github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-21 16:49:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated to fix issue #44

Browse Source 
Former-commit-id: 9245e70ef4ecf4e78362a0824a1557685c6cddb7
This commit is contained in:
Jeremy Long
2014-01-20 19:44:08 -05:00
parent 0197eb0d08
commit 7601af24f0
1 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
View File

@@ -128,7 +128,13 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
final ListIterator<Dependency> subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex()); final ListIterator<Dependency> subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex());
while (subIterator.hasNext()) { while (subIterator.hasNext()) {
final Dependency nextDependency = subIterator.next(); final Dependency nextDependency = subIterator.next();
if (hashesMatch(dependency, nextDependency)) { if (isShadedJar(dependency, nextDependency)) {
if (dependency.getFileName().toLowerCase().endsWith("pom.xml")) {
dependenciesToRemove.add(dependency);
} else {
dependenciesToRemove.add(nextDependency);
}
} else if (hashesMatch(dependency, nextDependency)) {
if (isCore(dependency, nextDependency)) { if (isCore(dependency, nextDependency)) {
mergeDependencies(dependency, nextDependency, dependenciesToRemove); mergeDependencies(dependency, nextDependency, dependenciesToRemove);
} else { } else {
@@ -383,4 +389,15 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
} }
return dependency1.getSha1sum().equals(dependency2.getSha1sum()); return dependency1.getSha1sum().equals(dependency2.getSha1sum());
} }
private boolean isShadedJar(Dependency dependency, Dependency nextDependency) {
final String mainName = dependency.getFileName().toLowerCase();
final String nextName = nextDependency.getFileName().toLowerCase();
if (mainName.endsWith(".jar") && nextName.endsWith("pomx.xml")) {
return dependency.getIdentifiers().containsAll(nextDependency.getIdentifiers());
} else if (nextName.endsWith(".jar") && mainName.endsWith("pomx.xml")) {
return nextDependency.getIdentifiers().containsAll(dependency.getIdentifiers());
}
return false;
}
} }