github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-17 23:04:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

corrected how project references are propogated when the same dependency is analyzed more then once

Browse Source
This commit is contained in:
Jeremy Long
2016-10-21 07:06:47 -04:00
parent 9338697079
commit e70a0ee238
3 changed files with 128 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
View File

@@ -661,7 +661,8 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
try {
final ArtifactResult result = repoSystem.resolveArtifact(repoSession, request);
if (result.isResolved() && result.getArtifact() != null && result.getArtifact().getFile() != null) {
final List<Dependency> deps = engine.scan(result.getArtifact().getFile().getAbsoluteFile());
final List<Dependency> deps = engine.scan(result.getArtifact().getFile().getAbsoluteFile(),
project.getName() + ":" + dependencyNode.getArtifact().getScope());
if (deps != null) {
if (deps.size() == 1) {
final Dependency d = deps.get(0);
@@ -669,7 +670,6 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
final Artifact a = result.getArtifact();
final MavenArtifact ma = new MavenArtifact(a.getGroupId(), a.getArtifactId(), a.getVersion());
d.addAsEvidence("pom", ma, Confidence.HIGHEST);
d.addProjectReference(project.getName() + ":" + dependencyNode.getArtifact().getScope());
if (getLog().isDebugEnabled()) {
getLog().debug(String.format("Adding project reference %s on dependency %s",
project.getName(), d.getDisplayFileName()));