From dde1d960589fd02672429a9a1b85c91070873451 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Fri, 17 Jan 2014 20:22:57 -0500
Subject: [PATCH] set identifier confidence on CPE entries

Former-commit-id: 1b50168ed2d1ae4f426cc703cb099c514b80d9e9
---
 .../org/owasp/dependencycheck/analyzer/CPEAnalyzer.java   | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
index cea8a7460..f55bbc4d9 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
@@ -579,7 +579,13 @@ public class CPEAnalyzer implements Analyzer {
         for (IdentifierMatch m : collected) {
             if (bestIdentifierQuality.equals(m.getConfidence())
                     && bestEvidenceQuality.equals(m.getEvidenceConfidence())) {
-                dependency.addIdentifier(m.getIdentifier());
+                Identifier i = m.getIdentifier();
+                if (bestIdentifierQuality == IdentifierConfidence.BEST_GUESS) {
+                    i.setConfidence(Confidence.LOW);
+                } else {
+                    i.setConfidence(bestEvidenceQuality);
+                }
+                dependency.addIdentifier(i);
             }
         }
     }