Class CMakeAnalyzer

java.lang.Object
org.owasp.dependencycheck.analyzer.AbstractAnalyzer
org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
org.owasp.dependencycheck.analyzer.CMakeAnalyzer
All Implemented Interfaces:
FileFilter, Analyzer, FileTypeAnalyzer
public class CMakeAnalyzer extends AbstractFileTypeAnalyzer

Used to analyze CMake build files, and collect information that can be used to determine the associated CPE.

Note: This analyzer catches straightforward invocations of the project command, plus some other observed patterns of version inclusion in real CMake projects. Many projects make use of older versions of CMake and/or use custom "homebrew" ways to insert version information. Hopefully as the newer CMake call pattern grows in usage, this analyzer allow more CPEs to be identified.

Author:
Dale Visser

  • Field Details

    • DEPENDENCY_ECOSYSTEM

      public static final String DEPENDENCY_ECOSYSTEM
      A descriptor for the type of dependencies processed or added by this analyzer.
      See Also:

  • Constructor Details

    • CMakeAnalyzer

      public CMakeAnalyzer()

  • Method Details

    • getName

      public String getName()
      Returns the name of the CMake analyzer.
      Returns:
      the name of the analyzer

    • getAnalysisPhase

      public AnalysisPhase getAnalysisPhase()
      Tell that we are used for information collection.
      Returns:
      INFORMATION_COLLECTION

    • getFileFilter

      protected FileFilter getFileFilter()
      Returns the set of supported file extensions.
      Specified by:
      getFileFilter in class AbstractFileTypeAnalyzer
      Returns:
      the set of supported file extensions

    • prepareFileTypeAnalyzer

      protected void prepareFileTypeAnalyzer(Engine engine) throws InitializationException
      Initializes the analyzer.
      Specified by:
      prepareFileTypeAnalyzer in class AbstractFileTypeAnalyzer
      Parameters:
      engine - a reference to the dependency-check engine
      Throws:
      InitializationException - thrown if an exception occurs getting an instance of SHA1

    • analyzeDependency

      protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException
      Analyzes python packages and adds evidence to the dependency.
      Specified by:
      analyzeDependency in class AbstractAnalyzer
      Parameters:
      dependency - the dependency being analyzed
      engine - the engine being used to perform the scan
      Throws:
      AnalysisException - thrown if there is an unrecoverable error analyzing the dependency

    • getAnalyzerEnabledSettingKey

      protected String getAnalyzerEnabledSettingKey()
      Description copied from class: AbstractAnalyzer

      Returns the setting key to determine if the analyzer is enabled.

      Specified by:
      getAnalyzerEnabledSettingKey in class AbstractAnalyzer
      Returns:
      the key for the analyzer's enabled property