github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated compareTo so that null values are handled properly

Browse Source
This commit is contained in:
Jeremy Long
2016-09-06 05:48:12 -04:00
parent dde1791476
commit ffa846c05a
2 changed files with 26 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
View File

@@ -25,6 +25,7 @@ import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import org.apache.commons.lang3.builder.CompareToBuilder;
import org.apache.lucene.document.Document;
import org.apache.lucene.index.CorruptIndexException;
import org.apache.lucene.queryparser.classic.ParseException;
@@ -801,6 +802,12 @@ public class CPEAnalyzer implements Analyzer {
*/
@Override
public int compareTo(IdentifierMatch o) {
return new CompareToBuilder()
.append(confidence, o.confidence)
.append(evidenceConfidence, o.evidenceConfidence)
.append(identifier, o.identifier)
.toComparison();
/*
int conf = this.confidence.compareTo(o.confidence);
if (conf == 0) {
conf = this.evidenceConfidence.compareTo(o.evidenceConfidence);
@@ -809,6 +816,7 @@ public class CPEAnalyzer implements Analyzer {
}
}
return conf;
*/
}
}
}

30
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java
View File

@@ -21,6 +21,7 @@ import java.io.Serializable;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import org.apache.commons.lang3.builder.CompareToBuilder;
/**
* Contains the information about a vulnerability.
@@ -161,7 +162,8 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
* Adds an entry for vulnerable software.
*
* @param cpe string representation of a cpe
* @param previousVersion the previous version (previousVersion - cpe would be considered vulnerable)
* @param previousVersion the previous version (previousVersion - cpe would
* be considered vulnerable)
* @return if the add succeeded
*/
public boolean addVulnerableSoftware(String cpe, String previousVersion) {
@@ -390,28 +392,32 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
sb.append(this.name);
sb.append("\nReferences:\n");
for (Reference reference : this.references) {
sb.append("=> ");
sb.append(reference);
sb.append("\n");
sb.append("=> ");
sb.append(reference);
sb.append("\n");
}
sb.append("\nSoftware:\n");
for (VulnerableSoftware software : this.vulnerableSoftware) {
sb.append("=> ");
sb.append(software);
sb.append("\n");
sb.append("=> ");
sb.append(software);
sb.append("\n");
}
return sb.toString();
}
/**
* Compares two vulnerabilities.
*
* @param v a vulnerability to be compared
* @return a negative integer, zero, or a positive integer as this object is less than, equal to, or greater than
* the specified vulnerability
* @return a negative integer, zero, or a positive integer as this object is
* less than, equal to, or greater than the specified vulnerability
*/
@Override
public int compareTo(Vulnerability v) {
return v.getName().compareTo(this.getName());
return new CompareToBuilder()
.append(this.name, v.name)
.toComparison();
//return v.getName().compareTo(this.getName());
}
/**
@@ -427,8 +433,8 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
* Sets the CPE that caused this vulnerability to be flagged.
*
* @param cpeId a CPE identifier
* @param previous a flag indicating whether or not all previous versions were affected (any non-null value is
* considered true)
* @param previous a flag indicating whether or not all previous versions
* were affected (any non-null value is considered true)
*/
public void setMatchedCPE(String cpeId, String previous) {
matchedCPE = cpeId;