Fix MenuUpdaterTest to not break on Windows. Move Categories static initializer into that class.

Tweak expected results parser to allow for white space between entries in CSV file.

Author: davewichers

.mvn/jvm.config

@@ -0,0 +1,2 @@
+--add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED
+

library/src/main/java/org/owasp/benchmarkutils/helpers/Categories.java

@@ -46,6 +46,20 @@ public class Categories {
 
     private static Categories _instance; // The Singleton instance of this class
 
+    // Statically load the categories definitions from the config file to instantiate the Category
+    // singleton
+    static {
+        try {
+            InputStream categoriesFileStream =
+                    Categories.class.getClassLoader().getResourceAsStream(Categories.FILENAME);
+            new Categories(categoriesFileStream);
+        } catch (ParserConfigurationException | SAXException | IOException e1) {
+            System.out.println("ERROR: couldn't load categories from categories config file.");
+            e1.printStackTrace();
+            System.exit(-1);
+        }
+    }
+
     /**
      * Initialize all the categories from the InputStream connected to the target XML file.
      *

plugin/src/main/java/org/owasp/benchmarkutils/score/BenchmarkScore.java

@@ -36,7 +36,6 @@
 import java.util.Set;
 import java.util.TreeMap;
 import java.util.TreeSet;
-import javax.xml.parsers.ParserConfigurationException;
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.io.IOUtils;
 import org.apache.maven.plugin.AbstractMojo;
@@ -58,7 +57,6 @@
 import org.owasp.benchmarkutils.score.report.html.VulnerabilityStatsTable;
 import org.owasp.benchmarkutils.score.service.ExpectedResultsProvider;
 import org.owasp.benchmarkutils.score.service.ResultsFileCreator;
-import org.xml.sax.SAXException;
 
 @Mojo(name = "create-scorecard", requiresProject = false, defaultPhase = LifecyclePhase.COMPILE)
 public class BenchmarkScore extends AbstractMojo {
@@ -161,17 +159,6 @@ public static void main(String[] args) {
             System.exit(-1);
         }
 
-        // Load in the categories definitions from the config file.
-        try {
-            InputStream categoriesFileStream =
-                    BenchmarkScore.class.getClassLoader().getResourceAsStream(Categories.FILENAME);
-            new Categories(categoriesFileStream);
-        } catch (ParserConfigurationException | SAXException | IOException e1) {
-            System.out.println("ERROR: couldn't load categories from categories config file.");
-            e1.printStackTrace();
-            System.exit(-1);
-        }
-
         // Step 0: Make sure the results file or directory exists before doing anything.
         File resultsFileOrDir = new File(config.resultsFileOrDirName);
         if (!resultsFileOrDir.exists()) {

plugin/src/main/java/org/owasp/benchmarkutils/score/service/ExpectedResultsProvider.java

@@ -55,16 +55,16 @@ public static TestSuiteResults parse(ResultFile resultFile) throws IOException {
                 if (record.get(TEST_NAME).startsWith(tr.getTestSuiteName() + BenchmarkScore.TEST)) {
                     TestCaseResult tcr = new TestCaseResult();
 
-                    tcr.setTestCaseName(record.get(TEST_NAME));
-                    tcr.setCategory(record.get(CATEGORY));
-                    tcr.setTruePositive(parseBoolean(record.get(REAL_VULNERABILITY)));
-                    tcr.setCWE(parseInt(record.get(CWE)));
-                    tcr.setNumber(testNumber(record.get(TEST_NAME), testCaseName));
+                    tcr.setTestCaseName(record.get(TEST_NAME).trim());
+                    tcr.setCategory(record.get(CATEGORY).trim());
+                    tcr.setTruePositive(parseBoolean(record.get(REAL_VULNERABILITY).trim()));
+                    tcr.setCWE(parseInt(record.get(CWE).trim()));
+                    tcr.setNumber(testNumber(record.get(TEST_NAME).trim(), testCaseName));
 
                     if (isExtendedResultsFile(parser)) {
-                        tcr.setSource(record.get(SOURCE));
-                        tcr.setDataFlow(record.get(DATA_FLOW));
-                        tcr.setSink(record.get(SINK));
+                        tcr.setSource(record.get(SOURCE).trim());
+                        tcr.setDataFlow(record.get(DATA_FLOW).trim());
+                        tcr.setSink(record.get(SINK).trim());
                     }
 
                     tr.put(tcr);

plugin/src/test/java/org/owasp/benchmarkutils/score/report/html/MenuUpdaterTest.java

@@ -114,10 +114,10 @@ public String filenameFor(Tool tool) {
                             assertFalse(file.contains("${vulnmenu}"));
                             assertTrue(
                                     file.contains(
-                                            "<li><a href=\"Benchmark_v1.2_Scorecard_for_Path_Traversal.html\">Path Traversal</a></li>\n"));
+                                            "<li><a href=\"Benchmark_v1.2_Scorecard_for_Path_Traversal.html\">Path Traversal</a></li>"));
                             assertTrue(
                                     file.contains(
-                                            "<li><a href=\"Benchmark_v1.2_Scorecard_for_Command_Injection.html\">Command Injection</a></li>\n"));
+                                            "<li><a href=\"Benchmark_v1.2_Scorecard_for_Command_Injection.html\">Command Injection</a></li>"));
 
                             assertFalse(file.contains("${testsuite}"));
                             assertTrue(file.contains("testsuite=OWASP Benchmark"));