github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-22 17:19:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

added code to filter out sources.jar and javadoc.jar if no class files are contained

Browse Source 
Former-commit-id: ff77b49af31258a12433f8a78d13a6cbf36d11c1
This commit is contained in:
Jeremy Long
2013-04-20 15:43:12 -04:00
parent 606070f449
commit 895c770c24
1 changed files with 19 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -190,6 +190,11 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
addPackagesAsEvidence ^= analyzePOM(dependency); addPackagesAsEvidence ^= analyzePOM(dependency);
addPackagesAsEvidence ^= Settings.getBoolean(Settings.KEYS.PERFORM_DEEP_SCAN); addPackagesAsEvidence ^= Settings.getBoolean(Settings.KEYS.PERFORM_DEEP_SCAN);
analyzePackageNames(dependency, addPackagesAsEvidence); analyzePackageNames(dependency, addPackagesAsEvidence);
if (!hasClasses
|| (dependency.getFileName().toLowerCase().endsWith("-sources.jar")
|| dependency.getFileName().toLowerCase().endsWith("-javadoc.jar"))) {
engine.getDependencies().remove(dependency);
}
} catch (IOException ex) { } catch (IOException ex) {
throw new AnalysisException("Exception occurred reading the JAR file.", ex); throw new AnalysisException("Exception occurred reading the JAR file.", ex);
} }
@@ -344,6 +349,10 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
return foundSomething; return foundSomething;
} }
/**
* flag indicating whether any class files were found (weeding out javadoc and sources JAR files)
*/
private boolean hasClasses = false;
/** /**
* Analyzes the path information of the classes contained within the * Analyzes the path information of the classes contained within the
* JarAnalyzer to try and determine possible vendor or product names. If any * JarAnalyzer to try and determine possible vendor or product names. If any
@@ -371,13 +380,17 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
int count = 0; int count = 0;
while (en.hasMoreElements()) { while (en.hasMoreElements()) {
final java.util.jar.JarEntry entry = (java.util.jar.JarEntry) en.nextElement(); final java.util.jar.JarEntry entry = (java.util.jar.JarEntry) en.nextElement();
if (entry.getName().endsWith(".class") && entry.getName().contains("/")) { if (entry.getName().endsWith(".class")) {
final String[] path = entry.getName().toLowerCase().split("/"); hasClasses = true;
String[] path = null;
if (entry.getName().contains("/")) {
path = entry.getName().toLowerCase().split("/");
if ("java".equals(path[0]) if ("java".equals(path[0])
|| "javax".equals(path[0]) || "javax".equals(path[0])
|| ("com".equals(path[0]) && "sun".equals(path[0]))) { || ("com".equals(path[0]) && "sun".equals(path[0]))) {
continue; continue;
}
} }
count += 1; count += 1;