From aef118d3757edc7d2c10ec29f775198519e82a02 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 9 Sep 2016 06:36:56 -0400 Subject: [PATCH] test and fix for version number matching per issue #558 --- .../utils/DependencyVersion.java | 43 ++++++++++++------- .../utils/DependencyVersionTest.java | 13 ++++++ 2 files changed, 40 insertions(+), 16 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java index df2d9afe8..2855df7d7 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java @@ -26,14 +26,15 @@ import org.apache.commons.lang3.StringUtils; /** *

- * Simple object to track the parts of a version number. The parts are contained in a List such that version 1.2.3 will - * be stored as: versionParts[0] = 1; + * Simple object to track the parts of a version number. The parts are contained + * in a List such that version 1.2.3 will be stored as: versionParts[0] = 1; * versionParts[1] = 2; * versionParts[2] = 3; *

*

- * Note, the parser contained in this class expects the version numbers to be separated by periods. If a different - * separator is used the parser will likely fail.

+ * Note, the parser contained in this class expects the version numbers to be + * separated by periods. If a different separator is used the parser will likely + * fail.

* * @author Jeremy Long */ @@ -47,8 +48,9 @@ public class DependencyVersion implements Iterable, ComparableNote, this should only be used when the version passed in is already known to be a well formatted version - * number. Otherwise, DependencyVersionUtil.parseVersion() should be used instead. + * Note, this should only be used when the version passed in is + * already known to be a well formatted version number. Otherwise, + * DependencyVersionUtil.parseVersion() should be used instead. * * @param version the well formatted version number to parse */ @@ -57,8 +59,9 @@ public class DependencyVersion implements Iterable, ComparableNote, this should only be - * used to parse something that is already known to be a version number. + * Parses a version string into its sub parts: major, minor, revision, + * build, etc. Note, this should only be used to parse something that + * is already known to be a version number. * * @param version the version string to parse */ @@ -133,26 +136,33 @@ public class DependencyVersion implements Iterable, Comparable other.versionParts.size()) + ? this.versionParts.size() : other.versionParts.size(); + + if (minVersionMatchLength==1 && maxVersionMatchLength>=3) { + return false; + } + //TODO steal better version of code from compareTo - for (int i = 0; i < max; i++) { + for (int i = 0; i < minVersionMatchLength; i++) { final String thisPart = this.versionParts.get(i); final String otherPart = other.versionParts.get(i); if (!thisPart.equals(otherPart)) { return false; } } - if (this.versionParts.size() > max) { - for (int i = max; i < this.versionParts.size(); i++) { + if (this.versionParts.size() > minVersionMatchLength) { + for (int i = minVersionMatchLength; i < this.versionParts.size(); i++) { if (!"0".equals(this.versionParts.get(i))) { return false; } } } - if (other.versionParts.size() > max) { - for (int i = max; i < other.versionParts.size(); i++) { + if (other.versionParts.size() > minVersionMatchLength) { + for (int i = minVersionMatchLength; i < other.versionParts.size(); i++) { if (!"0".equals(other.versionParts.get(i))) { return false; } @@ -180,8 +190,9 @@ public class DependencyVersion implements Iterable, Comparable