From 362c7e9c04d47e71e2b33410d84aabf93e3ff7ba Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 23 May 2015 06:39:23 -0400
Subject: [PATCH] added notes for future enhancement

Former-commit-id: 2886464dc1fd657b79f1763eec2862bbf2c11af7
---
 .../java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java    | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
index 02363842e..0b78ab908 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
@@ -406,6 +406,8 @@ public class CPEAnalyzer implements Analyzer {
     private boolean verifyEntry(final IndexEntry entry, final Dependency dependency) {
         boolean isValid = false;
 
+        //TODO - does this nullify some of the fuzzy matching that happens in the lucene search?
+        // for instance CPE some-component and in the evidence we have SomeComponent.
         if (collectionContainsString(dependency.getProductEvidence(), entry.getProduct())
                 && collectionContainsString(dependency.getVendorEvidence(), entry.getVendor())) {
             //&& collectionContainsVersion(dependency.getVersionEvidence(), entry.getVersion())