github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-18 07:14:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/colezlaw/DependencyCheck into colezlaw-master

Browse Source 
Former-commit-id: 5c3cc39a8cea339d2c217cc9c10cb55e60dd735b
This commit is contained in:
Jeremy Long
2014-01-24 17:35:54 -05:00
parent b1a5af187c be6d590254
commit 0d6a72d364
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java
View File

@@ -108,8 +108,16 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
//add version evidence //add version evidence
final DependencyVersion version = DependencyVersionUtil.parseVersion(fileName); final DependencyVersion version = DependencyVersionUtil.parseVersion(fileName);
if (version != null) { if (version != null) {
dependency.getVersionEvidence().addEvidence("file", "name", // If the version number is just a number like 2 or 23, reduce the confidence
version.toString(), Confidence.HIGHEST); // a shade. This should hopefully correct for cases like log4j.jar or
// struts2-core.jar
if (version.getVersionParts() == null || version.getVersionParts().size() < 2) {
dependency.getVersionEvidence().addEvidence("file", "name",
version.toString(), Confidence.MEDIUM);
} else {
dependency.getVersionEvidence().addEvidence("file", "name",
version.toString(), Confidence.HIGHEST);
}
dependency.getVersionEvidence().addEvidence("file", "name", dependency.getVersionEvidence().addEvidence("file", "name",
fileName, Confidence.MEDIUM); fileName, Confidence.MEDIUM);
} }