Class NodeAuditAnalyzer
java.lang.Object
org.owasp.dependencycheck.analyzer.AbstractAnalyzer
org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer
org.owasp.dependencycheck.analyzer.NodeAuditAnalyzer
- All Implemented Interfaces:
FileFilter, Analyzer, FileTypeAnalyzer
Used to analyze Node Package Manager (npm) package-lock.json and
npm-shrinkwrap.json files via NPM Audit API.
- Author:
- Steve Springett
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringThe default URL to the NPM Audit API.static final StringA descriptor for the type of dependencies processed or added by this analyzer.static final StringThe file name to scan.static final StringThe file name to scan.Fields inherited from class AbstractNpmAnalyzer
NPM_DEPENDENCY_ECOSYSTEM -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidanalyzeDependency(Dependency dependency, Engine engine) Analyzes a given dependency.Returns the phase that the analyzer is intended to run in.protected StringReturns the key used in the properties file to determine if the analyzer is enabled.protected FileFilterReturns the FileFiltergetName()Returns the name of the analyzer.Methods inherited from class AbstractNpmAnalyzer
accept, createDependency, determineVersionFromMap, findDependency, gatherEvidence, getSearcher, prepareFileTypeAnalyzer, processPackage, processPackage, processResults, replaceOrAddVulnerability, shouldProcessMethods inherited from class AbstractFileTypeAnalyzer
getFilesMatched, newHashSet, prepareAnalyzer, setFilesMatchedMethods inherited from class AbstractAnalyzer
analyze, close, closeAnalyzer, getSettings, initialize, isEnabled, prepare, setEnabled, supportsParallelProcessingMethods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface Analyzer
analyze, close, initialize, isEnabled, prepare, supportsParallelProcessing
-
Field Details
-
DEFAULT_URL
-
DEPENDENCY_ECOSYSTEM
A descriptor for the type of dependencies processed or added by this analyzer.- See Also:
-
PACKAGE_LOCK_JSON
-
SHRINKWRAP_JSON
-
-
Constructor Details
-
NodeAuditAnalyzer
public NodeAuditAnalyzer()
-
-
Method Details
-
getFileFilter
Returns the FileFilter- Specified by:
getFileFilterin classAbstractFileTypeAnalyzer- Returns:
- the FileFilter
-
getName
-
getAnalysisPhase
Returns the phase that the analyzer is intended to run in.- Returns:
- the phase that the analyzer is intended to run in.
-
getAnalyzerEnabledSettingKey
Returns the key used in the properties file to determine if the analyzer is enabled.- Specified by:
getAnalyzerEnabledSettingKeyin classAbstractAnalyzer- Returns:
- the enabled property setting key for the analyzer
-
analyzeDependency
Description copied from class:AbstractAnalyzerAnalyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, scanned, and added to the list of dependencies within the engine.- Specified by:
analyzeDependencyin classAbstractAnalyzer- Parameters:
dependency- the dependency to analyzeengine- the engine scanning- Throws:
AnalysisException- thrown if there is an analysis exception
-