[
https://issues.apache.org/jira/browse/MSHARED-785?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17170085#comment-17170085
]
Jonathan Haber commented on MSHARED-785:
----------------------------------------
PR created with a test:
[https://github.com/apache/maven-dependency-analyzer/pull/21]
> ConstantPoolParser false-positives
> ----------------------------------
>
> Key: MSHARED-785
> URL: https://issues.apache.org/jira/browse/MSHARED-785
> Project: Maven Shared Components
> Issue Type: Bug
> Components: maven-dependency-analyzer
> Affects Versions: maven-dependency-analyzer-1.11.0
> Reporter: Jonathan Haber
> Priority: Minor
> Labels: S2
>
> The ConstantPoolParser is looking for strings in the constant pool and
> treating them as references to a class which normally works fine, but it can
> create false-positives. The most common one we've run into is when there are
> classes in the default package. For example,
> [dnsjava|https://github.com/dnsjava/dnsjava] has a class in the default
> package named
> [update.java|https://github.com/dnsjava/dnsjava/blob/0e56f37f320793ade4673cb2eaad159bc81d4a8a/update.java].
> If you have something like:
> {{private static final String UPDATE = "update"}}
> Then the dependency analyzer will think you're using the update class from
> dnsjava, and then the dependency plugin will then tell you to add a
> dependency on dnsjava.
> We have worked around this issue in our fork by simply telling the
> ConstantPoolParser to ignore everything in the default package:
> [https://github.com/HubSpot/maven-shared/commit/c7bccb4e7df2adad02687a6cec633f89a48e31da]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
