[
https://issues.apache.org/jira/browse/MSHARED-785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jonathan Haber updated MSHARED-785:
-----------------------------------
Description:
The ConstantPoolParser is looking for strings in the constant pool and treating
them as references to a class which normally works fine, but it can create
false-positives. The most common one we've run into is when there are classes
in the default package. For example,
[dnsjava|https://github.com/dnsjava/dnsjava] has a class in the default package
named
[update.java|https://github.com/dnsjava/dnsjava/blob/0e56f37f320793ade4673cb2eaad159bc81d4a8a/update.java].
If you have something like:
{{private static final String UPDATE = "update"}}
Then the dependency analyzer will think you're using the update class from
dnsjava, and then the dependency plugin will then tell you to add a dependency
on dnsjava.
We have worked around this issue in our fork by simply telling the
ConstantPoolParser to ignore everything in the default package:
[https://github.com/HubSpot/maven-shared/commit/c7bccb4e7df2adad02687a6cec633f89a48e31da]
was:
The ConstantPoolParser is looking for strings in the constant pool and treating
them as references to a class which normally works fine, but it can create
false-positives. The most common one we've run into is when there are classes
in the default package. For example,
[dnsjava|https://github.com/dnsjava/dnsjava] has a class in the default package
named
[update.java|[https://github.com/dnsjava/dnsjava/blob/0e56f37f320793ade4673cb2eaad159bc81d4a8a/update.java]].
If you have something like:
{{private static final String UPDATE = "update"}}
Then the dependency analyzer will think you're using the update class from
dnsjava, and then the dependency plugin will then tell you to add a dependency
on dnsjava.
We have worked around this issue in our fork by simply telling the
ConstantPoolParser to ignore everything in the default package:
[https://github.com/HubSpot/maven-shared/commit/c7bccb4e7df2adad02687a6cec633f89a48e31da]
> ConstantPoolParser false-positives
> ----------------------------------
>
> Key: MSHARED-785
> URL: https://issues.apache.org/jira/browse/MSHARED-785
> Project: Maven Shared Components
> Issue Type: Bug
> Components: maven-dependency-analyzer
> Affects Versions: maven-dependency-analyzer-1.11.0
> Reporter: Jonathan Haber
> Priority: Minor
>
> The ConstantPoolParser is looking for strings in the constant pool and
> treating them as references to a class which normally works fine, but it can
> create false-positives. The most common one we've run into is when there are
> classes in the default package. For example,
> [dnsjava|https://github.com/dnsjava/dnsjava] has a class in the default
> package named
> [update.java|https://github.com/dnsjava/dnsjava/blob/0e56f37f320793ade4673cb2eaad159bc81d4a8a/update.java].
> If you have something like:
> {{private static final String UPDATE = "update"}}
> Then the dependency analyzer will think you're using the update class from
> dnsjava, and then the dependency plugin will then tell you to add a
> dependency on dnsjava.
> We have worked around this issue in our fork by simply telling the
> ConstantPoolParser to ignore everything in the default package:
> [https://github.com/HubSpot/maven-shared/commit/c7bccb4e7df2adad02687a6cec633f89a48e31da]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
