Missed suspect detection due to wrong gradle command list
In new Android applications, the gradle dependency suspect detection is broken due to malformed gradle command list
compileCommands = ['compile',
'provided'
'apk'
'implementation'
'api'
'compileOnly'
'runtimeOnly',
'releaseCompile'
'releaseProvided'
'releaseApk'
'releaseImplementation'
'releaseApi'
'releaseCompileOnly'
'releaseRuntimeOnly']
This list resolves to
['compile', 'providedapkimplementationapicompileOnlyruntimeOnly', 'releaseCompilereleaseProvidedreleaseApkreleaseImplementationreleaseApireleaseCompileOnlyreleaseRuntimeOnly']
Which result in wrong regex generation, which in turn leads to missing of suspects such as
implementation "com.google.android.gms:play-services-vision:${versions.play_services}"
implementation "com.google.android.gms:play-services-places:${versions.play_services}"
//open-source licenses
implementation "com.google.android.gms:play-services-oss-licenses:${versions.play_services}"
Furthermore, build flavor specific versions of new format are also skipped, like
//open-source licenses
fdroidImplementation "com.google.android.gms:play-services-oss-licenses:${versions.play_services}"