github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

javadoc

Browse Source
This commit is contained in:
bjiang
2016-05-06 10:25:49 -04:00
parent 189da08885
commit 4de3fb1f2a
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
View File

@@ -311,6 +311,10 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
return false;
}
/**
* Bundling Ruby gems that are identified from different .gemspec files but denote the same package path.
* This happens when Ruby bundler installs an app's dependencies by running "bundle install".
*/
private boolean isSameRubyGem(Dependency dependency1, Dependency dependency2) {
if (dependency1 == null || dependency2 == null ||
!dependency1.getFileName().endsWith(".gemspec") ||
@@ -326,8 +330,8 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
}
/**
* A gem install may have zero or more *.gemspec files, all of which have the same packagePath and should be grouped.
* If one of these gemspec is from <parent>/specifications/*.gemspec, which is a stub with fully resolved gem meta-data
* Ruby gems installed by "bundle install" can have zero or more *.gemspec files, all of which have the same packagePath and should be grouped.
* If one of these gemspec is from <parent>/specifications/*.gemspec, because it is a stub with fully resolved gem meta-data
* created by Ruby bundler, this dependency should be the main one. Otherwise, use dependency2 as main.
*
* This method returns null if any dependency is not from *.gemspec, or the two do not have the same packagePath.