diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java index e076bb6ba..cd1a194bd 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java @@ -25,6 +25,7 @@ import java.util.Collections; import java.util.List; import java.util.Set; import java.util.StringTokenizer; +import org.apache.commons.lang3.builder.CompareToBuilder; import org.apache.lucene.document.Document; import org.apache.lucene.index.CorruptIndexException; import org.apache.lucene.queryparser.classic.ParseException; @@ -801,6 +802,12 @@ public class CPEAnalyzer implements Analyzer { */ @Override public int compareTo(IdentifierMatch o) { + return new CompareToBuilder() + .append(confidence, o.confidence) + .append(evidenceConfidence, o.evidenceConfidence) + .append(identifier, o.identifier) + .toComparison(); + /* int conf = this.confidence.compareTo(o.confidence); if (conf == 0) { conf = this.evidenceConfidence.compareTo(o.evidenceConfidence); @@ -809,6 +816,7 @@ public class CPEAnalyzer implements Analyzer { } } return conf; + */ } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java index 8d8f01cd1..5666c7d10 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java @@ -21,6 +21,7 @@ import java.io.Serializable; import java.util.Set; import java.util.SortedSet; import java.util.TreeSet; +import org.apache.commons.lang3.builder.CompareToBuilder; /** * Contains the information about a vulnerability. @@ -161,7 +162,8 @@ public class Vulnerability implements Serializable, Comparable { * Adds an entry for vulnerable software. * * @param cpe string representation of a cpe - * @param previousVersion the previous version (previousVersion - cpe would be considered vulnerable) + * @param previousVersion the previous version (previousVersion - cpe would + * be considered vulnerable) * @return if the add succeeded */ public boolean addVulnerableSoftware(String cpe, String previousVersion) { @@ -390,28 +392,32 @@ public class Vulnerability implements Serializable, Comparable { sb.append(this.name); sb.append("\nReferences:\n"); for (Reference reference : this.references) { - sb.append("=> "); - sb.append(reference); - sb.append("\n"); + sb.append("=> "); + sb.append(reference); + sb.append("\n"); } sb.append("\nSoftware:\n"); for (VulnerableSoftware software : this.vulnerableSoftware) { - sb.append("=> "); - sb.append(software); - sb.append("\n"); + sb.append("=> "); + sb.append(software); + sb.append("\n"); } return sb.toString(); } + /** * Compares two vulnerabilities. * * @param v a vulnerability to be compared - * @return a negative integer, zero, or a positive integer as this object is less than, equal to, or greater than - * the specified vulnerability + * @return a negative integer, zero, or a positive integer as this object is + * less than, equal to, or greater than the specified vulnerability */ @Override public int compareTo(Vulnerability v) { - return v.getName().compareTo(this.getName()); + return new CompareToBuilder() + .append(this.name, v.name) + .toComparison(); + //return v.getName().compareTo(this.getName()); } /** @@ -427,8 +433,8 @@ public class Vulnerability implements Serializable, Comparable { * Sets the CPE that caused this vulnerability to be flagged. * * @param cpeId a CPE identifier - * @param previous a flag indicating whether or not all previous versions were affected (any non-null value is - * considered true) + * @param previous a flag indicating whether or not all previous versions + * were affected (any non-null value is considered true) */ public void setMatchedCPE(String cpeId, String previous) { matchedCPE = cpeId;