package org.owasp.dependencycheck.analyzer;

import java.io.File;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.owasp.dependencycheck.BaseDBTestCase;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.update.RetireJSDataSource;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.dependency.Vulnerability;

/* loaded from: input_file:org/owasp/dependencycheck/analyzer/RetireJsAnalyzerIT.class */
public class RetireJsAnalyzerIT extends BaseDBTestCase {
    private RetireJsAnalyzer analyzer;
    private Engine engine;

    @Override // org.owasp.dependencycheck.BaseDBTestCase, org.owasp.dependencycheck.BaseTest
    @Before
    public void setUp() throws Exception {
        super.setUp();
        this.engine = new Engine(getSettings());
        this.engine.openDatabase(true, true);
        new RetireJSDataSource().update(this.engine);
        this.analyzer = new RetireJsAnalyzer();
        this.analyzer.setFilesMatched(true);
        this.analyzer.initialize(getSettings());
        this.analyzer.prepare(this.engine);
    }

    @Override // org.owasp.dependencycheck.BaseTest
    @After
    public void tearDown() throws Exception {
        this.analyzer.close();
        this.engine.close();
        super.tearDown();
    }

    @Test
    public void testGetName() {
        MatcherAssert.assertThat(this.analyzer.getName(), CoreMatchers.is("RetireJS Analyzer"));
    }

    @Test
    public void testAcceptSupportedExtensions() throws Exception {
        this.analyzer.setEnabled(true);
        for (String str : new String[]{"test.js", "test.min.js"}) {
            Assert.assertTrue(str, this.analyzer.accept(new File(str)));
        }
    }

    @Test
    public void testGetAnalysisPhase() {
        Assert.assertEquals(AnalysisPhase.FINDING_ANALYSIS, this.analyzer.getAnalysisPhase());
    }

    @Test
    public void testGetAnalyzerEnabledSettingKey() {
        Assert.assertEquals("analyzer.retirejs.enabled", this.analyzer.getAnalyzerEnabledSettingKey());
    }

    @Test
    public void testJquery() throws Exception {
        Dependency dependency = new Dependency(BaseTest.getResourceAsFile(this, "javascript/jquery-1.6.2.js"));
        this.analyzer.analyze(dependency, this.engine);
        Assert.assertEquals("jquery", dependency.getName());
        Assert.assertEquals("1.6.2", dependency.getVersion());
        Assert.assertEquals(1L, dependency.getEvidence(EvidenceType.PRODUCT).size());
        Evidence evidence = (Evidence) dependency.getEvidence(EvidenceType.PRODUCT).iterator().next();
        Assert.assertEquals("name", evidence.getName());
        Assert.assertEquals("jquery", evidence.getValue());
        Assert.assertEquals(1L, dependency.getEvidence(EvidenceType.VERSION).size());
        Evidence evidence2 = (Evidence) dependency.getEvidence(EvidenceType.VERSION).iterator().next();
        Assert.assertEquals("version", evidence2.getName());
        Assert.assertEquals("1.6.2", evidence2.getValue());
        Assert.assertTrue(dependency.getVulnerabilities().size() >= 3);
        Assert.assertTrue(dependency.getVulnerabilities().contains(new Vulnerability("CVE-2015-9251")));
        Assert.assertTrue(dependency.getVulnerabilities().contains(new Vulnerability("CVE-2011-4969")));
        Assert.assertTrue(dependency.getVulnerabilities().contains(new Vulnerability("CVE-2012-6708")));
    }

    @Test
    public void testAngular() throws Exception {
        Dependency dependency = new Dependency(BaseTest.getResourceAsFile(this, "javascript/angular.safe.js"));
        this.analyzer.analyze(dependency, this.engine);
        Assert.assertEquals("angularjs", dependency.getName());
        Assert.assertEquals("1.2.27", dependency.getVersion());
        Assert.assertEquals(1L, dependency.getEvidence(EvidenceType.PRODUCT).size());
        Evidence evidence = (Evidence) dependency.getEvidence(EvidenceType.PRODUCT).iterator().next();
        Assert.assertEquals("name", evidence.getName());
        Assert.assertEquals("angularjs", evidence.getValue());
        Assert.assertEquals(1L, dependency.getEvidence(EvidenceType.VERSION).size());
        Evidence evidence2 = (Evidence) dependency.getEvidence(EvidenceType.VERSION).iterator().next();
        Assert.assertEquals("version", evidence2.getName());
        Assert.assertEquals("1.2.27", evidence2.getValue());
        Assert.assertEquals(5L, dependency.getVulnerabilities().size());
        Assert.assertTrue(dependency.getVulnerabilities().contains(new Vulnerability("Universal CSP bypass via add-on in Firefox")));
        Assert.assertTrue(dependency.getVulnerabilities().contains(new Vulnerability("XSS in $sanitize in Safari/Firefox")));
        Assert.assertTrue(dependency.getVulnerabilities().contains(new Vulnerability("DOS in $sanitize")));
        Assert.assertTrue(dependency.getVulnerabilities().contains(new Vulnerability("The attribute usemap can be used as a security exploit")));
    }

    @Test
    public void testEmber() throws Exception {
        Dependency dependency = new Dependency(BaseTest.getResourceAsFile(this, "javascript/ember.js"));
        this.analyzer.analyze(dependency, this.engine);
        Assert.assertEquals("ember", dependency.getName());
        Assert.assertEquals("1.3.0", dependency.getVersion());
        Assert.assertEquals(1L, dependency.getEvidence(EvidenceType.PRODUCT).size());
        Evidence evidence = (Evidence) dependency.getEvidence(EvidenceType.PRODUCT).iterator().next();
        Assert.assertEquals("name", evidence.getName());
        Assert.assertEquals("ember", evidence.getValue());
        Assert.assertEquals(1L, dependency.getEvidence(EvidenceType.VERSION).size());
        Evidence evidence2 = (Evidence) dependency.getEvidence(EvidenceType.VERSION).iterator().next();
        Assert.assertEquals("version", evidence2.getName());
        Assert.assertEquals("1.3.0", evidence2.getValue());
        Assert.assertEquals(3L, dependency.getVulnerabilities().size());
        Assert.assertTrue(dependency.getVulnerabilities().contains(new Vulnerability("CVE-2014-0013")));
        Assert.assertTrue(dependency.getVulnerabilities().contains(new Vulnerability("CVE-2014-0014")));
        Assert.assertTrue(dependency.getVulnerabilities().contains(new Vulnerability("CVE-2014-0046")));
    }
}
