github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Count "0" as a positive integer

Browse Source
This commit is contained in:
Stefan Neuhaus
2016-12-03 22:48:58 +01:00
parent 1337686013
commit e7072ea04c
2 changed files with 28 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java
View File

@@ -226,18 +226,21 @@ public class VulnerableSoftware extends IndexEntry implements Serializable, Comp
/**
* Determines if the string passed in is a positive integer.
* To be counted as a positive integer, the string must only contain 0-9
* and must not have any leading zeros (though "0" is a valid positive
* integer).
*
* @param str the string to test
* @return true if the string only contains 0-9, otherwise false.
*/
private static boolean isPositiveInteger(final String str) {
static boolean isPositiveInteger(final String str) {
if (str == null || str.isEmpty()) {
return false;
}
// numbers/versions with leading zeros should not be treated as numbers
// numbers with leading zeros should not be treated as numbers
// (e.g. when comparing "01" <-> "1")
if (str.charAt(0) == '0') {
if (str.charAt(0) == '0' && str.length() > 1) {
return false;
}

22
dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/VulnerableSoftwareTest.java
View File

@@ -109,6 +109,10 @@ public class VulnerableSoftwareTest extends BaseTest {
vs1.setCpe("2.1.10");
assertTrue(vs.compareTo(vs1) < 0);
vs.setCpe("2.1.42");
vs1.setCpe("2.3.21");
assertTrue(vs.compareTo(vs1) < 0);
vs.setCpe("cpe:/a:hp:system_management_homepage:2.1.1");
vs1.setCpe("cpe:/a:hp:system_management_homepage:2.1.10");
assertTrue(vs.compareTo(vs1) < 0);
@@ -129,6 +133,10 @@ public class VulnerableSoftwareTest extends BaseTest {
vs.setCpe("cpe:/a:ibm:security_guardium_database_activity_monitor:10.01");
vs1.setCpe("cpe:/a:ibm:security_guardium_database_activity_monitor:10.1");
assertTrue(vs.compareTo(vs1) < 0);
vs.setCpe("2.0");
vs1.setCpe("2.1");
assertTrue(vs.compareTo(vs1) < 0);
}
@Test
@@ -152,4 +160,18 @@ public class VulnerableSoftwareTest extends BaseTest {
assertEquals("mysql", vs.getProduct());
assertEquals("5.1.23a", vs.getVersion());
}
@Test
public void testIspositiveInteger() {
assertTrue(VulnerableSoftware.isPositiveInteger("1"));
assertTrue(VulnerableSoftware.isPositiveInteger("10"));
assertTrue(VulnerableSoftware.isPositiveInteger("666"));
assertTrue(VulnerableSoftware.isPositiveInteger("0"));
assertFalse(VulnerableSoftware.isPositiveInteger("+1"));
assertFalse(VulnerableSoftware.isPositiveInteger("-1"));
assertFalse(VulnerableSoftware.isPositiveInteger("2.1"));
assertFalse(VulnerableSoftware.isPositiveInteger("01"));
assertFalse(VulnerableSoftware.isPositiveInteger("00"));
}
}