fixed duplicate analysis identified in https://github.com/jeremylong/dependency-check-gradle/issues/19

2026-03-14 06:06:04 +01:00 · 2016-10-01 06:55:37 -04:00
parent d7100e54d1
commit 44edcabe15
2 changed files with 78 additions and 3 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java
@@ -309,10 +309,22 @@ public class Engine implements FileFilter {
        if (file.isFile()) {
            if (accept(file)) {
                dependency = new Dependency(file);
-                dependencies.add(dependency);
+                String sha1 = dependency.getSha1sum();
+                boolean found = false;
+                if (sha1 != null) {
+                    for (Dependency existing : dependencies) {
+                        if (sha1.equals(existing.getSha1sum())) {
+                            found = true;
+                            dependency = existing;
+                        }
+                    }
+                }
+                if (!found) {
+                    dependencies.add(dependency);
+                }
+            } else {
+                LOGGER.debug("Path passed to scanFile(File) is not a file: {}. Skipping the file.", file);
            }
-        } else {
-            LOGGER.debug("Path passed to scanFile(File) is not a file: {}. Skipping the file.", file);
        }
        return dependency;
    }
@@ -539,6 +551,16 @@ public class Engine implements FileFilter {
        return this.fileTypeAnalyzers;
    }

+    /**
+     * Adds a file type analyzer. This has been added solely to assist in unit
+     * testing the Engine.
+     *
+     * @param fta the file type analyzer to add
+     */
+    protected void addFileTypeAnalyzer(FileTypeAnalyzer fta) {
+        this.fileTypeAnalyzers.add(fta);
+    }
+
    /**
     * Checks the CPE Index to ensure documents exists. If none exist a
     * NoDataException is thrown.