From f996a25f6bd526f6e6402f377916f79a93e76a30 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Mon, 20 Jan 2014 19:44:08 -0500
Subject: [PATCH] updated to fix issue #44

Former-commit-id: 9eb763eeb5c1d42a850ea90313c69ed46e0028d2
---
 .../analyzer/DependencyBundlingAnalyzer.java  | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
index e9f1c977d..5335bfac6 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
@@ -128,7 +128,13 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
                     final ListIterator<Dependency> subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex());
                     while (subIterator.hasNext()) {
                         final Dependency nextDependency = subIterator.next();
-                        if (hashesMatch(dependency, nextDependency)) {
+                        if (isShadedJar(dependency, nextDependency)) {
+                            if (dependency.getFileName().toLowerCase().endsWith("pom.xml")) {
+                                dependenciesToRemove.add(dependency);
+                            } else {
+                                dependenciesToRemove.add(nextDependency);
+                            }
+                        } else if (hashesMatch(dependency, nextDependency)) {
                             if (isCore(dependency, nextDependency)) {
                                 mergeDependencies(dependency, nextDependency, dependenciesToRemove);
                             } else {
@@ -383,4 +389,15 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
         }
         return dependency1.getSha1sum().equals(dependency2.getSha1sum());
     }
+
+    private boolean isShadedJar(Dependency dependency, Dependency nextDependency) {
+        final String mainName = dependency.getFileName().toLowerCase();
+        final String nextName = nextDependency.getFileName().toLowerCase();
+        if (mainName.endsWith(".jar") && nextName.endsWith("pomx.xml")) {
+            return dependency.getIdentifiers().containsAll(nextDependency.getIdentifiers());
+        } else if (nextName.endsWith(".jar") && mainName.endsWith("pomx.xml")) {
+            return nextDependency.getIdentifiers().containsAll(dependency.getIdentifiers());
+        }
+        return false;
+    }
 }