github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-28 20:02:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed synchronization on local variable

Browse Source
This commit is contained in:
Jeremy Long
2017-03-11 14:24:46 -05:00
parent 5ed6e838fc
commit 69c6dd40a1
2 changed files with 24 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
View File

@@ -440,14 +440,13 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
* @param dependency the dependency that might be a duplicate * @param dependency the dependency that might be a duplicate
* @param engine the engine used to scan all dependencies * @param engine the engine used to scan all dependencies
*/ */
private void removeDuplicativeEntriesFromJar(Dependency dependency, Engine engine) { private synchronized void removeDuplicativeEntriesFromJar(Dependency dependency, Engine engine) {
if (dependency.getFileName().toLowerCase().endsWith("pom.xml") if (dependency.getFileName().toLowerCase().endsWith("pom.xml")
|| DLL_EXE_FILTER.accept(dependency.getActualFile())) { || DLL_EXE_FILTER.accept(dependency.getActualFile())) {
String parentPath = dependency.getFilePath().toLowerCase(); String parentPath = dependency.getFilePath().toLowerCase();
if (parentPath.contains(".jar")) { if (parentPath.contains(".jar")) {
parentPath = parentPath.substring(0, parentPath.indexOf(".jar") + 4); parentPath = parentPath.substring(0, parentPath.indexOf(".jar") + 4);
final List<Dependency> dependencies = engine.getDependencies(); final List<Dependency> dependencies = engine.getDependencies();
synchronized (dependencies) {
final Dependency parent = findDependency(parentPath, dependencies); final Dependency parent = findDependency(parentPath, dependencies);
if (parent != null) { if (parent != null) {
boolean remove = false; boolean remove = false;
@@ -471,7 +470,6 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
} }
} }
} }
}
/** /**
* Retrieves a given dependency, based on a given path, from a list of * Retrieves a given dependency, based on a given path, from a list of

4
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/VersionFilterAnalyzer.java
View File

@@ -126,7 +126,7 @@ public class VersionFilterAnalyzer extends AbstractAnalyzer {
* the dependency. * the dependency.
*/ */
@Override @Override
protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException { protected synchronized void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
String fileVersion = null; String fileVersion = null;
String pomVersion = null; String pomVersion = null;
String manifestVersion = null; String manifestVersion = null;
@@ -151,7 +151,6 @@ public class VersionFilterAnalyzer extends AbstractAnalyzer {
if (fileMatch || manifestMatch || pomMatch) { if (fileMatch || manifestMatch || pomMatch) {
LOGGER.debug("filtering evidence from {}", dependency.getFileName()); LOGGER.debug("filtering evidence from {}", dependency.getFileName());
final EvidenceCollection versionEvidence = dependency.getVersionEvidence(); final EvidenceCollection versionEvidence = dependency.getVersionEvidence();
synchronized (versionEvidence) {
final Iterator<Evidence> itr = versionEvidence.iterator(); final Iterator<Evidence> itr = versionEvidence.iterator();
while (itr.hasNext()) { while (itr.hasNext()) {
final Evidence e = itr.next(); final Evidence e = itr.next();
@@ -166,4 +165,3 @@ public class VersionFilterAnalyzer extends AbstractAnalyzer {
} }
} }
} }
}