You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Sylwester Lachiewicz (Jira)" <ji...@apache.org> on 2021/04/09 19:53:00 UTC
[jira] [Assigned] (MSHARED-785) ConstantPoolParser false-positives
[ https://issues.apache.org/jira/browse/MSHARED-785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sylwester Lachiewicz reassigned MSHARED-785:
--------------------------------------------
Assignee: Sylwester Lachiewicz
> ConstantPoolParser false-positives
> ----------------------------------
>
> Key: MSHARED-785
> URL: https://issues.apache.org/jira/browse/MSHARED-785
> Project: Maven Shared Components
> Issue Type: Bug
> Components: maven-dependency-analyzer
> Affects Versions: maven-dependency-analyzer-1.11.0
> Reporter: Jonathan Haber
> Assignee: Sylwester Lachiewicz
> Priority: Minor
> Labels: S2
> Fix For: maven-dependency-analyzer-1.11.4
>
>
> The ConstantPoolParser is looking for strings in the constant pool and treating them as references to a class which normally works fine, but it can create false-positives. The most common one we've run into is when there are classes in the default package. For example, [dnsjava|https://github.com/dnsjava/dnsjava] has a class in the default package named [update.java|https://github.com/dnsjava/dnsjava/blob/0e56f37f320793ade4673cb2eaad159bc81d4a8a/update.java]. If you have something like:
> {{private static final String UPDATE = "update"}}
> Then the dependency analyzer will think you're using the update class from dnsjava, and then the dependency plugin will then tell you to add a dependency on dnsjava.
> We have worked around this issue in our fork by simply telling the ConstantPoolParser to ignore everything in the default package: [https://github.com/HubSpot/maven-shared/commit/c7bccb4e7df2adad02687a6cec633f89a48e31da]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)