Merge pull request #506 from jabbrwcky/issue-503

Thanks for the test cases

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Reference.java

@@ -97,6 +97,11 @@ public class Reference implements Serializable, Comparable<Reference> {
         this.source = source;
     }
 
+    @Override
+    public String toString() {
+      return "Reference: { name='"+this.name+"', url='"+this.url+"', source='"+this.source+"' }";
+    }
+
     @Override
     public boolean equals(Object obj) {
         if (obj == null) {

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java

@@ -21,6 +21,7 @@ import java.io.Serializable;
 import java.util.Set;
 import java.util.SortedSet;
 import java.util.TreeSet;
+import java.util.Iterator;
 
 /**
  * Contains the information about a vulnerability.
@@ -33,6 +34,7 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
      * The serial version uid.
      */
     private static final long serialVersionUID = 307319490326651052L;
+
     /**
      * The name of the vulnerability.
      */
@@ -383,6 +385,24 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
         return hash;
     }
 
+    @Override
+    public String toString() {
+        StringBuilder sb = new StringBuilder("Vulnerability ");
+        sb.append(this.name);
+        sb.append("\nReferences:\n");
+        for (Iterator i = this.references.iterator(); i.hasNext();) {
+          sb.append("=> ");
+          sb.append(i.next());
+          sb.append("\n");
+        }
+        sb.append("\nSoftware:\n");
+        for (Iterator i = this.vulnerableSoftware.iterator(); i.hasNext();) {
+          sb.append("=> ");
+          sb.append(i.next());
+          sb.append("\n");
+        }
+        return sb.toString();
+    }
     /**
      * Compares two vulnerabilities.
      *

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java

@@ -138,7 +138,7 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp
             return false;
         }
         final VulnerableSoftware other = (VulnerableSoftware) obj;
-        if ((this.getName() == null) ? (other.getName() != null) : !this.getName().equals(other.getName())) {
+        if ((this.name == null) ? (other.getName() != null) : !this.name.equals(other.getName())) {
             return false;
         }
         return true;
@@ -152,7 +152,7 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp
     @Override
     public int hashCode() {
         int hash = 7;
-        hash = 83 * hash + (this.getName() != null ? this.getName().hashCode() : 0);
+        hash = 83 * hash + (this.name != null ? this.name.hashCode() : 0);
         return hash;
     }
 
@@ -163,7 +163,7 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp
      */
     @Override
     public String toString() {
-        return "VulnerableSoftware{ name=" + name + ", previousVersion=" + previousVersion + '}';
+        return "VulnerableSoftware{" + name + "[" + previousVersion + "]}";
     }
 
     /**
@@ -175,7 +175,7 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp
     @Override
     public int compareTo(VulnerableSoftware vs) {
         int result = 0;
-        final String[] left = this.getName().split(":");
+        final String[] left = this.name.split(":");
         final String[] right = vs.getName().split(":");
         final int max = (left.length <= right.length) ? left.length : right.length;
         if (max > 0) {

dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerabilityTest.java

@@ -0,0 +1,138 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.dependency;
+
+import org.junit.After;
+import org.junit.AfterClass;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertFalse;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.owasp.dependencycheck.BaseTest;
+
+/**
+ *
+ * @author Jens Hausherr
+ */
+public class VulnerabilityTest extends BaseTest  {
+
+    /**
+     * Test of equals method, of class VulnerableSoftware.
+     */
+    @Test
+    public void testDuplicateVersions() {
+        Vulnerability obj = new Vulnerability();
+
+        obj.addVulnerableSoftware("cpe:/a:mortbay:jetty:6.1.0");
+        obj.addVulnerableSoftware("cpe:/a:mortbay:jetty:6.1.1");
+        obj.addVulnerableSoftware("cpe:/a:mortbay:jetty:6.1.0");
+
+        assertEquals(2, obj.getVulnerableSoftware().size());
+    }
+
+    @Test
+    public void testDpulicateVersionsWithPreviousVersion() {
+      Vulnerability obj = new Vulnerability();
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.0",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.1",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.2",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.10",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.11",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.12",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.13",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.14",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.15",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.16",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.17",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.18",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.19",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.20",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.21",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.22",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.23",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.0",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.0:alpha",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.1",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.10",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.10a",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.11",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.12",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.13",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.15",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.19",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.1a",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.2",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.3",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.4",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.5.0.21",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.6",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.9",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.21",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.22",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.23",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.24",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.24a",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.25",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.30",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.32",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.33",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.36",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.37",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.38",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.3a",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.41",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.42",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.44",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.45",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.4a",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.50",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.51",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.52",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.54",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.56",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.23a","1");
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.3",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.4",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.5",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.5a",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.6",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.7",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.9",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.11",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.12",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.14",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.15",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.16",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.17",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.18",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.19",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.20",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.21",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.22",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.23",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.23a",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.0",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.1",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.2",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.3",null);
+      obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.4",null);
+      assertEquals(82, obj.getVulnerableSoftware().size());
+    }
+}

dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java

@@ -20,6 +20,8 @@ package org.owasp.dependencycheck.dependency;
 import org.junit.After;
 import org.junit.AfterClass;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertFalse;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
@@ -40,9 +42,20 @@ public class VulnerableSoftwareTest extends BaseTest  {
         obj.setCpe("cpe:/a:mortbay:jetty:6.1.0");
         VulnerableSoftware instance = new VulnerableSoftware();
         instance.setCpe("cpe:/a:mortbay:jetty:6.1");
-        boolean expResult = false;
-        boolean result = instance.equals(obj);
-        assertEquals(expResult, result);
+        assertFalse(instance.equals(obj));
+    }
+
+    /**
+     * Test of equals method, of class VulnerableSoftware.
+     */
+    @Test
+    public void testEquals2() {
+        VulnerableSoftware obj = new VulnerableSoftware();
+        obj.setCpe("cpe:/a:mortbay:jetty:6.1.0");
+        VulnerableSoftware instance = new VulnerableSoftware();
+        instance.setCpe("cpe:/a:mortbay:jetty:6.1.0");
+        obj.setPreviousVersion("1");
+        assertTrue(instance.equals(obj));
     }
 
     /**
@@ -78,4 +91,37 @@ public class VulnerableSoftwareTest extends BaseTest  {
         result = instance.compareTo(vs);
         assertEquals(expResult, result);
     }
+
+    @Test
+    public void testCompareToNonNumerical(){
+      VulnerableSoftware vs = new VulnerableSoftware();
+      vs.setCpe("cpe:/a:mysql:mysql:5.1.23a");
+      VulnerableSoftware vs1 = new VulnerableSoftware();
+      vs1.setCpe("cpe:/a:mysql:mysql:5.1.23a");
+      vs1.setPreviousVersion("1");
+      assertEquals(0, vs.compareTo(vs1));
+      assertEquals(0, vs1.compareTo(vs));
+    }
+
+    @Test
+    public void testEqualsPreviousVersion() {
+      VulnerableSoftware vs = new VulnerableSoftware();
+      vs.setCpe("cpe:/a:mysql:mysql:5.1.23a");
+      VulnerableSoftware vs1 = new VulnerableSoftware();
+      vs1.setCpe("cpe:/a:mysql:mysql:5.1.23a");
+      vs1.setPreviousVersion("1");
+      assertEquals(vs,vs1);
+      assertEquals(vs1,vs);
+
+    }
+
+    @Test
+    public void testParseCPE() {
+        VulnerableSoftware vs = new VulnerableSoftware();
+        /* Version for test taken from CVE-2008-2079 */
+        vs.setCpe("cpe:/a:mysql:mysql:5.1.23a");
+        assertEquals("mysql", vs.getVendor());
+        assertEquals("mysql", vs.getProduct());
+        assertEquals("5.1.23a", vs.getVersion());
+    }
 }