Package org.owasp.dependencycheck.analyzer

Class CMakeAnalyzer

  • All Implemented Interfaces:
    java.io.FileFilter, Analyzer, FileTypeAnalyzer
    public class CMakeAnalyzer
extends AbstractFileTypeAnalyzer

    Used to analyze CMake build files, and collect information that can be used to determine the associated CPE.

    Note: This analyzer catches straightforward invocations of the project command, plus some other observed patterns of version inclusion in real CMake projects. Many projects make use of older versions of CMake and/or use custom "homebrew" ways to insert version information. Hopefully as the newer CMake call pattern grows in usage, this analyzer allow more CPEs to be identified.

    Author:
    Dale Visser

    • Field Detail

      • DEPENDENCY_ECOSYSTEM

        public static final java.lang.String DEPENDENCY_ECOSYSTEM
        A descriptor for the type of dependencies processed or added by this analyzer.
        See Also:
        Constant Field Values

    • Constructor Detail

      • CMakeAnalyzer

        public CMakeAnalyzer()

    • Method Detail

      • getName

        public java.lang.String getName()
        Returns the name of the CMake analyzer.
        Returns:
        the name of the analyzer

      • getAnalysisPhase

        public AnalysisPhase getAnalysisPhase()
        Tell that we are used for information collection.
        Returns:
        INFORMATION_COLLECTION

      • getFileFilter

        protected java.io.FileFilter getFileFilter()
        Returns the set of supported file extensions.
        Specified by:
        getFileFilter in class AbstractFileTypeAnalyzer
        Returns:
        the set of supported file extensions

      • analyzeDependency

        protected void analyzeDependency​(Dependency dependency,
                                 Engine engine)
                          throws AnalysisException
        Analyzes python packages and adds evidence to the dependency.
        Specified by:
        analyzeDependency in class AbstractAnalyzer
        Parameters:
        dependency - the dependency being analyzed
        engine - the engine being used to perform the scan
        Throws:
        AnalysisException - thrown if there is an unrecoverable error analyzing the dependency

      • getAnalyzerEnabledSettingKey

        protected java.lang.String getAnalyzerEnabledSettingKey()
        Description copied from class: AbstractAnalyzer

        Returns the setting key to determine if the analyzer is enabled.

        Specified by:
        getAnalyzerEnabledSettingKey in class AbstractAnalyzer
        Returns:
        the key for the analyzer's enabled property