fix: improve update version parsing (#6163)

jeremylong · Nov 28, 2023 · aec49c8 · aec49c8
1 parent ed3912c
commit aec49c8
Show file tree

Hide file tree

Showing 2 changed files with 97 additions and 3 deletions.
diff --git a/core/src/main/java/org/owasp/dependencycheck/utils/Utils.java b/core/src/main/java/org/owasp/dependencycheck/utils/Utils.java
@@ -17,12 +17,21 @@
  */
 package org.owasp.dependencycheck.utils;
 
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 /**
  *
  * @author Jeremy Long
  */
 public final class Utils {
 
+    /**
+     * The logger.
+     */
+    private static final Logger LOGGER = LoggerFactory.getLogger(Utils.class);
+
     /**
      * Empty constructor for utility class.
      */
@@ -55,9 +64,20 @@ public static int getJavaVersion() {
     public static int getJavaUpdateVersion() {
         //"1.8.0_144" "11.0.2+9" "17.0.8.1"
         String runtimeVersion = System.getProperty("java.runtime.version");
+        return parseUpdate(runtimeVersion);
+    }
+
+    /**
+     * Parses the update version from the runtime version.
+     *
+     * @param runtimeVersion the runtime version
+     * @return the update version
+     */
+    protected static int parseUpdate(String runtimeVersion) {
+        LOGGER.debug(runtimeVersion);
         try {
             String[] parts = runtimeVersion.split("\\.");
-            if (parts.length == 4) {
+            if (parts.length == 4 && isNumeric(parts)) {
                 return Integer.parseInt(parts[2]);
             }
             int pos = runtimeVersion.indexOf('_');
@@ -68,9 +88,9 @@ public static int getJavaUpdateVersion() {
                     return 0;
                 }
             }
-            int end = runtimeVersion.lastIndexOf('+');
+            int end = runtimeVersion.indexOf('+', pos);
             if (end < 0) {
-                end = runtimeVersion.lastIndexOf('-');
+                end = runtimeVersion.indexOf('-', pos);
             }
             if (end > pos) {
                 return Integer.parseInt(runtimeVersion.substring(pos + 1, end));
@@ -82,8 +102,26 @@ public static int getJavaUpdateVersion() {
         }
     }
 
+    /**
+     * Determines if all parts of the string array are numeric.
+     *
+     * @param parts the strings to check
+     * @return true if all of the strings in the array are numeric; otherwise
+     * false
+     */
+    private static boolean isNumeric(String[] parts) {
+        for (String i : parts) {
+            if (!StringUtils.isNumeric(i)) {
+                return false;
+            }
+        }
+        return true;
+    }
+
     public static void main(String[] args) {
+        System.out.println("Java runtime : " + System.getProperty("java.runtime.version"));
         System.out.println("Java version : " + getJavaVersion());
         System.out.println("Java update  : " + getJavaUpdateVersion());
+
     }
 }
diff --git a/core/src/test/java/org/owasp/dependencycheck/utils/UtilsTest.java b/core/src/test/java/org/owasp/dependencycheck/utils/UtilsTest.java
@@ -0,0 +1,56 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2023 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.utils;
+
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+/**
+ *
+ * @author Jeremy Long
+ */
+public class UtilsTest {
+
+    /**
+     * Test of parseUpdate method, of class Utils.
+     */
+    @Test
+    public void testParseUpdate() {
+
+        String runtimeVersion = "1.8.0_252-8u252-b09-1~deb9u1-b09";
+        int expResult = 252;
+        int result = Utils.parseUpdate(runtimeVersion);
+        assertEquals(expResult, result);
+
+        runtimeVersion = "1.8.0_144";
+        expResult = 144;
+        result = Utils.parseUpdate(runtimeVersion);
+        assertEquals(expResult, result);
+
+        runtimeVersion = "11.0.2+9";
+        expResult = 2;
+        result = Utils.parseUpdate(runtimeVersion);
+        assertEquals(expResult, result);
+
+        runtimeVersion = "17.0.8.1";
+        expResult = 8;
+        result = Utils.parseUpdate(runtimeVersion);
+        assertEquals(expResult, result);
+    }
+
+}