github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-21 16:49:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated compareTo so that null values are handled properly

Browse Source
This commit is contained in:
Jeremy Long
2016-09-06 05:48:12 -04:00
parent dde1791476
commit ffa846c05a
2 changed files with 26 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
View File

@@ -25,6 +25,7 @@ import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import java.util.StringTokenizer; import java.util.StringTokenizer;
import org.apache.commons.lang3.builder.CompareToBuilder;
import org.apache.lucene.document.Document; import org.apache.lucene.document.Document;
import org.apache.lucene.index.CorruptIndexException; import org.apache.lucene.index.CorruptIndexException;
import org.apache.lucene.queryparser.classic.ParseException; import org.apache.lucene.queryparser.classic.ParseException;
@@ -801,6 +802,12 @@ public class CPEAnalyzer implements Analyzer {
*/ */
@Override @Override
public int compareTo(IdentifierMatch o) { public int compareTo(IdentifierMatch o) {
return new CompareToBuilder()
.append(confidence, o.confidence)
.append(evidenceConfidence, o.evidenceConfidence)
.append(identifier, o.identifier)
.toComparison();
/*
int conf = this.confidence.compareTo(o.confidence); int conf = this.confidence.compareTo(o.confidence);
if (conf == 0) { if (conf == 0) {
conf = this.evidenceConfidence.compareTo(o.evidenceConfidence); conf = this.evidenceConfidence.compareTo(o.evidenceConfidence);
@@ -809,6 +816,7 @@ public class CPEAnalyzer implements Analyzer {
} }
} }
return conf; return conf;
*/
} }
} }
} }

30
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java
View File

@@ -21,6 +21,7 @@ import java.io.Serializable;
import java.util.Set; import java.util.Set;
import java.util.SortedSet; import java.util.SortedSet;
import java.util.TreeSet; import java.util.TreeSet;
import org.apache.commons.lang3.builder.CompareToBuilder;
/** /**
* Contains the information about a vulnerability. * Contains the information about a vulnerability.
@@ -161,7 +162,8 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
* Adds an entry for vulnerable software. * Adds an entry for vulnerable software.
* *
* @param cpe string representation of a cpe * @param cpe string representation of a cpe
* @param previousVersion the previous version (previousVersion - cpe would be considered vulnerable) * @param previousVersion the previous version (previousVersion - cpe would
* be considered vulnerable)
* @return if the add succeeded * @return if the add succeeded
*/ */
public boolean addVulnerableSoftware(String cpe, String previousVersion) { public boolean addVulnerableSoftware(String cpe, String previousVersion) {
@@ -390,28 +392,32 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
sb.append(this.name); sb.append(this.name);
sb.append("\nReferences:\n"); sb.append("\nReferences:\n");
for (Reference reference : this.references) { for (Reference reference : this.references) {
sb.append("=> "); sb.append("=> ");
sb.append(reference); sb.append(reference);
sb.append("\n"); sb.append("\n");
} }
sb.append("\nSoftware:\n"); sb.append("\nSoftware:\n");
for (VulnerableSoftware software : this.vulnerableSoftware) { for (VulnerableSoftware software : this.vulnerableSoftware) {
sb.append("=> "); sb.append("=> ");
sb.append(software); sb.append(software);
sb.append("\n"); sb.append("\n");
} }
return sb.toString(); return sb.toString();
} }
/** /**
* Compares two vulnerabilities. * Compares two vulnerabilities.
* *
* @param v a vulnerability to be compared * @param v a vulnerability to be compared
* @return a negative integer, zero, or a positive integer as this object is less than, equal to, or greater than * @return a negative integer, zero, or a positive integer as this object is
* the specified vulnerability * less than, equal to, or greater than the specified vulnerability
*/ */
@Override @Override
public int compareTo(Vulnerability v) { public int compareTo(Vulnerability v) {
return v.getName().compareTo(this.getName()); return new CompareToBuilder()
.append(this.name, v.name)
.toComparison();
//return v.getName().compareTo(this.getName());
} }
/** /**
@@ -427,8 +433,8 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
* Sets the CPE that caused this vulnerability to be flagged. * Sets the CPE that caused this vulnerability to be flagged.
* *
* @param cpeId a CPE identifier * @param cpeId a CPE identifier
* @param previous a flag indicating whether or not all previous versions were affected (any non-null value is * @param previous a flag indicating whether or not all previous versions
* considered true) * were affected (any non-null value is considered true)
*/ */
public void setMatchedCPE(String cpeId, String previous) { public void setMatchedCPE(String cpeId, String previous) {
matchedCPE = cpeId; matchedCPE = cpeId;