From 922d53d2e4ee9cc9b6a634efe45d80dad247a20f Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sat, 6 Sep 2014 19:08:22 -0400 Subject: [PATCH] Increased the confidence on the pom artifact and groupid Former-commit-id: b052b50353197e0f7cb419e6f618f2320da11183 --- .../java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index 2895bf6e2..97e934840 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -587,7 +587,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { groupid = groupid.substring(4); } foundSomething = true; - dependency.getVendorEvidence().addEvidence("pom", "groupid", groupid, Confidence.HIGH); + dependency.getVendorEvidence().addEvidence("pom", "groupid", groupid, Confidence.HIGHEST); dependency.getProductEvidence().addEvidence("pom", "groupid", groupid, Confidence.LOW); addMatchingValues(classes, groupid, dependency.getVendorEvidence()); addMatchingValues(classes, groupid, dependency.getProductEvidence()); @@ -616,7 +616,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { artifactid = artifactid.substring(4); } foundSomething = true; - dependency.getProductEvidence().addEvidence("pom", "artifactid", artifactid, Confidence.HIGH); + dependency.getProductEvidence().addEvidence("pom", "artifactid", artifactid, Confidence.HIGHEST); dependency.getVendorEvidence().addEvidence("pom", "artifactid", artifactid, Confidence.LOW); addMatchingValues(classes, artifactid, dependency.getVendorEvidence()); addMatchingValues(classes, artifactid, dependency.getProductEvidence());