do not add erroneous data

jeremylong · jeremylong · commit 507d23f8a6eb · 2018-05-18T05:50:51.000-04:00
diff --git a/core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -612,7 +612,9 @@ public static boolean setPomEvidence(Dependency dependency, Model pom, List<Clas
 
         //Description
         final String description = pom.getDescription();
-        if (description != null && !description.isEmpty() && !description.startsWith("POM was created by")) {
+        if (description != null && !description.isEmpty()
+                && !description.startsWith("POM was created by")
+                && !description.startsWith("Sonatype helps open source projects")) {
             foundSomething = true;
             final String trimmedDescription = addDescription(dependency, description, "pom", "description");
             addMatchingValues(classes, trimmedDescription, dependency, EvidenceType.VENDOR);
@@ -742,9 +744,11 @@ protected boolean parseManifest(Dependency dependency, List<ClassNameInformation
                     dependency.addEvidence(EvidenceType.VENDOR, source, key, value, Confidence.MEDIUM);
                     addMatchingValues(classInformation, value, dependency, EvidenceType.VENDOR);
                 } else if (key.equalsIgnoreCase(BUNDLE_DESCRIPTION)) {
-                    foundSomething = true;
-                    addDescription(dependency, value, "manifest", key);
-                    addMatchingValues(classInformation, value, dependency, EvidenceType.PRODUCT);
+                    if (!value.startsWith("Sonatype helps open source projects")) {
+                        foundSomething = true;
+                        addDescription(dependency, value, "manifest", key);
+                        addMatchingValues(classInformation, value, dependency, EvidenceType.PRODUCT);
+                    }
                 } else if (key.equalsIgnoreCase(BUNDLE_NAME)) {
                     foundSomething = true;
                     dependency.addEvidence(EvidenceType.PRODUCT, source, key, value, Confidence.MEDIUM);
@@ -804,7 +808,9 @@ protected boolean parseManifest(Dependency dependency, List<ClassNameInformation
                         } else if (key.contains("license")) {
                             addLicense(dependency, value);
                         } else if (key.contains("description")) {
-                            addDescription(dependency, value, "manifest", key);
+                            if (!value.startsWith("Sonatype helps open source projects")) {
+                                addDescription(dependency, value, "manifest", key);
+                            }
                         } else {
                             dependency.addEvidence(EvidenceType.PRODUCT, source, key, value, Confidence.LOW);
                             dependency.addEvidence(EvidenceType.VENDOR, source, key, value, Confidence.LOW);
