Examples of org.owasp.dependencycheck.dependency.Dependency

• org.owasp.dependencycheck.dependency.Dependency
  A program dependency. This object is one of the core components within DependencyCheck. It is used to collect information about the dependency in the form of evidence. The Evidence is then used to determine if there are any known, published, vulnerabilities associated with the program dependency. @author Jeremy Long

        ArchiveAnalyzer instance = new ArchiveAnalyzer();
        try {
            instance.initialize();

            File file = new File(this.getClass().getClassLoader().getResource("test.zip").getPath());
            Dependency dependency = new Dependency(file);
            Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, false);
            Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, false);
            Engine engine = new Engine();
            int initial_size = engine.getDependencies().size();
//            boolean failed = false;

     * Test of process method, of class SuppressionRule.
     */
    @Test
    public void testProcessGAV() {
        File spring = new File(this.getClass().getClassLoader().getResource("spring-security-web-3.0.0.RELEASE.jar").getPath());
        Dependency dependency = new Dependency(spring);
        dependency.addIdentifier("cpe", "cpe:/a:vmware:springsource_spring_framework:3.0.0", "some url not needed for this test");
        dependency.addIdentifier("cpe", "cpe:/a:springsource:spring_framework:3.0.0", "some url not needed for this test");
        dependency.addIdentifier("cpe", "cpe:/a:mod_security:mod_security:3.0.0", "some url not needed for this test");
        dependency.addIdentifier("cpe", "cpe:/a:vmware:springsource_spring_security:3.0.0", "some url not needed for this test");
        dependency.addIdentifier("maven", "org.springframework.security:spring-security-web:3.0.0.RELEASE", "some url not needed for this test");

        //cpe
        SuppressionRule instance = new SuppressionRule();
        PropertyType pt = new PropertyType();

        pt.setValue("org\\.springframework\\.security:spring.*");
        pt.setRegex(true);
        pt.setCaseSensitive(false);
        instance.setGav(pt);

        pt = new PropertyType();
        pt.setValue("cpe:/a:mod_security:mod_security");
        instance.addCpe(pt);
        pt = new PropertyType();
        pt.setValue("cpe:/a:springsource:spring_framework");
        instance.addCpe(pt);
        pt = new PropertyType();
        pt.setValue("cpe:/a:vmware:springsource_spring_framework");
        instance.addCpe(pt);

        instance.process(dependency);
        assertEquals(2, dependency.getIdentifiers().size());

    }

        Engine engine = new Engine();

        engine.scan(guice);
        engine.scan(spring);
        engine.analyzeDependencies();
        Dependency gdep = null;
        Dependency sdep = null;
        for (Dependency d : engine.getDependencies()) {
            if (d.getActualFile().equals(guice)) {
                gdep = d;
            } else if (d.getActualFile().equals(spring)) {
                sdep = d;
            }
        }
        final Evidence springTest1 = new Evidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH);
        final Evidence springTest2 = new Evidence("hint analyzer", "vendor", "SpringSource", Confidence.HIGH);
        final Evidence springTest3 = new Evidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
        final Evidence springTest4 = new Evidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH);
        final Evidence springTest5 = new Evidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);

        Set<Evidence> evidence = gdep.getEvidence().getEvidence();
        assertFalse(evidence.contains(springTest1));
        assertFalse(evidence.contains(springTest2));
        assertFalse(evidence.contains(springTest3));
        assertFalse(evidence.contains(springTest4));
        assertFalse(evidence.contains(springTest5));

        evidence = sdep.getEvidence().getEvidence();
        assertTrue(evidence.contains(springTest1));
        assertTrue(evidence.contains(springTest2));
        assertTrue(evidence.contains(springTest3));
        //assertTrue(evidence.contains(springTest4));
        //assertTrue(evidence.contains(springTest5));

            analyzed = true;
            final Set<Dependency> dependenciesToRemove = new HashSet<Dependency>();
            final ListIterator<Dependency> mainIterator = engine.getDependencies().listIterator();
            //for (Dependency nextDependency : engine.getDependencies()) {
            while (mainIterator.hasNext()) {
                final Dependency dependency = mainIterator.next();
                if (mainIterator.hasNext()) {
                    final ListIterator<Dependency> subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex());
                    while (subIterator.hasNext()) {
                        final Dependency nextDependency = subIterator.next();
                        if (hashesMatch(dependency, nextDependency)) {
                            if (firstPathIsShortest(dependency.getFilePath(), nextDependency.getFilePath())) {
                                mergeDependencies(dependency, nextDependency, dependenciesToRemove);
                            } else {
                                mergeDependencies(nextDependency, dependency, dependenciesToRemove);
                            }
                        } else if (isShadedJar(dependency, nextDependency)) {

                || "dll".equals(dependency.getFileExtension())
                || "exe".equals(dependency.getFileExtension())) {
            String parentPath = dependency.getFilePath().toLowerCase();
            if (parentPath.contains(".jar")) {
                parentPath = parentPath.substring(0, parentPath.indexOf(".jar") + 4);
                final Dependency parent = findDependency(parentPath, engine.getDependencies());
                if (parent != null) {
                    boolean remove = false;
                    for (Identifier i : dependency.getIdentifiers()) {
                        if ("cpe".equals(i.getType())) {
                            final String trimmedCPE = trimCpeToVendor(i.getValue());
                            for (Identifier parentId : parent.getIdentifiers()) {
                                if ("cpe".equals(parentId.getType()) && parentId.getValue().startsWith(trimmedCPE)) {
                                    remove |= true;
                                }
                            }
                        }