diff --git a/src/main/java/org/owasp/dependencycheck/dependency/Reference.java b/src/main/java/org/owasp/dependencycheck/dependency/Reference.java index 5caa3178e..ac58ac16a 100644 --- a/src/main/java/org/owasp/dependencycheck/dependency/Reference.java +++ b/src/main/java/org/owasp/dependencycheck/dependency/Reference.java @@ -26,7 +26,7 @@ import java.io.Serializable; * * @author Jeremy Long (jeremy.long@gmail.com) */ -public class Reference implements Serializable { +public class Reference implements Serializable, Comparable { /** * the serial version uid. @@ -129,4 +129,19 @@ public class Reference implements Serializable { return hash; } + public int compareTo(Reference o) { + if (source.equals(o.source)) { + if (name.equals(o.name)) { + if (url.equals(o.url)) { + return 0; //they are equal + } else { + return url.compareTo(o.url); + } + } else { + return name.compareTo(o.name); + } + } else { + return source.compareTo(o.source); + } + } } diff --git a/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java b/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java index 5ac7531d9..f8cfbd436 100644 --- a/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java +++ b/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java @@ -82,7 +82,7 @@ public class Vulnerability implements Serializable, Comparable { /** * References for this vulnerability. */ - private Set references = new HashSet(); + private SortedSet references = new TreeSet(); /** * Get the value of references. @@ -98,7 +98,7 @@ public class Vulnerability implements Serializable, Comparable { * * @param references new value of references */ - public void setReferences(Set references) { + public void setReferences(SortedSet references) { this.references = references; }