github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug fix - reported by Dan Cornell

Browse Source 
Former-commit-id: 6d6d48bff5884c644f6db12b37cbaddaa81ca82b
This commit is contained in:
Jeremy Long
2012-09-25 19:34:18 -04:00
parent 341114572d
commit c879d21942
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/main/java/org/codesecure/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -25,6 +25,7 @@ import java.io.IOException;
import java.util.HashMap;
import java.util.Map.Entry;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.jar.Attributes;
import java.util.jar.JarFile;
import java.util.jar.Manifest;
@@ -366,7 +367,7 @@ public class JarAnalyzer extends AbstractAnalyzer {
key = key.toLowerCase();
if (!IGNORE_LIST.contains(key) && !key.contains("license") && !key.endsWith("jdk")
&& !key.contains("lastmodified")) {
&& !key.contains("lastmodified") && !key.endsWith("package")) {
if (key.contains("version")) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
@@ -381,7 +382,14 @@ public class JarAnalyzer extends AbstractAnalyzer {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
if (value.matches(".*\\d.*")) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
StringTokenizer tokenizer = new StringTokenizer(value," ");
while (tokenizer.hasMoreElements()) {
String s = tokenizer.nextToken();
if (s.matches("^[0-9.]+$")) {
versionEvidence.addEvidence(source, key, s, Evidence.Confidence.LOW);
}
}
//versionEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
}
}
}