github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-14 14:11:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated how the description is processsed from the manifest to fix issue #34 for wss4j-1.5.7.jar

Browse Source 
Former-commit-id: 5787236ee3e5af407cf5654aeb2a4fe47ecc02c0
This commit is contained in:
Jeremy Long
2014-02-08 23:53:47 -05:00
parent 3febed82f1
commit 367f763ce5
1 changed files with 32 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -576,9 +576,9 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
foundSomething = true; foundSomething = true;
final String description = interpolateString(pom.getDescription(), pomProperties); final String description = interpolateString(pom.getDescription(), pomProperties);
if (description != null && !description.isEmpty()) { if (description != null && !description.isEmpty()) {
addDescription(dependency, description, "pom", "description"); final String trimmedDescription = addDescription(dependency, description, "pom", "description");
addMatchingValues(classes, description, dependency.getVendorEvidence()); addMatchingValues(classes, trimmedDescription, dependency.getVendorEvidence());
addMatchingValues(classes, description, dependency.getProductEvidence()); addMatchingValues(classes, trimmedDescription, dependency.getProductEvidence());
} }
} }
@@ -826,14 +826,18 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
} }
/** /**
* Adds a description to the given dependency. * Adds a description to the given dependency. If the description contains one of the following strings beyond 100
* characters, then the description used will be trimmed to that position:
* <ul><li>"such as"</li><li>"like "</li><li>"will use "</li><li>"* uses "</li></ul>
* *
* @param dependency a dependency * @param dependency a dependency
* @param description the description * @param description the description
* @param source the source of the evidence * @param source the source of the evidence
* @param key the "name" of the evidence * @param key the "name" of the evidence
* @return if the description is trimmed, the trimmed version is returned; otherwise the original description is
* returned
*/ */
private void addDescription(Dependency dependency, String description, String source, String key) { private String addDescription(Dependency dependency, String description, String source, String key) {
if (dependency.getDescription() == null) { if (dependency.getDescription() == null) {
dependency.setDescription(description); dependency.setDescription(description);
} }
@@ -845,29 +849,42 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
} }
dependency.setDescription(desc); dependency.setDescription(desc);
if (desc.length() > 100) { if (desc.length() > 100) {
desc = desc.replaceAll("\\s\\s+", " ");
final int posSuchAs = desc.toLowerCase().indexOf("such as ", 100); final int posSuchAs = desc.toLowerCase().indexOf("such as ", 100);
final int posLike = desc.toLowerCase().indexOf("like ", 100); final int posLike = desc.toLowerCase().indexOf("like ", 100);
final int posWillUse = desc.toLowerCase().indexOf("will use ", 100);
final int posUses = desc.toLowerCase().indexOf(" uses ", 100);
int pos = -1; int pos = -1;
if (posLike > 0 && posSuchAs > 0) { pos = Math.max(pos, posSuchAs);
pos = posLike > posSuchAs ? posLike : posSuchAs; if (pos >= 0 && posLike >= 0) {
} else if (posLike > 0) { pos = Math.min(pos, posLike);
pos = posLike; } else {
} else if (posSuchAs > 0) { pos = Math.max(pos, posLike);
pos = posSuchAs;
} }
String descToUse = desc; if (pos >= 0 && posWillUse >= 0) {
pos = Math.min(pos, posWillUse);
} else {
pos = Math.max(pos, posWillUse);
}
if (pos >= 0 && posUses >= 0) {
pos = Math.min(pos, posUses);
} else {
pos = Math.max(pos, posUses);
}
if (pos > 0) { if (pos > 0) {
final StringBuilder sb = new StringBuilder(pos + 3); final StringBuilder sb = new StringBuilder(pos + 3);
sb.append(desc.substring(0, pos)); sb.append(desc.substring(0, pos));
sb.append("..."); sb.append("...");
descToUse = sb.toString(); desc = sb.toString();
} }
dependency.getProductEvidence().addEvidence(source, key, descToUse, Confidence.LOW); dependency.getProductEvidence().addEvidence(source, key, desc, Confidence.LOW);
dependency.getVendorEvidence().addEvidence(source, key, descToUse, Confidence.LOW); dependency.getVendorEvidence().addEvidence(source, key, desc, Confidence.LOW);
} else { } else {
dependency.getProductEvidence().addEvidence(source, key, desc, Confidence.MEDIUM); dependency.getProductEvidence().addEvidence(source, key, desc, Confidence.MEDIUM);
dependency.getVendorEvidence().addEvidence(source, key, desc, Confidence.MEDIUM); dependency.getVendorEvidence().addEvidence(source, key, desc, Confidence.MEDIUM);
} }
return desc;
} }
/** /**