From 07dda233ec91d50aeff374cb978e0821d86136a9 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sun, 14 Jun 2015 15:51:26 -0400 Subject: [PATCH] patch for issue #229 to remove bundle vendor from the evidence Former-commit-id: a5a24422d5edfb23d3ea4d4c617044051d454860 --- .../owasp/dependencycheck/analyzer/JarAnalyzer.java | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index 86fd9ab10..a424d1d79 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -116,6 +116,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { "tool", "bundle-manifestversion", "bundlemanifestversion", + "bundle-vendor", "include-resource", "embed-dependency", "ipojo-components", @@ -689,10 +690,11 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { foundSomething = true; productEvidence.addEvidence(source, key, value, Confidence.MEDIUM); addMatchingValues(classInformation, value, productEvidence); - } else if (key.equalsIgnoreCase(BUNDLE_VENDOR)) { - foundSomething = true; - vendorEvidence.addEvidence(source, key, value, Confidence.HIGH); - addMatchingValues(classInformation, value, vendorEvidence); +// //the following caused false positives. +// } else if (key.equalsIgnoreCase(BUNDLE_VENDOR)) { +// foundSomething = true; +// vendorEvidence.addEvidence(source, key, value, Confidence.HIGH); +// addMatchingValues(classInformation, value, vendorEvidence); } else if (key.equalsIgnoreCase(BUNDLE_VERSION)) { foundSomething = true; versionEvidence.addEvidence(source, key, value, Confidence.HIGH);