github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 00:03:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed logic for single pom entry in a jar

Browse Source
This commit is contained in:
Jeremy Long
2016-11-22 06:21:30 -05:00
parent cdfe5d0c9a
commit 6838b9b950
1 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -279,18 +279,32 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
}
return false;
}
if (pomEntries != null && pomEntries.isEmpty()) {
final String pomPath = FilenameUtils.removeExtension(dependency.getActualFilePath()) + ".pom";
final File externalPom = new File(pomPath);
if (externalPom.isFile()) {
Model pom = PomUtils.readPom(externalPom);
if (pomEntries != null && pomEntries.size() <= 1) {
String path = null;
Properties pomProperties = null;
File pomFile = null;
if (pomEntries.size() == 1) {
path = pomEntries.get(0);
pomFile = extractPom(path, jar);
pomProperties = retrievePomProperties(path, jar);
} else {
path = FilenameUtils.removeExtension(dependency.getActualFilePath()) + ".pom";
pomFile = new File(path);
}
if (pomFile.isFile()) {
Model pom = PomUtils.readPom(pomFile);
if (pom != null && pomProperties != null) {
pom.processProperties(pomProperties);
}
if (pom != null) {
return setPomEvidence(dependency, pom, classes);
}
return false;
} else {
return false;
}
}
//reported possible null dereference on pomEntries is on a non-feasible path
for (String path : pomEntries) {
//TODO - one of these is likely the pom for the main JAR we are analyzing