From efa6c8135d19f564e4f1f5fb9bd84e7966ae2db9 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sun, 16 Mar 2014 04:49:09 -0400
Subject: [PATCH] improved manifest parsing to exclude additional entries per
 issue #88

Former-commit-id: 0665b1d9967324f6c07e95b593d6b199da5b5ee3
---
 .../dependencycheck/analyzer/JarAnalyzer.java | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
index 1e974f6a7..23b316ba7 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -111,9 +111,15 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
             "buildjdk",
             "ant-version",
             "antversion",
+            "dynamicimportpackage",
+            "dynamicimport-package",
+            "dynamic-importpackage",
+            "dynamic-import-package",
             "import-package",
+            "ignore-package",
             "export-package",
             "importpackage",
+            "ignorepackage",
             "exportpackage",
             "sealed",
             "manifest-version",
@@ -125,7 +131,10 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
             "tool",
             "bundle-manifestversion",
             "bundlemanifestversion",
-            "include-resource");
+            "include-resource",
+            "embed-dependency",
+            "ipojo-components",
+            "ipojo-extension");
     /**
      * item in some manifest, should be considered medium confidence.
      */
@@ -1003,11 +1012,9 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
      * @return true or false depending on if it is believed the entry is an "import" entry
      */
     private boolean isImportPackage(String key, String value) {
-        final Pattern packageRx = Pattern.compile("^((([a-zA-Z_#\\$0-9]\\.)+)\\s*\\;\\s*)+$");
-        if (packageRx.matcher(value).matches()) {
-            return (key.contains("import") || key.contains("include"));
-        }
-        return false;
+        final Pattern packageRx = Pattern.compile("^([a-zA-Z0-9_#\\$\\*\\.]+\\s*[,;]\\s*)+([a-zA-Z0-9_#\\$\\*\\.]+\\s*)?$");
+        boolean matches = packageRx.matcher(value).matches();
+        return matches && (key.contains("import") || key.contains("include") || value.length() > 10);
     }
 
     /**