Class RubyGemspecAnalyzer

java.lang.Object
org.owasp.dependencycheck.analyzer.AbstractAnalyzer
org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
org.owasp.dependencycheck.analyzer.RubyGemspecAnalyzer
All Implemented Interfaces:
FileFilter, Analyzer, FileTypeAnalyzer
Direct Known Subclasses:
RubyBundlerAnalyzer
@ThreadSafe public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer
Used to analyze Ruby Gem specifications and collect information that can be used to determine the associated CPE. Regular expressions are used to parse the well-defined Ruby syntax that forms the specification.
Author:
Dale Visser

  • Field Details

    • DEPENDENCY_ECOSYSTEM

      public static final String DEPENDENCY_ECOSYSTEM
      A descriptor for the type of dependencies processed or added by this analyzer.
      See Also:

  • Constructor Details

    • RubyGemspecAnalyzer

      public RubyGemspecAnalyzer()

  • Method Details

    • getFileFilter

      protected FileFilter getFileFilter()
      Description copied from class: AbstractFileTypeAnalyzer

      Returns the FileFilter used to determine which files are to be analyzed. An example would be an analyzer that inspected Java jar files. Implementors may use FileFilterBuilder.

      If the analyzer returns null it will not cause additional files to be analyzed, but will be executed against every file loaded.

      Specified by:
      getFileFilter in class AbstractFileTypeAnalyzer
      Returns:
      a filter that accepts files matching the glob pattern, *.gemspec

    • prepareFileTypeAnalyzer

      protected void prepareFileTypeAnalyzer(Engine engine) throws InitializationException
      Description copied from class: AbstractFileTypeAnalyzer
      Prepares the file type analyzer for dependency analysis.
      Specified by:
      prepareFileTypeAnalyzer in class AbstractFileTypeAnalyzer
      Parameters:
      engine - a reference to the dependency-check engine
      Throws:
      InitializationException - thrown if there is an exception during initialization

    • getName

      public String getName()
      Returns the name of the analyzer.
      Returns:
      the name of the analyzer.

    • getAnalysisPhase

      public AnalysisPhase getAnalysisPhase()
      Returns the phase that the analyzer is intended to run in.
      Returns:
      the phase that the analyzer is intended to run in.

    • getAnalyzerEnabledSettingKey

      protected String getAnalyzerEnabledSettingKey()
      Returns the key used in the properties file to reference the analyzer's enabled property.
      Specified by:
      getAnalyzerEnabledSettingKey in class AbstractAnalyzer
      Returns:
      the analyzer's enabled property setting key

    • analyzeDependency

      protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException
      Description copied from class: AbstractAnalyzer
      Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, scanned, and added to the list of dependencies within the engine.
      Specified by:
      analyzeDependency in class AbstractAnalyzer
      Parameters:
      dependency - the dependency to analyze
      engine - the engine scanning
      Throws:
      AnalysisException - thrown if there is an analysis exception