From 16afe3e23d1f6ccafaf51aa2f44680669ef56b54 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Tue, 17 Sep 2013 10:42:54 -0400 Subject: [PATCH] added additional checks for false positives (apache maven and cvs:cvs) Former-commit-id: 19e21385b498ec259d8cc758719fff59503673a5 --- .../analyzer/FalsePositiveAnalyzer.java | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java index b7fa92208..aea5944f2 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java @@ -273,12 +273,15 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer { if ((i.getValue().matches(".*c\\+\\+.*") || i.getValue().startsWith("cpe:/a:jquery:jquery") || i.getValue().startsWith("cpe:/a:prototypejs:prototype") - || i.getValue().startsWith("cpe:/a:yahoo:yui")) + || i.getValue().startsWith("cpe:/a:yahoo:yui") + || i.getValue().startsWith("cpe:/a:file:file") + || i.getValue().startsWith("cpe:/a:mozilla:mozilla") + || i.getValue().startsWith("cpe:/a:cvs:cvs") + || i.getValue().startsWith("cpe:/a:ssh:ssh")) && dependency.getFileName().toLowerCase().endsWith(".jar")) { itr.remove(); - } else if (i.getValue().startsWith("cpe:/a:file:file") - || i.getValue().startsWith("cpe:/a:mozilla:mozilla") - || i.getValue().startsWith("cpe:/a:ssh:ssh")) { + } else if (i.getValue().startsWith("cpe:/a:apache:maven") + && !dependency.getFileName().toLowerCase().matches("maven-core-[\\d\\.]+\\.jar")) { itr.remove(); } }