github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-24 01:51:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added explanatory Javadoc comments for relatedDependency behavior and purpose. Added logging whenever there is a collision adding to relatedDependency.

Browse Source 
Former-commit-id: 99d3c9527541769e47008a9c919e4727bd2bf623
This commit is contained in:
Dale Visser
2015-06-18 19:33:57 -04:00
parent a7c0ea3602
commit 7e2720e673
1 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
View File

@@ -591,7 +591,8 @@ public class Dependency implements Serializable, Comparable<Dependency> {
private Set<Dependency> relatedDependencies = new TreeSet<Dependency>(); private Set<Dependency> relatedDependencies = new TreeSet<Dependency>();
/** /**
* Get the value of relatedDependencies. * Get the value of {@link #relatedDependencies}. This field is used to collect other dependencies which really
* represent the same dependency, and may be presented as one item in reports.
* *
* @return the value of relatedDependencies * @return the value of relatedDependencies
*/ */
@@ -650,18 +651,25 @@ public class Dependency implements Serializable, Comparable<Dependency> {
} }
/** /**
* Adds a related dependency. * Adds a related dependency. The internal collection is normally a {@link java.util.TreeSet}, which relies on
* {@link #compareTo(Dependency)}. A consequence of this is that if you attempt to add a dependency with the
* same file path (modulo character case) as one that is already in the collection, it won't get added.
* *
* @param dependency a reference to the related dependency * @param dependency a reference to the related dependency
*/ */
public void addRelatedDependency(Dependency dependency) { public void addRelatedDependency(Dependency dependency) {
boolean debug = false;
if (this == dependency) { if (this == dependency) {
LOGGER.warn("Attempted to add a circular reference - please post the log file to issue #172 here " LOGGER.warn("Attempted to add a circular reference - please post the log file to issue #172 here "
+ "https://github.com/jeremylong/DependencyCheck/issues/172"); + "https://github.com/jeremylong/DependencyCheck/issues/172");
debug = true;
} else if (!relatedDependencies.add(dependency)) {
LOGGER.warn("Failed to add dependency, likely due to referencing the same file as another dependency in the set.");
debug = true;
}
if (debug) {
LOGGER.debug("this: {}", this); LOGGER.debug("this: {}", this);
LOGGER.debug("dependency: {}", dependency); LOGGER.debug("dependency: {}", dependency);
} else {
relatedDependencies.add(dependency);
} }
} }
@@ -698,7 +706,7 @@ public class Dependency implements Serializable, Comparable<Dependency> {
} }
/** /**
* Implementation of the Comparable<Dependency> interface. The comparison is solely based on the file name. * Implementation of the Comparable<Dependency> interface. The comparison is solely based on the file path.
* *
* @param o a dependency to compare * @param o a dependency to compare
* @return an integer representing the natural ordering * @return an integer representing the natural ordering