fix(java): add only valid libs from pom.properties files from jars (

#6164)
aquasecurity · Feb 20, 2024 · 8221473 · 8221473
1 parent 7694df1
commit 8221473
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/pkg/dependency/parser/java/jar/parse.go b/pkg/dependency/parser/java/jar/parse.go
@@ -165,11 +165,14 @@ func (p *Parser) traverseZip(filePath string, size int64, r dio.ReadSeekerAt, fi
 			if err != nil {
 				return nil, manifest{}, false, xerrors.Errorf("failed to parse %s: %w", fileInJar.Name, err)
 			}
-			libs = append(libs, props.Library())
-
-			// Check if the pom.properties is for the original JAR/WAR/EAR
-			if fileProps.ArtifactID == props.ArtifactID && fileProps.Version == props.Version {
-				foundPomProps = true
+			// Validation of props to avoid getting libs with empty Name/Version
+			if props.Valid() {
+				libs = append(libs, props.Library())
+
+				// Check if the pom.properties is for the original JAR/WAR/EAR
+				if fileProps.ArtifactID == props.ArtifactID && fileProps.Version == props.Version {
+					foundPomProps = true
+				}
 			}
 		case filepath.Base(fileInJar.Name) == "MANIFEST.MF":
 			m, err = parseManifest(fileInJar)