1 /*
2  * This file is part of dependency-check-core.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  *
16  * Copyright (c) 2017 Jeremy Long. All Rights Reserved.
17  */
18 package org.owasp.dependencycheck.analyzer;
19 
20 import mockit.Expectations;
21 import mockit.Mock;
22 import mockit.MockUp;
23 import mockit.Mocked;
24 import org.junit.BeforeClass;
25 import org.junit.Test;
26 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
27 import org.owasp.dependencycheck.data.central.CentralSearch;
28 import org.owasp.dependencycheck.data.nexus.MavenArtifact;
29 import org.owasp.dependencycheck.dependency.Dependency;
30 
31 import java.io.FileNotFoundException;
32 import java.io.IOException;
33 import java.util.Collections;
34 import java.util.List;
35 
36 import static org.junit.Assert.assertEquals;
37 
38 /**
39  * Tests for the CentralAnalyzer.
40  */
41 public class CentralAnalyzerTest {
42 
43     private static final String SHA1_SUM = "my-sha1-sum";
44 
45     @BeforeClass
beforeClass()46     public static void beforeClass() {
47         doNotSleepBetweenRetries();
48     }
49 
50     @Test
51     @SuppressWarnings("PMD.NonStaticInitializer")
testFetchMavenArtifactsWithoutException(@ocked final CentralSearch centralSearch, @Mocked final Dependency dependency)52     public void testFetchMavenArtifactsWithoutException(@Mocked final CentralSearch centralSearch,
53             @Mocked final Dependency dependency)
54             throws IOException {
55 
56         CentralAnalyzer instance = new CentralAnalyzer();
57         instance.setCentralSearch(centralSearch);
58         specifySha1SumFor(dependency);
59 
60         final List<MavenArtifact> expectedMavenArtifacts = Collections.emptyList();
61         new Expectations() {
62             {
63                 centralSearch.searchSha1(SHA1_SUM);
64                 returns(expectedMavenArtifacts, expectedMavenArtifacts);
65             }
66         };
67 
68         final List<MavenArtifact> actualMavenArtifacts = instance.fetchMavenArtifacts(dependency);
69 
70         assertEquals(expectedMavenArtifacts, actualMavenArtifacts);
71     }
72 
73     @Test
74     @SuppressWarnings("PMD.NonStaticInitializer")
testFetchMavenArtifactsWithSporadicIOException(@ocked final CentralSearch centralSearch, @Mocked final Dependency dependency)75     public void testFetchMavenArtifactsWithSporadicIOException(@Mocked final CentralSearch centralSearch,
76             @Mocked final Dependency dependency)
77             throws IOException {
78 
79         CentralAnalyzer instance = new CentralAnalyzer();
80         instance.setCentralSearch(centralSearch);
81         specifySha1SumFor(dependency);
82 
83         final List<MavenArtifact> expectedMavenArtifacts = Collections.emptyList();
84         new Expectations() {
85             {
86                 centralSearch.searchSha1(SHA1_SUM);
87                 //result = new IOException("Could not connect to MavenCentral (500): Internal Server Error");
88                 result = expectedMavenArtifacts;
89             }
90         };
91 
92         final List<MavenArtifact> actualMavenArtifacts = instance.fetchMavenArtifacts(dependency);
93 
94         assertEquals(expectedMavenArtifacts, actualMavenArtifacts);
95     }
96 
97     @Test(expected = FileNotFoundException.class)
98     @SuppressWarnings("PMD.NonStaticInitializer")
testFetchMavenArtifactsRethrowsFileNotFoundException(@ocked final CentralSearch centralSearch, @Mocked final Dependency dependency)99     public void testFetchMavenArtifactsRethrowsFileNotFoundException(@Mocked final CentralSearch centralSearch,
100             @Mocked final Dependency dependency)
101             throws IOException {
102 
103         CentralAnalyzer instance = new CentralAnalyzer();
104         instance.setCentralSearch(centralSearch);
105         specifySha1SumFor(dependency);
106 
107         new Expectations() {
108             {
109                 centralSearch.searchSha1(SHA1_SUM);
110                 result = new FileNotFoundException("Artifact not found in Central");
111             }
112         };
113 
114         instance.fetchMavenArtifacts(dependency);
115     }
116 
117     @Test(expected = IOException.class)
118     @SuppressWarnings("PMD.NonStaticInitializer")
testFetchMavenArtifactsAlwaysThrowsIOException(@ocked final CentralSearch centralSearch, @Mocked final Dependency dependency)119     public void testFetchMavenArtifactsAlwaysThrowsIOException(@Mocked final CentralSearch centralSearch,
120             @Mocked final Dependency dependency)
121             throws IOException {
122 
123         CentralAnalyzer instance = new CentralAnalyzer();
124         instance.setCentralSearch(centralSearch);
125         specifySha1SumFor(dependency);
126 
127         new Expectations() {
128             {
129                 centralSearch.searchSha1(SHA1_SUM);
130                 result = new IOException("no internet connection");
131             }
132         };
133 
134         instance.fetchMavenArtifacts(dependency);
135     }
136 
137     @Test(expected = AnalysisException.class)
138     @SuppressWarnings("PMD.NonStaticInitializer")
testFetchMavenArtifactsAlwaysThrowsIOExceptionLetsTheAnalysisFail( @ocked final CentralSearch centralSearch, @Mocked final Dependency dependency)139     public void testFetchMavenArtifactsAlwaysThrowsIOExceptionLetsTheAnalysisFail(
140             @Mocked final CentralSearch centralSearch, @Mocked final Dependency dependency)
141             throws AnalysisException, IOException {
142 
143         CentralAnalyzer instance = new CentralAnalyzer();
144         instance.setCentralSearch(centralSearch);
145         specifySha1SumFor(dependency);
146 
147         new Expectations() {
148             {
149                 centralSearch.searchSha1(SHA1_SUM);
150                 result = new IOException("no internet connection");
151             }
152         };
153 
154         instance.analyze(dependency, null);
155     }
156 
157     /**
158      * We do not want to waste time in unit tests.
159      */
doNotSleepBetweenRetries()160     private static void doNotSleepBetweenRetries() {
161         new MockUp<Thread>() {
162             @Mock
163             void sleep(long millis) {
164                 // do not sleep
165             }
166         };
167     }
168 
169     /**
170      * Specifies the mock dependency's SHA1 sum.
171      *
172      * @param dependency then dependency
173      */
174     @SuppressWarnings("PMD.NonStaticInitializer")
specifySha1SumFor(final Dependency dependency)175     private void specifySha1SumFor(final Dependency dependency) {
176         new Expectations() {
177             {
178                 dependency.getSha1sum();
179                 returns(SHA1_SUM, SHA1_SUM);
180             }
181         };
182     }
183 }
184