View Javadoc
1   package org.owasp.dependencycheck.analyzer;
2   
3   import org.junit.After;
4   import org.junit.Before;
5   import org.junit.Test;
6   import org.owasp.dependencycheck.BaseTest;
7   import org.owasp.dependencycheck.Engine;
8   import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
9   import org.owasp.dependencycheck.dependency.Dependency;
10  
11  import static org.hamcrest.CoreMatchers.containsString;
12  import static org.hamcrest.CoreMatchers.is;
13  import static org.hamcrest.MatcherAssert.assertThat;
14  import static org.hamcrest.CoreMatchers.equalTo;
15  import static org.junit.Assert.assertTrue;
16  
17  import java.io.File;
18  import org.owasp.dependencycheck.dependency.EvidenceType;
19  
20  /**
21   * Unit tests for CocoaPodsAnalyzer, CarthageAnalyzer and SwiftPackageManagerAnalyzer.
22   *
23   * @author Bianca Jiang
24   * @author Jorge Mendes
25   * @author Alin Radut
26   */
27  public class SwiftAnalyzersTest extends BaseTest {
28  
29      /**
30       * The analyzer to test.
31       */
32      private CocoaPodsAnalyzer podsAnalyzer;
33      private CarthageAnalyzer carthageAnalyzer;
34      private SwiftPackageManagerAnalyzer spmAnalyzer;
35      private SwiftPackageResolvedAnalyzer sprAnalyzer;
36  
37      /**
38       * Correctly setup the analyzer for testing.
39       *
40       * @throws Exception thrown if there is a problem
41       */
42      @Before
43      @Override
44      public void setUp() throws Exception {
45          super.setUp();
46          podsAnalyzer = new CocoaPodsAnalyzer();
47          podsAnalyzer.initialize(getSettings());
48          podsAnalyzer.setFilesMatched(true);
49          podsAnalyzer.prepare(null);
50  
51          carthageAnalyzer = new CarthageAnalyzer();
52          carthageAnalyzer.initialize(getSettings());
53          carthageAnalyzer.setFilesMatched(true);
54          carthageAnalyzer.prepare(null);
55  
56          spmAnalyzer = new SwiftPackageManagerAnalyzer();
57          spmAnalyzer.initialize(getSettings());
58          spmAnalyzer.setFilesMatched(true);
59          spmAnalyzer.prepare(null);
60  
61          sprAnalyzer = new SwiftPackageResolvedAnalyzer();
62          sprAnalyzer.initialize(getSettings());
63          sprAnalyzer.setFilesMatched(true);
64          sprAnalyzer.prepare(null);
65      }
66  
67      /**
68       * Cleanup the analyzer's temp files, etc.
69       *
70       * @throws Exception thrown if there is a problem
71       */
72      @After
73      @Override
74      public void tearDown() throws Exception {
75          podsAnalyzer.close();
76          podsAnalyzer = null;
77  
78          spmAnalyzer.close();
79          spmAnalyzer = null;
80  
81          super.tearDown();
82      }
83  
84      /**
85       * Test of getName method, of class CocoaPodsAnalyzer.
86       */
87      @Test
88      public void testPodsGetName() {
89          assertThat(podsAnalyzer.getName(), is("CocoaPods Package Analyzer"));
90      }
91  
92      /**
93       * Test of getName method, of class CarthageAnalyzer.
94       */
95      @Test
96      public void testCarthageGetName() {
97          assertThat(carthageAnalyzer.getName(), is("Carthage Package Analyzer"));
98      }
99  
100     /**
101      * Test of getName method, of class SwiftPackageManagerAnalyzer.
102      */
103     @Test
104     public void testSPMGetName() {
105         assertThat(spmAnalyzer.getName(), is("SWIFT Package Manager Analyzer"));
106     }
107 
108     /**
109      * Test of supportsFiles method, of class CocoaPodsAnalyzer.
110      */
111     @Test
112     public void testPodsSupportsFiles() {
113         assertThat(podsAnalyzer.accept(new File("test.podspec")), is(true));
114         assertThat(podsAnalyzer.accept(new File("Podfile.lock")), is(true));
115     }
116 
117     /**
118      * Test of supportsFiles method, of class CocoaPodsAnalyzer.
119      */
120     @Test
121     public void testCarthageSupportsFiles() {
122         assertThat(carthageAnalyzer.accept(new File("Cartfile.resolved")), is(true));
123     }
124 
125     /**
126      * Test of supportsFiles method, of class SwiftPackageManagerAnalyzer.
127      */
128     @Test
129     public void testSPMSupportsFiles() {
130         assertThat(spmAnalyzer.accept(new File("Package.swift")), is(true));
131         assertThat(sprAnalyzer.accept(new File("Package.resolved")), is(true));
132     }
133 
134     /**
135      * Test of analyze method, of class CocoaPodsAnalyzer.
136      *
137      * @throws AnalysisException is thrown when an exception occurs.
138      */
139     @Test
140     public void testCocoaPodsPodfileAnalyzer() throws AnalysisException {
141         final Engine engine = new Engine(getSettings());
142         final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
143                 "swift/cocoapods/Podfile.lock"));
144         podsAnalyzer.analyze(result, engine);
145 
146         assertThat(engine.getDependencies().length, equalTo(9));
147         assertThat(engine.getDependencies()[0].getName(), equalTo("Bolts"));
148         assertThat(engine.getDependencies()[0].getVersion(), equalTo("1.9.0"));
149         assertThat(engine.getDependencies()[1].getName(), equalTo("Bolts/AppLinks"));
150         assertThat(engine.getDependencies()[1].getVersion(), equalTo("1.9.0"));
151         assertThat(engine.getDependencies()[2].getName(), equalTo("Bolts/Tasks"));
152         assertThat(engine.getDependencies()[2].getVersion(), equalTo("1.9.0"));
153         assertThat(engine.getDependencies()[3].getName(), equalTo("FBSDKCoreKit"));
154         assertThat(engine.getDependencies()[3].getVersion(), equalTo("4.33.0"));
155         assertThat(engine.getDependencies()[4].getName(), equalTo("FBSDKLoginKit"));
156         assertThat(engine.getDependencies()[4].getVersion(), equalTo("4.33.0"));
157         assertThat(engine.getDependencies()[5].getName(), equalTo("FirebaseCore"));
158         assertThat(engine.getDependencies()[5].getVersion(), equalTo("5.0.1"));
159         assertThat(engine.getDependencies()[6].getName(), equalTo("GoogleToolboxForMac/Defines"));
160         assertThat(engine.getDependencies()[6].getVersion(), equalTo("2.1.4"));
161         assertThat(engine.getDependencies()[7].getName(), equalTo("GoogleToolboxForMac/NSData+zlib"));
162         assertThat(engine.getDependencies()[7].getVersion(), equalTo("2.1.4"));
163         assertThat(engine.getDependencies()[8].getName(), equalTo("OCMock"));
164         assertThat(engine.getDependencies()[8].getVersion(), equalTo("3.4.1"));
165     }
166 
167     @Test
168     public void testCocoaPodsPodspecAnalyzer() throws AnalysisException {
169         final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
170                 "swift/cocoapods/EasyPeasy.podspec"));
171         podsAnalyzer.analyze(result, null);
172         final String vendorString = result.getEvidence(EvidenceType.VENDOR).toString();
173 
174         assertThat(vendorString, containsString("Carlos Vidal"));
175         assertThat(vendorString, containsString("https://github.com/nakiostudio/EasyPeasy"));
176         assertThat(result.getEvidence(EvidenceType.PRODUCT).toString(), containsString("EasyPeasy"));
177         assertThat(result.getEvidence(EvidenceType.VERSION).toString(), containsString("0.2.3"));
178         assertThat(result.getName(), equalTo("EasyPeasy"));
179         assertThat(result.getVersion(), equalTo("0.2.3"));
180         assertThat(result.getDisplayFileName(), equalTo("EasyPeasy:0.2.3"));
181         assertThat(result.getLicense(), containsString("MIT"));
182         assertThat(result.getEcosystem(), equalTo(CocoaPodsAnalyzer.DEPENDENCY_ECOSYSTEM));
183     }
184 
185     /**
186      * Test of analyze method, of class CarthageAnalyzer.
187      *
188      * @throws AnalysisException is thrown when an exception occurs.
189      */
190     @Test
191     public void testCarthageCartfileResolvedAnalyzer() throws AnalysisException {
192         final Engine engine = new Engine(getSettings());
193         final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
194                 "swift/carthage/Cartfile.resolved"));
195         carthageAnalyzer.analyze(result, engine);
196 
197         assertThat(engine.getDependencies().length, equalTo(9));
198         assertThat(engine.getDependencies()[0].getName(), equalTo("GoogleMaps"));
199         assertThat(engine.getDependencies()[0].getVersion(), equalTo("7.2.0"));
200         assertThat(engine.getDependencies()[1].getName(), equalTo("olm"));
201         assertThat(engine.getDependencies()[1].getVersion(), equalTo("3.2.16"));
202         assertThat(engine.getDependencies()[2].getName(), equalTo("CocoaLumberjack"));
203         assertThat(engine.getDependencies()[2].getVersion(), equalTo("3.8.5"));
204         assertThat(engine.getDependencies()[3].getName(), equalTo("libidn-framework"));
205         assertThat(engine.getDependencies()[3].getVersion(), equalTo("1.35.1"));
206         assertThat(engine.getDependencies()[4].getName(), equalTo("SQLite.swift"));
207         assertThat(engine.getDependencies()[4].getVersion(), equalTo("0.12.2"));
208         assertThat(engine.getDependencies()[5].getName(), equalTo("KissXML"));
209         assertThat(engine.getDependencies()[5].getVersion(), equalTo("5.3.3"));
210         assertThat(engine.getDependencies()[6].getName(), equalTo("XMPPFramework"));
211         assertThat(engine.getDependencies()[6].getVersion(), equalTo("4.1.0"));
212         assertThat(engine.getDependencies()[7].getName(), equalTo("Alamofire"));
213         assertThat(engine.getDependencies()[7].getVersion(), equalTo("4.8.2"));
214         assertThat(engine.getDependencies()[8].getName(), equalTo("DateTools"));
215         assertThat(engine.getDependencies()[8].getVersion(), equalTo("0.0.0"));
216     }
217 
218     /**
219      * Test of analyze method, of class SwiftPackageManagerAnalyzer.
220      *
221      * @throws AnalysisException is thrown when an exception occurs.
222      */
223     @Test
224     public void testSPMAnalyzer() throws AnalysisException {
225         final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
226                 "swift/Gloss/Package.swift"));
227         spmAnalyzer.analyze(result, null);
228 
229         assertThat(result.getEvidence(EvidenceType.PRODUCT).toString(), containsString("Gloss"));
230         assertThat(result.getName(), equalTo("Gloss"));
231         //TODO: when version processing is added, update the expected name.
232         assertThat(result.getDisplayFileName(), equalTo("Gloss"));
233         assertThat(result.getEcosystem(), equalTo(SwiftPackageManagerAnalyzer.DEPENDENCY_ECOSYSTEM));
234     }
235 
236     @Test
237     public void testSPMResolvedAnalyzerV1() throws AnalysisException {
238         final Engine engine = new Engine(getSettings());
239         final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
240                 "swift/spm/Package.resolved"));
241         sprAnalyzer.analyze(result, engine);
242 
243         assertThat(engine.getDependencies().length, equalTo(3));
244         assertThat(engine.getDependencies()[0].getName(), equalTo("Alamofire"));
245         assertThat(engine.getDependencies()[0].getVersion(), equalTo("5.4.3"));
246         assertThat(engine.getDependencies()[1].getName(), equalTo("AlamofireImage"));
247         assertThat(engine.getDependencies()[1].getVersion(), equalTo("4.2.0"));
248         assertThat(engine.getDependencies()[2].getName(), equalTo("Facebook"));
249         assertThat(engine.getDependencies()[2].getVersion(), equalTo("9.3.0"));
250     }
251 
252     @Test
253     public void testSPMResolvedAnalyzerV2() throws AnalysisException {
254         final Engine engine = new Engine(getSettings());
255         final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
256                 "swift/spmV2/Package.resolved"));
257         sprAnalyzer.analyze(result, engine);
258 
259         assertThat(engine.getDependencies().length, equalTo(3));
260         assertThat(engine.getDependencies()[0].getName(), equalTo("alamofire"));
261         assertThat(engine.getDependencies()[0].getVersion(), equalTo("5.4.3"));
262         assertThat(engine.getDependencies()[1].getName(), equalTo("alamofireimage"));
263         assertThat(engine.getDependencies()[1].getVersion(), equalTo("4.2.0"));
264         assertThat(engine.getDependencies()[2].getName(), equalTo("facebook"));
265         assertThat(engine.getDependencies()[2].getVersion(), equalTo("9.3.0"));
266     }
267 
268     @Test
269     public void testSPMResolvedAnalyzerV3() throws AnalysisException {
270         final Engine engine = new Engine(getSettings());
271         final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
272                 "swift/spmV3/Package.resolved"));
273         sprAnalyzer.analyze(result, engine);
274 
275         assertThat(engine.getDependencies().length, equalTo(3));
276         assertThat(engine.getDependencies()[0].getName(), equalTo("alamofire"));
277         assertThat(engine.getDependencies()[0].getVersion(), equalTo("5.4.3"));
278         assertThat(engine.getDependencies()[1].getName(), equalTo("alamofireimage"));
279         assertThat(engine.getDependencies()[1].getVersion(), equalTo("4.2.0"));
280         assertThat(engine.getDependencies()[2].getName(), equalTo("facebook-ios-sdk"));
281         assertThat(engine.getDependencies()[2].getVersion(), equalTo("9.3.0"));
282     }
283 
284     @Test
285     public void testIsEnabledIsTrueByDefault() {
286         assertTrue(spmAnalyzer.isEnabled());
287         assertTrue(sprAnalyzer.isEnabled());
288     }
289 }