Skip to content

fix: #8356 narrow down VersionFilterAnalyzer scope to JAR files#8358

Merged
jeremylong merged 1 commit intodependency-check:mainfrom
jimin-fundamental:fix/8356-narrow-version-filter-scope
Mar 21, 2026
Merged

fix: #8356 narrow down VersionFilterAnalyzer scope to JAR files#8358
jeremylong merged 1 commit intodependency-check:mainfrom
jimin-fundamental:fix/8356-narrow-version-filter-scope

Conversation

@jimin-fundamental
Copy link
Copy Markdown
Contributor

@jimin-fundamental jimin-fundamental commented Mar 8, 2026

Description of Change

  • Previously, this analyzer processed all file types, which contradicted its JavaDoc stating a focus on JAR files.
  • Changed the base class from AbstractAnalyzer to AbstractFileTypeAnalyzer and implemented a FileFilter to ensure only .jar files are analyzed.

Related issues

fixes #8356

Have test cases been added to cover the new functionality?

yes

@boring-cyborg boring-cyborg Bot added core changes to core tests test cases labels Mar 8, 2026
@chadlwilson chadlwilson requested a review from Copilot March 8, 2026 14:36
Copilot AI reviewed Mar 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR aligns VersionFilterAnalyzer’s behavior with its JavaDoc and issue #8356 by limiting it to operate only on JAR files, using the file-type analyzer mechanism already used across the core analyzers.

Changes:

  • Updated VersionFilterAnalyzer to extend AbstractFileTypeAnalyzer and added a .jar FileFilter via FileFilterBuilder.
  • Implemented getFileFilter() and prepareFileTypeAnalyzer(...) to conform to the AbstractFileTypeAnalyzer contract.
  • Added a unit test ensuring only .jar files are accepted by the analyzer.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
core/src/main/java/org/owasp/dependencycheck/analyzer/VersionFilterAnalyzer.java Converts analyzer to a file-type analyzer and restricts scope to .jar files via a FileFilter.
core/src/test/java/org/owasp/dependencycheck/analyzer/VersionFilterAnalyzerTest.java Adds coverage asserting the analyzer only accepts JARs and rejects other extensions.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@nhumblot nhumblot self-requested a review March 9, 2026 12:12
@nhumblot
Copy link
Copy Markdown
Collaborator

nhumblot commented Mar 9, 2026
edited
Loading

praise: thank you for taking the time to open the PR! I will perform a few additional checks to ensure this change is safe to integrate, this may take a bit of time, thank you for your patience!

marcelstoer
marcelstoer approved these changes Mar 13, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@marcelstoer marcelstoer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jeremylong jeremylong added this to the 12.2.1 milestone Mar 21, 2026
@jeremylong jeremylong merged commit 75184bf into dependency-check:main Mar 21, 2026
18 of 19 checks passed
@github-actions github-actions Bot locked as resolved and limited conversation to collaborators Apr 21, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@jeremylong jeremylong jeremylong approved these changes

@nhumblot nhumblot Awaiting requested review from nhumblot

+2 more reviewers

@marcelstoer marcelstoer marcelstoer approved these changes

@chadlwilson chadlwilson chadlwilson approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

core changes to core tests test cases

Projects

None yet

Milestone

12.2.1

Development

Successfully merging this pull request may close these issues.

Narrow down VersionFilterAnalyzer scope

6 participants

@jimin-fundamental @nhumblot @marcelstoer @jeremylong @chadlwilson