Limit split to fix #503

2026-01-13 23:33:37 +01:00 · 2016-05-27 15:07:59 +02:00
parent c0384bb0ee
commit ae5a766092
2 changed files with 11 additions and 1 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
@@ -73,7 +73,7 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp
    public void parseName(String cpeName) throws UnsupportedEncodingException {
        this.name = cpeName;
        if (cpeName != null && cpeName.length() > 7) {
-            final String[] data = cpeName.substring(7).split(":");
+            final String[] data = cpeName.substring(7).split(":", 4);
            if (data.length >= 1) {
                this.setVendor(urlDecode(data[0]));
            }
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java
@@ -78,4 +78,14 @@ public class VulnerableSoftwareTest extends BaseTest  {
        result = instance.compareTo(vs);
        assertEquals(expResult, result);
    }
+
+    @Test
+    public void testParseCPE() {
+        VulnerableSoftware vs = new VulnerableSoftware();
+        /* Version for test taken from CVE-2008-2079 */
+        vs.setCpe("cpe:/a:mysql:mysql:5.0.0:alpha");
+        assertEquals("mysql", vs.getVendor());
+        assertEquals("mysql", vs.getProduct());
+        assertEquals("5.0.0:alpha", vs.getVersion());
+    }
 }