From 3e9a77abfa30e8af27610007cba0f33819df4388 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sun, 30 Mar 2014 06:31:52 -0400
Subject: [PATCH] updated test case to ensure suppressed vulnerabilities were
 tracked correctly per issue #66

Former-commit-id: 7bfbd0c0bb0cb1aa9bed756509d56690bdaee754
---
 .../org/owasp/dependencycheck/dependency/Dependency.java     | 2 ++
 .../dependencycheck/suppression/SuppressionRuleTest.java     | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
index dbe2ae1fc..47848eaed 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
@@ -87,6 +87,8 @@ public class Dependency implements Comparable<Dependency> {
         versionEvidence = new EvidenceCollection();
         identifiers = new TreeSet<Identifier>();
         vulnerabilities = new TreeSet<Vulnerability>(new VulnerabilityComparator());
+        suppressedIdentifiers = new TreeSet<Identifier>();
+        suppressedVulnerabilities = new TreeSet<Vulnerability>(new VulnerabilityComparator());
     }
 
     /**
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionRuleTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionRuleTest.java
index 4ca3948a8..e1fdfb1d8 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionRuleTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/suppression/SuppressionRuleTest.java
@@ -413,6 +413,7 @@ public class SuppressionRuleTest {
         dependency.setSha1sum(sha1);
         instance.process(dependency);
         assertTrue(dependency.getVulnerabilities().isEmpty());
+        assertTrue(dependency.getSuppressedVulnerabilities().size() == 1);
 
         //cvss
         dependency.addVulnerability(v);
@@ -423,6 +424,7 @@ public class SuppressionRuleTest {
         instance.addCvssBelow(8f);
         instance.process(dependency);
         assertTrue(dependency.getVulnerabilities().isEmpty());
+        assertTrue(dependency.getSuppressedVulnerabilities().size() == 1);
 
         //cve
         dependency.addVulnerability(v);
@@ -433,6 +435,7 @@ public class SuppressionRuleTest {
         instance.addCve("CVE-2013-1337");
         instance.process(dependency);
         assertTrue(dependency.getVulnerabilities().isEmpty());
+        assertTrue(dependency.getSuppressedVulnerabilities().size() == 1);
 
         //cpe
         instance = new SuppressionRule();
@@ -450,6 +453,7 @@ public class SuppressionRuleTest {
         instance.setFilePath(pt);
         instance.process(dependency);
         assertTrue(dependency.getIdentifiers().isEmpty());
+        assertTrue(dependency.getSuppressedIdentifiers().size() == 1);
 
         dependency.addIdentifier("cwe", "cpe:/a:microsoft:.net_framework:4.0", "some url not needed for this test");
         dependency.addIdentifier("cwe", "cpe:/a:microsoft:.net_framework:4.5", "some url not needed for this test");
@@ -460,6 +464,7 @@ public class SuppressionRuleTest {
         assertTrue(dependency.getIdentifiers().size() == 3);
         instance.process(dependency);
         assertTrue(dependency.getIdentifiers().isEmpty());
+        assertTrue(dependency.getSuppressedIdentifiers().size() == 3);
     }
 
     private Vulnerability createVulnerability() {