Class PnpmAuditAnalyzer
java.lang.Object
org.owasp.dependencycheck.analyzer.AbstractAnalyzer
org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer
org.owasp.dependencycheck.analyzer.PnpmAuditAnalyzer
- All Implemented Interfaces:
FileFilter, Analyzer, FileTypeAnalyzer
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringThe default registry parameter to pass to the pnpm audit execution.static final StringThe file name to scan.Fields inherited from class AbstractNpmAnalyzer
NPM_DEPENDENCY_ECOSYSTEM -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidanalyzeDependency(Dependency dependency, Engine engine) Analyzes the pnpm lock file to determine vulnerable dependencies.Returns the phase that the analyzer is intended to run in.protected StringReturns the setting key to determine if the analyzer is enabled.protected FileFilterReturns theFileFilterused to determine which files are to be analyzed.getName()Returns the name of the analyzer.protected voidprepareFileTypeAnalyzer(Engine engine) Initializes the analyzer once before any analysis is performed.Methods inherited from class AbstractNpmAnalyzer
accept, createDependency, determineVersionFromMap, findDependency, gatherEvidence, getSearcher, processPackage, processPackage, processResults, replaceOrAddVulnerability, shouldProcessMethods inherited from class AbstractFileTypeAnalyzer
getFilesMatched, newHashSet, prepareAnalyzer, setFilesMatchedMethods inherited from class AbstractAnalyzer
analyze, close, closeAnalyzer, getSettings, initialize, isEnabled, prepare, setEnabled, supportsParallelProcessingMethods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface Analyzer
analyze, close, initialize, isEnabled, prepare, supportsParallelProcessing
-
Field Details
-
PNPM_PACKAGE_LOCK
-
DEFAULT_REGISTRY
The default registry parameter to pass to the pnpm audit execution.- See Also:
-
-
Constructor Details
-
PnpmAuditAnalyzer
public PnpmAuditAnalyzer()
-
-
Method Details
-
analyzeDependency
Analyzes the pnpm lock file to determine vulnerable dependencies. Uses pnpm audit --json to vulnerabilities report from NPM API.- Specified by:
analyzeDependencyin classAbstractAnalyzer- Parameters:
dependency- the pnpm lock fileengine- the analysis engine- Throws:
AnalysisException- thrown if there is an error analyzing the file
-
getAnalyzerEnabledSettingKey
Description copied from class:AbstractAnalyzerReturns the setting key to determine if the analyzer is enabled.
- Specified by:
getAnalyzerEnabledSettingKeyin classAbstractAnalyzer- Returns:
- the key for the analyzer's enabled property
-
getFileFilter
Description copied from class:AbstractFileTypeAnalyzerReturns the
FileFilterused to determine which files are to be analyzed. An example would be an analyzer that inspected Java jar files. Implementors may useFileFilterBuilder.If the analyzer returns null it will not cause additional files to be analyzed, but will be executed against every file loaded.
- Specified by:
getFileFilterin classAbstractFileTypeAnalyzer- Returns:
- the file filter used to determine which files are to be analyzed
-
getName
-
getAnalysisPhase
Description copied from interface:AnalyzerReturns the phase that the analyzer is intended to run in.- Returns:
- the phase that the analyzer is intended to run in.
-
prepareFileTypeAnalyzer
Initializes the analyzer once before any analysis is performed.- Overrides:
prepareFileTypeAnalyzerin classAbstractNpmAnalyzer- Parameters:
engine- a reference to the dependency-check engine- Throws:
InitializationException- if there's an error during initialization
-