github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-17 23:04:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated logic to make specification-version lower quality evidence

Browse Source 
Former-commit-id: 7f29adc8590243ac6a8719a391318fa3818e27eb
This commit is contained in:
Jeremy Long
2013-09-05 21:34:33 -04:00
parent 965429296b
commit 13997cd282
1 changed files with 21 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -580,38 +580,38 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
} }
if (IGNORE_VALUES.contains(value)) { if (IGNORE_VALUES.contains(value)) {
continue; continue;
} else if (key.equals(Attributes.Name.IMPLEMENTATION_TITLE.toString())) { } else if (key.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_TITLE.toString())) {
foundSomething = true; foundSomething = true;
productEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH); productEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
addMatchingValues(classInformation, value, productEvidence); addMatchingValues(classInformation, value, productEvidence);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VERSION.toString())) { } else if (key.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_VERSION.toString())) {
foundSomething = true; foundSomething = true;
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH); versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR.toString())) { } else if (key.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_VENDOR.toString())) {
foundSomething = true; foundSomething = true;
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH); vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
addMatchingValues(classInformation, value, vendorEvidence); addMatchingValues(classInformation, value, vendorEvidence);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR_ID.toString())) { } else if (key.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_VENDOR_ID.toString())) {
foundSomething = true; foundSomething = true;
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
addMatchingValues(classInformation, value, vendorEvidence); addMatchingValues(classInformation, value, vendorEvidence);
} else if (key.equals(BUNDLE_DESCRIPTION)) { } else if (key.equalsIgnoreCase(BUNDLE_DESCRIPTION)) {
foundSomething = true; foundSomething = true;
addDescription(dependency, value, "manifest", key); addDescription(dependency, value, "manifest", key);
//productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); //productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
addMatchingValues(classInformation, value, productEvidence); addMatchingValues(classInformation, value, productEvidence);
} else if (key.equals(BUNDLE_NAME)) { } else if (key.equalsIgnoreCase(BUNDLE_NAME)) {
foundSomething = true; foundSomething = true;
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
addMatchingValues(classInformation, value, productEvidence); addMatchingValues(classInformation, value, productEvidence);
} else if (key.equals(BUNDLE_VENDOR)) { } else if (key.equalsIgnoreCase(BUNDLE_VENDOR)) {
foundSomething = true; foundSomething = true;
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH); vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
addMatchingValues(classInformation, value, vendorEvidence); addMatchingValues(classInformation, value, vendorEvidence);
} else if (key.equals(BUNDLE_VERSION)) { } else if (key.equalsIgnoreCase(BUNDLE_VERSION)) {
foundSomething = true; foundSomething = true;
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH); versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.MAIN_CLASS.toString())) { } else if (key.equalsIgnoreCase(Attributes.Name.MAIN_CLASS.toString())) {
continue; continue;
//skipping main class as if this has important information to add //skipping main class as if this has important information to add
// it will be added during class name analysis... if other fields // it will be added during class name analysis... if other fields
@@ -637,13 +637,22 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
foundSomething = true; foundSomething = true;
if (key.contains("version")) { if (key.contains("version")) {
if (key.contains("specification")) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
} else {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); versionEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
}
} else if (key.contains("title")) { } else if (key.contains("title")) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
addMatchingValues(classInformation, value, productEvidence); addMatchingValues(classInformation, value, productEvidence);
} else if (key.contains("vendor")) { } else if (key.contains("vendor")) {
if (key.contains("specification")) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
} else {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
addMatchingValues(classInformation, value, vendorEvidence); addMatchingValues(classInformation, value, vendorEvidence);
}
} else if (key.contains("name")) { } else if (key.contains("name")) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);