From c879d21942a3a2908ed74dbc935068be27bd607e Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Tue, 25 Sep 2012 19:34:18 -0400 Subject: [PATCH] bug fix - reported by Dan Cornell Former-commit-id: 6d6d48bff5884c644f6db12b37cbaddaa81ca82b --- .../dependencycheck/analyzer/JarAnalyzer.java | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/codesecure/dependencycheck/analyzer/JarAnalyzer.java b/src/main/java/org/codesecure/dependencycheck/analyzer/JarAnalyzer.java index 606e65844..b9dc6e6e7 100644 --- a/src/main/java/org/codesecure/dependencycheck/analyzer/JarAnalyzer.java +++ b/src/main/java/org/codesecure/dependencycheck/analyzer/JarAnalyzer.java @@ -25,6 +25,7 @@ import java.io.IOException; import java.util.HashMap; import java.util.Map.Entry; import java.util.Set; +import java.util.StringTokenizer; import java.util.jar.Attributes; import java.util.jar.JarFile; import java.util.jar.Manifest; @@ -366,7 +367,7 @@ public class JarAnalyzer extends AbstractAnalyzer { key = key.toLowerCase(); if (!IGNORE_LIST.contains(key) && !key.contains("license") && !key.endsWith("jdk") - && !key.contains("lastmodified")) { + && !key.contains("lastmodified") && !key.endsWith("package")) { if (key.contains("version")) { versionEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); @@ -381,7 +382,14 @@ public class JarAnalyzer extends AbstractAnalyzer { productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW); vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW); if (value.matches(".*\\d.*")) { - versionEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW); + StringTokenizer tokenizer = new StringTokenizer(value," "); + while (tokenizer.hasMoreElements()) { + String s = tokenizer.nextToken(); + if (s.matches("^[0-9.]+$")) { + versionEvidence.addEvidence(source, key, s, Evidence.Confidence.LOW); + } + } + //versionEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW); } } }