github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-19 01:57:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added 'deep scan' argument/property to indicate more evidence should be collected even if it increases false positives

Browse Source 
Former-commit-id: 200acdb012410df0cd59c164cd362f7940366fb1
This commit is contained in:
Jeremy Long
2013-03-08 17:33:01 -05:00
parent 7d67d3fa86
commit d99e8f9ef5
4 changed files with 55 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -47,6 +47,7 @@ import org.owasp.dependencycheck.analyzer.pom.generated.License;
import org.owasp.dependencycheck.analyzer.pom.generated.Model;
import org.owasp.dependencycheck.analyzer.pom.generated.Organization;
import org.owasp.dependencycheck.utils.NonClosingStream;
import org.owasp.dependencycheck.utils.Settings;
/**
*
@@ -182,7 +183,9 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
try {
parseManifest(dependency);
analyzePackageNames(dependency);
if (Settings.getBoolean(Settings.KEYS.PERFORM_DEEP_SCAN)) {
analyzePackageNames(dependency);
}
analyzePOM(dependency);
//addPredefinedData(dependency); //this has been moved to its own analyzer (HintAnalyzer)
} catch (IOException ex) {