Class VulnerabilitySuppressionAnalyzer

java.lang.Object

org.owasp.dependencycheck.analyzer.AbstractAnalyzer

org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer

org.owasp.dependencycheck.analyzer.VulnerabilitySuppressionAnalyzer

All Implemented Interfaces:

Analyzer

@ThreadSafe
public class VulnerabilitySuppressionAnalyzer
extends AbstractSuppressionAnalyzer

The suppression analyzer processes an externally defined XML document that complies with the suppressions.xsd schema. Any identified Vulnerability entries within the dependencies that match will be removed.

Author:

Jeremy Long

Field Summary

Fields inherited from class AbstractSuppressionAnalyzer

SUPPRESSION_OBJECT_KEY

Constructor Summary

Constructors

Constructor	Description
VulnerabilitySuppressionAnalyzer()

Method Summary

Modifier and Type	Method	Description
protected void	analyzeDependency(Dependency dependency, Engine engine)	Analyzes a given dependency.
boolean	filter(SuppressionRule rule)
AnalysisPhase	getAnalysisPhase()	Returns the phase that the analyzer is intended to run in.
protected String	getAnalyzerEnabledSettingKey()	Returns the setting key to determine if the analyzer is enabled.
String	getName()	Returns the name of the analyzer.

Methods inherited from class AbstractSuppressionAnalyzer

getRuleCount, getSupportedExtensions, prepareAnalyzer

Methods inherited from class AbstractAnalyzer

analyze, close, closeAnalyzer, getSettings, initialize, isEnabled, prepare, setEnabled, supportsParallelProcessing

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

VulnerabilitySuppressionAnalyzer

public VulnerabilitySuppressionAnalyzer()

Method Details

getName

public String getName()

Returns the name of the analyzer.

Returns:

the name of the analyzer.

getAnalysisPhase

public AnalysisPhase getAnalysisPhase()

Returns the phase that the analyzer is intended to run in.

Returns:

the phase that the analyzer is intended to run in.

getAnalyzerEnabledSettingKey

protected String getAnalyzerEnabledSettingKey()

Returns the setting key to determine if the analyzer is enabled.

Specified by:

getAnalyzerEnabledSettingKey in class AbstractAnalyzer

Returns:

the key for the analyzer's enabled property

filter

public boolean filter(SuppressionRule rule)

analyzeDependency

protected void analyzeDependency(Dependency dependency,
 Engine engine)
                          throws AnalysisException

Description copied from class: AbstractAnalyzer

Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, scanned, and added to the list of dependencies within the engine.

Overrides:

analyzeDependency in class AbstractSuppressionAnalyzer

Parameters:

dependency - the dependency to analyze

engine - the engine scanning

Throws:

AnalysisException - thrown if there is an analysis exception