diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Reference.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Reference.java index e8db33f17..3d4b2ee26 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Reference.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Reference.java @@ -97,6 +97,11 @@ public class Reference implements Serializable, Comparable { this.source = source; } + @Override + public String toString() { + return "Reference: { name='"+this.name+"', url='"+this.url+"', source='"+this.source+"' }"; + } + @Override public boolean equals(Object obj) { if (obj == null) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java index 9fc097401..ed278076b 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java @@ -21,6 +21,7 @@ import java.io.Serializable; import java.util.Set; import java.util.SortedSet; import java.util.TreeSet; +import java.util.Iterator; /** * Contains the information about a vulnerability. @@ -33,6 +34,7 @@ public class Vulnerability implements Serializable, Comparable { * The serial version uid. */ private static final long serialVersionUID = 307319490326651052L; + /** * The name of the vulnerability. */ @@ -383,6 +385,24 @@ public class Vulnerability implements Serializable, Comparable { return hash; } + @Override + public String toString() { + StringBuilder sb = new StringBuilder("Vulnerability "); + sb.append(this.name); + sb.append("\nReferences:\n"); + for (Iterator i = this.references.iterator(); i.hasNext();) { + sb.append("=> "); + sb.append(i.next()); + sb.append("\n"); + } + sb.append("\nSoftware:\n"); + for (Iterator i = this.vulnerableSoftware.iterator(); i.hasNext();) { + sb.append("=> "); + sb.append(i.next()); + sb.append("\n"); + } + return sb.toString(); + } /** * Compares two vulnerabilities. * diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java index 521cff011..3e46581e6 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java @@ -138,7 +138,7 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp return false; } final VulnerableSoftware other = (VulnerableSoftware) obj; - if ((this.getName() == null) ? (other.getName() != null) : !this.getName().equals(other.getName())) { + if ((this.name == null) ? (other.getName() != null) : !this.name.equals(other.getName())) { return false; } return true; @@ -152,7 +152,7 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp @Override public int hashCode() { int hash = 7; - hash = 83 * hash + (this.getName() != null ? this.getName().hashCode() : 0); + hash = 83 * hash + (this.name != null ? this.name.hashCode() : 0); return hash; } @@ -163,7 +163,7 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp */ @Override public String toString() { - return "VulnerableSoftware{ name=" + name + ", previousVersion=" + previousVersion + '}'; + return "VulnerableSoftware{" + name + "[" + previousVersion + "]}"; } /** @@ -175,7 +175,7 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp @Override public int compareTo(VulnerableSoftware vs) { int result = 0; - final String[] left = this.getName().split(":"); + final String[] left = this.name.split(":"); final String[] right = vs.getName().split(":"); final int max = (left.length <= right.length) ? left.length : right.length; if (max > 0) { diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerabilityTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerabilityTest.java new file mode 100644 index 000000000..550540b67 --- /dev/null +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerabilityTest.java @@ -0,0 +1,138 @@ +/* + * This file is part of dependency-check-core. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright (c) 2013 Jeremy Long. All Rights Reserved. + */ +package org.owasp.dependencycheck.dependency; + +import org.junit.After; +import org.junit.AfterClass; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.assertFalse; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.owasp.dependencycheck.BaseTest; + +/** + * + * @author Jens Hausherr + */ +public class VulnerabilityTest extends BaseTest { + + /** + * Test of equals method, of class VulnerableSoftware. + */ + @Test + public void testDuplicateVersions() { + Vulnerability obj = new Vulnerability(); + + obj.addVulnerableSoftware("cpe:/a:mortbay:jetty:6.1.0"); + obj.addVulnerableSoftware("cpe:/a:mortbay:jetty:6.1.1"); + obj.addVulnerableSoftware("cpe:/a:mortbay:jetty:6.1.0"); + + assertEquals(2, obj.getVulnerableSoftware().size()); + } + + @Test + public void testDpulicateVersionsWithPreviousVersion() { + Vulnerability obj = new Vulnerability(); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.0",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.1",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.2",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.10",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.11",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.12",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.13",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.14",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.15",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.16",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.17",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.18",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.19",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.20",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.21",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.22",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:4.1.23",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.0",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.0:alpha",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.1",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.10",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.10a",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.11",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.12",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.13",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.15",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.19",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.1a",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.2",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.3",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.4",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.5.0.21",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.6",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.9",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.21",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.22",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.23",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.24",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.24a",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.25",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.30",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.32",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.33",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.36",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.37",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.38",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.3a",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.41",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.42",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.44",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.45",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.4a",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.50",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.51",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.52",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.54",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.0.56",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.23a","1"); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.3",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.4",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.5",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.5a",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.6",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.7",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.9",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.11",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.12",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.14",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.15",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.16",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.17",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.18",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.19",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.20",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.21",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.22",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.23",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:5.1.23a",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.0",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.1",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.2",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.3",null); + obj.addVulnerableSoftware("cpe:/a:mysql:mysql:6.0.4",null); + assertEquals(82, obj.getVulnerableSoftware().size()); + } +} diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java index 5fa12af18..8789d25d1 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java @@ -20,6 +20,8 @@ package org.owasp.dependencycheck.dependency; import org.junit.After; import org.junit.AfterClass; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.assertFalse; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; @@ -40,9 +42,20 @@ public class VulnerableSoftwareTest extends BaseTest { obj.setCpe("cpe:/a:mortbay:jetty:6.1.0"); VulnerableSoftware instance = new VulnerableSoftware(); instance.setCpe("cpe:/a:mortbay:jetty:6.1"); - boolean expResult = false; - boolean result = instance.equals(obj); - assertEquals(expResult, result); + assertFalse(instance.equals(obj)); + } + + /** + * Test of equals method, of class VulnerableSoftware. + */ + @Test + public void testEquals2() { + VulnerableSoftware obj = new VulnerableSoftware(); + obj.setCpe("cpe:/a:mortbay:jetty:6.1.0"); + VulnerableSoftware instance = new VulnerableSoftware(); + instance.setCpe("cpe:/a:mortbay:jetty:6.1.0"); + obj.setPreviousVersion("1"); + assertTrue(instance.equals(obj)); } /** @@ -78,4 +91,37 @@ public class VulnerableSoftwareTest extends BaseTest { result = instance.compareTo(vs); assertEquals(expResult, result); } + + @Test + public void testCompareToNonNumerical(){ + VulnerableSoftware vs = new VulnerableSoftware(); + vs.setCpe("cpe:/a:mysql:mysql:5.1.23a"); + VulnerableSoftware vs1 = new VulnerableSoftware(); + vs1.setCpe("cpe:/a:mysql:mysql:5.1.23a"); + vs1.setPreviousVersion("1"); + assertEquals(0, vs.compareTo(vs1)); + assertEquals(0, vs1.compareTo(vs)); + } + + @Test + public void testEqualsPreviousVersion() { + VulnerableSoftware vs = new VulnerableSoftware(); + vs.setCpe("cpe:/a:mysql:mysql:5.1.23a"); + VulnerableSoftware vs1 = new VulnerableSoftware(); + vs1.setCpe("cpe:/a:mysql:mysql:5.1.23a"); + vs1.setPreviousVersion("1"); + assertEquals(vs,vs1); + assertEquals(vs1,vs); + + } + + @Test + public void testParseCPE() { + VulnerableSoftware vs = new VulnerableSoftware(); + /* Version for test taken from CVE-2008-2079 */ + vs.setCpe("cpe:/a:mysql:mysql:5.1.23a"); + assertEquals("mysql", vs.getVendor()); + assertEquals("mysql", vs.getProduct()); + assertEquals("5.1.23a", vs.getVersion()); + } }