github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-17 00:56:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug fixes

Browse Source 
Former-commit-id: e6e1292842528039ab4498d65239759e6729a70a
This commit is contained in:
Jeremy Long
2013-05-09 22:34:47 -04:00
parent a1c7612a85
commit 2e3331f568
8 changed files with 67 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
View File

@@ -178,7 +178,7 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
* @param dependency the dependency to remove JRE CPEs from
*/
private void removeJreEntries(Dependency dependency) {
final List<Identifier> identifiers = dependency.getIdentifiers();
final Set<Identifier> identifiers = dependency.getIdentifiers();
final Iterator<Identifier> itr = identifiers.iterator();
while (itr.hasNext()) {
final Identifier i = itr.next();

14
src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
View File

@@ -98,12 +98,24 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer {
"org.springframework.core",
Evidence.Confidence.HIGH);
final Set<Evidence> evidence = dependency.getProductEvidence().getEvidence();
final Evidence springTest3 = new Evidence("Manifest",
"Bundle-Vendor",
"SpringSource",
Evidence.Confidence.HIGH);
Set<Evidence> evidence = dependency.getProductEvidence().getEvidence();
if (evidence.contains(springTest1) || evidence.contains(springTest2)) {
dependency.getProductEvidence().addEvidence("a priori", "product", "springsource_spring_framework", Evidence.Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("a priori", "vendor", "SpringSource", Evidence.Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("a priori", "vendor", "vmware", Evidence.Confidence.HIGH);
}
evidence = dependency.getVendorEvidence().getEvidence();
if (evidence.contains(springTest3)) {
dependency.getProductEvidence().addEvidence("a priori", "product", "springsource_spring_framework", Evidence.Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("a priori", "vendor", "vmware", Evidence.Confidence.HIGH);
}
}
}