Class AssemblyAnalyzer

java.lang.Object
org.owasp.dependencycheck.analyzer.AbstractAnalyzer
org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
org.owasp.dependencycheck.analyzer.AssemblyAnalyzer
All Implemented Interfaces:
FileFilter, Analyzer, FileTypeAnalyzer
@ThreadSafe public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer
Analyzer for getting company, product, and version information from a .NET assembly.
Author:
colezlaw

  • Field Details

    • DEPENDENCY_ECOSYSTEM

      public static final String DEPENDENCY_ECOSYSTEM
      A descriptor for the type of dependencies processed or added by this analyzer.
      See Also:

  • Constructor Details

    • AssemblyAnalyzer

      public AssemblyAnalyzer()

  • Method Details

    • buildArgumentList

      protected List<String> buildArgumentList()
      Builds the beginnings of a List for ProcessBuilder
      Returns:
      the list of arguments to begin populating the ProcessBuilder

    • analyzeDependency

      public void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException
      Performs the analysis on a single Dependency.
      Specified by:
      analyzeDependency in class AbstractAnalyzer
      Parameters:
      dependency - the dependency to analyze
      engine - the engine to perform the analysis under
      Throws:
      AnalysisException - if anything goes sideways

    • prepareFileTypeAnalyzer

      public void prepareFileTypeAnalyzer(Engine engine) throws InitializationException
      Initialize the analyzer. In this case, extract GrokAssembly.dll to a temporary location.
      Specified by:
      prepareFileTypeAnalyzer in class AbstractFileTypeAnalyzer
      Parameters:
      engine - a reference to the dependency-check engine
      Throws:
      InitializationException - thrown if anything goes wrong

    • closeAnalyzer

      public void closeAnalyzer() throws Exception
      Removes resources used from the local file system.
      Overrides:
      closeAnalyzer in class AbstractAnalyzer
      Throws:
      Exception - thrown if there is a problem closing the analyzer

    • getFileFilter

      protected FileFilter getFileFilter()
      Description copied from class: AbstractFileTypeAnalyzer

      Returns the FileFilter used to determine which files are to be analyzed. An example would be an analyzer that inspected Java jar files. Implementors may use FileFilterBuilder.

      If the analyzer returns null it will not cause additional files to be analyzed, but will be executed against every file loaded.

      Specified by:
      getFileFilter in class AbstractFileTypeAnalyzer
      Returns:
      the file filter used to determine which files are to be analyzed

    • getName

      public String getName()
      Gets this analyzer's name.
      Returns:
      the analyzer name

    • getAnalysisPhase

      public AnalysisPhase getAnalysisPhase()
      Returns the phase this analyzer runs under.
      Returns:
      the phase this runs under

    • getAnalyzerEnabledSettingKey

      protected String getAnalyzerEnabledSettingKey()
      Returns the key used in the properties file to reference the analyzer's enabled property.
      Specified by:
      getAnalyzerEnabledSettingKey in class AbstractAnalyzer
      Returns:
      the analyzer's enabled property setting key

    • addMatchingValues

      protected static void addMatchingValues(List<String> packages, String value, Dependency dep, EvidenceType type)
      Cycles through the collection of class name information to see if parts of the package names are contained in the provided value. If found, it will be added as the HIGHEST confidence evidence because we have more then one source corroborating the value.
      Parameters:
      packages - a collection of class name information
      value - the value to check to see if it contains a package name
      dep - the dependency to add new entries too
      type - the type of evidence (vendor, product, or version)