From 895c770c243bbca87aeb5dbe5c82252b7e4f8fc0 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 20 Apr 2013 15:43:12 -0400
Subject: [PATCH] added code to filter out sources.jar and javadoc.jar if no
 class files are contained

Former-commit-id: ff77b49af31258a12433f8a78d13a6cbf36d11c1
---
 .../dependencycheck/analyzer/JarAnalyzer.java | 25 ++++++++++++++-----
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
index 756a94153..f798e75cf 100644
--- a/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
+++ b/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -190,6 +190,11 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
             addPackagesAsEvidence ^= analyzePOM(dependency);
             addPackagesAsEvidence ^= Settings.getBoolean(Settings.KEYS.PERFORM_DEEP_SCAN);
             analyzePackageNames(dependency, addPackagesAsEvidence);
+            if (!hasClasses
+                    || (dependency.getFileName().toLowerCase().endsWith("-sources.jar")
+                    || dependency.getFileName().toLowerCase().endsWith("-javadoc.jar"))) {
+                engine.getDependencies().remove(dependency);
+            }
         } catch (IOException ex) {
             throw new AnalysisException("Exception occurred reading the JAR file.", ex);
         }
@@ -344,6 +349,10 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
         return foundSomething;
     }
 
+    /**
+     * flag indicating whether any class files were found (weeding out javadoc and sources JAR files)
+     */
+    private boolean hasClasses = false;
     /**
      * Analyzes the path information of the classes contained within the
      * JarAnalyzer to try and determine possible vendor or product names. If any
@@ -371,13 +380,17 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
             int count = 0;
             while (en.hasMoreElements()) {
                 final java.util.jar.JarEntry entry = (java.util.jar.JarEntry) en.nextElement();
-                if (entry.getName().endsWith(".class") && entry.getName().contains("/")) {
-                    final String[] path = entry.getName().toLowerCase().split("/");
+                if (entry.getName().endsWith(".class")) {
+                    hasClasses = true;
+                    String[] path = null;
+                    if (entry.getName().contains("/")) {
+                        path = entry.getName().toLowerCase().split("/");
 
-                    if ("java".equals(path[0])
-                            || "javax".equals(path[0])
-                            || ("com".equals(path[0]) && "sun".equals(path[0]))) {
-                        continue;
+                        if ("java".equals(path[0])
+                                || "javax".equals(path[0])
+                                || ("com".equals(path[0]) && "sun".equals(path[0]))) {
+                            continue;
+                        }
                     }
 
                     count += 1;