From e562be77f646cb0dbd34d0699eb001a0f8089159 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sun, 1 Mar 2015 08:22:56 -0500
Subject: [PATCH] additional hints added for spring

Former-commit-id: e9e26f6c31b4ae220e1e7686efe6388638ec7c99
---
 .../dependencycheck/analyzer/HintAnalyzer.java   | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
index 01198914b..e633b7ef1 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java
@@ -94,16 +94,24 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer {
                 "SpringSource",
                 Confidence.HIGH);
 
+        final Evidence springTest5 = new Evidence("jar",
+                "package name",
+                "springframework",
+                Confidence.LOW);
+
         //springsource/vware problem
-        Set<Evidence> evidence = dependency.getProductEvidence().getEvidence();
-        if (evidence.contains(springTest1) || evidence.contains(springTest2) || evidence.contains(springTest3)) {
+        Set<Evidence> product = dependency.getProductEvidence().getEvidence();
+        Set<Evidence> vendor = dependency.getVendorEvidence().getEvidence();
+
+        if (product.contains(springTest1) || product.contains(springTest2) || product.contains(springTest3)
+                || (dependency.getFileName().contains("spring") && (product.contains(springTest5) || vendor.contains(springTest5)))) {
             dependency.getProductEvidence().addEvidence("hint analyzer", "product", "springsource spring framework", Confidence.HIGH);
             dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "SpringSource", Confidence.HIGH);
             dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
         }
 
-        evidence = dependency.getVendorEvidence().getEvidence();
-        if (evidence.contains(springTest4)) {
+        product = dependency.getVendorEvidence().getEvidence();
+        if (product.contains(springTest4)) {
             dependency.getProductEvidence().addEvidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH);
             dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "vmware", Confidence.HIGH);
         }