github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-25 02:21:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed bug causing vulnerabilities to be missed

Browse Source 
Former-commit-id: e625225c6be3be1b471fab48c6eda0a616febfb9
This commit is contained in:
Jeremy Long
2014-05-07 07:05:37 -04:00
parent f2006206d3
commit 8fcf5ee760
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
View File

@@ -46,6 +46,7 @@ import org.owasp.dependencycheck.utils.Pair;
* @author Jeremy Long <jeremy.long@owasp.org> * @author Jeremy Long <jeremy.long@owasp.org>
*/ */
public class CveDB { public class CveDB {
/** /**
* The logger. * The logger.
*/ */
@@ -733,8 +734,10 @@ public class CveDB {
final boolean isStruts = "apache".equals(vendor) && "struts".equals(product); final boolean isStruts = "apache".equals(vendor) && "struts".equals(product);
final DependencyVersion v = parseDependencyVersion(cpeId); final DependencyVersion v = parseDependencyVersion(cpeId);
final boolean prevAffected = previous != null && !previous.isEmpty(); final boolean prevAffected = previous != null && !previous.isEmpty();
if (identifiedVersion == null || "-".equals(identifiedVersion.toString())) { if (v == null || "-".equals(v.toString())) { //all versions
if (v == null || "-".equals(v.toString())) { affected = true;
} else if (identifiedVersion == null || "-".equals(identifiedVersion.toString())) {
if (prevAffected) {
affected = true; affected = true;
} }
} else if (identifiedVersion.equals(v) || (prevAffected && identifiedVersion.compareTo(v) < 0)) { } else if (identifiedVersion.equals(v) || (prevAffected && identifiedVersion.compareTo(v) < 0)) {