| Package | Description |
|---|---|
| org.owasp.dependencycheck.analyzer |
Analyzers are used to inspect the identified dependencies, collect Evidence, and process the dependencies.
|
| org.owasp.dependencycheck.analyzer.exception |
A collection of exception classes used within the analyzers.
|
| org.owasp.dependencycheck.data.elixir |
Contains classes for working with various Elixir project data.
|
| org.owasp.dependencycheck.data.golang |
Contains classes for working with the Go Lang project data.
|
| org.owasp.dependencycheck.xml.pom |
This package contains classes used to parse pom.xml files.
|
| Modifier and Type | Method and Description |
|---|---|
void |
AbstractAnalyzer.analyze(Dependency dependency,
Engine engine)
Analyzes a given dependency.
|
void |
Analyzer.analyze(Dependency dependency,
Engine engine)
Analyzes the given dependency.
|
void |
JarAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Loads a specified JAR file and collects information from the manifest and
checksums to identify the correct CPE information.
|
void |
NexusAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
protected void |
FileNameAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Collects information about the file name.
|
protected void |
AbstractDependencyComparingAnalyzer.analyzeDependency(Dependency ignore,
Engine engine)
Analyzes a set of dependencies.
|
protected void |
NodeAuditAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
CMakeAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes python packages and adds evidence to the dependency.
|
void |
ArtifactoryAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
protected void |
ElixirMixAuditAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Determines if the analyzer can analyze the given file type.
|
void |
ArchiveAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a given dependency.
|
protected void |
OpenSSLAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes python packages and adds evidence to the dependency.
|
protected void |
RubyBundleAuditAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Determines if the analyzer can analyze the given file type.
|
protected void |
AutoconfAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
VersionFilterAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
The HintAnalyzer uses knowledge about a dependency to add additional
information to help in identification of identifiers or vulnerabilities.
|
protected void |
RubyBundlerAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
CocoaPodsAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
FalsePositiveAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes the dependencies and removes bad/incorrect CPE associations
based on various heuristics.
|
void |
CentralAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
protected void |
ComposerLockAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Entry point for the analyzer.
|
void |
NuspecAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
protected void |
MSBuildProjectAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
PythonDistributionAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
OssIndexAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
PipAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
SwiftPackageManagerAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
NvdCveAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a dependency and attempts to determine if there are any CPE
identifiers for this dependency.
|
protected void |
CPEAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a dependency and attempts to determine if there are any CPE
identifiers for this dependency.
|
protected abstract void |
AbstractAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a given dependency.
|
void |
NugetconfAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
protected void |
NpmCPEAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a dependency and attempts to determine if there are any CPE
identifiers for this dependency.
|
protected void |
AbstractSuppressionAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
HintAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
The HintAnalyzer uses knowledge about a dependency to add additional
information to help in identification of identifiers or vulnerabilities.
|
protected void |
PEAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Collects information about the file name.
|
protected void |
GolangDepAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes go packages and adds evidence to the dependency.
|
protected void |
NodePackageAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
GolangModAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes go packages and adds evidence to the dependency.
|
void |
RetireJsAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes the specified JavaScript file.
|
void |
AssemblyAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis on a single Dependency.
|
protected void |
RubyGemspecAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
PythonPackageAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes python packages and adds evidence to the dependency.
|
protected boolean |
JarAnalyzer.analyzePOM(Dependency dependency,
List<JarAnalyzer.ClassNameInformation> classes,
Engine engine)
Attempts to find a pom.xml within the JAR file.
|
protected void |
CPEAnalyzer.determineCPE(Dependency dependency)
Searches the data store of CPE entries, trying to identify the CPE for
the given dependency based on the evidence contained within.
|
protected boolean |
CPEAnalyzer.determineIdentifiers(Dependency dependency,
String vendor,
String product,
Confidence currentConfidence)
Retrieves a list of CPE values from the CveDB based on the vendor and
product passed in.
|
protected boolean |
AbstractNpmAnalyzer.shouldProcess(File pathname)
Determines if the path contains "/node_modules/" or "/bower_components/"
(i.e.
|
| Modifier and Type | Class and Description |
|---|---|
class |
SearchException
An exception thrown when an online searching fails (such as NPM).
|
| Modifier and Type | Method and Description |
|---|---|
void |
MixAuditJsonParser.process()
Process the input stream to create the list of dependencies.
|
| Modifier and Type | Method and Description |
|---|---|
void |
GoModJsonParser.process()
Process the input stream to create the list of dependencies.
|
| Modifier and Type | Method and Description |
|---|---|
static void |
PomUtils.analyzePOM(Dependency dependency,
File pomFile)
Reads in the pom file and adds elements as evidence to the given
dependency.
|
static Model |
PomUtils.readPom(File file)
Reads in the specified POM and converts it to a Model.
|
static Model |
PomUtils.readPom(String path,
JarFile jar)
Retrieves the specified POM from a jar file and converts it to a Model.
|
Copyright © 2012–2020 OWASP. All rights reserved.