View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2015 Institute for Defense Analyses. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import org.junit.After;
21  import org.junit.Before;
22  import org.junit.Test;
23  import org.owasp.dependencycheck.BaseTest;
24  import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
25  import org.owasp.dependencycheck.dependency.Dependency;
26  
27  import java.io.File;
28  
29  import static org.hamcrest.CoreMatchers.containsString;
30  import static org.hamcrest.CoreMatchers.is;
31  import static org.hamcrest.MatcherAssert.assertThat;
32  import static org.junit.Assert.assertEquals;
33  import org.owasp.dependencycheck.dependency.EvidenceType;
34  
35  /**
36   * Unit tests for {@link RubyGemspecAnalyzer}.
37   *
38   * @author Dale Visser
39   */
40  public class RubyGemspecAnalyzerTest extends BaseTest {
41  
42      /**
43       * The analyzer to test.
44       */
45      private RubyGemspecAnalyzer analyzer;
46  
47      /**
48       * Correctly setup the analyzer for testing.
49       *
50       * @throws Exception thrown if there is a problem
51       */
52      @Before
53      @Override
54      public void setUp() throws Exception {
55          super.setUp();
56          analyzer = new RubyGemspecAnalyzer();
57          analyzer.initialize(getSettings());
58          analyzer.setFilesMatched(true);
59          analyzer.prepare(null);
60      }
61  
62      /**
63       * Cleanup the analyzer's temp files, etc.
64       *
65       * @throws Exception thrown if there is a problem
66       */
67      @After
68      @Override
69      public void tearDown() throws Exception {
70          analyzer.close();
71          super.tearDown();
72      }
73  
74      /**
75       * Test Ruby Gemspec name.
76       */
77      @Test
78      public void testGetName() {
79          assertThat(analyzer.getName(), is("Ruby Gemspec Analyzer"));
80      }
81  
82      /**
83       * Test Ruby Gemspec file support.
84       */
85      @Test
86      public void testSupportsFiles() {
87          assertThat(analyzer.accept(new File("test.gemspec")), is(true));
88          assertThat(analyzer.accept(new File("gemspec.lock")), is(false));
89  //        assertThat(analyzer.accept(new File("Rakefile")), is(true));
90      }
91  
92      /**
93       * Test Ruby Gemspec analysis.
94       *
95       * @throws AnalysisException is thrown when an exception occurs.
96       */
97      @Test
98      public void testAnalyzePackageJson() throws AnalysisException {
99          final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
100                 "ruby/vulnerable/gems/specifications/rest-client-1.7.2.gemspec"));
101         analyzer.analyze(result, null);
102         final String vendorString = result.getEvidence(EvidenceType.VENDOR).toString();
103         assertEquals(RubyGemspecAnalyzer.DEPENDENCY_ECOSYSTEM, result.getEcosystem());
104         assertThat(vendorString, containsString("REST Client Team"));
105         assertThat(vendorString, containsString("rest-client_project"));
106         assertThat(vendorString, containsString("rest.client@librelist.com"));
107         assertThat(vendorString, containsString("https://github.com/rest-client/rest-client"));
108         assertThat(result.getEvidence(EvidenceType.PRODUCT).toString(), containsString("rest-client"));
109         assertThat(result.getEvidence(EvidenceType.VERSION).toString(), containsString("1.7.2"));
110         assertEquals("rest-client", result.getName());
111         assertEquals("1.7.2", result.getVersion());
112         assertEquals("rest-client:1.7.2", result.getDisplayFileName());
113     }
114 
115 //    /**
116 //     * Test Rakefile analysis.
117 //     *
118 //     * @throws AnalysisException is thrown when an exception occurs.
119 //     */
120 //    @Test
121 //    @Ignore
122 //    //TODO: place holder to test Rakefile support
123 //    public void testAnalyzeRakefile() throws AnalysisException {
124 //        final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
125 //                "ruby/vulnerable/gems/rails-4.1.15/vendor/bundle/ruby/2.2.0/gems/pg-0.18.4/Rakefile"));
126 //        analyzer.analyze(result, null);
127 //        assertTrue(result.size() > 0);
128 //        assertEquals(RubyGemspecAnalyzer.DEPENDENCY_ECOSYSTEM, result.getEcosystem());
129 //        assertEquals("pg", result.getName());
130 //        assertEquals("0.18.4", result.getVersion());
131 //        assertEquals("pg:0.18.4", result.getDisplayFileName());
132 //    }
133 }