View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2015 Institute for Defense Analyses. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import org.junit.jupiter.api.AfterEach;
21  import org.junit.jupiter.api.BeforeEach;
22  import org.junit.jupiter.api.Test;
23  import org.owasp.dependencycheck.BaseTest;
24  import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
25  import org.owasp.dependencycheck.dependency.Confidence;
26  import org.owasp.dependencycheck.dependency.Dependency;
27  import org.owasp.dependencycheck.dependency.Evidence;
28  import org.owasp.dependencycheck.dependency.EvidenceType;
29  
30  import java.io.File;
31  
32  import static org.junit.jupiter.api.Assertions.assertEquals;
33  import static org.junit.jupiter.api.Assertions.assertTrue;
34  
35  /**
36   * Unit tests for AutoconfAnalyzer. The test resources under autoconf/ were
37   * obtained from outside open source software projects. Links to those projects
38   * are given below.
39   *
40   * @author Dale Visser
41   * @see <a href="http://readable.sourceforge.net/">Readable Lisp S-expressions
42   * Project</a>
43   * @see <a href="https://gnu.org/software/binutils/">GNU Binutils</a>
44   * @see <a href="https://gnu.org/software/ghostscript/">GNU Ghostscript</a>
45   */
46  class AutoconfAnalyzerTest extends BaseTest {
47  
48      /**
49       * The analyzer to test.
50       */
51      private AutoconfAnalyzer analyzer;
52  
53      /**
54       * Correctly setup the analyzer for testing.
55       *
56       * @throws Exception thrown if there is a problem
57       */
58      @BeforeEach
59      @Override
60      public void setUp() throws Exception {
61          super.setUp();
62          analyzer = new AutoconfAnalyzer();
63          analyzer.initialize(getSettings());
64          analyzer.setFilesMatched(true);
65          analyzer.prepare(null);
66      }
67  
68      /**
69       * Cleanup the analyzer's temp files, etc.
70       *
71       * @throws Exception thrown if there is a problem
72       */
73      @AfterEach
74      @Override
75      public void tearDown() throws Exception {
76          analyzer.close();
77          analyzer = null;
78          super.tearDown();
79      }
80  
81      /**
82       * Test whether expected evidence is gathered from Ghostscript's configure.
83       *
84       * @throws AnalysisException is thrown when an exception occurs.
85       */
86      @Test
87      void testAnalyzeConfigureAC1() throws AnalysisException {
88          final Dependency result = new Dependency(BaseTest.getResourceAsFile(
89                  this, "autoconf/ghostscript/configure.ac"));
90          analyzer.analyze(result, null);
91          //TODO fix these
92          assertTrue(result.contains(EvidenceType.VENDOR, new Evidence("configure.ac", "Bug report address", "gnu-ghostscript-bug@gnu.org", Confidence.HIGH)));
93          assertTrue(result.contains(EvidenceType.PRODUCT, new Evidence("configure.ac", "Package", "gnu-ghostscript", Confidence.HIGHEST)));
94          assertTrue(result.contains(EvidenceType.VERSION, new Evidence("configure.ac", "Package Version", "8.62.0", Confidence.HIGHEST)));
95      }
96  
97      /**
98       * Test whether expected evidence is gathered from Readable's configure.ac.
99       *
100      * @throws AnalysisException is thrown when an exception occurs.
101      */
102     @Test
103     void testAnalyzeConfigureAC2() throws AnalysisException {
104         final Dependency result = new Dependency(BaseTest.getResourceAsFile(
105                 this, "autoconf/readable-code/configure.ac"));
106         analyzer.analyze(result, null);
107 
108         assertTrue(result.contains(EvidenceType.VENDOR, new Evidence("configure.ac", "Bug report address", "dwheeler@dwheeler.com", Confidence.HIGH)));
109         assertTrue(result.contains(EvidenceType.PRODUCT, new Evidence("configure.ac", "Package", "readable", Confidence.HIGHEST)));
110         assertTrue(result.contains(EvidenceType.VERSION, new Evidence("configure.ac", "Package Version", "1.0.7", Confidence.HIGHEST)));
111         assertTrue(result.contains(EvidenceType.VENDOR, new Evidence("configure.ac", "URL", "http://readable.sourceforge.net/", Confidence.HIGH)));
112     }
113 
114     /**
115      * Test whether expected evidence is gathered from GNU Binutil's configure.
116      *
117      * @throws AnalysisException is thrown when an exception occurs.
118      */
119     @Test
120     void testAnalyzeConfigureScript() throws AnalysisException {
121         final Dependency result = new Dependency(BaseTest.getResourceAsFile(
122                 this, "autoconf/binutils/configure"));
123         analyzer.analyze(result, null);
124 
125         assertTrue(result.contains(EvidenceType.PRODUCT, new Evidence("configure", "NAME", "binutils", Confidence.HIGHEST)));
126         assertTrue(result.contains(EvidenceType.VERSION, new Evidence("configure", "VERSION", "2.25.51", Confidence.HIGHEST)));
127     }
128 
129     /**
130      * Test whether expected evidence is gathered from GNU Ghostscript's
131      * configure.
132      *
133      * @throws AnalysisException is thrown when an exception occurs.
134      */
135     @Test
136     void testAnalyzeReadableConfigureScript() throws AnalysisException {
137         final Dependency result = new Dependency(BaseTest.getResourceAsFile(
138                 this, "autoconf/readable-code/configure"));
139         analyzer.analyze(result, null);
140 
141         assertTrue(result.contains(EvidenceType.VENDOR, new Evidence("configure", "BUGREPORT", "dwheeler@dwheeler.com", Confidence.HIGH)));
142         assertTrue(result.contains(EvidenceType.PRODUCT, new Evidence("configure", "NAME", "readable", Confidence.HIGHEST)));
143         assertTrue(result.contains(EvidenceType.VERSION, new Evidence("configure", "VERSION", "1.0.7", Confidence.HIGHEST)));
144         assertTrue(result.contains(EvidenceType.VENDOR, new Evidence("configure", "URL", "http://readable.sourceforge.net/", Confidence.HIGH)));
145     }
146 
147     /**
148      * Test of getName method, of {@link AutoconfAnalyzer}.
149      */
150     @Test
151     void testGetName() {
152         assertEquals("Autoconf Analyzer",
153                 analyzer.getName(),
154                 "Analyzer name wrong.");
155     }
156 
157     /**
158      * Test of {@link AutoconfAnalyzer#accept(File)}.
159      */
160     @Test
161     void testSupportsFileExtension() {
162         assertTrue(analyzer.accept(new File("configure.ac")),
163                 "Should support \"ac\" extension.");
164         assertTrue(analyzer.accept(new File("configure.in")),
165                 "Should support \"in\" extension.");
166         assertTrue(analyzer.accept(new File("configure")),
167                 "Should support \"configure\" extension.");
168     }
169 }