Class YarnAuditAnalyzer
java.lang.Object
org.owasp.dependencycheck.analyzer.AbstractAnalyzer
org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer
org.owasp.dependencycheck.analyzer.YarnAuditAnalyzer
- All Implemented Interfaces:
FileFilter, Analyzer, FileTypeAnalyzer
-
Field Summary
FieldsFields inherited from class AbstractNpmAnalyzer
NPM_DEPENDENCY_ECOSYSTEM -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidanalyzeDependency(Dependency dependency, Engine engine) Analyzes the yarn lock file to determine vulnerable dependencies.Returns the phase that the analyzer is intended to run in.protected StringReturns the setting key to determine if the analyzer is enabled.protected FileFilterReturns theFileFilterused to determine which files are to be analyzed.getName()Returns the name of the analyzer.protected voidprepareFileTypeAnalyzer(Engine engine) Initializes the analyzer once before any analysis is performed.Methods inherited from class AbstractNpmAnalyzer
accept, createDependency, determineVersionFromMap, findDependency, gatherEvidence, getSearcher, processPackage, processPackage, processResults, replaceOrAddVulnerability, shouldProcessMethods inherited from class AbstractFileTypeAnalyzer
getFilesMatched, newHashSet, prepareAnalyzer, setFilesMatchedMethods inherited from class AbstractAnalyzer
analyze, close, closeAnalyzer, getSettings, initialize, isEnabled, prepare, setEnabled, supportsParallelProcessingMethods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface Analyzer
analyze, close, initialize, isEnabled, prepare, supportsParallelProcessing
-
Field Details
-
YARN_PACKAGE_LOCK
-
-
Constructor Details
-
YarnAuditAnalyzer
public YarnAuditAnalyzer()
-
-
Method Details
-
getAnalyzerEnabledSettingKey
Description copied from class:AbstractAnalyzerReturns the setting key to determine if the analyzer is enabled.
- Specified by:
getAnalyzerEnabledSettingKeyin classAbstractAnalyzer- Returns:
- the key for the analyzer's enabled property
-
getFileFilter
Description copied from class:AbstractFileTypeAnalyzerReturns the
FileFilterused to determine which files are to be analyzed. An example would be an analyzer that inspected Java jar files. Implementors may useFileFilterBuilder.If the analyzer returns null it will not cause additional files to be analyzed, but will be executed against every file loaded.
- Specified by:
getFileFilterin classAbstractFileTypeAnalyzer- Returns:
- the file filter used to determine which files are to be analyzed
-
getName
-
getAnalysisPhase
Description copied from interface:AnalyzerReturns the phase that the analyzer is intended to run in.- Returns:
- the phase that the analyzer is intended to run in.
-
prepareFileTypeAnalyzer
Initializes the analyzer once before any analysis is performed.- Overrides:
prepareFileTypeAnalyzerin classAbstractNpmAnalyzer- Parameters:
engine- a reference to the dependency-check engine- Throws:
InitializationException- if there's an error during initialization
-
analyzeDependency
Analyzes the yarn lock file to determine vulnerable dependencies. Uses yarn audit --offline to generate the payload to be sent to the NPM API.- Specified by:
analyzeDependencyin classAbstractAnalyzer- Parameters:
dependency- the yarn lock fileengine- the analysis engine- Throws:
AnalysisException- thrown if there is an error analyzing the file
-