[MSHARED-785] ConstantPoolParser false-positives - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: maven-dependency-analyzer-1.11.0
Fix Version/s: maven-dependency-analyzer-1.12.0
Component/s: maven-dependency-analyzer
Labels:
None

Description

The ConstantPoolParser is looking for strings in the constant pool and treating them as references to a class which normally works fine, but it can create false-positives. The most common one we've run into is when there are classes in the default package. For example, dnsjava has a class in the default package named update.java. If you have something like:

private static final String UPDATE = "update"

Then the dependency analyzer will think you're using the update class from dnsjava, and then the dependency plugin will then tell you to add a dependency on dnsjava.

We have worked around this issue in our fork by simply telling the ConstantPoolParser to ignore everything in the default package: https://github.com/HubSpot/maven-shared/commit/c7bccb4e7df2adad02687a6cec633f89a48e31da

Attachments

Issue Links

links to

GitHub Pull Request #21

Activity

People

Assignee:: Sylwester Lachiewicz

Reporter:: Jonathan Haber

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 18/Dec/18 19:01

Updated:: 15/Dec/21 01:31

Resolved:: 09/Apr/21 20:47