github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-21 00:29:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix for issue #863

Browse Source
This commit is contained in:
Jeremy Long
2017-10-08 08:24:42 -04:00
parent c153463471
commit 01ff6d986c
1 changed files with 21 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -74,7 +74,8 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
//<editor-fold defaultstate="collapsed" desc="Constants and Member Variables"> //<editor-fold defaultstate="collapsed" desc="Constants and Member Variables">
/** /**
* A descriptor for the type of dependencies processed or added by this analyzer * A descriptor for the type of dependencies processed or added by this
* analyzer
*/ */
public static final String DEPENDENCY_ECOSYSTEM = "Java"; public static final String DEPENDENCY_ECOSYSTEM = "Java";
/** /**
@@ -585,10 +586,15 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
addMatchingProductValues(classes, org, dependency); addMatchingProductValues(classes, org, dependency);
} }
// org name // org name
final String orgUrl = pom.getOrganizationUrl(); String orgUrl = pom.getOrganizationUrl();
if (orgUrl != null && !orgUrl.isEmpty()) { if (orgUrl != null && !orgUrl.isEmpty()) {
if (orgUrl.startsWith("https://github.com/")) {
orgUrl = orgUrl.substring(19);
dependency.addEvidence(EvidenceType.PRODUCT, "pom", "url", orgUrl, Confidence.HIGH);
} else {
dependency.addEvidence(EvidenceType.PRODUCT, "pom", "organization url", orgUrl, Confidence.LOW);
}
dependency.addEvidence(EvidenceType.VENDOR, "pom", "organization url", orgUrl, Confidence.MEDIUM); dependency.addEvidence(EvidenceType.VENDOR, "pom", "organization url", orgUrl, Confidence.MEDIUM);
dependency.addEvidence(EvidenceType.PRODUCT, "pom", "organization url", orgUrl, Confidence.LOW);
} }
//pom name //pom name
final String pomName = pom.getName(); final String pomName = pom.getName();
@@ -610,9 +616,16 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
addMatchingProductValues(classes, trimmedDescription, dependency); addMatchingProductValues(classes, trimmedDescription, dependency);
} }
final String projectURL = pom.getProjectURL(); String projectURL = pom.getProjectURL();
if (projectURL != null && !projectURL.trim().isEmpty()) { if (projectURL != null && !projectURL.trim().isEmpty()) {
if (projectURL.startsWith("https://github.com/")) {
projectURL = projectURL.substring(19);
dependency.addEvidence(EvidenceType.PRODUCT, "pom", "url", projectURL, Confidence.HIGH);
} else {
dependency.addEvidence(EvidenceType.PRODUCT, "pom", "url", projectURL, Confidence.MEDIUM);
}
dependency.addEvidence(EvidenceType.VENDOR, "pom", "url", projectURL, Confidence.HIGHEST); dependency.addEvidence(EvidenceType.VENDOR, "pom", "url", projectURL, Confidence.HIGHEST);
} }
extractLicense(pom, dependency); extractLicense(pom, dependency);
@@ -701,6 +714,9 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
if (HTML_DETECTION_PATTERN.matcher(value).find()) { if (HTML_DETECTION_PATTERN.matcher(value).find()) {
value = Jsoup.parse(value).text(); value = Jsoup.parse(value).text();
} }
if (value.startsWith("git@github.com:")) {
value = value.substring(15);
}
if (IGNORE_VALUES.contains(value)) { if (IGNORE_VALUES.contains(value)) {
//noinspection UnnecessaryContinue //noinspection UnnecessaryContinue
continue; continue;
@@ -1080,6 +1096,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
} }
} }
} }
/** /**
* Cycles through the collection of class name information to see if parts * Cycles through the collection of class name information to see if parts
* of the package names are contained in the provided value. If found, it * of the package names are contained in the provided value. If found, it