View Javadoc
1   package org.owasp.dependencycheck.analyzer;
2   
3   import org.junit.After;
4   import org.junit.Before;
5   import org.junit.Test;
6   import org.owasp.dependencycheck.BaseTest;
7   import org.owasp.dependencycheck.Engine;
8   import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
9   import org.owasp.dependencycheck.dependency.Dependency;
10  
11  import static org.hamcrest.CoreMatchers.containsString;
12  import static org.hamcrest.CoreMatchers.is;
13  import static org.hamcrest.MatcherAssert.assertThat;
14  import static org.hamcrest.CoreMatchers.equalTo;
15  import static org.junit.Assert.assertTrue;
16  
17  import java.io.File;
18  import org.owasp.dependencycheck.dependency.EvidenceType;
19  
20  /**
21   * Unit tests for CocoaPodsAnalyzer and SwiftPackageManagerAnalyzer.
22   *
23   * @author Bianca Jiang
24   * @author Jorge Mendes
25   */
26  public class SwiftAnalyzersTest extends BaseTest {
27  
28      /**
29       * The analyzer to test.
30       */
31      private CocoaPodsAnalyzer podsAnalyzer;
32      private SwiftPackageManagerAnalyzer spmAnalyzer;
33      private SwiftPackageResolvedAnalyzer sprAnalyzer;
34  
35      /**
36       * Correctly setup the analyzer for testing.
37       *
38       * @throws Exception thrown if there is a problem
39       */
40      @Before
41      @Override
42      public void setUp() throws Exception {
43          super.setUp();
44          podsAnalyzer = new CocoaPodsAnalyzer();
45          podsAnalyzer.initialize(getSettings());
46          podsAnalyzer.setFilesMatched(true);
47          podsAnalyzer.prepare(null);
48  
49          spmAnalyzer = new SwiftPackageManagerAnalyzer();
50          spmAnalyzer.initialize(getSettings());
51          spmAnalyzer.setFilesMatched(true);
52          spmAnalyzer.prepare(null);
53  
54          sprAnalyzer = new SwiftPackageResolvedAnalyzer();
55          sprAnalyzer.initialize(getSettings());
56          sprAnalyzer.setFilesMatched(true);
57          sprAnalyzer.prepare(null);
58      }
59  
60      /**
61       * Cleanup the analyzer's temp files, etc.
62       *
63       * @throws Exception thrown if there is a problem
64       */
65      @After
66      @Override
67      public void tearDown() throws Exception {
68          podsAnalyzer.close();
69          podsAnalyzer = null;
70  
71          spmAnalyzer.close();
72          spmAnalyzer = null;
73  
74          super.tearDown();
75      }
76  
77      /**
78       * Test of getName method, of class CocoaPodsAnalyzer.
79       */
80      @Test
81      public void testPodsGetName() {
82          assertThat(podsAnalyzer.getName(), is("CocoaPods Package Analyzer"));
83      }
84  
85      /**
86       * Test of getName method, of class SwiftPackageManagerAnalyzer.
87       */
88      @Test
89      public void testSPMGetName() {
90          assertThat(spmAnalyzer.getName(), is("SWIFT Package Manager Analyzer"));
91      }
92  
93      /**
94       * Test of supportsFiles method, of class CocoaPodsAnalyzer.
95       */
96      @Test
97      public void testPodsSupportsFiles() {
98          assertThat(podsAnalyzer.accept(new File("test.podspec")), is(true));
99          assertThat(podsAnalyzer.accept(new File("Podfile.lock")), is(true));
100     }
101 
102     /**
103      * Test of supportsFiles method, of class SwiftPackageManagerAnalyzer.
104      */
105     @Test
106     public void testSPMSupportsFiles() {
107         assertThat(spmAnalyzer.accept(new File("Package.swift")), is(true));
108         assertThat(sprAnalyzer.accept(new File("Package.resolved")), is(true));
109     }
110 
111     /**
112      * Test of analyze method, of class CocoaPodsAnalyzer.
113      *
114      * @throws AnalysisException is thrown when an exception occurs.
115      */
116     @Test
117     public void testCocoaPodsPodfileAnalyzer() throws AnalysisException {
118         final Engine engine = new Engine(getSettings());
119         final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
120                 "swift/cocoapods/Podfile.lock"));
121         podsAnalyzer.analyze(result, engine);
122 
123         assertThat(engine.getDependencies().length, equalTo(9));
124         assertThat(engine.getDependencies()[0].getName(), equalTo("Bolts"));
125         assertThat(engine.getDependencies()[0].getVersion(), equalTo("1.9.0"));
126         assertThat(engine.getDependencies()[1].getName(), equalTo("Bolts/AppLinks"));
127         assertThat(engine.getDependencies()[1].getVersion(), equalTo("1.9.0"));
128         assertThat(engine.getDependencies()[2].getName(), equalTo("Bolts/Tasks"));
129         assertThat(engine.getDependencies()[2].getVersion(), equalTo("1.9.0"));
130         assertThat(engine.getDependencies()[3].getName(), equalTo("FBSDKCoreKit"));
131         assertThat(engine.getDependencies()[3].getVersion(), equalTo("4.33.0"));
132         assertThat(engine.getDependencies()[4].getName(), equalTo("FBSDKLoginKit"));
133         assertThat(engine.getDependencies()[4].getVersion(), equalTo("4.33.0"));
134         assertThat(engine.getDependencies()[5].getName(), equalTo("FirebaseCore"));
135         assertThat(engine.getDependencies()[5].getVersion(), equalTo("5.0.1"));
136         assertThat(engine.getDependencies()[6].getName(), equalTo("GoogleToolboxForMac/Defines"));
137         assertThat(engine.getDependencies()[6].getVersion(), equalTo("2.1.4"));
138         assertThat(engine.getDependencies()[7].getName(), equalTo("GoogleToolboxForMac/NSData+zlib"));
139         assertThat(engine.getDependencies()[7].getVersion(), equalTo("2.1.4"));
140         assertThat(engine.getDependencies()[8].getName(), equalTo("OCMock"));
141         assertThat(engine.getDependencies()[8].getVersion(), equalTo("3.4.1"));
142     }
143 
144     @Test
145     public void testCocoaPodsPodspecAnalyzer() throws AnalysisException {
146         final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
147                 "swift/cocoapods/EasyPeasy.podspec"));
148         podsAnalyzer.analyze(result, null);
149         final String vendorString = result.getEvidence(EvidenceType.VENDOR).toString();
150 
151         assertThat(vendorString, containsString("Carlos Vidal"));
152         assertThat(vendorString, containsString("https://github.com/nakiostudio/EasyPeasy"));
153         assertThat(result.getEvidence(EvidenceType.PRODUCT).toString(), containsString("EasyPeasy"));
154         assertThat(result.getEvidence(EvidenceType.VERSION).toString(), containsString("0.2.3"));
155         assertThat(result.getName(), equalTo("EasyPeasy"));
156         assertThat(result.getVersion(), equalTo("0.2.3"));
157         assertThat(result.getDisplayFileName(), equalTo("EasyPeasy:0.2.3"));
158         assertThat(result.getLicense(), containsString("MIT"));
159         assertThat(result.getEcosystem(), equalTo(CocoaPodsAnalyzer.DEPENDENCY_ECOSYSTEM));
160     }
161 
162     /**
163      * Test of analyze method, of class SwiftPackageManagerAnalyzer.
164      *
165      * @throws AnalysisException is thrown when an exception occurs.
166      */
167     @Test
168     public void testSPMAnalyzer() throws AnalysisException {
169         final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
170                 "swift/Gloss/Package.swift"));
171         spmAnalyzer.analyze(result, null);
172 
173         assertThat(result.getEvidence(EvidenceType.PRODUCT).toString(), containsString("Gloss"));
174         assertThat(result.getName(), equalTo("Gloss"));
175         //TODO: when version processing is added, update the expected name.
176         assertThat(result.getDisplayFileName(), equalTo("Gloss"));
177         assertThat(result.getEcosystem(), equalTo(SwiftPackageManagerAnalyzer.DEPENDENCY_ECOSYSTEM));
178     }
179 
180     @Test
181     public void testSPMResolvedAnalyzerV1() throws AnalysisException {
182         final Engine engine = new Engine(getSettings());
183         final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
184                 "swift/spm/Package.resolved"));
185         sprAnalyzer.analyze(result, engine);
186 
187         assertThat(engine.getDependencies().length, equalTo(3));
188         assertThat(engine.getDependencies()[0].getName(), equalTo("Alamofire"));
189         assertThat(engine.getDependencies()[0].getVersion(), equalTo("5.4.3"));
190         assertThat(engine.getDependencies()[1].getName(), equalTo("AlamofireImage"));
191         assertThat(engine.getDependencies()[1].getVersion(), equalTo("4.2.0"));
192         assertThat(engine.getDependencies()[2].getName(), equalTo("Facebook"));
193         assertThat(engine.getDependencies()[2].getVersion(), equalTo("9.3.0"));
194     }
195 
196     @Test
197     public void testSPMResolvedAnalyzerV2() throws AnalysisException {
198         final Engine engine = new Engine(getSettings());
199         final Dependency result = new Dependency(BaseTest.getResourceAsFile(this,
200                 "swift/spmV2/Package.resolved"));
201         sprAnalyzer.analyze(result, engine);
202 
203         assertThat(engine.getDependencies().length, equalTo(3));
204         assertThat(engine.getDependencies()[0].getName(), equalTo("alamofire"));
205         assertThat(engine.getDependencies()[0].getVersion(), equalTo("5.4.3"));
206         assertThat(engine.getDependencies()[1].getName(), equalTo("alamofireimage"));
207         assertThat(engine.getDependencies()[1].getVersion(), equalTo("4.2.0"));
208         assertThat(engine.getDependencies()[2].getName(), equalTo("facebook"));
209         assertThat(engine.getDependencies()[2].getVersion(), equalTo("9.3.0"));
210     }
211 
212     @Test
213     public void testIsEnabledIsTrueByDefault() {
214         assertTrue(spmAnalyzer.isEnabled());
215         assertTrue(sprAnalyzer.isEnabled());
216     }
217 }