Class ArchiveAnalyzer

java.lang.Object
org.owasp.dependencycheck.analyzer.AbstractAnalyzer
org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
org.owasp.dependencycheck.analyzer.ArchiveAnalyzer
All Implemented Interfaces:
FileFilter, Analyzer, FileTypeAnalyzer
@ThreadSafe public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer

An analyzer that extracts files from archives and ensures any supported files contained within the archive are added to the dependency list.

Author:
Jeremy Long

  • Constructor Details

    • ArchiveAnalyzer

      public ArchiveAnalyzer()
      Make java compiler happy.

  • Method Details

    • initialize

      public void initialize(Settings settings)
      Initializes the analyzer with the configured settings.
      Specified by:
      initialize in interface Analyzer
      Overrides:
      initialize in class AbstractAnalyzer
      Parameters:
      settings - the configured settings to use

    • getFileFilter

      protected FileFilter getFileFilter()
      Description copied from class: AbstractFileTypeAnalyzer

      Returns the FileFilter used to determine which files are to be analyzed. An example would be an analyzer that inspected Java jar files. Implementors may use FileFilterBuilder.

      If the analyzer returns null it will not cause additional files to be analyzed, but will be executed against every file loaded.

      Specified by:
      getFileFilter in class AbstractFileTypeAnalyzer
      Returns:
      the file filter used to determine which files are to be analyzed

    • getName

      public String getName()
      Returns the name of the analyzer.
      Returns:
      the name of the analyzer.

    • getAnalysisPhase

      public AnalysisPhase getAnalysisPhase()
      Returns the phase that the analyzer is intended to run in.
      Returns:
      the phase that the analyzer is intended to run in.

    • getAnalyzerEnabledSettingKey

      protected String getAnalyzerEnabledSettingKey()
      Returns the key used in the properties file to reference the analyzer's enabled property.
      Specified by:
      getAnalyzerEnabledSettingKey in class AbstractAnalyzer
      Returns:
      the analyzer's enabled property setting key

    • prepareFileTypeAnalyzer

      public void prepareFileTypeAnalyzer(Engine engine) throws InitializationException
      The prepare method does nothing for this Analyzer.
      Specified by:
      prepareFileTypeAnalyzer in class AbstractFileTypeAnalyzer
      Parameters:
      engine - a reference to the dependency-check engine
      Throws:
      InitializationException - is thrown if there is an exception deleting or creating temporary files

    • closeAnalyzer

      public void closeAnalyzer() throws Exception
      The close method deletes any temporary files and directories created during analysis.
      Overrides:
      closeAnalyzer in class AbstractAnalyzer
      Throws:
      Exception - thrown if there is an exception deleting temporary files

    • accept

      public boolean accept(File pathname)
      Determines if the file can be analyzed by the analyzer. If the npm analyzer are enabled the archive analyzer will skip the node_modules and bower_modules directories.
      Specified by:
      accept in interface FileFilter
      Overrides:
      accept in class AbstractFileTypeAnalyzer
      Parameters:
      pathname - the path to the file
      Returns:
      true if the file can be analyzed by the given analyzer; otherwise false

    • analyzeDependency

      public void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException
      Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, scanned, and added to the list of dependencies within the engine.
      Specified by:
      analyzeDependency in class AbstractAnalyzer
      Parameters:
      dependency - the dependency to analyze
      engine - the engine scanning
      Throws:
      AnalysisException - thrown if there is an analysis exception