github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-13 15:23:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

improved pom analysis

Browse Source 
Former-commit-id: 8da3f802dbf2c3d8cd63d07a1a0a5d984074f007
This commit is contained in:
Jeremy Long
2013-05-03 20:23:42 -04:00
parent 910b1dca85
commit 3feccefee8
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -294,6 +294,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
if (artifactid != null) {
foundSomething = true;
dependency.getProductEvidence().addEvidence("pom", "artifactid", artifactid, Evidence.Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("pom", "artifactid", artifactid, Evidence.Confidence.LOW);
}
//version
final String version = interpolateString(pom.getVersion(), pomProperties);
@@ -313,6 +314,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
if (pomName != null) {
foundSomething = true;
dependency.getProductEvidence().addEvidence("pom", "name", pomName, Evidence.Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("pom", "name", pomName, Evidence.Confidence.HIGH);
}
//Description