patch for issue #229 to remove bundle vendor from the evidence

Former-commit-id: a5a24422d5edfb23d3ea4d4c617044051d454860
2026-03-26 02:51:27 +01:00 · 2015-06-14 15:51:26 -04:00
parent 02209fc039
commit 07dda233ec
1 changed files with 6 additions and 4 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -116,6 +116,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
            "tool",
            "bundle-manifestversion",
            "bundlemanifestversion",
            "bundle-vendor",
            "include-resource",
            "embed-dependency",
            "ipojo-components",
@@ -689,10 +690,11 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
                    foundSomething = true;
                    productEvidence.addEvidence(source, key, value, Confidence.MEDIUM);
                    addMatchingValues(classInformation, value, productEvidence);
-                } else if (key.equalsIgnoreCase(BUNDLE_VENDOR)) {
+//                //the following caused false positives.
-                    foundSomething = true;
+//                } else if (key.equalsIgnoreCase(BUNDLE_VENDOR)) {
-                    vendorEvidence.addEvidence(source, key, value, Confidence.HIGH);
+//                    foundSomething = true;
-                    addMatchingValues(classInformation, value, vendorEvidence);
+//                    vendorEvidence.addEvidence(source, key, value, Confidence.HIGH);
 //                    addMatchingValues(classInformation, value, vendorEvidence);
                } else if (key.equalsIgnoreCase(BUNDLE_VERSION)) {
                    foundSomething = true;
                    versionEvidence.addEvidence(source, key, value, Confidence.HIGH);