removed additional false positives as part of patch for issue #93 and #119

Former-commit-id: 86f48b30150f2ba4db99dfc2eb15a0ac50a6e383
2026-01-14 07:43:40 +01:00 · 2014-05-10 06:56:53 -04:00
parent c84bcb433f
commit 77486dffd4
1 changed files with 12 additions and 3 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
@@ -88,7 +88,7 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
        removeBadMatches(dependency);
        removeWrongVersionMatches(dependency);
        removeSpuriousCPE(dependency);
-        removeDuplicativePOMEntries(dependency, engine);
+        removeDuplicativeEntriesFromJar(dependency, engine);
        addFalseNegativeCPEs(dependency);
    }

@@ -338,8 +338,17 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
        }
    }

-    private void removeDuplicativePOMEntries(Dependency dependency, Engine engine) {
-        if (dependency.getFileName().toLowerCase().endsWith("pom.xml")) {
+    /**
+     * Removes duplicate entries identified that are contained within JAR files. These occasionally crop up due to POM
+     * entries or other types of files (such as DLLs and EXEs) being contained within the JAR.
+     *
+     * @param dependency the dependency that might be a duplicate
+     * @param engine the engine used to scan all dependencies
+     */
+    private void removeDuplicativeEntriesFromJar(Dependency dependency, Engine engine) {
+        if (dependency.getFileName().toLowerCase().endsWith("pom.xml")
+                || dependency.getFileExtension().equals("dll")
+                || dependency.getFileExtension().equals("exe")) {
            String parentPath = dependency.getFilePath().toLowerCase();
            if (parentPath.contains(".jar")) {
                parentPath = parentPath.substring(0, parentPath.indexOf(".jar") + 4);