github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

improved pom analysis

Browse Source 
Former-commit-id: d1f81329c4de99873e83f65a9abc0bef1e3c4552
This commit is contained in:
Jeremy Long
2013-05-03 20:23:42 -04:00
parent 2a5b8943c3
commit a70cbcc9d3
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -294,6 +294,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
if (artifactid != null) {
foundSomething = true;
dependency.getProductEvidence().addEvidence("pom", "artifactid", artifactid, Evidence.Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("pom", "artifactid", artifactid, Evidence.Confidence.LOW);
}
//version
final String version = interpolateString(pom.getVersion(), pomProperties);
@@ -313,6 +314,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
if (pomName != null) {
foundSomething = true;
dependency.getProductEvidence().addEvidence("pom", "name", pomName, Evidence.Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("pom", "name", pomName, Evidence.Confidence.HIGH);
}
//Description