From ae5a7660921ca10dbe4e3907c2c54dcacf244ce2 Mon Sep 17 00:00:00 2001
From: Jens Hausherr <jens.hausherr@xing.com>
Date: Fri, 27 May 2016 15:07:59 +0200
Subject: [PATCH] Limit split to fix #503

---
 .../dependencycheck/dependency/VulnerableSoftware.java |  2 +-
 .../dependency/VulnerableSoftwareTest.java             | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
index 521cff011..3b0e0d440 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
@@ -73,7 +73,7 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp
     public void parseName(String cpeName) throws UnsupportedEncodingException {
         this.name = cpeName;
         if (cpeName != null && cpeName.length() > 7) {
-            final String[] data = cpeName.substring(7).split(":");
+            final String[] data = cpeName.substring(7).split(":", 4);
             if (data.length >= 1) {
                 this.setVendor(urlDecode(data[0]));
             }
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java
index 5fa12af18..69e38fd15 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java
@@ -78,4 +78,14 @@ public class VulnerableSoftwareTest extends BaseTest  {
         result = instance.compareTo(vs);
         assertEquals(expResult, result);
     }
+
+    @Test
+    public void testParseCPE() {
+        VulnerableSoftware vs = new VulnerableSoftware();
+        /* Version for test taken from CVE-2008-2079 */
+        vs.setCpe("cpe:/a:mysql:mysql:5.0.0:alpha");
+        assertEquals("mysql", vs.getVendor());
+        assertEquals("mysql", vs.getProduct());
+        assertEquals("5.0.0:alpha", vs.getVersion());
+    }
 }