fixed NPE issues

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/cpe/CpeMemoryIndex.java

@@ -209,11 +209,13 @@ public final class CpeMemoryIndex {
 
                 final Set<Pair<String, String>> data = cve.getVendorProductList();
                 for (Pair<String, String> pair : data) {
+                    if (pair.getLeft() != null && pair.getRight() != null) {
                         v.setStringValue(pair.getLeft());
                         p.setStringValue(pair.getRight());
                         indexWriter.addDocument(doc);
                         resetFieldAnalyzer();
                     }
+                }
             } catch (DatabaseException ex) {
                 LOGGER.debug("", ex);
                 throw new IndexException("Error reading CPE data", ex);

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/NvdCveUpdater.java

@@ -77,10 +77,10 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
             }
             if (autoUpdate && checkUpdate()) {
                 final UpdateableNvdCve updateable = getUpdatesNeeded();
-                getProperties().save(DatabaseProperties.LAST_CHECKED, Long.toString(System.currentTimeMillis()));
                 if (updateable.isUpdateNeeded()) {
                     performUpdate(updateable);
                 }
+                getProperties().save(DatabaseProperties.LAST_CHECKED, Long.toString(System.currentTimeMillis()));
             }
         } catch (MalformedURLException ex) {
             throw new UpdateException("NVD CVE properties files contain an invalid URL, unable to update the data to use the most current data.", ex);
@@ -156,9 +156,8 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
      * @throws UpdateException is thrown if there is an error updating the
      * database
      */
-    public void performUpdate(UpdateableNvdCve updateable) throws UpdateException {
+    private void performUpdate(UpdateableNvdCve updateable) throws UpdateException {
         int maxUpdates = 0;
-        try {
         for (NvdCveInfo cve : updateable) {
             if (cve.getNeedsUpdate()) {
                 maxUpdates += 1;
@@ -170,9 +169,6 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
         if (maxUpdates > 3) {
             LOGGER.info("NVD CVE requires several updates; this could take a couple of minutes.");
         }
-            if (maxUpdates > 0) {
-                openDataStores();
-            }
 
         final int poolSize = (MAX_THREAD_POOL_SIZE < maxUpdates) ? MAX_THREAD_POOL_SIZE : maxUpdates;
 
@@ -241,9 +237,6 @@ public class NvdCveUpdater extends BaseUpdater implements CachedWebDataSource {
             getCveDB().cleanupDatabase();
             LOGGER.info("End database maintenance.");
         }
-        } finally {
-            closeDataStores();
-        }
     }
 
     /**

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Reference.java

@@ -18,6 +18,7 @@
 package org.owasp.dependencycheck.dependency;
 
 import java.io.Serializable;
+import org.apache.commons.lang3.builder.CompareToBuilder;
 
 /**
  * An external reference for a vulnerability. This contains a name, URL, and a
@@ -141,18 +142,10 @@ public class Reference implements Serializable, Comparable<Reference> {
      */
     @Override
     public int compareTo(Reference o) {
-        if (source.equals(o.source)) {
+        return new CompareToBuilder()
-            if (name.equals(o.name)) {
+                .append(source, o.source)
-                if (url.equals(o.url)) {
+                .append(name, o.name)
-                    return 0; //they are equal
+                .append(url, o.url)
-                } else {
+                .toComparison();
-                    return url.compareTo(o.url);
-                }
-            } else {
-                return name.compareTo(o.name);
-            }
-        } else {
-            return source.compareTo(o.source);
-        }
     }
 }

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java

@@ -183,12 +183,17 @@ public class CPEAnalyzerIntegrationTest extends BaseDBTestCase {
         hintAnalyzer.analyze(spring3, null);
 
         CPEAnalyzer instance = new CPEAnalyzer();
+        try {
         instance.open();
         instance.determineCPE(commonValidator);
         instance.determineCPE(struts);
         instance.determineCPE(spring);
         instance.determineCPE(spring3);
         instance.close();
+        } catch (Throwable ex) {
+            ex.printStackTrace();
+        }
+                
 
         String expResult = "cpe:/a:apache:struts:2.1.2";
         Identifier expIdentifier = new Identifier("cpe", expResult, expResult);

dependency-check-core/src/test/java/org/owasp/dependencycheck/data/update/NvdCveUpdaterIntegrationTest.java

@@ -40,12 +40,11 @@ public class NvdCveUpdaterIntegrationTest extends BaseTest {
 //    /**
 //     * Test of update method, of class StandardUpdate.
 //     */
-//    @Test
+    @Test
-//    public void testUpdate() throws Exception {
+    public void testUpdate() throws Exception {
-//        StandardUpdate instance = getStandardUpdateTask();
+        NvdCveUpdater instance = getUpdater();
-//        instance.update();
+        instance.update();
-//        //TODO make this an actual test
+    }
-//    }
     /**
      * Test of updatesNeeded method, of class StandardUpdate.
      */