Converted integer.compareTo to long.compareTo and added a fall back of string compareTo to fix issue #53

Former-commit-id: 91d7ae202006dbebf21e6cdfadbfa7995ace08ca
2026-01-14 07:43:40 +01:00 · 2014-01-29 05:45:53 -05:00
parent 685569e131
commit c79a9f2ce3
2 changed files with 23 additions and 7 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
@@ -184,13 +184,21 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp
                if (subMax > 0) {
                    for (int x = 0; result == 0 && x < subMax; x++) {
                        if (isPositiveInteger(subLeft[x]) && isPositiveInteger(subRight[x])) {
-                            final int iLeft = Integer.parseInt(subLeft[x]);
-                            final int iRight = Integer.parseInt(subRight[x]);
-                            if (iLeft != iRight) {
-                                if (iLeft > iRight) {
-                                    result = 2;
-                                } else {
-                                    result = -2;
+                            try {
+                                result = Long.valueOf(subLeft[x]).compareTo(Long.valueOf(subRight[x]));
+//                                final long iLeft = Long.parseLong(subLeft[x]);
+//                                final long iRight = Long.parseLong(subRight[x]);
+//                                if (iLeft != iRight) {
+//                                    if (iLeft > iRight) {
+//                                        result = 2;
+//                                    } else {
+//                                        result = -2;
+//                                    }
+//                                }
+                            } catch (NumberFormatException ex) {
+                                //ignore the exception - they obviously aren't numbers
+                                if (!subLeft[x].equalsIgnoreCase(subRight[x])) {
+                                    result = subLeft[x].compareToIgnoreCase(subRight[x]);
                                }
                            }
                        } else {
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java
@@ -87,5 +87,13 @@ public class VulnerableSoftwareTest {
        int expResult = -2;
        int result = instance.compareTo(vs);
        assertEquals(expResult, result);
+
+        vs = new VulnerableSoftware();
+        vs.setCpe("cpe:/a:some:dep:9.2.0.0-20090116170000");
+        instance = new VulnerableSoftware();
+        instance.setCpe("cpe:/a:some:dep:9.2.0.0-20090116170001");
+        expResult = 1;
+        result = instance.compareTo(vs);
+        assertEquals(expResult, result);
    }
 }