1 /* 2 * This file is part of dependency-check-core. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 * 16 * Copyright (c) 2017 Jeremy Long. All Rights Reserved. 17 */ 18 package org.owasp.dependencycheck.analyzer; 19 20 import mockit.Expectations; 21 import mockit.Mock; 22 import mockit.MockUp; 23 import mockit.Mocked; 24 import org.junit.BeforeClass; 25 import org.junit.Test; 26 import org.owasp.dependencycheck.analyzer.exception.AnalysisException; 27 import org.owasp.dependencycheck.data.central.CentralSearch; 28 import org.owasp.dependencycheck.data.nexus.MavenArtifact; 29 import org.owasp.dependencycheck.dependency.Dependency; 30 31 import java.io.FileNotFoundException; 32 import java.io.IOException; 33 import java.util.Collections; 34 import java.util.List; 35 36 import static org.junit.Assert.assertEquals; 37 38 /** 39 * Tests for the CentralAnalyzer. 40 */ 41 public class CentralAnalyzerTest { 42 43 private static final String SHA1_SUM = "my-sha1-sum"; 44 45 @BeforeClass beforeClass()46 public static void beforeClass() { 47 doNotSleepBetweenRetries(); 48 } 49 50 @Test 51 @SuppressWarnings("PMD.NonStaticInitializer") testFetchMavenArtifactsWithoutException(@ocked final CentralSearch centralSearch, @Mocked final Dependency dependency)52 public void testFetchMavenArtifactsWithoutException(@Mocked final CentralSearch centralSearch, 53 @Mocked final Dependency dependency) 54 throws IOException { 55 56 CentralAnalyzer instance = new CentralAnalyzer(); 57 instance.setCentralSearch(centralSearch); 58 specifySha1SumFor(dependency); 59 60 final List<MavenArtifact> expectedMavenArtifacts = Collections.emptyList(); 61 new Expectations() { 62 { 63 centralSearch.searchSha1(SHA1_SUM); 64 returns(expectedMavenArtifacts, expectedMavenArtifacts); 65 } 66 }; 67 68 final List<MavenArtifact> actualMavenArtifacts = instance.fetchMavenArtifacts(dependency); 69 70 assertEquals(expectedMavenArtifacts, actualMavenArtifacts); 71 } 72 73 @Test 74 @SuppressWarnings("PMD.NonStaticInitializer") testFetchMavenArtifactsWithSporadicIOException(@ocked final CentralSearch centralSearch, @Mocked final Dependency dependency)75 public void testFetchMavenArtifactsWithSporadicIOException(@Mocked final CentralSearch centralSearch, 76 @Mocked final Dependency dependency) 77 throws IOException { 78 79 CentralAnalyzer instance = new CentralAnalyzer(); 80 instance.setCentralSearch(centralSearch); 81 specifySha1SumFor(dependency); 82 83 final List<MavenArtifact> expectedMavenArtifacts = Collections.emptyList(); 84 new Expectations() { 85 { 86 centralSearch.searchSha1(SHA1_SUM); 87 //result = new IOException("Could not connect to MavenCentral (500): Internal Server Error"); 88 result = expectedMavenArtifacts; 89 } 90 }; 91 92 final List<MavenArtifact> actualMavenArtifacts = instance.fetchMavenArtifacts(dependency); 93 94 assertEquals(expectedMavenArtifacts, actualMavenArtifacts); 95 } 96 97 @Test(expected = FileNotFoundException.class) 98 @SuppressWarnings("PMD.NonStaticInitializer") testFetchMavenArtifactsRethrowsFileNotFoundException(@ocked final CentralSearch centralSearch, @Mocked final Dependency dependency)99 public void testFetchMavenArtifactsRethrowsFileNotFoundException(@Mocked final CentralSearch centralSearch, 100 @Mocked final Dependency dependency) 101 throws IOException { 102 103 CentralAnalyzer instance = new CentralAnalyzer(); 104 instance.setCentralSearch(centralSearch); 105 specifySha1SumFor(dependency); 106 107 new Expectations() { 108 { 109 centralSearch.searchSha1(SHA1_SUM); 110 result = new FileNotFoundException("Artifact not found in Central"); 111 } 112 }; 113 114 instance.fetchMavenArtifacts(dependency); 115 } 116 117 @Test(expected = IOException.class) 118 @SuppressWarnings("PMD.NonStaticInitializer") testFetchMavenArtifactsAlwaysThrowsIOException(@ocked final CentralSearch centralSearch, @Mocked final Dependency dependency)119 public void testFetchMavenArtifactsAlwaysThrowsIOException(@Mocked final CentralSearch centralSearch, 120 @Mocked final Dependency dependency) 121 throws IOException { 122 123 CentralAnalyzer instance = new CentralAnalyzer(); 124 instance.setCentralSearch(centralSearch); 125 specifySha1SumFor(dependency); 126 127 new Expectations() { 128 { 129 centralSearch.searchSha1(SHA1_SUM); 130 result = new IOException("no internet connection"); 131 } 132 }; 133 134 instance.fetchMavenArtifacts(dependency); 135 } 136 137 @Test(expected = AnalysisException.class) 138 @SuppressWarnings("PMD.NonStaticInitializer") testFetchMavenArtifactsAlwaysThrowsIOExceptionLetsTheAnalysisFail( @ocked final CentralSearch centralSearch, @Mocked final Dependency dependency)139 public void testFetchMavenArtifactsAlwaysThrowsIOExceptionLetsTheAnalysisFail( 140 @Mocked final CentralSearch centralSearch, @Mocked final Dependency dependency) 141 throws AnalysisException, IOException { 142 143 CentralAnalyzer instance = new CentralAnalyzer(); 144 instance.setCentralSearch(centralSearch); 145 specifySha1SumFor(dependency); 146 147 new Expectations() { 148 { 149 centralSearch.searchSha1(SHA1_SUM); 150 result = new IOException("no internet connection"); 151 } 152 }; 153 154 instance.analyze(dependency, null); 155 } 156 157 /** 158 * We do not want to waste time in unit tests. 159 */ doNotSleepBetweenRetries()160 private static void doNotSleepBetweenRetries() { 161 new MockUp<Thread>() { 162 @Mock 163 void sleep(long millis) { 164 // do not sleep 165 } 166 }; 167 } 168 169 /** 170 * Specifies the mock dependency's SHA1 sum. 171 * 172 * @param dependency then dependency 173 */ 174 @SuppressWarnings("PMD.NonStaticInitializer") specifySha1SumFor(final Dependency dependency)175 private void specifySha1SumFor(final Dependency dependency) { 176 new Expectations() { 177 { 178 dependency.getSha1sum(); 179 returns(SHA1_SUM, SHA1_SUM); 180 } 181 }; 182 } 183 } 184