github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-05-01 12:44:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

patch for issue #155

Browse Source 
Former-commit-id: 57b144d94354c48c9bebabae2cc3d0c120fd2138
This commit is contained in:
Jeremy Long
2014-11-07 06:42:54 -05:00
parent 761dd61ed4
commit 824898dba5
6 changed files with 45 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
View File

@@ -502,7 +502,7 @@ public class CPEAnalyzer implements Analyzer {
* @return <code>true</code> if an identifier was added to the dependency; otherwise <code>false</code>
* @throws UnsupportedEncodingException is thrown if UTF-8 is not supported
*/
private boolean determineIdentifiers(Dependency dependency, String vendor, String product,
protected boolean determineIdentifiers(Dependency dependency, String vendor, String product,
Confidence currentConfidence) throws UnsupportedEncodingException {
final Set<VulnerableSoftware> cpes = cve.getCPEs(vendor, product);
DependencyVersion bestGuess = new DependencyVersion("-");

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
View File

@@ -400,7 +400,7 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
* @return <code>true</code> if the leftPath is the shortest; otherwise <code>false</code>
*/
protected boolean firstPathIsShortest(String left, String right) {
final String leftPath = right.replace('\\', '/');
final String leftPath = left.replace('\\', '/');
final String rightPath = right.replace('\\', '/');
final int leftCount = countChar(leftPath, '/');

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersion.java
View File

@@ -65,7 +65,7 @@ public class DependencyVersion implements Iterable, Comparable<DependencyVersion
public final void parseVersion(String version) {
versionParts = new ArrayList<String>();
if (version != null) {
final Pattern rx = Pattern.compile("(\\d+|[a-z]+\\d+|(release|beta|alpha)$)");
final Pattern rx = Pattern.compile("(\\d+[a-z]{1,3}$|[a-z]+\\d+|\\d+|(release|beta|alpha)$)");
final Matcher matcher = rx.matcher(version.toLowerCase());
while (matcher.find()) {
versionParts.add(matcher.group());

2
dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java
View File

@@ -32,7 +32,7 @@ public final class DependencyVersionUtil {
/**
* Regular expression to extract version numbers from file names.
*/
private static final Pattern RX_VERSION = Pattern.compile("\\d+(\\.\\d{1,6})+(\\.?([_-](release|beta|alpha)|[a-zA-Z_-]{1,3}\\d{1,8}))?");
private static final Pattern RX_VERSION = Pattern.compile("\\d+(\\.\\d{1,6})+(\\.?([_-](release|beta|alpha|\\d+)|[a-zA-Z_-]{1,3}\\d{0,8}))?");
/**
* Regular expression to extract a single version number without periods. This is a last ditch effort just to check
* in case we are missing a version number using the previous regex.