RubyBundlerAnalyzer (Dependency-Check Core 5.3.2 API)

java.lang.Object
- org.owasp.dependencycheck.analyzer.AbstractAnalyzer
- - org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
  - - org.owasp.dependencycheck.analyzer.RubyGemspecAnalyzer
    - - org.owasp.dependencycheck.analyzer.RubyBundlerAnalyzer

All Implemented Interfaces:

FileFilter, Analyzer, FileTypeAnalyzer
```
@ThreadSafe
public class RubyBundlerAnalyzer
extends RubyGemspecAnalyzer
```
This analyzer accepts the fully resolved .gemspec created by the Ruby bundler (http://bundler.io) for better evidence results. It also tries to resolve the dependency packagePath to where the gem is actually installed. Then during the AnalysisPhase.PRE_FINDING_ANALYSIS DependencyMergingAnalyzer will merge two .gemspec dependencies together if Dependency.getPackagePath() are the same. Ruby bundler creates new .gemspec files under a folder called "specifications" at deploy time, in addition to the original .gemspec files from source. The bundler generated .gemspec files always contain fully resolved attributes thus provide more accurate evidences, whereas the original .gemspec from source often contain variables for attributes that can't be used for evidences. Note this analyzer share the same Settings.KEYS.ANALYZER_RUBY_GEMSPEC_ENABLED as RubyGemspecAnalyzer, so it will enabled/disabled with RubyGemspecAnalyzer.

Author:

Bianca Jiang (https://twitter.com/biancajiang)

Field Summary

Fields
Modifier and Type Field and Description

static String DEPENDENCY_ECOSYSTEM
A descriptor for the type of dependencies processed or added by this analyzer.

Fields
Modifier and Type	Field and Description
`static String`	`DEPENDENCY_ECOSYSTEM` A descriptor for the type of dependencies processed or added by this analyzer.

Constructor Summary

Constructors
Constructor and Description

RubyBundlerAnalyzer()

Constructors
Constructor and Description
`RubyBundlerAnalyzer()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`accept(File pathname)` Only accept *.gemspec files generated by "bundle install --deployment" under "specifications" folder.
`protected void`	`analyzeDependency(Dependency dependency, Engine engine)` Analyzes a given dependency.
`String`	`getName()` Returns the name of the analyzer.

Methods inherited from class org.owasp.dependencycheck.analyzer.RubyGemspecAnalyzer
getAnalysisPhase, getAnalyzerEnabledSettingKey, getFileFilter, prepareFileTypeAnalyzer

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
getFilesMatched, newHashSet, prepareAnalyzer, setFilesMatched

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractAnalyzer
analyze, close, closeAnalyzer, getSettings, initialize, isEnabled, prepare, setEnabled, supportsParallelProcessing

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.owasp.dependencycheck.analyzer.Analyzer
analyze, close, initialize, isEnabled, prepare, supportsParallelProcessing

- Field Detail
  - DEPENDENCY_ECOSYSTEM
```
public static final String DEPENDENCY_ECOSYSTEM
```
    A descriptor for the type of dependencies processed or added by this analyzer.
    
    See Also:
    
    Constant Field Values
- Constructor Detail
  - RubyBundlerAnalyzer
```
public RubyBundlerAnalyzer()
```
- Method Detail
  - getName
```
public String getName()
```
    Returns the name of the analyzer.
    
    Specified by:
    
    getName in interface Analyzer
    
    Overrides:
    
    getName in class RubyGemspecAnalyzer
    
    Returns:
    
    the name of the analyzer.
  - accept
```
public boolean accept(File pathname)
```
    Only accept *.gemspec files generated by "bundle install --deployment" under "specifications" folder.
    
    Specified by:
    
    accept in interface FileFilter
    
    Overrides:
    
    accept in class AbstractFileTypeAnalyzer
    
    Parameters:
    
    pathname - the path name to test
    
    Returns:
    
    true if the analyzer can process the given file; otherwise false
  - analyzeDependency
```
protected void analyzeDependency(Dependency dependency,
                                 Engine engine)
                          throws AnalysisException
```
    Description copied from class: AbstractAnalyzer
    
    Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, scanned, and added to the list of dependencies within the engine.
    
    Overrides:
    
    analyzeDependency in class RubyGemspecAnalyzer
    
    Parameters:
    
    dependency - the dependency to analyze
    
    engine - the engine scanning
    
    Throws:
    
    AnalysisException - thrown if there is an analysis exception

Class RubyBundlerAnalyzer

Field Summary

Constructor Summary

Method Summary

Methods inherited from class org.owasp.dependencycheck.analyzer.RubyGemspecAnalyzer

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractAnalyzer

Methods inherited from class java.lang.Object

Methods inherited from interface org.owasp.dependencycheck.analyzer.Analyzer

Field Detail

DEPENDENCY_ECOSYSTEM

Constructor Detail

RubyBundlerAnalyzer

Method Detail

getName

accept

analyzeDependency