github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-02-24 11:25:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

On VulnerableSoftware changed implementation of compare to support

Browse Source 
version in the format of 3b that is now splitted in 3 and b. Before the
versions "5.0.3a", "5.0.9" and "5.0.30" were not correctly comparable.
See VulnerableSoftwareTest.testVersionsWithLettersComparison.
This issue can cause a runtime exception during sort
This commit is contained in:
fabio.boldrini
2017-10-12 09:25:50 +02:00
parent fa05482e69
commit 2332c0fa5e
2 changed files with 61 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java
View File

@@ -174,4 +174,25 @@ public class VulnerableSoftwareTest extends BaseTest {
assertFalse(VulnerableSoftware.isPositiveInteger("01"));
assertFalse(VulnerableSoftware.isPositiveInteger("00"));
}
@Test
public void testVersionsWithLettersComparison() {
VulnerableSoftware a = new VulnerableSoftware();
a.setName("cpe:/a:mysql:mysql:5.0.3a");
VulnerableSoftware b = new VulnerableSoftware();
b.setName("cpe:/a:mysql:mysql:5.0.9");
VulnerableSoftware c = new VulnerableSoftware();
c.setName("cpe:/a:mysql:mysql:5.0.30");
assertTrue(a.compareTo(b) < 0);
assertTrue(a.compareTo(c) < 0);
assertTrue(b.compareTo(a) > 0);
assertTrue(b.compareTo(c) < 0);
assertTrue(c.compareTo(a) > 0);
assertTrue(c.compareTo(b) > 0);
}
}