org.owasp.dependencycheck.analyzer

Class NodePackageAnalyzer

java.lang.Object

org.owasp.dependencycheck.analyzer.AbstractAnalyzer

org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer

org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer

org.owasp.dependencycheck.analyzer.NodePackageAnalyzer

All Implemented Interfaces:

FileFilter, Analyzer, FileTypeAnalyzer

@ThreadSafe
public class NodePackageAnalyzer
extends AbstractNpmAnalyzer

Used to analyze Node Package Manager (npm) package.json files, and collect information that can be used to determine the associated CPE.

Author:

Dale Visser

Field Summary

Fields

Modifier and Type	Field and Description
static String	DEPENDENCY_ECOSYSTEM A descriptor for the type of dependencies processed or added by this analyzer.
static String	PACKAGE_JSON The file name to scan.
static String	PACKAGE_LOCK_JSON The file name to scan.
static String	SHRINKWRAP_JSON The file name to scan.

Fields inherited from class org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer

NPM_DEPENDENCY_ECOSYSTEM

Constructor Summary

Constructors

Constructor and Description
NodePackageAnalyzer()

Method Summary

Modifier and Type	Method and Description
protected void	analyzeDependency(Dependency dependency, Engine engine) Analyzes a given dependency.
AnalysisPhase	getAnalysisPhase() Returns the phase that the analyzer is intended to run in.
protected String	getAnalyzerEnabledSettingKey() Returns the key used in the properties file to reference the enabled property for the analyzer.
protected FileFilter	getFileFilter() Returns the FileFilter
String	getName() Returns the name of the analyzer.
protected void	prepareFileTypeAnalyzer(Engine engine) Performs validation on the configuration to ensure that the correct analyzers are in place.

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer

accept, createDependency, findDependency, gatherEvidence, processPackage, processPackage, shouldProcess

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer

getFilesMatched, newHashSet, prepareAnalyzer, setFilesMatched

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractAnalyzer

analyze, close, closeAnalyzer, getSettings, initialize, isEnabled, prepare, setEnabled, supportsParallelProcessing

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.owasp.dependencycheck.analyzer.Analyzer

analyze, close, initialize, isEnabled, prepare, supportsParallelProcessing

Field Detail

DEPENDENCY_ECOSYSTEM

public static final String DEPENDENCY_ECOSYSTEM

A descriptor for the type of dependencies processed or added by this analyzer.

See Also:

Constant Field Values

PACKAGE_JSON

public static final String PACKAGE_JSON

The file name to scan.

See Also:

Constant Field Values

PACKAGE_LOCK_JSON

public static final String PACKAGE_LOCK_JSON

The file name to scan.

See Also:

Constant Field Values

SHRINKWRAP_JSON

public static final String SHRINKWRAP_JSON

The file name to scan.

See Also:

Constant Field Values

Constructor Detail

NodePackageAnalyzer

public NodePackageAnalyzer()

Method Detail

getFileFilter

protected FileFilter getFileFilter()

Returns the FileFilter

Specified by:

getFileFilter in class AbstractFileTypeAnalyzer

Returns:

the FileFilter

prepareFileTypeAnalyzer

protected void prepareFileTypeAnalyzer(Engine engine)
                                throws InitializationException

Performs validation on the configuration to ensure that the correct analyzers are in place.

Specified by:

prepareFileTypeAnalyzer in class AbstractFileTypeAnalyzer

Parameters:

engine - the dependency-check engine

Throws:

InitializationException - thrown if there is a configuration error

getName

public String getName()

Returns the name of the analyzer.

Returns:

the name of the analyzer.

getAnalysisPhase

public AnalysisPhase getAnalysisPhase()

Returns the phase that the analyzer is intended to run in.

Returns:

the phase that the analyzer is intended to run in.

getAnalyzerEnabledSettingKey

protected String getAnalyzerEnabledSettingKey()

Returns the key used in the properties file to reference the enabled property for the analyzer.

Specified by:

getAnalyzerEnabledSettingKey in class AbstractAnalyzer

Returns:

the enabled property setting key for the analyzer

analyzeDependency

protected void analyzeDependency(Dependency dependency,
                                 Engine engine)
                          throws AnalysisException

Description copied from class: AbstractAnalyzer

Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, scanned, and added to the list of dependencies within the engine.

Specified by:

analyzeDependency in class AbstractAnalyzer

Parameters:

dependency - the dependency to analyze

engine - the engine scanning

Throws:

AnalysisException - thrown if there is an analysis exception