Removes aliasing for namespaces that affected maven (#349)

* Removes aliasing for namespaces that affected maven Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
owasp-dep-scan · Sep 22, 2024 · 1d55dab · 1d55dab
1 parent 7efd5ac
commit 1d55dab
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 14 deletions.
diff --git a/depscan/lib/normalize.py b/depscan/lib/normalize.py
@@ -101,18 +101,6 @@ def create_pkg_variations(pkg_dict):
         vendor_aliases.add(vendor)
         vendor_aliases.add(vendor.lower())
         vendor_aliases.add(vendor.lstrip("@"))
-        if (
-            vendor.startswith("org.")
-            or vendor.startswith("io.")
-            or vendor.startswith("com.")
-            or vendor.startswith("net.")
-        ):
-            tmpA = vendor.split(".")
-            # Automatically add short vendor forms
-            # Increase to 6 to reduce false positives when the package name is core
-            if len(tmpA) > 1 and len(tmpA[1]) > 6:
-                if tmpA[1] != name:
-                    vendor_aliases.add(tmpA[1])
     # Add some common vendor aliases
     if purl.startswith("pkg:golang") and not name.startswith("go"):
         vendor_aliases.add("go")

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "owasp-depscan"
-version = "5.4.5"
+version = "5.4.6"
 description = "Fully open-source security audit for project dependencies based on known vulnerabilities and advisories."
 authors = [
     {name = "Team AppThreat", email = "cloud@appthreat.com"},

diff --git a/test/test_norm.py b/test/test_norm.py
@@ -21,7 +21,7 @@ def test_pkg_variations():
     pkg_list = create_pkg_variations(
         {"vendor": "org.eclipse.foo", "name": "bar", "version": "1.0.0"}
     )
-    assert len(pkg_list) > 1
+    assert len(pkg_list) == 1
     pkg_list = create_pkg_variations(
         {
             "vendor": "com.fasterxml.jackson.core",