From 704f8e4f0bf25a4b69c00fc7a13a5069fa0852dc Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 20 Apr 2013 07:18:05 -0400
Subject: [PATCH] correct and issue with the comparable interface (invalid sort
 order)

Former-commit-id: 4ed8acea596bd2e1bb7a1d7cd9beee367e2c4920
---
 .../dependency/VulnerableSoftware.java        | 69 ++++++++++++++++++-
 1 file changed, 67 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java b/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
index 3a2153ffd..be457040e 100644
--- a/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
+++ b/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
@@ -50,7 +50,6 @@ public class VulnerableSoftware extends Entry implements Serializable, Comparabl
             setName(cpe);
         }
     }
-
     /**
      * If present, indicates that previous version are vulnerable.
      */
@@ -111,6 +110,72 @@ public class VulnerableSoftware extends Entry implements Serializable, Comparabl
      * @return an integer indicating the ordering of the two objects
      */
     public int compareTo(VulnerableSoftware vs) {
-        return this.getName().compareTo(vs.getName());
+        int result = 0;
+        String[] left = this.getName().split(":");
+        String[] right = vs.getName().split(":");
+        int max = (left.length <= right.length) ? left.length : right.length;
+        if (max > 0) {
+            for (int i = 0; result == 0 && i < max; i++) {
+                String[] subLeft = left[i].split("\\.");
+                String[] subRight = right[i].split("\\.");
+                int subMax = (subLeft.length <= subRight.length) ? subLeft.length : subRight.length;
+                if (subMax > 0) {
+                    for (int x = 0; result == 0 && x < subMax; x++) {
+                        if (isPositiveInteger(subLeft[x]) && isPositiveInteger(subRight[x])) {
+                            int iLeft = Integer.parseInt(subLeft[x]);
+                            int iRight = Integer.parseInt(subRight[x]);
+                            if (iLeft != iRight) {
+                                if (iLeft>iRight) {
+                                    result = 2;
+                                } else {
+                                    result = -2;
+                                }
+                            }
+                        } else {
+                            result = subLeft[x].compareToIgnoreCase(subRight[x]);
+                        }
+                    }
+                    if (result == 0) {
+                        if (subLeft.length > subRight.length) {
+                            result = 2;
+                        }
+                        if (subRight.length > subLeft.length) {
+                            result = -2;
+                        }
+                    }
+                } else {
+                    result = left[i].compareToIgnoreCase(right[i]);
+                }
+            }
+            if (result == 0) {
+                if (left.length > right.length) {
+                    result = 2;
+                }
+                if (right.length > left.length) {
+                    result = -2;
+                }
+            }
+        } else {
+            result = this.getName().compareToIgnoreCase(vs.getName());
+        }
+        return result;
+    }
+
+    /**
+     * Determines if the string passed in is a positive integer.
+     * @param str the string to test
+     * @return true if the string only contains 0-9, otherwise false.
+     */
+    private static final boolean isPositiveInteger(final String str) {
+        if (str == null || str.isEmpty()) {
+            return false;
+        }
+        for (int i = 0; i < str.length(); i++) {
+            final char c = str.charAt(i);
+            if (c < '0' || c > '9') {
+                return false;
+            }
+        }
+        return true;
     }
 }