1 /*
2 * This file is part of dependency-check-core.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17 */
18 package org.owasp.dependencycheck.dependency;
19
20 import org.apache.commons.lang3.ObjectUtils;
21 import org.apache.commons.lang3.StringUtils;
22 import org.apache.commons.lang3.builder.HashCodeBuilder;
23
24 import java.io.Serializable;
25
26 /**
27 * Evidence is a piece of information about a Dependency.
28 *
29 * @author Jeremy Long
30 */
31 public class Evidence implements Serializable, Comparable<Evidence> {
32
33 /**
34 * The serial version UID for serialization.
35 */
36 private static final long serialVersionUID = 1L;
37 /**
38 * Used as starting point for generating the value in {@link #hashCode()}.
39 */
40 private static final int MAGIC_HASH_INIT_VALUE = 3;
41
42 /**
43 * Used as a multiplier for generating the value in {@link #hashCode()}.
44 */
45 private static final int MAGIC_HASH_MULTIPLIER = 67;
46
47 /**
48 * Creates a new Evidence object.
49 */
50 public Evidence() {
51 }
52
53 /**
54 * Creates a new Evidence objects.
55 *
56 * @param source the source of the evidence.
57 * @param name the name of the evidence.
58 * @param value the value of the evidence.
59 * @param confidence the confidence of the evidence.
60 */
61 public Evidence(String source, String name, String value, Confidence confidence) {
62 this.source = source;
63 this.name = name;
64 this.value = value;
65 this.confidence = confidence;
66 }
67
68 /**
69 * The name of the evidence.
70 */
71 private String name;
72
73 /**
74 * Get the value of name.
75 *
76 * @return the value of name
77 */
78 public String getName() {
79 return name;
80 }
81
82 /**
83 * Set the value of name.
84 *
85 * @param name new value of name
86 */
87 public void setName(String name) {
88 this.name = name;
89 }
90
91 /**
92 * The source of the evidence.
93 */
94 private String source;
95
96 /**
97 * Get the value of source.
98 *
99 * @return the value of source
100 */
101 public String getSource() {
102 return source;
103 }
104
105 /**
106 * Set the value of source.
107 *
108 * @param source new value of source
109 */
110 public void setSource(String source) {
111 this.source = source;
112 }
113
114 /**
115 * The value of the evidence.
116 */
117 private String value;
118
119 /**
120 * Get the value of value.
121 *
122 * @return the value of value
123 */
124 public String getValue() {
125 used = true;
126 return value;
127 }
128
129 /**
130 * Get the value of value. If setUsed is set to false this call to get will not mark the evidence as used.
131 *
132 * @param setUsed whether or not this call to getValue should cause the used flag to be updated
133 * @return the value of value
134 */
135 public String getValue(Boolean setUsed) {
136 used = used || setUsed;
137 return value;
138 }
139
140 /**
141 * Set the value of value.
142 *
143 * @param value new value of value
144 */
145 public void setValue(String value) {
146 this.value = value;
147 }
148
149 /**
150 * A value indicating if the Evidence has been "used" (aka read).
151 */
152 private boolean used;
153
154 /**
155 * Get the value of used.
156 *
157 * @return the value of used
158 */
159 public boolean isUsed() {
160 return used;
161 }
162
163 /**
164 * Set the value of used.
165 *
166 * @param used new value of used
167 */
168 public void setUsed(boolean used) {
169 this.used = used;
170 }
171
172 /**
173 * The confidence level for the evidence.
174 */
175 private Confidence confidence;
176
177 /**
178 * Get the value of confidence.
179 *
180 * @return the value of confidence
181 */
182 public Confidence getConfidence() {
183 return confidence;
184 }
185
186 /**
187 * Set the value of confidence.
188 *
189 * @param confidence new value of confidence
190 */
191 public void setConfidence(Confidence confidence) {
192 this.confidence = confidence;
193 }
194
195 /**
196 * Implements the hashCode for Evidence.
197 *
198 * @return hash code.
199 */
200 @Override
201 public int hashCode() {
202 return new HashCodeBuilder(MAGIC_HASH_INIT_VALUE, MAGIC_HASH_MULTIPLIER)
203 .append(StringUtils.lowerCase(name))
204 .append(StringUtils.lowerCase(source))
205 .append(StringUtils.lowerCase(value))
206 .append(confidence)
207 .toHashCode();
208 }
209
210 /**
211 * Implements equals for Evidence.
212 *
213 * @param that an object to check the equality of.
214 * @return whether the two objects are equal.
215 */
216 @Override
217 public boolean equals(Object that) {
218 if (this == that) {
219 return true;
220 }
221 if (!(that instanceof Evidence)) {
222 return false;
223 }
224 final Evidence e = (Evidence) that;
225
226 return StringUtils.equalsIgnoreCase(name, e.name)
227 && StringUtils.equalsIgnoreCase(source, e.source)
228 && StringUtils.equalsIgnoreCase(value, e.value)
229 && ObjectUtils.equals(confidence, e.confidence);
230 }
231
232 /**
233 * Implementation of the comparable interface.
234 *
235 * @param o the evidence being compared
236 * @return an integer indicating the ordering of the two objects
237 */
238 @Override
239 public int compareTo(Evidence o) {
240 if (o == null) {
241 return 1;
242 }
243 if (StringUtils.equalsIgnoreCase(source, o.source)) {
244 if (StringUtils.equalsIgnoreCase(name, o.name)) {
245 if (StringUtils.equalsIgnoreCase(value, o.value)) {
246 if (ObjectUtils.equals(confidence, o.confidence)) {
247 return 0; //they are equal
248 } else {
249 return ObjectUtils.compare(confidence, o.confidence);
250 }
251 } else {
252 return compareToIgnoreCaseWithNullCheck(value, o.value);
253 }
254 } else {
255 return compareToIgnoreCaseWithNullCheck(name, o.name);
256 }
257 } else {
258 return compareToIgnoreCaseWithNullCheck(source, o.source);
259 }
260 }
261
262 /**
263 * Wrapper around {@link java.lang.String#compareToIgnoreCase(java.lang.String) String.compareToIgnoreCase} with an
264 * exhaustive, possibly duplicative, check against nulls.
265 *
266 * @param me the value to be compared
267 * @param other the other value to be compared
268 * @return true if the values are equal; otherwise false
269 */
270 private int compareToIgnoreCaseWithNullCheck(String me, String other) {
271 if (me == null && other == null) {
272 return 0;
273 } else if (me == null) {
274 return -1; //the other string is greater then me
275 } else if (other == null) {
276 return 1; //me is greater then the other string
277 }
278 return me.compareToIgnoreCase(other);
279 }
280
281 /**
282 * Standard toString() implementation.
283 *
284 * @return the string representation of the object
285 */
286 @Override
287 public String toString() {
288 return "Evidence{" + "name=" + name + ", source=" + source + ", value=" + value + ", confidence=" + confidence + '}';
289 }
290 }