From 8a6371fe68e5fc9b9da0a72e9b26b6c4aa3afc9e Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sat, 8 Feb 2014 22:35:24 -0500 Subject: [PATCH] applied patch for m-core CPE per issue #34 - xstreamcore Former-commit-id: f99b098bdbc1eb43ea885d479f59e0cf998c3e92 --- .../dependencycheck/analyzer/FalsePositiveAnalyzer.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java index c062858f7..9c7cc64cd 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java @@ -17,7 +17,6 @@ */ package org.owasp.dependencycheck.analyzer; -import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import java.io.UnsupportedEncodingException; import java.net.URLEncoder; import java.util.ArrayList; @@ -31,6 +30,7 @@ import java.util.logging.Logger; import java.util.regex.Matcher; import java.util.regex.Pattern; import org.owasp.dependencycheck.Engine; +import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Identifier; import org.owasp.dependencycheck.dependency.VulnerableSoftware; @@ -282,6 +282,9 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer { } else if (i.getValue().startsWith("cpe:/a:apache:maven") && !dependency.getFileName().toLowerCase().matches("maven-core-[\\d\\.]+\\.jar")) { itr.remove(); + } else if (i.getValue().startsWith("cpe:/a:m-core:m-core") + && !dependency.getEvidenceUsed().containsUsedString("m-core")) { + itr.remove(); } } }