github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/analyzer/language/java/jar/jar_test.go (about) 1 package jar 2 3 import ( 4 "context" 5 "os" 6 "path/filepath" 7 "testing" 8 9 "github.com/stretchr/testify/assert" 10 11 "github.com/devseccon/trivy/pkg/fanal/analyzer" 12 "github.com/devseccon/trivy/pkg/fanal/types" 13 "github.com/devseccon/trivy/pkg/javadb" 14 "github.com/devseccon/trivy/pkg/mapfs" 15 16 _ "modernc.org/sqlite" 17 ) 18 19 const ( 20 defaultJavaDBRepository = "ghcr.io/aquasecurity/trivy-java-db" 21 ) 22 23 func Test_javaLibraryAnalyzer_Analyze(t *testing.T) { 24 tests := []struct { 25 name string 26 inputFile string 27 includeChecksum bool 28 want *analyzer.AnalysisResult 29 }{ 30 { 31 name: "happy path (WAR file)", 32 inputFile: "testdata/test.war", 33 want: &analyzer.AnalysisResult{ 34 Applications: []types.Application{ 35 { 36 Type: types.Jar, 37 FilePath: "testdata/test.war", 38 Libraries: types.Packages{ 39 { 40 Name: "org.glassfish:javax.el", 41 FilePath: "testdata/test.war/WEB-INF/lib/javax.el-3.0.0.jar", 42 Version: "3.0.0", 43 }, 44 { 45 Name: "com.fasterxml.jackson.core:jackson-databind", 46 FilePath: "testdata/test.war/WEB-INF/lib/jackson-databind-2.9.10.6.jar", 47 Version: "2.9.10.6", 48 }, 49 { 50 Name: "com.fasterxml.jackson.core:jackson-annotations", 51 FilePath: "testdata/test.war/WEB-INF/lib/jackson-annotations-2.9.10.jar", 52 Version: "2.9.10", 53 }, 54 { 55 Name: "com.fasterxml.jackson.core:jackson-core", 56 FilePath: "testdata/test.war/WEB-INF/lib/jackson-core-2.9.10.jar", 57 Version: "2.9.10", 58 }, 59 { 60 Name: "org.slf4j:slf4j-api", 61 FilePath: "testdata/test.war/WEB-INF/lib/slf4j-api-1.7.30.jar", 62 Version: "1.7.30", 63 }, 64 { 65 Name: "com.cronutils:cron-utils", 66 FilePath: "testdata/test.war/WEB-INF/lib/cron-utils-9.1.2.jar", 67 Version: "9.1.2", 68 }, 69 { 70 Name: "org.apache.commons:commons-lang3", 71 FilePath: "testdata/test.war/WEB-INF/lib/commons-lang3-3.11.jar", 72 Version: "3.11", 73 }, 74 { 75 Name: "com.example:web-app", 76 FilePath: "testdata/test.war", 77 Version: "1.0-SNAPSHOT", 78 }, 79 }, 80 }, 81 }, 82 }, 83 }, 84 { 85 name: "happy path (PAR file)", 86 inputFile: "testdata/test.par", 87 includeChecksum: true, 88 want: &analyzer.AnalysisResult{ 89 Applications: []types.Application{ 90 { 91 Type: types.Jar, 92 FilePath: "testdata/test.par", 93 Libraries: types.Packages{ 94 { 95 Name: "com.fasterxml.jackson.core:jackson-core", 96 FilePath: "testdata/test.par/lib/jackson-core-2.9.10.jar", 97 Version: "2.9.10", 98 Digest: "sha1:d40913470259cfba6dcc90f96bcaa9bcff1b72e0", 99 }, 100 }, 101 }, 102 }, 103 }, 104 }, 105 { 106 name: "happy path (package found in trivy-java-db by sha1)", 107 inputFile: "testdata/test.jar", 108 want: &analyzer.AnalysisResult{ 109 Applications: []types.Application{ 110 { 111 Type: types.Jar, 112 FilePath: "testdata/test.jar", 113 Libraries: types.Packages{ 114 { 115 Name: "org.apache.tomcat.embed:tomcat-embed-websocket", 116 FilePath: "testdata/test.jar", 117 Version: "9.0.65", 118 }, 119 }, 120 }, 121 }, 122 }, 123 }, 124 { 125 name: "sad path", 126 inputFile: "testdata/test.txt", 127 want: &analyzer.AnalysisResult{}, 128 }, 129 } 130 for _, tt := range tests { 131 t.Run(tt.name, func(t *testing.T) { 132 // init java-trivy-db with skip update 133 javadb.Init("testdata", defaultJavaDBRepository, true, false, types.RegistryOptions{Insecure: false}) 134 135 a := javaLibraryAnalyzer{} 136 ctx := context.Background() 137 138 mfs := mapfs.New() 139 err := mfs.MkdirAll(filepath.Dir(tt.inputFile), os.ModePerm) 140 assert.NoError(t, err) 141 err = mfs.WriteFile(tt.inputFile, tt.inputFile) 142 assert.NoError(t, err) 143 144 got, err := a.PostAnalyze(ctx, analyzer.PostAnalysisInput{ 145 FS: mfs, 146 Options: analyzer.AnalysisOptions{FileChecksum: tt.includeChecksum}, 147 }) 148 149 assert.NoError(t, err) 150 assert.Equal(t, tt.want, got) 151 }) 152 } 153 } 154 155 func Test_javaLibraryAnalyzer_Required(t *testing.T) { 156 tests := []struct { 157 name string 158 filePath string 159 want bool 160 }{ 161 { 162 name: "war", 163 filePath: "test/test.war", 164 want: true, 165 }, 166 { 167 name: "jar", 168 filePath: "test.jar", 169 want: true, 170 }, 171 { 172 name: "ear", 173 filePath: "a/b/c/d/test.ear", 174 want: true, 175 }, 176 { 177 name: "capital jar", 178 filePath: "a/b/c/d/test.JAR", 179 want: true, 180 }, 181 { 182 name: "zip", 183 filePath: "test.zip", 184 want: false, 185 }, 186 } 187 for _, tt := range tests { 188 t.Run(tt.name, func(t *testing.T) { 189 a := javaLibraryAnalyzer{} 190 got := a.Required(tt.filePath, nil) 191 assert.Equal(t, tt.want, got) 192 }) 193 } 194 }