You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Jonathan Haber (JIRA)" <ji...@apache.org> on 2018/12/18 19:02:00 UTC

[jira] [Created] (MSHARED-785) ConstantPoolParser false-positives

Jonathan Haber created MSHARED-785:
--------------------------------------

             Summary: ConstantPoolParser false-positives
                 Key: MSHARED-785
                 URL: https://issues.apache.org/jira/browse/MSHARED-785
             Project: Maven Shared Components
          Issue Type: Bug
    Affects Versions: maven-dependency-analyzer-1.11.0
            Reporter: Jonathan Haber


The ConstantPoolParser is looking for strings in the constant pool and treating them as references to a class which normally works fine, but it can create false-positives. The most common one we've run into is when there are classes in the default package. For example, [dnsjava|https://github.com/dnsjava/dnsjava] has a class in the default package named [update.java|https://github.com/dnsjava/dnsjava/blob/master/update.java]. If you have something like:

{{private static final String UPDATE = "update"}}

Then the dependency analyzer will think you're using the update class from dnsjava, and then the dependency plugin will then tell you to add a dependency on dnsjava.

We have worked around this issue in our fork by simply telling the ConstantPoolParser to ignore everything in the default package: [https://github.com/HubSpot/maven-shared/commit/c7bccb4e7df2adad02687a6cec633f89a48e31da]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)