updated test case to ensure suppressed vulnerabilities were tracked correctly per issue #66

Former-commit-id: 7bfbd0c0bb0cb1aa9bed756509d56690bdaee754
2026-01-14 15:53:36 +01:00 · 2014-03-30 06:31:52 -04:00
parent 3879eb6b3a
commit 3e9a77abfa
2 changed files with 7 additions and 0 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
@@ -87,6 +87,8 @@ public class Dependency implements Comparable<Dependency> {
        versionEvidence = new EvidenceCollection();
        identifiers = new TreeSet<Identifier>();
        vulnerabilities = new TreeSet<Vulnerability>(new VulnerabilityComparator());
+        suppressedIdentifiers = new TreeSet<Identifier>();
+        suppressedVulnerabilities = new TreeSet<Vulnerability>(new VulnerabilityComparator());
    }

    /**
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionRuleTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionRuleTest.java
@@ -413,6 +413,7 @@ public class SuppressionRuleTest {
        dependency.setSha1sum(sha1);
        instance.process(dependency);
        assertTrue(dependency.getVulnerabilities().isEmpty());
+        assertTrue(dependency.getSuppressedVulnerabilities().size() == 1);

        //cvss
        dependency.addVulnerability(v);
@@ -423,6 +424,7 @@ public class SuppressionRuleTest {
        instance.addCvssBelow(8f);
        instance.process(dependency);
        assertTrue(dependency.getVulnerabilities().isEmpty());
+        assertTrue(dependency.getSuppressedVulnerabilities().size() == 1);

        //cve
        dependency.addVulnerability(v);
@@ -433,6 +435,7 @@ public class SuppressionRuleTest {
        instance.addCve("CVE-2013-1337");
        instance.process(dependency);
        assertTrue(dependency.getVulnerabilities().isEmpty());
+        assertTrue(dependency.getSuppressedVulnerabilities().size() == 1);

        //cpe
        instance = new SuppressionRule();
@@ -450,6 +453,7 @@ public class SuppressionRuleTest {
        instance.setFilePath(pt);
        instance.process(dependency);
        assertTrue(dependency.getIdentifiers().isEmpty());
+        assertTrue(dependency.getSuppressedIdentifiers().size() == 1);

        dependency.addIdentifier("cwe", "cpe:/a:microsoft:.net_framework:4.0", "some url not needed for this test");
        dependency.addIdentifier("cwe", "cpe:/a:microsoft:.net_framework:4.5", "some url not needed for this test");
@@ -460,6 +464,7 @@ public class SuppressionRuleTest {
        assertTrue(dependency.getIdentifiers().size() == 3);
        instance.process(dependency);
        assertTrue(dependency.getIdentifiers().isEmpty());
+        assertTrue(dependency.getSuppressedIdentifiers().size() == 3);
    }

    private Vulnerability createVulnerability() {