added notes for future enhancement

Former-commit-id: 2886464dc1fd657b79f1763eec2862bbf2c11af7
2026-01-14 15:53:36 +01:00 · 2015-05-23 06:39:23 -04:00
parent 928d8dbb15
commit 362c7e9c04
1 changed files with 2 additions and 0 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
@@ -406,6 +406,8 @@ public class CPEAnalyzer implements Analyzer {
    private boolean verifyEntry(final IndexEntry entry, final Dependency dependency) {
        boolean isValid = false;

+        //TODO - does this nullify some of the fuzzy matching that happens in the lucene search?
+        // for instance CPE some-component and in the evidence we have SomeComponent.
        if (collectionContainsString(dependency.getProductEvidence(), entry.getProduct())
                && collectionContainsString(dependency.getVendorEvidence(), entry.getVendor())) {
            //&& collectionContainsVersion(dependency.getVersionEvidence(), entry.getVersion())