github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-21 16:49:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix for issue 232 - dependencies in seperate war files were being combined as related in cli

Browse Source 
Former-commit-id: d43f3689be374468a6877436a2b1c94d13897c30
This commit is contained in:
Jeremy Long
2015-06-13 08:25:20 -04:00
parent 65a5d38fc6
commit 316bab6fff
1 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
View File

@@ -111,7 +111,8 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
final ListIterator<Dependency> subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex()); final ListIterator<Dependency> subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex());
while (subIterator.hasNext()) { while (subIterator.hasNext()) {
final Dependency nextDependency = subIterator.next(); final Dependency nextDependency = subIterator.next();
if (hashesMatch(dependency, nextDependency)) { if (hashesMatch(dependency, nextDependency) && !containedInWar(dependency.getFilePath())
&& !containedInWar(nextDependency.getFilePath())) {
if (firstPathIsShortest(dependency.getFilePath(), nextDependency.getFilePath())) { if (firstPathIsShortest(dependency.getFilePath(), nextDependency.getFilePath())) {
mergeDependencies(dependency, nextDependency, dependenciesToRemove); mergeDependencies(dependency, nextDependency, dependenciesToRemove);
} else { } else {
@@ -125,7 +126,7 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
break; break;
} else { } else {
mergeDependencies(dependency, nextDependency, dependenciesToRemove); mergeDependencies(dependency, nextDependency, dependenciesToRemove);
nextDependency.getRelatedDependencies().remove(nextDependency); dependency.getRelatedDependencies().remove(nextDependency);
} }
} else if (cpeIdentifiersMatch(dependency, nextDependency) } else if (cpeIdentifiersMatch(dependency, nextDependency)
&& hasSameBasePath(dependency, nextDependency) && hasSameBasePath(dependency, nextDependency)
@@ -421,4 +422,14 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
} }
return count; return count;
} }
/**
* Checks if the given file path is contained within a war or ear file.
*
* @param filePath the file path to check
* @return true if the path contains '.war\' or '.ear\'.
*/
private boolean containedInWar(String filePath) {
return filePath == null ? false : filePath.matches(".*\\.(ear|war)[\\\\/].*");
}
} }