github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-21 08:39:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #467 from colezlaw/python-init

Browse Source 
Patch for jeremylong/DependencyCheck/#466
This commit is contained in:
Jeremy Long
2016-03-25 19:35:06 -04:00
parent 54beafa262 d77a70c360
commit 0b699d45bf
2 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java
View File

@@ -18,7 +18,9 @@
package org.owasp.dependencycheck.analyzer; package org.owasp.dependencycheck.analyzer;
import java.io.File; import java.io.File;
import org.apache.commons.io.FilenameUtils; import org.apache.commons.io.FilenameUtils;
import org.apache.commons.io.filefilter.NameFileFilter;
import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Confidence;
@@ -65,6 +67,13 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
} }
//</editor-fold> //</editor-fold>
// Python init files
private static final NameFileFilter IGNORED_FILES = new NameFileFilter(new String[] {
"__init__.py",
"__init__.pyc",
"__init__.pyo"
});
/** /**
* Collects information about the file name. * Collects information about the file name.
* *
@@ -102,7 +111,7 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
fileName, Confidence.HIGHEST); fileName, Confidence.HIGHEST);
dependency.getVendorEvidence().addEvidence("file", "name", dependency.getVendorEvidence().addEvidence("file", "name",
fileName, Confidence.HIGHEST); fileName, Confidence.HIGHEST);
} else { } else if (!IGNORED_FILES.accept(f)) {
dependency.getProductEvidence().addEvidence("file", "name", dependency.getProductEvidence().addEvidence("file", "name",
fileName, Confidence.HIGH); fileName, Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("file", "name", dependency.getVendorEvidence().addEvidence("file", "name",

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java
View File

@@ -185,7 +185,7 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
if (found) { if (found) {
dependency.setDisplayFileName(parentName + "/__init__.py"); dependency.setDisplayFileName(parentName + "/__init__.py");
dependency.getProductEvidence().addEvidence(file.getName(), dependency.getProductEvidence().addEvidence(file.getName(),
"PackageName", parentName, Confidence.MEDIUM); "PackageName", parentName, Confidence.HIGH);
} else { } else {
// copy, alter and set in case some other thread is iterating over // copy, alter and set in case some other thread is iterating over
final List<Dependency> dependencies = new ArrayList<Dependency>( final List<Dependency> dependencies = new ArrayList<Dependency>(