updated to prevent bundling of dependencies within WAR files

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java

@@ -154,13 +154,15 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer {
                     final ListIterator<Dependency> subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex());
                     while (subIterator.hasNext()) {
                         final Dependency nextDependency = subIterator.next();
-                        if (hashesMatch(dependency, nextDependency) && !containedInWar(dependency.getFilePath())
+                        if (hashesMatch(dependency, nextDependency)) {
-                                && !containedInWar(nextDependency.getFilePath())) {
+                            if (!containedInWar(dependency.getFilePath())
-                            if (firstPathIsShortest(dependency.getFilePath(), nextDependency.getFilePath())) {
+                                    && !containedInWar(nextDependency.getFilePath())) {
-                                mergeDependencies(dependency, nextDependency, dependenciesToRemove);
+                                if (firstPathIsShortest(dependency.getFilePath(), nextDependency.getFilePath())) {
-                            } else {
+                                    mergeDependencies(dependency, nextDependency, dependenciesToRemove);
-                                mergeDependencies(nextDependency, dependency, dependenciesToRemove);
+                                } else {
-                                break; //since we merged into the next dependency - skip forward to the next in mainIterator
+                                    mergeDependencies(nextDependency, dependency, dependenciesToRemove);
+                                    break; //since we merged into the next dependency - skip forward to the next in mainIterator
+                                }
                             }
                         } else if (isShadedJar(dependency, nextDependency)) {
                             if (dependency.getFileName().toLowerCase().endsWith("pom.xml")) {