Uploaded image for project: 'Maven Shared Components'
  1. Maven Shared Components
  2. MSHARED-785

ConstantPoolParser false-positives

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: maven-dependency-analyzer-1.11.0
    • Fix Version/s: None
    • Labels:

      Description

      The ConstantPoolParser is looking for strings in the constant pool and treating them as references to a class which normally works fine, but it can create false-positives. The most common one we've run into is when there are classes in the default package. For example, dnsjava has a class in the default package named update.java. If you have something like:

      private static final String UPDATE = "update"

      Then the dependency analyzer will think you're using the update class from dnsjava, and then the dependency plugin will then tell you to add a dependency on dnsjava.

      We have worked around this issue in our fork by simply telling the ConstantPoolParser to ignore everything in the default package: https://github.com/HubSpot/maven-shared/commit/c7bccb4e7df2adad02687a6cec633f89a48e31da

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jhaber Jonathan Haber
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: