gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-06 04:41:18 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix(java): add only valid libs from pom.properties files from jars (#6164)

Browse Source
This commit is contained in:
DmitriyLewen
2024-02-20 12:51:43 +06:00
committed by GitHub
parent 7694df11fb
commit 82214736a9
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/dependency/parser/java/jar/parse.go
View File

@@ -165,11 +165,14 @@ func (p *Parser) traverseZip(filePath string, size int64, r dio.ReadSeekerAt, fi
if err != nil {
return nil, manifest{}, false, xerrors.Errorf("failed to parse %s: %w", fileInJar.Name, err)
}
libs = append(libs, props.Library())
// Validation of props to avoid getting libs with empty Name/Version
if props.Valid() {
libs = append(libs, props.Library())
// Check if the pom.properties is for the original JAR/WAR/EAR
if fileProps.ArtifactID == props.ArtifactID && fileProps.Version == props.Version {
foundPomProps = true
// Check if the pom.properties is for the original JAR/WAR/EAR
if fileProps.ArtifactID == props.ArtifactID && fileProps.Version == props.Version {
foundPomProps = true
}
}
case filepath.Base(fileInJar.Name) == "MANIFEST.MF":
m, err = parseManifest(fileInJar)