Some artifacts have only 1 class, so will match no clones with default `-r moreThanOne`

jensdietrich / shadedetector

Other

0 stars 0 forks source link

Some artifacts have only 1 class, so will match no clones with default `-r moreThanOne` #15

Open wtwhite opened 1 year ago

wtwhite commented 1 year ago

This is the case for CVE-2016-0779:

[whitewa@piccolo ~/code/shadedetector]$ unzip -l /home/whitewa/code/shadedetector/.cache/src/org.apache.openejb/apache-tomee/1.7.3/apache-tomee-1.7.3-sources.jar|grep -F .java
     7190  11-24-2015 18:18   org/apache/tomee/RemoteTomEEEJBContainer.java

This old jar does not even seem to have a pom.xml file -- maybe it's too old to consider further.

jensdietrich commented 1 year ago

I think we ignore those, i.e. apply the consolidation strategy unchanged. It is very unlikely that this results in false negatives.