View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2018 Paul Irwin. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import org.junit.Before;
21  import org.junit.Test;
22  import org.owasp.dependencycheck.BaseTest;
23  import org.owasp.dependencycheck.Engine;
24  import org.owasp.dependencycheck.dependency.Dependency;
25  import org.owasp.dependencycheck.dependency.EvidenceType;
26  
27  import java.io.File;
28  
29  import static junit.framework.TestCase.assertTrue;
30  import static org.junit.Assert.assertEquals;
31  import static org.junit.Assert.assertFalse;
32  import static org.owasp.dependencycheck.analyzer.NuspecAnalyzer.DEPENDENCY_ECOSYSTEM;
33  
34  public class NugetconfAnalyzerTest extends BaseTest {
35  
36      private NugetconfAnalyzer instance;
37  
38      @Before
39      @Override
40      public void setUp() throws Exception {
41          super.setUp();
42          instance = new NugetconfAnalyzer();
43          instance.initialize(getSettings());
44          instance.prepare(null);
45          instance.setEnabled(true);
46      }
47  
48      @Test
49      public void testGetAnalyzerName() {
50          assertEquals("Nugetconf Analyzer", instance.getName());
51      }
52  
53      @Test
54      public void testSupportedFileNames() {
55          assertTrue(instance.accept(new File("packages.config")));
56          assertFalse(instance.accept(new File("packages.json")));
57      }
58  
59      @Test
60      public void testNugetconfAnalysis() throws Exception {
61  
62          try (Engine engine = new Engine(getSettings())) {
63              File file = BaseTest.getResourceAsFile(this, "nugetconf/packages.config");
64              Dependency toScan = new Dependency(file);
65              NugetconfAnalyzer analyzer = new NugetconfAnalyzer();
66              analyzer.setFilesMatched(true);
67              analyzer.initialize(getSettings());
68              analyzer.prepare(engine);
69              analyzer.setEnabled(true);
70              analyzer.analyze(toScan, engine);
71  
72              int foundCount = 0;
73  
74              for (Dependency result : engine.getDependencies()) {
75                  assertEquals(DEPENDENCY_ECOSYSTEM, result.getEcosystem());
76                  assertTrue(result.isVirtual());
77  
78                  switch(result.getName()) {
79                      case "Autofac":
80                          foundCount++;
81                          assertTrue(result.getEvidence(EvidenceType.PRODUCT).toString().contains("Autofac"));
82                          assertTrue(result.getEvidence(EvidenceType.VERSION).toString().contains("4.6.2"));
83                          break;
84  
85                      case "Microsoft.AspNet.WebApi.Core":
86                          foundCount++;
87                          assertTrue(result.getEvidence(EvidenceType.PRODUCT).toString().contains("Microsoft.AspNet.WebApi.Core"));
88                          assertTrue(result.getEvidence(EvidenceType.VERSION).toString().contains("5.2.4"));
89                          break;
90  
91                      case "Microsoft.Owin":
92                          foundCount++;
93                          assertTrue(result.getEvidence(EvidenceType.PRODUCT).toString().contains("Microsoft.Owin"));
94                          assertTrue(result.getEvidence(EvidenceType.VERSION).toString().contains("3.1.0"));
95                          break;
96  
97                      case "Newtonsoft.Json":
98                          foundCount++;
99                          assertTrue(result.getEvidence(EvidenceType.PRODUCT).toString().contains("Newtonsoft.Json"));
100                         assertTrue(result.getEvidence(EvidenceType.VERSION).toString().contains("10.0.3"));
101                         break;
102                     
103                     default :
104                         break;
105                     }
106                 }
107             assertEquals("4 dependencies should be found", 4, foundCount);
108         }
109     }
110 }