From 05e52ca2361bb3d61322eb05680012f1a7f645f7 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 8 Feb 2014 23:53:47 -0500
Subject: [PATCH] updated how the description is processsed from the manifest
 to fix issue #34 for wss4j-1.5.7.jar

Former-commit-id: 2a9d9fc46b0437778383cdb4f1c34c04ef746c20
---
 .../dependencycheck/analyzer/JarAnalyzer.java | 47 +++++++++++++------
 1 file changed, 32 insertions(+), 15 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
index c8734f483..3138154ce 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -576,9 +576,9 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
             foundSomething = true;
             final String description = interpolateString(pom.getDescription(), pomProperties);
             if (description != null && !description.isEmpty()) {
-                addDescription(dependency, description, "pom", "description");
-                addMatchingValues(classes, description, dependency.getVendorEvidence());
-                addMatchingValues(classes, description, dependency.getProductEvidence());
+                final String trimmedDescription = addDescription(dependency, description, "pom", "description");
+                addMatchingValues(classes, trimmedDescription, dependency.getVendorEvidence());
+                addMatchingValues(classes, trimmedDescription, dependency.getProductEvidence());
             }
         }
 
@@ -826,14 +826,18 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
     }
 
     /**
-     * Adds a description to the given dependency.
+     * Adds a description to the given dependency. If the description contains one of the following strings beyond 100
+     * characters, then the description used will be trimmed to that position:
+     * <ul><li>"such as"</li><li>"like "</li><li>"will use "</li><li>"* uses "</li></ul>
      *
      * @param dependency a dependency
      * @param description the description
      * @param source the source of the evidence
      * @param key the "name" of the evidence
+     * @return if the description is trimmed, the trimmed version is returned; otherwise the original description is
+     * returned
      */
-    private void addDescription(Dependency dependency, String description, String source, String key) {
+    private String addDescription(Dependency dependency, String description, String source, String key) {
         if (dependency.getDescription() == null) {
             dependency.setDescription(description);
         }
@@ -845,29 +849,42 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
         }
         dependency.setDescription(desc);
         if (desc.length() > 100) {
+            desc = desc.replaceAll("\\s\\s+", " ");
             final int posSuchAs = desc.toLowerCase().indexOf("such as ", 100);
             final int posLike = desc.toLowerCase().indexOf("like ", 100);
+            final int posWillUse = desc.toLowerCase().indexOf("will use ", 100);
+            final int posUses = desc.toLowerCase().indexOf(" uses ", 100);
             int pos = -1;
-            if (posLike > 0 && posSuchAs > 0) {
-                pos = posLike > posSuchAs ? posLike : posSuchAs;
-            } else if (posLike > 0) {
-                pos = posLike;
-            } else if (posSuchAs > 0) {
-                pos = posSuchAs;
+            pos = Math.max(pos, posSuchAs);
+            if (pos >= 0 && posLike >= 0) {
+                pos = Math.min(pos, posLike);
+            } else {
+                pos = Math.max(pos, posLike);
             }
-            String descToUse = desc;
+            if (pos >= 0 && posWillUse >= 0) {
+                pos = Math.min(pos, posWillUse);
+            } else {
+                pos = Math.max(pos, posWillUse);
+            }
+            if (pos >= 0 && posUses >= 0) {
+                pos = Math.min(pos, posUses);
+            } else {
+                pos = Math.max(pos, posUses);
+            }
+
             if (pos > 0) {
                 final StringBuilder sb = new StringBuilder(pos + 3);
                 sb.append(desc.substring(0, pos));
                 sb.append("...");
-                descToUse = sb.toString();
+                desc = sb.toString();
             }
-            dependency.getProductEvidence().addEvidence(source, key, descToUse, Confidence.LOW);
-            dependency.getVendorEvidence().addEvidence(source, key, descToUse, Confidence.LOW);
+            dependency.getProductEvidence().addEvidence(source, key, desc, Confidence.LOW);
+            dependency.getVendorEvidence().addEvidence(source, key, desc, Confidence.LOW);
         } else {
             dependency.getProductEvidence().addEvidence(source, key, desc, Confidence.MEDIUM);
             dependency.getVendorEvidence().addEvidence(source, key, desc, Confidence.MEDIUM);
         }
+        return desc;
     }
 
     /**