From e8353089f31a6505d1be3f2933bfda9699318b89 Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Wed, 24 Jun 2015 14:41:20 -0400 Subject: [PATCH 1/8] Made hashCode() implement satisfy the Object.hashCode() contract, i.e., a.equals(b) implies a.hashCode() == b.hashCode() Former-commit-id: 9f347a57b740b572d2d6a9a9e523de44e384773e --- .gitignore | 2 ++ .../owasp/dependencycheck/dependency/Evidence.java | 13 ++++++++----- .../dependencycheck/dependency/EvidenceTest.java | 9 +++++++++ 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 1c55ffdfe..09bf20505 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,6 @@ */target/** +# IntelliJ test run side-effects +dependency-check-core/data/ # Intellij project files *.iml *.ipr diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java index 1f3d8e40e..fd2c0ce20 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java @@ -26,6 +26,9 @@ import java.io.Serializable; */ public class Evidence implements Serializable, Comparable { + public static final int MAGIC_HASH_INIT_VALUE = 3; + public static final int MAGIC_HASH_MULTIPLIER = 67; + /** * Creates a new Evidence object. */ @@ -176,11 +179,11 @@ public class Evidence implements Serializable, Comparable { */ @Override public int hashCode() { - int hash = 3; - hash = 67 * hash + (this.name != null ? this.name.hashCode() : 0); - hash = 67 * hash + (this.source != null ? this.source.hashCode() : 0); - hash = 67 * hash + (this.value != null ? this.value.hashCode() : 0); - hash = 67 * hash + (this.confidence != null ? this.confidence.hashCode() : 0); + int hash = MAGIC_HASH_INIT_VALUE; + hash = MAGIC_HASH_MULTIPLIER * hash + (this.name != null ? this.name.toLowerCase().hashCode() : 0); + hash = MAGIC_HASH_MULTIPLIER * hash + (this.source != null ? this.source.toLowerCase().hashCode() : 0); + hash = MAGIC_HASH_MULTIPLIER * hash + (this.value != null ? this.value.toLowerCase().hashCode() : 0); + hash = MAGIC_HASH_MULTIPLIER * hash + (this.confidence != null ? this.confidence.hashCode() : 0); return hash; } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/EvidenceTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/EvidenceTest.java index 42a506edd..56b7e6393 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/EvidenceTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/EvidenceTest.java @@ -19,6 +19,7 @@ package org.owasp.dependencycheck.dependency; import org.junit.Test; import static org.junit.Assert.*; +import static org.hamcrest.CoreMatchers.*; /** * @@ -53,6 +54,14 @@ public class EvidenceTest { assertTrue(instance.equals(that8)); } + @Test + public void testHashcodeContract() throws Exception { + final Evidence titleCase = new Evidence("Manifest", "Implementation-Title", "Spring Framework", Confidence.HIGH); + final Evidence lowerCase = new Evidence("manifest", "implementation-title", "spring framework", Confidence.HIGH); + assertThat(titleCase, is(equalTo(lowerCase))); + assertThat(titleCase.hashCode(), is(equalTo(lowerCase.hashCode()))); + } + /** * Test of compareTo method, of class Evidence. */ From 42e77c77a9590acaaa343e287b50b589183a4ea9 Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Wed, 24 Jun 2015 14:48:48 -0400 Subject: [PATCH 2/8] More expressive/readable code using commons-lang. Former-commit-id: bf24d6d4672c57fdbe6c1f113ddb25628ec97db4 --- .../owasp/dependencycheck/dependency/Evidence.java | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java index fd2c0ce20..f69731401 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java @@ -17,6 +17,9 @@ */ package org.owasp.dependencycheck.dependency; +import org.apache.commons.lang.ObjectUtils; +import org.apache.commons.lang.StringUtils; + import java.io.Serializable; /** @@ -180,10 +183,10 @@ public class Evidence implements Serializable, Comparable { @Override public int hashCode() { int hash = MAGIC_HASH_INIT_VALUE; - hash = MAGIC_HASH_MULTIPLIER * hash + (this.name != null ? this.name.toLowerCase().hashCode() : 0); - hash = MAGIC_HASH_MULTIPLIER * hash + (this.source != null ? this.source.toLowerCase().hashCode() : 0); - hash = MAGIC_HASH_MULTIPLIER * hash + (this.value != null ? this.value.toLowerCase().hashCode() : 0); - hash = MAGIC_HASH_MULTIPLIER * hash + (this.confidence != null ? this.confidence.hashCode() : 0); + hash = MAGIC_HASH_MULTIPLIER * hash + ObjectUtils.hashCode(StringUtils.lowerCase(this.name)); + hash = MAGIC_HASH_MULTIPLIER * hash + ObjectUtils.hashCode(StringUtils.lowerCase(this.source)); + hash = MAGIC_HASH_MULTIPLIER * hash + ObjectUtils.hashCode(StringUtils.lowerCase(this.value)); + hash = MAGIC_HASH_MULTIPLIER * hash + ObjectUtils.hashCode(this.confidence); return hash; } From 39e587085f69a381906d0247a96bbc82e25b0b59 Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Wed, 24 Jun 2015 14:57:10 -0400 Subject: [PATCH 3/8] Replaced private method with equivalent ObjectUtils.equals() call. Former-commit-id: 9d460788899a3cb6e0891d63e39f50c3f96fc385 --- .../dependencycheck/dependency/Evidence.java | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java index f69731401..241791dea 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java @@ -234,7 +234,7 @@ public class Evidence implements Serializable, Comparable { if (equalsWithNullCheck(source, o.source)) { if (equalsWithNullCheck(name, o.name)) { if (equalsWithNullCheck(value, o.value)) { - if (equalsWithNullCheck(confidence, o.confidence)) { + if (ObjectUtils.equals(confidence, o.confidence)) { return 0; //they are equal } else { return compareToWithNullCheck(confidence, o.confidence); @@ -266,22 +266,6 @@ public class Evidence implements Serializable, Comparable { return me.equalsIgnoreCase(other); } - /** - * Equality check with an exhaustive, possibly duplicative, check against nulls. - * - * @param me the value to be compared - * @param other the other value to be compared - * @return true if the values are equal; otherwise false - */ - private boolean equalsWithNullCheck(Confidence me, Confidence other) { - if (me == null && other == null) { - return true; - } else if (me == null || other == null) { - return false; - } - return me.equals(other); - } - /** * Wrapper around {@link java.lang.String#compareToIgnoreCase(java.lang.String) String.compareToIgnoreCase} with an * exhaustive, possibly duplicative, check against nulls. From e2389b49922b639b9d468c1d99c28e3a7c92dbbd Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Wed, 24 Jun 2015 15:01:32 -0400 Subject: [PATCH 4/8] Replaced private method with calls to StringUtils.equalsIgnoreCase() Former-commit-id: d4c92115e6f90109bfae9487ef3f4c829bf22232 --- .../dependencycheck/dependency/Evidence.java | 22 +++---------------- 1 file changed, 3 insertions(+), 19 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java index 241791dea..bddd69bc8 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java @@ -231,9 +231,9 @@ public class Evidence implements Serializable, Comparable { if (o == null) { return 1; } - if (equalsWithNullCheck(source, o.source)) { - if (equalsWithNullCheck(name, o.name)) { - if (equalsWithNullCheck(value, o.value)) { + if (StringUtils.equalsIgnoreCase(source, o.source)) { + if (StringUtils.equalsIgnoreCase(name, o.name)) { + if (StringUtils.equalsIgnoreCase(value, o.value)) { if (ObjectUtils.equals(confidence, o.confidence)) { return 0; //they are equal } else { @@ -250,22 +250,6 @@ public class Evidence implements Serializable, Comparable { } } - /** - * Equality check with an exhaustive, possibly duplicative, check against nulls. - * - * @param me the value to be compared - * @param other the other value to be compared - * @return true if the values are equal; otherwise false - */ - private boolean equalsWithNullCheck(String me, String other) { - if (me == null && other == null) { - return true; - } else if (me == null || other == null) { - return false; - } - return me.equalsIgnoreCase(other); - } - /** * Wrapper around {@link java.lang.String#compareToIgnoreCase(java.lang.String) String.compareToIgnoreCase} with an * exhaustive, possibly duplicative, check against nulls. From 723ba740e0a30e1092baf037b40ba69911ac5d34 Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Wed, 24 Jun 2015 15:12:15 -0400 Subject: [PATCH 5/8] Repleced testEquality() with StringUtils.equalsIgnoreCase(). Former-commit-id: 559413b9fef79fddbb85bcebda3ed0ca76c908dd --- .../owasp/dependencycheck/dependency/Evidence.java | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java index bddd69bc8..a9d6a6d3e 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java @@ -206,21 +206,10 @@ public class Evidence implements Serializable, Comparable { } final Evidence e = (Evidence) that; - return testEquality(name, e.name) && testEquality(source, e.source) && testEquality(value, e.value) + return StringUtils.equalsIgnoreCase(name, e.name) && StringUtils.equalsIgnoreCase(source, e.source) && StringUtils.equalsIgnoreCase(value, e.value) && (confidence == null ? e.confidence == null : confidence == e.confidence); } - /** - * Simple equality test for use within the equals method. This does a case insensitive compare. - * - * @param l a string to compare. - * @param r another string to compare. - * @return whether the two strings are the same. - */ - private boolean testEquality(String l, String r) { - return l == null ? r == null : l.equalsIgnoreCase(r); - } - /** * Implementation of the comparable interface. * From 414912de6702b77d19873030d59ddb0321cf50e7 Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Wed, 24 Jun 2015 15:19:24 -0400 Subject: [PATCH 6/8] Replaced private method with ObjectUtils.compare(). Former-commit-id: 16c4a5a7ed74819351bab55528442183a3244a0c --- .../dependencycheck/dependency/Evidence.java | 21 +------------------ 1 file changed, 1 insertion(+), 20 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java index a9d6a6d3e..d6c9654c8 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java @@ -226,7 +226,7 @@ public class Evidence implements Serializable, Comparable { if (ObjectUtils.equals(confidence, o.confidence)) { return 0; //they are equal } else { - return compareToWithNullCheck(confidence, o.confidence); + return ObjectUtils.compare(confidence, o.confidence); } } else { return compareToIgnoreCaseWithNullCheck(value, o.value); @@ -258,25 +258,6 @@ public class Evidence implements Serializable, Comparable { return me.compareToIgnoreCase(other); } - /** - * Wrapper around {@link java.lang.Enum#compareTo(java.lang.Enum) Enum.compareTo} with an exhaustive, possibly duplicative, - * check against nulls. - * - * @param me the value to be compared - * @param other the other value to be compared - * @return true if the values are equal; otherwise false - */ - private int compareToWithNullCheck(Confidence me, Confidence other) { - if (me == null && other == null) { - return 0; - } else if (me == null) { - return -1; //the other string is greater then me - } else if (other == null) { - return 1; //me is greater then the other string - } - return me.compareTo(other); - } - /** * Standard toString() implementation. * From e6707c65a57c200f3d97f6e9af7e83ac9b062471 Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Wed, 24 Jun 2015 15:25:03 -0400 Subject: [PATCH 7/8] Made magic number constants private. Former-commit-id: 12539d50efb17790b770934d10b953e0fd180c8a --- .../owasp/dependencycheck/dependency/Evidence.java | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java index d6c9654c8..c632b94f4 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java @@ -29,8 +29,15 @@ import java.io.Serializable; */ public class Evidence implements Serializable, Comparable { - public static final int MAGIC_HASH_INIT_VALUE = 3; - public static final int MAGIC_HASH_MULTIPLIER = 67; + /** + * Used as starting point for generating the value in {@link #hashCode()}. + */ + private static final int MAGIC_HASH_INIT_VALUE = 3; + + /** + * Used as a multiplier for generating the value in {@link #hashCode()}. + */ + private static final int MAGIC_HASH_MULTIPLIER = 67; /** * Creates a new Evidence object. From 888f2aed9701632676867d09f4c44a9b1d886dd6 Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Wed, 24 Jun 2015 15:38:03 -0400 Subject: [PATCH 8/8] Replaced ternary expression with ObjectUtils.equals(), and reformatted using IDE. Former-commit-id: e72ba88f6e4d29cb00288c34a9d413e455f26b16 --- .../dependencycheck/dependency/Evidence.java | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java index c632b94f4..4fa29805b 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java @@ -48,9 +48,9 @@ public class Evidence implements Serializable, Comparable { /** * Creates a new Evidence objects. * - * @param source the source of the evidence. - * @param name the name of the evidence. - * @param value the value of the evidence. + * @param source the source of the evidence. + * @param name the name of the evidence. + * @param value the value of the evidence. * @param confidence the confidence of the evidence. */ public Evidence(String source, String name, String value, Confidence confidence) { @@ -59,6 +59,7 @@ public class Evidence implements Serializable, Comparable { this.value = value; this.confidence = confidence; } + /** * The name of the evidence. */ @@ -81,6 +82,7 @@ public class Evidence implements Serializable, Comparable { public void setName(String name) { this.name = name; } + /** * The source of the evidence. */ @@ -103,6 +105,7 @@ public class Evidence implements Serializable, Comparable { public void setSource(String source) { this.source = source; } + /** * The value of the evidence. */ @@ -137,6 +140,7 @@ public class Evidence implements Serializable, Comparable { public void setValue(String value) { this.value = value; } + /** * A value indicating if the Evidence has been "used" (aka read). */ @@ -159,6 +163,7 @@ public class Evidence implements Serializable, Comparable { public void setUsed(boolean used) { this.used = used; } + /** * The confidence level for the evidence. */ @@ -213,8 +218,10 @@ public class Evidence implements Serializable, Comparable { } final Evidence e = (Evidence) that; - return StringUtils.equalsIgnoreCase(name, e.name) && StringUtils.equalsIgnoreCase(source, e.source) && StringUtils.equalsIgnoreCase(value, e.value) - && (confidence == null ? e.confidence == null : confidence == e.confidence); + return StringUtils.equalsIgnoreCase(name, e.name) + && StringUtils.equalsIgnoreCase(source, e.source) + && StringUtils.equalsIgnoreCase(value, e.value) + && ObjectUtils.equals(confidence, e.confidence); } /** @@ -250,7 +257,7 @@ public class Evidence implements Serializable, Comparable { * Wrapper around {@link java.lang.String#compareToIgnoreCase(java.lang.String) String.compareToIgnoreCase} with an * exhaustive, possibly duplicative, check against nulls. * - * @param me the value to be compared + * @param me the value to be compared * @param other the other value to be compared * @return true if the values are equal; otherwise false */