org.owasp.dependencycheck.analyzer

Class NodeAuditAnalyzer

java.lang.Object

org.owasp.dependencycheck.analyzer.AbstractAnalyzer

org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer

org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer

org.owasp.dependencycheck.analyzer.NodeAuditAnalyzer

All Implemented Interfaces:

FileFilter, Analyzer, FileTypeAnalyzer

@ThreadSafe
public class NodeAuditAnalyzer
extends AbstractNpmAnalyzer

Used to analyze Node Package Manager (npm) package-lock.json and npm-shrinkwrap.json files via NPM Audit API.

Author:

Steve Springett

Field Summary

Fields

Modifier and Type	Field and Description
static String	DEFAULT_URL The default URL to the NPM Audit API.
static String	DEPENDENCY_ECOSYSTEM A descriptor for the type of dependencies processed or added by this analyzer.
static String	PACKAGE_LOCK_JSON The file name to scan.
static String	SHRINKWRAP_JSON The file name to scan.

Fields inherited from class org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer

NPM_DEPENDENCY_ECOSYSTEM

Constructor Summary

Constructors

Constructor and Description
NodeAuditAnalyzer()

Method Summary

Modifier and Type	Method and Description
protected void	analyzeDependency(Dependency dependency, Engine engine) Analyzes a given dependency.
AnalysisPhase	getAnalysisPhase() Returns the phase that the analyzer is intended to run in.
protected String	getAnalyzerEnabledSettingKey() Returns the key used in the properties file to determine if the analyzer is enabled.
protected FileFilter	getFileFilter() Returns the FileFilter
String	getName() Returns the name of the analyzer.
void	prepareFileTypeAnalyzer(Engine engine) Initializes the analyzer once before any analysis is performed.

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer

accept, createDependency, findDependency, gatherEvidence, processPackage, processPackage, shouldProcess

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer

getFilesMatched, newHashSet, prepareAnalyzer, setFilesMatched

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractAnalyzer

analyze, close, closeAnalyzer, getSettings, initialize, isEnabled, prepare, setEnabled, supportsParallelProcessing

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.owasp.dependencycheck.analyzer.Analyzer

analyze, close, initialize, isEnabled, prepare, supportsParallelProcessing

Field Detail

DEFAULT_URL

public static final String DEFAULT_URL

The default URL to the NPM Audit API.

See Also:

Constant Field Values

DEPENDENCY_ECOSYSTEM

public static final String DEPENDENCY_ECOSYSTEM

A descriptor for the type of dependencies processed or added by this analyzer.

See Also:

Constant Field Values

PACKAGE_LOCK_JSON

public static final String PACKAGE_LOCK_JSON

The file name to scan.

See Also:

Constant Field Values

SHRINKWRAP_JSON

public static final String SHRINKWRAP_JSON

The file name to scan.

See Also:

Constant Field Values

Constructor Detail

NodeAuditAnalyzer

public NodeAuditAnalyzer()

Method Detail

getFileFilter

protected FileFilter getFileFilter()

Returns the FileFilter

Specified by:

getFileFilter in class AbstractFileTypeAnalyzer

Returns:

the FileFilter

prepareFileTypeAnalyzer

public void prepareFileTypeAnalyzer(Engine engine)
                             throws InitializationException

Initializes the analyzer once before any analysis is performed.

Specified by:

prepareFileTypeAnalyzer in class AbstractFileTypeAnalyzer

Parameters:

engine - a reference to the dependency-check engine

Throws:

InitializationException - if there's an error during initialization

getName

public String getName()

Returns the name of the analyzer.

Returns:

the name of the analyzer.

getAnalysisPhase

public AnalysisPhase getAnalysisPhase()

Returns the phase that the analyzer is intended to run in.

Returns:

the phase that the analyzer is intended to run in.

getAnalyzerEnabledSettingKey

protected String getAnalyzerEnabledSettingKey()

Returns the key used in the properties file to determine if the analyzer is enabled.

Specified by:

getAnalyzerEnabledSettingKey in class AbstractAnalyzer

Returns:

the enabled property setting key for the analyzer

analyzeDependency

protected void analyzeDependency(Dependency dependency,
                                 Engine engine)
                          throws AnalysisException

Description copied from class: AbstractAnalyzer

Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, scanned, and added to the list of dependencies within the engine.

Specified by:

analyzeDependency in class AbstractAnalyzer

Parameters:

dependency - the dependency to analyze

engine - the engine scanning

Throws:

AnalysisException - thrown if there is an analysis exception