Package org.owasp.dependencycheck.analyzer

Class AssemblyAnalyzer

java.lang.Object

org.owasp.dependencycheck.analyzer.AbstractAnalyzer

org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer

org.owasp.dependencycheck.analyzer.AssemblyAnalyzer

All Implemented Interfaces:

java.io.FileFilter, Analyzer, FileTypeAnalyzer

@ThreadSafe
public class AssemblyAnalyzer
extends AbstractFileTypeAnalyzer

Analyzer for getting company, product, and version information from a .NET assembly.

Author:

colezlaw

Field Summary

Fields

Modifier and Type	Field	Description
static java.lang.String	DEPENDENCY_ECOSYSTEM	A descriptor for the type of dependencies processed or added by this analyzer.

Constructor Summary

Constructors

Constructor	Description
AssemblyAnalyzer()

Method Summary

Modifier and Type	Method	Description
protected static void	addMatchingValues(java.util.List<java.lang.String> packages, java.lang.String value, Dependency dep, EvidenceType type)	Cycles through the collection of class name information to see if parts of the package names are contained in the provided value.
void	analyzeDependency(Dependency dependency, Engine engine)	Performs the analysis on a single Dependency.
protected java.util.List<java.lang.String>	buildArgumentList()	Builds the beginnings of a List for ProcessBuilder
void	closeAnalyzer()	Removes resources used from the local file system.
AnalysisPhase	getAnalysisPhase()	Returns the phase this analyzer runs under.
protected java.lang.String	getAnalyzerEnabledSettingKey()	Returns the key used in the properties file to reference the analyzer's enabled property.
protected java.io.FileFilter	getFileFilter()	Returns the FileFilter used to determine which files are to be analyzed.
java.lang.String	getName()	Gets this analyzer's name.
void	prepareFileTypeAnalyzer(Engine engine)	Initialize the analyzer.

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer

accept, getFilesMatched, newHashSet, prepareAnalyzer, setFilesMatched

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractAnalyzer

analyze, close, getSettings, initialize, isEnabled, prepare, setEnabled, supportsParallelProcessing

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.owasp.dependencycheck.analyzer.Analyzer

analyze, close, initialize, isEnabled, prepare, supportsParallelProcessing

Field Detail

DEPENDENCY_ECOSYSTEM

public static final java.lang.String DEPENDENCY_ECOSYSTEM

A descriptor for the type of dependencies processed or added by this analyzer.

See Also:

Constant Field Values

Constructor Detail

AssemblyAnalyzer

public AssemblyAnalyzer()

Method Detail

buildArgumentList

protected java.util.List<java.lang.String> buildArgumentList()

Builds the beginnings of a List for ProcessBuilder

Returns:

the list of arguments to begin populating the ProcessBuilder

analyzeDependency

public void analyzeDependency(Dependency dependency,
                              Engine engine)
                       throws AnalysisException

Performs the analysis on a single Dependency.

Specified by:

analyzeDependency in class AbstractAnalyzer

Parameters:

dependency - the dependency to analyze

engine - the engine to perform the analysis under

Throws:

AnalysisException - if anything goes sideways

prepareFileTypeAnalyzer

public void prepareFileTypeAnalyzer(Engine engine)
                             throws InitializationException

Initialize the analyzer. In this case, extract GrokAssembly.dll to a temporary location.

Specified by:

prepareFileTypeAnalyzer in class AbstractFileTypeAnalyzer

Parameters:

engine - a reference to the dependency-check engine

Throws:

InitializationException - thrown if anything goes wrong

closeAnalyzer

public void closeAnalyzer()
                   throws java.lang.Exception

Removes resources used from the local file system.

Overrides:

closeAnalyzer in class AbstractAnalyzer

Throws:

java.lang.Exception - thrown if there is a problem closing the analyzer

getFileFilter

protected java.io.FileFilter getFileFilter()

Description copied from class: AbstractFileTypeAnalyzer

Returns the FileFilter used to determine which files are to be analyzed. An example would be an analyzer that inspected Java jar files. Implementors may use FileFilterBuilder.

If the analyzer returns null it will not cause additional files to be analyzed, but will be executed against every file loaded.

Specified by:

getFileFilter in class AbstractFileTypeAnalyzer

Returns:

the file filter used to determine which files are to be analyzed

getName

public java.lang.String getName()

Gets this analyzer's name.

Returns:

the analyzer name

getAnalysisPhase

public AnalysisPhase getAnalysisPhase()

Returns the phase this analyzer runs under.

Returns:

the phase this runs under

getAnalyzerEnabledSettingKey

protected java.lang.String getAnalyzerEnabledSettingKey()

Returns the key used in the properties file to reference the analyzer's enabled property.

Specified by:

getAnalyzerEnabledSettingKey in class AbstractAnalyzer

Returns:

the analyzer's enabled property setting key

addMatchingValues

protected static void addMatchingValues(java.util.List<java.lang.String> packages,
                                        java.lang.String value,
                                        Dependency dep,
                                        EvidenceType type)

Cycles through the collection of class name information to see if parts of the package names are contained in the provided value. If found, it will be added as the HIGHEST confidence evidence because we have more then one source corroborating the value.

Parameters:

packages - a collection of class name information

value - the value to check to see if it contains a package name

dep - the dependency to add new entries too

type - the type of evidence (vendor, product, or version)