github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-23 17:41:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

additional patch for issue #196

Browse Source 
Former-commit-id: 10b55f932b5ee52fa1f9ae3b96c15649dd5d6062
This commit is contained in:
Jeremy Long
2015-03-01 07:01:24 -05:00
parent e49cbcf345
commit af7c6bc2a0
1 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
View File

@@ -65,8 +65,8 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer {
//</editor-fold> //</editor-fold>
/** /**
* The HintAnalyzer uses knowledge about a dependency to add additional information to help in identification of * The HintAnalyzer uses knowledge about a dependency to add additional information to help in identification of identifiers
* identifiers or vulnerabilities. * or vulnerabilities.
* *
* @param dependency The dependency being analyzed * @param dependency The dependency being analyzed
* @param engine The scanning engine * @param engine The scanning engine
@@ -85,22 +85,30 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer {
Confidence.HIGH); Confidence.HIGH);
final Evidence springTest3 = new Evidence("Manifest", final Evidence springTest3 = new Evidence("Manifest",
"Implementation-Title",
"spring-core",
Confidence.HIGH);
final Evidence springTest4 = new Evidence("Manifest",
"Bundle-Vendor", "Bundle-Vendor",
"SpringSource", "SpringSource",
Confidence.HIGH); Confidence.HIGH);
//springsource/vware problem
Set<Evidence> evidence = dependency.getProductEvidence().getEvidence(); Set<Evidence> evidence = dependency.getProductEvidence().getEvidence();
if (evidence.contains(springTest1) || evidence.contains(springTest2)) { if (evidence.contains(springTest1) || evidence.contains(springTest2) || evidence.contains(springTest3)) {
dependency.getProductEvidence().addEvidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH); dependency.getProductEvidence().addEvidence("hint analyzer", "product", "springsource spring framework", Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "SpringSource", Confidence.HIGH); dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "SpringSource", Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "vmware", Confidence.HIGH); dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
} }
evidence = dependency.getVendorEvidence().getEvidence(); evidence = dependency.getVendorEvidence().getEvidence();
if (evidence.contains(springTest3)) { if (evidence.contains(springTest4)) {
dependency.getProductEvidence().addEvidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH); dependency.getProductEvidence().addEvidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "vmware", Confidence.HIGH); dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
} }
//sun/oracle problem
final Iterator<Evidence> itr = dependency.getVendorEvidence().iterator(); final Iterator<Evidence> itr = dependency.getVendorEvidence().iterator();
final List<Evidence> newEntries = new ArrayList<Evidence>(); final List<Evidence> newEntries = new ArrayList<Evidence>();
while (itr.hasNext()) { while (itr.hasNext()) {