Accelerate CVE DB update

Vulnerability: switch vulnerableSoftware and references from expensive TreeSet to HashSet
2026-03-20 00:04:27 +01:00 · 2017-02-11 20:16:24 +01:00
parent a0198e34e7
commit 0464626e2b
2 changed files with 9 additions and 81 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java
@@ -18,6 +18,7 @@
 package org.owasp.dependencycheck.dependency;

 import java.io.Serializable;
+import java.util.HashSet;
 import java.util.Set;
 import java.util.SortedSet;
 import java.util.TreeSet;
@@ -82,7 +83,7 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
    /**
     * References for this vulnerability.
     */
-    private SortedSet<Reference> references = new TreeSet<Reference>();
+    private Set<Reference> references = new HashSet<Reference>();

    /**
     * Get the value of references.
@@ -98,7 +99,7 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
     *
     * @param references new value of references
     */
-    public void setReferences(SortedSet<Reference> references) {
+    public void setReferences(Set<Reference> references) {
        this.references = references;
    }

@@ -128,7 +129,7 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
    /**
     * A set of vulnerable software.
     */
-    private SortedSet<VulnerableSoftware> vulnerableSoftware = new TreeSet<VulnerableSoftware>();
+    private Set<VulnerableSoftware> vulnerableSoftware = new HashSet<VulnerableSoftware>();

    /**
     * Get the value of vulnerableSoftware.
@@ -144,7 +145,7 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
     *
     * @param vulnerableSoftware new value of vulnerableSoftware
     */
-    public void setVulnerableSoftware(SortedSet<VulnerableSoftware> vulnerableSoftware) {
+    public void setVulnerableSoftware(Set<VulnerableSoftware> vulnerableSoftware) {
        this.vulnerableSoftware = vulnerableSoftware;
    }

@@ -391,13 +392,15 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
        final StringBuilder sb = new StringBuilder("Vulnerability ");
        sb.append(this.name);
        sb.append("\nReferences:\n");
-        for (Reference reference : this.references) {
+        SortedSet<Reference> sortedReferences = new TreeSet<Reference>(this.references);
+        for (Reference reference : sortedReferences) {
            sb.append("=> ");
            sb.append(reference);
            sb.append("\n");
        }
        sb.append("\nSoftware:\n");
-        for (VulnerableSoftware software : this.vulnerableSoftware) {
+        SortedSet<VulnerableSoftware> sortedVulnerableSoftware = new TreeSet<VulnerableSoftware>(this.vulnerableSoftware);
+        for (VulnerableSoftware software : sortedVulnerableSoftware) {
            sb.append("=> ");
            sb.append(software);
            sb.append("\n");