github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

included pom.xml files in suppression analysis as the Jar analyzer may add these as part of fix for issue #11

Browse Source 
Former-commit-id: 5bb2205d7f2dd1e7b6decf3a29110b6135bbb367
This commit is contained in:
Jeremy Long
2014-01-20 17:37:43 -05:00
parent 922cc942a4
commit a4beb58b54
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
View File

@@ -275,7 +275,8 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
|| i.getValue().startsWith("cpe:/a:cvs:cvs")
|| i.getValue().startsWith("cpe:/a:ftp:ftp")
|| i.getValue().startsWith("cpe:/a:ssh:ssh"))
&& dependency.getFileName().toLowerCase().endsWith(".jar")) {
&& (dependency.getFileName().toLowerCase().endsWith(".jar")
|| dependency.getFileName().toLowerCase().endsWith("pom.xml"))) {
itr.remove();
} else if (i.getValue().startsWith("cpe:/a:apache:maven")
&& !dependency.getFileName().toLowerCase().matches("maven-core-[\\d\\.]+\\.jar")) {