From 310ca967a19e8e0b5a970fb398af6a7e1e3bfa76 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sun, 5 Jun 2016 06:32:49 -0400 Subject: [PATCH] fixed compareTo in order to resolve issue #503 --- .../data/update/nvd/NvdCve20Handler.java | 9 +- .../dependency/VulnerableSoftware.java | 13 +- .../update/nvd/NvdCve_2_0_HandlerTest.java | 33 +++ .../dependency/VulnerabilityTest.java | 195 ++++++++++-------- .../dependency/VulnerableSoftwareTest.java | 59 ++++-- 5 files changed, 191 insertions(+), 118 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java index e2b60db7a..25fc95f9b 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java @@ -254,17 +254,16 @@ public class NvdCve20Handler extends DefaultHandler { * @throws IOException thrown if there is an IOException with the CPE Index */ private void saveEntry(Vulnerability vuln) throws DatabaseException, CorruptIndexException, IOException { - if (cveDB == null) { - return; - } final String cveName = vuln.getName(); - if (prevVersionVulnMap.containsKey(cveName)) { + if (prevVersionVulnMap != null && prevVersionVulnMap.containsKey(cveName)) { final List vulnSoftware = prevVersionVulnMap.get(cveName); for (VulnerableSoftware vs : vulnSoftware) { vuln.updateVulnerableSoftware(vs); } } - cveDB.updateVulnerability(vuln); + if (cveDB != null) { + cveDB.updateVulnerability(vuln); + } } // diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java index 3e46581e6..05dde8126 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java @@ -180,23 +180,14 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp final int max = (left.length <= right.length) ? left.length : right.length; if (max > 0) { for (int i = 0; result == 0 && i < max; i++) { - final String[] subLeft = left[i].split("\\."); - final String[] subRight = right[i].split("\\."); + final String[] subLeft = left[i].split("(\\.|-)"); + final String[] subRight = right[i].split("(\\.|-)"); final int subMax = (subLeft.length <= subRight.length) ? subLeft.length : subRight.length; if (subMax > 0) { for (int x = 0; result == 0 && x < subMax; x++) { if (isPositiveInteger(subLeft[x]) && isPositiveInteger(subRight[x])) { try { result = Long.valueOf(subLeft[x]).compareTo(Long.valueOf(subRight[x])); -// final long iLeft = Long.parseLong(subLeft[x]); -// final long iRight = Long.parseLong(subRight[x]); -// if (iLeft != iRight) { -// if (iLeft > iRight) { -// result = 2; -// } else { -// result = -2; -// } -// } } catch (NumberFormatException ex) { //ignore the exception - they obviously aren't numbers if (!subLeft[x].equalsIgnoreCase(subRight[x])) { diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/nvd/NvdCve_2_0_HandlerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/nvd/NvdCve_2_0_HandlerTest.java index 70257e6ed..975750d5d 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/nvd/NvdCve_2_0_HandlerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/nvd/NvdCve_2_0_HandlerTest.java @@ -19,6 +19,8 @@ package org.owasp.dependencycheck.data.update.nvd; import org.owasp.dependencycheck.data.update.nvd.NvdCve20Handler; import java.io.File; +import java.util.List; +import java.util.Map; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; import org.junit.After; @@ -28,6 +30,7 @@ import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; import org.owasp.dependencycheck.BaseTest; +import org.owasp.dependencycheck.dependency.VulnerableSoftware; /** * @@ -49,12 +52,42 @@ public class NvdCve_2_0_HandlerTest extends BaseTest { saxParser.parse(file, instance); } catch (Throwable ex) { + ex.printStackTrace(); results = ex; } assertTrue("Exception thrown during parse of 2012 CVE version 2.0?", results == null); if (results != null) { System.err.println(results); } + } + @Test + public void testParserWithPreviousVersion() { + Throwable results = null; + try { + SAXParserFactory factory = SAXParserFactory.newInstance(); + SAXParser saxParser = factory.newSAXParser(); + + File file12 = BaseTest.getResourceAsFile(this, "cve-1.2-2008_4411.xml"); + + final NvdCve12Handler cve12Handler = new NvdCve12Handler(); + saxParser.parse(file12, cve12Handler); + final Map> prevVersionVulnMap = cve12Handler.getVulnerabilities(); + + //File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2.0-2012.xml").getPath()); + File file20 = BaseTest.getResourceAsFile(this, "cve-2.0-2008_4411.xml"); + + NvdCve20Handler instance = new NvdCve20Handler(); + instance.setPrevVersionVulnMap(prevVersionVulnMap); + saxParser.parse(file20, instance); + + assertTrue(instance.getTotalNumberOfEntries()==1); + } catch (Throwable ex) { + results = ex; + } + assertTrue("Exception thrown during parse of 2012 CVE version 2.0?", results == null); + if (results != null) { + System.err.println(results); + } } } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerabilityTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerabilityTest.java index 550540b67..e4849f1bb 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerabilityTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerabilityTest.java @@ -17,6 +17,7 @@ */ package org.owasp.dependencycheck.dependency; +import java.util.Set; import org.junit.After; import org.junit.AfterClass; import static org.junit.Assert.assertEquals; @@ -31,7 +32,7 @@ import org.owasp.dependencycheck.BaseTest; * * @author Jens Hausherr */ -public class VulnerabilityTest extends BaseTest { +public class VulnerabilityTest extends BaseTest { /** * Test of equals method, of class VulnerableSoftware. @@ -49,90 +50,112 @@ public class VulnerabilityTest extends BaseTest { @Test public void testDpulicateVersionsWithPreviousVersion() { - Vulnerability obj = new Vulnerability(); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.0",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.1",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.2",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.10",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.11",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.12",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.13",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.14",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.15",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.16",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.17",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.18",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.19",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.20",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.21",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.22",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.23",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.0",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.0:alpha",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.1",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.10",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.10a",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.11",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.12",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.13",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.15",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.19",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.1a",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.2",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.3",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.4",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.5.0.21",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.6",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.9",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.21",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.22",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.23",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.24",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.24a",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.25",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.30",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.32",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.33",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.36",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.37",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.38",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.3a",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.41",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.42",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.44",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.45",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.4a",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.50",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.51",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.52",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.54",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.56",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.23a","1"); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.3",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.4",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.5",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.5a",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.6",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.7",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.9",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.11",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.12",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.14",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.15",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.16",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.17",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.18",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.19",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.20",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.21",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.22",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.23",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.23a",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.0",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.1",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.2",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.3",null); - obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.4",null); - assertEquals(82, obj.getVulnerableSoftware().size()); + Vulnerability obj = new Vulnerability(); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.0-103%28a%29", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.0-118", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.3.132", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.12-200", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.2-127", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.9", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.10", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.11", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.12-118", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.4-143", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.0-109", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.6-156", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.4", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.3", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.10-186", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.6", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.5", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.5-146", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.8", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.7", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.2", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.0.2", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.1", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.8-177", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.0.1", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.0.0", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.7-168", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.0-103", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.11-197", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.9-178", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.12-200", "1"); + assertEquals(31, obj.getVulnerableSoftware().size()); } + + @Test + public void testSoftwareSorting() { + Vulnerability obj = new Vulnerability(); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.0-103%28a%29", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.0-118", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.3.132", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.12-200", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.2-127", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.9", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.10", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.11", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.12-118", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.4-143", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.0-109", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.6-156", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.4", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.3", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.10-186", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.6", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.5", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.5-146", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.8", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.7", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.2", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.0.2", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.1", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.8-177", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.0.1", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.0.0", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.7-168", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.0-103", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.11-197", null); + obj.addVulnerableSoftware("cpe:/a:hp:system_management_homepage:2.1.9-178", null); + + Set software = obj.getVulnerableSoftware(); + VulnerableSoftware vs[] = software.toArray(new VulnerableSoftware[software.size()]); + + assertTrue("cpe:/a:hp:system_management_homepage:2.0.0".equals(vs[0].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.0.1".equals(vs[1].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.0.2".equals(vs[2].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1".equals(vs[3].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.0-103".equals(vs[4].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.0-103%28a%29".equals(vs[5].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.0-109".equals(vs[6].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.0-118".equals(vs[7].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.1".equals(vs[8].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.2".equals(vs[9].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.2-127".equals(vs[10].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.3".equals(vs[11].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.3.132".equals(vs[12].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.4".equals(vs[13].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.4-143".equals(vs[14].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.5".equals(vs[15].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.5-146".equals(vs[16].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.6".equals(vs[17].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.6-156".equals(vs[18].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.7".equals(vs[19].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.7-168".equals(vs[20].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.8".equals(vs[21].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.8-177".equals(vs[22].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.9".equals(vs[23].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.9-178".equals(vs[24].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.10".equals(vs[25].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.10-186".equals(vs[26].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.11".equals(vs[27].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.11-197".equals(vs[28].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.12-118".equals(vs[29].getName())); + assertTrue("cpe:/a:hp:system_management_homepage:2.1.12-200".equals(vs[30].getName())); + + } + } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java index 8789d25d1..91ed83373 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java @@ -31,7 +31,7 @@ import org.owasp.dependencycheck.BaseTest; * * @author Jeremy Long */ -public class VulnerableSoftwareTest extends BaseTest { +public class VulnerableSoftwareTest extends BaseTest { /** * Test of equals method, of class VulnerableSoftware. @@ -93,25 +93,52 @@ public class VulnerableSoftwareTest extends BaseTest { } @Test - public void testCompareToNonNumerical(){ - VulnerableSoftware vs = new VulnerableSoftware(); - vs.setCpe("cpe:/a:mysql:mysql:5.1.23a"); - VulnerableSoftware vs1 = new VulnerableSoftware(); - vs1.setCpe("cpe:/a:mysql:mysql:5.1.23a"); - vs1.setPreviousVersion("1"); - assertEquals(0, vs.compareTo(vs1)); - assertEquals(0, vs1.compareTo(vs)); + public void testCompareToNonNumerical() { + VulnerableSoftware vs = new VulnerableSoftware(); + vs.setCpe("cpe:/a:mysql:mysql:5.1.23a"); + VulnerableSoftware vs1 = new VulnerableSoftware(); + vs1.setCpe("cpe:/a:mysql:mysql:5.1.23a"); + vs1.setPreviousVersion("1"); + assertEquals(0, vs.compareTo(vs1)); + assertEquals(0, vs1.compareTo(vs)); + } + + @Test + public void testCompareToComplex() { + VulnerableSoftware vs = new VulnerableSoftware(); + VulnerableSoftware vs1 = new VulnerableSoftware(); + + vs.setCpe("2.1"); + vs1.setCpe("2.1.10"); + assertTrue(vs.compareTo(vs1) < 0); + + vs.setCpe("cpe:/a:hp:system_management_homepage:2.1.1"); + vs1.setCpe("cpe:/a:hp:system_management_homepage:2.1.10"); + assertTrue(vs.compareTo(vs1) < 0); + + vs.setCpe("10"); + vs1.setCpe("10-186"); + assertTrue(vs.compareTo(vs1) < 0); + + vs.setCpe("2.1.10"); + vs1.setCpe("2.1.10-186"); + assertTrue(vs.compareTo(vs1) < 0); + + vs.setCpe("cpe:/a:hp:system_management_homepage:2.1.10"); + vs1.setCpe("cpe:/a:hp:system_management_homepage:2.1.10-186"); + assertTrue(vs.compareTo(vs1) < 0); + //assertTrue(vs1.compareTo(vs)>0); } @Test public void testEqualsPreviousVersion() { - VulnerableSoftware vs = new VulnerableSoftware(); - vs.setCpe("cpe:/a:mysql:mysql:5.1.23a"); - VulnerableSoftware vs1 = new VulnerableSoftware(); - vs1.setCpe("cpe:/a:mysql:mysql:5.1.23a"); - vs1.setPreviousVersion("1"); - assertEquals(vs,vs1); - assertEquals(vs1,vs); + VulnerableSoftware vs = new VulnerableSoftware(); + vs.setCpe("cpe:/a:mysql:mysql:5.1.23a"); + VulnerableSoftware vs1 = new VulnerableSoftware(); + vs1.setCpe("cpe:/a:mysql:mysql:5.1.23a"); + vs1.setPreviousVersion("1"); + assertEquals(vs, vs1); + assertEquals(vs1, vs); }