github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed compareTo in order to resolve issue #503

Browse Source
This commit is contained in:
Jeremy Long
2016-06-05 06:32:49 -04:00
parent c4b423cb0f
commit 310ca967a1
5 changed files with 191 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java
View File

@@ -254,17 +254,16 @@ public class NvdCve20Handler extends DefaultHandler {
* @throws IOException thrown if there is an IOException with the CPE Index
*/
private void saveEntry(Vulnerability vuln) throws DatabaseException, CorruptIndexException, IOException {
if (cveDB == null) {
return;
}
final String cveName = vuln.getName();
if (prevVersionVulnMap.containsKey(cveName)) {
if (prevVersionVulnMap != null && prevVersionVulnMap.containsKey(cveName)) {
final List<VulnerableSoftware> vulnSoftware = prevVersionVulnMap.get(cveName);
for (VulnerableSoftware vs : vulnSoftware) {
vuln.updateVulnerableSoftware(vs);
}
}
cveDB.updateVulnerability(vuln);
if (cveDB != null) {
cveDB.updateVulnerability(vuln);
}
}
// <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">

13
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
View File

@@ -180,23 +180,14 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp
final int max = (left.length <= right.length) ? left.length : right.length;
if (max > 0) {
for (int i = 0; result == 0 && i < max; i++) {
final String[] subLeft = left[i].split("\\.");
final String[] subRight = right[i].split("\\.");
final String[] subLeft = left[i].split("(\\.|-)");
final String[] subRight = right[i].split("(\\.|-)");
final int subMax = (subLeft.length <= subRight.length) ? subLeft.length : subRight.length;
if (subMax > 0) {
for (int x = 0; result == 0 && x < subMax; x++) {
if (isPositiveInteger(subLeft[x]) && isPositiveInteger(subRight[x])) {
try {
result = Long.valueOf(subLeft[x]).compareTo(Long.valueOf(subRight[x]));
// final long iLeft = Long.parseLong(subLeft[x]);
// final long iRight = Long.parseLong(subRight[x]);
// if (iLeft != iRight) {
// if (iLeft > iRight) {
// result = 2;
// } else {
// result = -2;
// }
// }
} catch (NumberFormatException ex) {
//ignore the exception - they obviously aren't numbers
if (!subLeft[x].equalsIgnoreCase(subRight[x])) {

33
dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/nvd/NvdCve_2_0_HandlerTest.java
View File

@@ -19,6 +19,8 @@ package org.owasp.dependencycheck.data.update.nvd;
import org.owasp.dependencycheck.data.update.nvd.NvdCve20Handler;
import java.io.File;
import java.util.List;
import java.util.Map;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.junit.After;
@@ -28,6 +30,7 @@ import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
/**
*
@@ -49,12 +52,42 @@ public class NvdCve_2_0_HandlerTest extends BaseTest {
saxParser.parse(file, instance);
} catch (Throwable ex) {
ex.printStackTrace();
results = ex;
}
assertTrue("Exception thrown during parse of 2012 CVE version 2.0?", results == null);
if (results != null) {
System.err.println(results);
}
}
@Test
public void testParserWithPreviousVersion() {
Throwable results = null;
try {
SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser saxParser = factory.newSAXParser();
File file12 = BaseTest.getResourceAsFile(this, "cve-1.2-2008_4411.xml");
final NvdCve12Handler cve12Handler = new NvdCve12Handler();
saxParser.parse(file12, cve12Handler);
final Map<String, List<VulnerableSoftware>> prevVersionVulnMap = cve12Handler.getVulnerabilities();
//File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2.0-2012.xml").getPath());
File file20 = BaseTest.getResourceAsFile(this, "cve-2.0-2008_4411.xml");
NvdCve20Handler instance = new NvdCve20Handler();
instance.setPrevVersionVulnMap(prevVersionVulnMap);
saxParser.parse(file20, instance);
assertTrue(instance.getTotalNumberOfEntries()==1);
} catch (Throwable ex) {
results = ex;
}
assertTrue("Exception thrown during parse of 2012 CVE version 2.0?", results == null);
if (results != null) {
System.err.println(results);
}
}
}

195
dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerabilityTest.java
View File

@@ -17,6 +17,7 @@
*/
package org.owasp.dependencycheck.dependency;
import java.util.Set;
import org.junit.After;
import org.junit.AfterClass;
import static org.junit.Assert.assertEquals;
@@ -31,7 +32,7 @@ import org.owasp.dependencycheck.BaseTest;
*
* @author Jens Hausherr
*/
public class VulnerabilityTest extends BaseTest {
public class VulnerabilityTest extends BaseTest {
/**
* Test of equals method, of class VulnerableSoftware.
@@ -49,90 +50,112 @@ public class VulnerabilityTest extends BaseTest {
@Test
public void testDpulicateVersionsWithPreviousVersion() {
Vulnerability obj = new Vulnerability();
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.0",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.1",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.2",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.10",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.11",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.12",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.13",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.14",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.15",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.16",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.17",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.18",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.19",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.20",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.21",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.22",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.23",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.0",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.0:alpha",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.1",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.10",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.10a",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.11",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.12",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.13",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.15",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.19",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.1a",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.2",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.3",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.4",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.5.0.21",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.6",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.9",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.21",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.22",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.23",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.24",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.24a",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.25",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.30",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.32",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.33",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.36",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.37",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.38",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.3a",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.41",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.42",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.44",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.45",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.4a",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.50",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.51",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.52",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.54",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.56",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.23a","1");
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.3",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.4",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.5",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.5a",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.6",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.7",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.9",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.11",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.12",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.14",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.15",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.16",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.17",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.18",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.19",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.20",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.21",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.22",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.23",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.23a",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.0",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.1",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.2",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.3",null);
obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.4",null);
assertEquals(82, obj.getVulnerableSoftware().size());
Vulnerability obj = new Vulnerability();
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.0-103%28a%29", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.0-118", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.3.132", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.12-200", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.2-127", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.9", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.10", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.11", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.12-118", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.4-143", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.0-109", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.6-156", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.4", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.3", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.10-186", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.6", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.5", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.5-146", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.8", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.7", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.2", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.0.2", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.1", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.8-177", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.0.1", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.0.0", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.7-168", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.0-103", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.11-197", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.9-178", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.12-200", "1");
assertEquals(31, obj.getVulnerableSoftware().size());
}
@Test
public void testSoftwareSorting() {
Vulnerability obj = new Vulnerability();
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.0-103%28a%29", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.0-118", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.3.132", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.12-200", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.2-127", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.9", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.10", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.11", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.12-118", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.4-143", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.0-109", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.6-156", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.4", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.3", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.10-186", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.6", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.5", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.5-146", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.8", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.7", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.2", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.0.2", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.1", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.8-177", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.0.1", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.0.0", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.7-168", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.0-103", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.11-197", null);
obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.9-178", null);
Set<VulnerableSoftware> software = obj.getVulnerableSoftware();
VulnerableSoftware vs[] = software.toArray(new VulnerableSoftware[software.size()]);
assertTrue("cpe:/a:hp:system_management_homepage:2.0.0".equals(vs[0].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.0.1".equals(vs[1].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.0.2".equals(vs[2].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1".equals(vs[3].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.0-103".equals(vs[4].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.0-103%28a%29".equals(vs[5].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.0-109".equals(vs[6].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.0-118".equals(vs[7].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.1".equals(vs[8].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.2".equals(vs[9].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.2-127".equals(vs[10].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.3".equals(vs[11].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.3.132".equals(vs[12].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.4".equals(vs[13].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.4-143".equals(vs[14].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.5".equals(vs[15].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.5-146".equals(vs[16].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.6".equals(vs[17].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.6-156".equals(vs[18].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.7".equals(vs[19].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.7-168".equals(vs[20].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.8".equals(vs[21].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.8-177".equals(vs[22].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.9".equals(vs[23].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.9-178".equals(vs[24].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.10".equals(vs[25].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.10-186".equals(vs[26].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.11".equals(vs[27].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.11-197".equals(vs[28].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.12-118".equals(vs[29].getName()));
assertTrue("cpe:/a:hp:system_management_homepage:2.1.12-200".equals(vs[30].getName()));
}
}

59
dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java
View File

@@ -31,7 +31,7 @@ import org.owasp.dependencycheck.BaseTest;
*
* @author Jeremy Long
*/
public class VulnerableSoftwareTest extends BaseTest {
public class VulnerableSoftwareTest extends BaseTest {
/**
* Test of equals method, of class VulnerableSoftware.
@@ -93,25 +93,52 @@ public class VulnerableSoftwareTest extends BaseTest {
}
@Test
public void testCompareToNonNumerical(){
VulnerableSoftware vs = new VulnerableSoftware();
vs.setCpe("cpe:/a:mysql:mysql:5.1.23a");
VulnerableSoftware vs1 = new VulnerableSoftware();
vs1.setCpe("cpe:/a:mysql:mysql:5.1.23a");
vs1.setPreviousVersion("1");
assertEquals(0, vs.compareTo(vs1));
assertEquals(0, vs1.compareTo(vs));
public void testCompareToNonNumerical() {
VulnerableSoftware vs = new VulnerableSoftware();
vs.setCpe("cpe:/a:mysql:mysql:5.1.23a");
VulnerableSoftware vs1 = new VulnerableSoftware();
vs1.setCpe("cpe:/a:mysql:mysql:5.1.23a");
vs1.setPreviousVersion("1");
assertEquals(0, vs.compareTo(vs1));
assertEquals(0, vs1.compareTo(vs));
}
@Test
public void testCompareToComplex() {
VulnerableSoftware vs = new VulnerableSoftware();
VulnerableSoftware vs1 = new VulnerableSoftware();
vs.setCpe("2.1");
vs1.setCpe("2.1.10");
assertTrue(vs.compareTo(vs1) < 0);
vs.setCpe("cpe:/a:hp:system_management_homepage:2.1.1");
vs1.setCpe("cpe:/a:hp:system_management_homepage:2.1.10");
assertTrue(vs.compareTo(vs1) < 0);
vs.setCpe("10");
vs1.setCpe("10-186");
assertTrue(vs.compareTo(vs1) < 0);
vs.setCpe("2.1.10");
vs1.setCpe("2.1.10-186");
assertTrue(vs.compareTo(vs1) < 0);
vs.setCpe("cpe:/a:hp:system_management_homepage:2.1.10");
vs1.setCpe("cpe:/a:hp:system_management_homepage:2.1.10-186");
assertTrue(vs.compareTo(vs1) < 0);
//assertTrue(vs1.compareTo(vs)>0);
}
@Test
public void testEqualsPreviousVersion() {
VulnerableSoftware vs = new VulnerableSoftware();
vs.setCpe("cpe:/a:mysql:mysql:5.1.23a");
VulnerableSoftware vs1 = new VulnerableSoftware();
vs1.setCpe("cpe:/a:mysql:mysql:5.1.23a");
vs1.setPreviousVersion("1");
assertEquals(vs,vs1);
assertEquals(vs1,vs);
VulnerableSoftware vs = new VulnerableSoftware();
vs.setCpe("cpe:/a:mysql:mysql:5.1.23a");
VulnerableSoftware vs1 = new VulnerableSoftware();
vs1.setCpe("cpe:/a:mysql:mysql:5.1.23a");
vs1.setPreviousVersion("1");
assertEquals(vs, vs1);
assertEquals(vs1, vs);
}