From a2309e1c2efa5b5d1dd2e6f6c869755316647477 Mon Sep 17 00:00:00 2001
From: Michal Srb <msrb@redhat.com>
Date: Tue, 14 Jun 2016 21:34:04 +0200
Subject: [PATCH] Correctly apply weightings when searching for CPEs

---
 .../java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java  | 4 ++--
 .../dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
index 43528d863..d2fcfb14a 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
@@ -198,8 +198,8 @@ public class CPEAnalyzer implements Analyzer {
                 LOGGER.debug("product search: {}", products);
             }
             if (!vendors.isEmpty() && !products.isEmpty()) {
-                final List<IndexEntry> entries = searchCPE(vendors, products, dependency.getProductEvidence().getWeighting(),
-                        dependency.getVendorEvidence().getWeighting());
+                final List<IndexEntry> entries = searchCPE(vendors, products, dependency.getVendorEvidence().getWeighting(),
+                        dependency.getProductEvidence().getWeighting());
                 if (entries == null) {
                     continue;
                 }
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java
index 36c6e7478..7eb339eff 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CPEAnalyzerIntegrationTest.java
@@ -240,7 +240,7 @@ public class CPEAnalyzerIntegrationTest extends BaseDBTestCase {
 
         Set<String> vendorWeightings = Collections.singleton("apache");
 
-        List<IndexEntry> result = instance.searchCPE(vendor, product, productWeightings, vendorWeightings);
+        List<IndexEntry> result = instance.searchCPE(vendor, product, vendorWeightings, productWeightings);
         instance.close();
 
         boolean found = false;