Class CentralAnalyzer

java.lang.Object

org.owasp.dependencycheck.analyzer.AbstractAnalyzer

org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer

org.owasp.dependencycheck.analyzer.CentralAnalyzer

All Implemented Interfaces:

FileFilter, Analyzer, FileTypeAnalyzer

@ThreadSafe
public class CentralAnalyzer
extends AbstractFileTypeAnalyzer

Analyzer which will attempt to locate a dependency, and the GAV information, by querying Central for the dependency's SHA-1 digest.

Author:

colezlaw

Constructor Summary

Constructors

Constructor	Description
CentralAnalyzer()

Method Summary

Modifier and Type	Method	Description
void	analyzeDependency(Dependency dependency, Engine engine)	Performs the analysis.
protected List<MavenArtifact>	fetchMavenArtifacts(Dependency dependency)	Downloads the corresponding list of MavenArtifacts of the given dependency from MavenCentral.
AnalysisPhase	getAnalysisPhase()	Returns the analysis phase under which the analyzer runs.
protected String	getAnalyzerEnabledSettingKey()	Returns the key used in the properties file to to reference the analyzer's enabled property.
protected FileFilter	getFileFilter()	Returns the FileFilter used to determine which files are to be analyzed.
String	getName()	Returns the analyzer's name.
void	initialize(Settings settings)	Initializes the analyzer with the configured settings.
void	prepareFileTypeAnalyzer(Engine engine)	Initializes the analyzer once before any analysis is performed.
protected void	setCentralSearch(CentralSearch searcher)	Method used by unit tests to setup the analyzer.
boolean	supportsParallelProcessing()	Whether the analyzer is configured to support parallel processing.

Methods inherited from class AbstractFileTypeAnalyzer

accept, getFilesMatched, newHashSet, prepareAnalyzer, setFilesMatched

Methods inherited from class AbstractAnalyzer

analyze, close, closeAnalyzer, getSettings, isEnabled, prepare, setEnabled

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface Analyzer

analyze, close, isEnabled, prepare

Constructor Details

CentralAnalyzer

public CentralAnalyzer()

Method Details

initialize

public void initialize(Settings settings)

Initializes the analyzer with the configured settings.

Specified by:

initialize in interface Analyzer

Overrides:

initialize in class AbstractAnalyzer

Parameters:

settings - the configured settings to use

supportsParallelProcessing

public boolean supportsParallelProcessing()

Whether the analyzer is configured to support parallel processing.

Specified by:

supportsParallelProcessing in interface Analyzer

Overrides:

supportsParallelProcessing in class AbstractAnalyzer

Returns:

true if configured to support parallel processing; otherwise false

prepareFileTypeAnalyzer

public void prepareFileTypeAnalyzer(Engine engine)
                             throws InitializationException

Initializes the analyzer once before any analysis is performed.

Specified by:

prepareFileTypeAnalyzer in class AbstractFileTypeAnalyzer

Parameters:

engine - a reference to the dependency-check engine

Throws:

InitializationException - if there's an error during initialization

getName

public String getName()

Returns the analyzer's name.

Returns:

the name of the analyzer

getAnalyzerEnabledSettingKey

protected String getAnalyzerEnabledSettingKey()

Returns the key used in the properties file to to reference the analyzer's enabled property.

Specified by:

getAnalyzerEnabledSettingKey in class AbstractAnalyzer

Returns:

the analyzer's enabled property setting key.

getAnalysisPhase

public AnalysisPhase getAnalysisPhase()

Returns the analysis phase under which the analyzer runs.

Returns:

the phase under which the analyzer runs

getFileFilter

protected FileFilter getFileFilter()

Description copied from class: AbstractFileTypeAnalyzer

Returns the FileFilter used to determine which files are to be analyzed. An example would be an analyzer that inspected Java jar files. Implementors may use FileFilterBuilder.

If the analyzer returns null it will not cause additional files to be analyzed, but will be executed against every file loaded.

Specified by:

getFileFilter in class AbstractFileTypeAnalyzer

Returns:

the file filter used to determine which files are to be analyzed

analyzeDependency

public void analyzeDependency(Dependency dependency,
 Engine engine)
                       throws AnalysisException

Performs the analysis.

Specified by:

analyzeDependency in class AbstractAnalyzer

Parameters:

dependency - the dependency to analyze

engine - the engine

Throws:

AnalysisException - when there's an exception during analysis

fetchMavenArtifacts

protected List<MavenArtifact> fetchMavenArtifacts(Dependency dependency)
                                           throws IOException,
TooManyRequestsException

Downloads the corresponding list of MavenArtifacts of the given dependency from MavenCentral.

As the connection to MavenCentral is known to be unreliable, we implement a simple retry logic in order to compensate for 99% of the issues.

Parameters:

dependency - the dependency to analyze

Returns:

the downloaded list of MavenArtifacts

Throws:

FileNotFoundException - if the specified artifact is not found

IOException - if connecting to MavenCentral finally failed

TooManyRequestsException - if Central has received too many requests.

setCentralSearch

protected void setCentralSearch(CentralSearch searcher)

Method used by unit tests to setup the analyzer.

Parameters:

searcher - the Central Search object to use.