HintAnalyzer();
        String expResult = "Hint Analyzer";
        String result = instance.getName();
        assertEquals(expResult, result);
    }

    /**
     * Test of getAnalysisPhase method, of class HintAnalyzer.
     */
    @Test
    public void testGetAnalysisPhase() {
        HintAnalyzer instance = new HintAnalyzer();
        AnalysisPhase expResult = AnalysisPhase.PRE_IDENTIFIER_ANALYSIS;
        AnalysisPhase result = instance.getAnalysisPhase();
        assertEquals(expResult, result);
    }

    /**
     * Test of analyze method, of class HintAnalyzer.
     */
    @Test
    public void testAnalyze() throws Exception {
        HintAnalyzer instance = new HintAnalyzer();

        File guice = new File(this.getClass().getClassLoader().getResource("guice-3.0.jar").getPath());
        //Dependency guice = new Dependency(fileg);
        File spring = new File(this.getClass().getClassLoader().getResource("spring-core-3.0.0.RELEASE.jar").getPath());
        //Dependency spring = new Dependency(files);
        Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
        Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
        Engine engine = new Engine();

        engine.scan(guice);
        engine.scan(spring);
        engine.analyzeDependencies();
        Dependency gdep = null;
        Dependency sdep = null;
        for (Dependency d : engine.getDependencies()) {
            if (d.getActualFile().equals(guice)) {
                gdep = d;
            } else if (d.getActualFile().equals(spring)) {
                sdep = d;
            }
        }
        final Evidence springTest1 = new Evidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH);
        final Evidence springTest2 = new Evidence("hint analyzer", "vendor", "SpringSource", Confidence.HIGH);
        final Evidence springTest3 = new Evidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
        final Evidence springTest4 = new Evidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH);
        final Evidence springTest5 = new Evidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);

        Set<Evidence> evidence = gdep.getEvidence().getEvidence();
        assertFalse(evidence.contains(springTest1));
        assertFalse(evidence.contains(springTest2));
        assertFalse(evidence.contains(springTest3));
        assertFalse(evidence.contains(springTest4));
        assertFalse(evidence.contains(springTest5));

        evidence = sdep.getEvidence().getEvidence();
        assertTrue(evidence.contains(springTest1));
        assertTrue(evidence.contains(springTest2));
        assertTrue(evidence.contains(springTest3));
        //assertTrue(evidence.contains(springTest4));
        //assertTrue(evidence.contains(springTest5));

    }

}
TOP

Related Classes of org.owasp.dependencycheck.analyzer.HintAnalyzerTest

  • org.owasp.dependencycheck.dependency.Dependency
  • org.owasp.dependencycheck.dependency.Evidence
  • org.owasp.dependencycheck.Engine
  • java.io.File
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.