Class RetireJsAnalyzer

java.lang.Object
org.owasp.dependencycheck.analyzer.AbstractAnalyzer
org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
org.owasp.dependencycheck.analyzer.RetireJsAnalyzer
All Implemented Interfaces:
FileFilter, Analyzer, FileTypeAnalyzer
@ThreadSafe public class RetireJsAnalyzer extends AbstractFileTypeAnalyzer
The RetireJS analyzer uses the manually curated list of vulnerabilities from the RetireJS community along with the necessary information to assist in identifying vulnerable components. Vulnerabilities documented by the RetireJS community usually originate from other sources such as the NVD, GHSA, and various issue trackers.
Author:
Steve Springett

  • Field Details

    • DEPENDENCY_ECOSYSTEM

      public static final String DEPENDENCY_ECOSYSTEM
      A descriptor for the type of dependencies processed or added by this analyzer.
      See Also:

  • Constructor Details

    • RetireJsAnalyzer

      public RetireJsAnalyzer()

  • Method Details

    • getFileFilter

      protected FileFilter getFileFilter()
      Returns the FileFilter.
      Specified by:
      getFileFilter in class AbstractFileTypeAnalyzer
      Returns:
      the FileFilter

    • accept

      public boolean accept(File pathname)
      Determines if the file can be analyzed by the analyzer.
      Specified by:
      accept in interface FileFilter
      Overrides:
      accept in class AbstractFileTypeAnalyzer
      Parameters:
      pathname - the path to the file
      Returns:
      true if the file can be analyzed by the given analyzer; otherwise false

    • initialize

      public void initialize(Settings settings)
      Initializes the analyzer with the configured settings.
      Specified by:
      initialize in interface Analyzer
      Overrides:
      initialize in class AbstractAnalyzer
      Parameters:
      settings - the configured settings to use

    • prepareFileTypeAnalyzer

      protected void prepareFileTypeAnalyzer(Engine engine) throws InitializationException
      Prepares the file type analyzer for dependency analysis.
      Specified by:
      prepareFileTypeAnalyzer in class AbstractFileTypeAnalyzer
      Parameters:
      engine - a reference to the dependency-check engine
      Throws:
      InitializationException - thrown if there is an exception during initialization

    • getName

      public String getName()
      Returns the name of the analyzer.
      Returns:
      the name of the analyzer.

    • getAnalysisPhase

      public AnalysisPhase getAnalysisPhase()
      Returns the phase that the analyzer is intended to run in.
      Returns:
      the phase that the analyzer is intended to run in.

    • getAnalyzerEnabledSettingKey

      protected String getAnalyzerEnabledSettingKey()
      Returns the key used in the properties file to reference the analyzer's enabled property.
      Specified by:
      getAnalyzerEnabledSettingKey in class AbstractAnalyzer
      Returns:
      the analyzer's enabled property setting key

    • analyzeDependency

      public void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException
      Analyzes the specified JavaScript file.
      Specified by:
      analyzeDependency in class AbstractAnalyzer
      Parameters:
      dependency - the dependency to analyze.
      engine - the engine that is scanning the dependencies
      Throws:
      AnalysisException - is thrown if there is an error reading the file

    • closeAnalyzer

      protected void closeAnalyzer() throws Exception
      Description copied from class: AbstractAnalyzer
      Closes a given Analyzer. This will be skipped if the analyzer is disabled.
      Overrides:
      closeAnalyzer in class AbstractAnalyzer
      Throws:
      Exception - thrown if there is an exception