github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-13 23:33:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

patch for issue #229 to remove bundle vendor from the evidence

Browse Source 
Former-commit-id: a5a24422d5edfb23d3ea4d4c617044051d454860
This commit is contained in:
Jeremy Long
2015-06-14 15:51:26 -04:00
parent 02209fc039
commit 07dda233ec
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -116,6 +116,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
"tool",
"bundle-manifestversion",
"bundlemanifestversion",
"bundle-vendor",
"include-resource",
"embed-dependency",
"ipojo-components",
@@ -689,10 +690,11 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
foundSomething = true;
productEvidence.addEvidence(source, key, value, Confidence.MEDIUM);
addMatchingValues(classInformation, value, productEvidence);
} else if (key.equalsIgnoreCase(BUNDLE_VENDOR)) {
foundSomething = true;
vendorEvidence.addEvidence(source, key, value, Confidence.HIGH);
addMatchingValues(classInformation, value, vendorEvidence);
// //the following caused false positives.
// } else if (key.equalsIgnoreCase(BUNDLE_VENDOR)) {
// foundSomething = true;
// vendorEvidence.addEvidence(source, key, value, Confidence.HIGH);
// addMatchingValues(classInformation, value, vendorEvidence);
} else if (key.equalsIgnoreCase(BUNDLE_VERSION)) {
foundSomething = true;
versionEvidence.addEvidence(source, key, value, Confidence.HIGH);