Package org.owasp.dependencycheck.analyzer

Class CentralAnalyzer

  • All Implemented Interfaces:
    java.io.FileFilter, Analyzer, FileTypeAnalyzer
    @ThreadSafe
public class CentralAnalyzer
extends AbstractFileTypeAnalyzer
    Analyzer which will attempt to locate a dependency, and the GAV information, by querying Central for the dependency's SHA-1 digest.
    Author:
    colezlaw

    • Constructor Detail

      • CentralAnalyzer

        public CentralAnalyzer()

    • Method Detail

      • initialize

        public void initialize​(Settings settings)
        Initializes the analyzer with the configured settings.
        Specified by:
        initialize in interface Analyzer
        Overrides:
        initialize in class AbstractAnalyzer
        Parameters:
        settings - the configured settings to use

      • getName

        public java.lang.String getName()
        Returns the analyzer's name.
        Returns:
        the name of the analyzer

      • getAnalyzerEnabledSettingKey

        protected java.lang.String getAnalyzerEnabledSettingKey()
        Returns the key used in the properties file to to reference the analyzer's enabled property.
        Specified by:
        getAnalyzerEnabledSettingKey in class AbstractAnalyzer
        Returns:
        the analyzer's enabled property setting key.

      • getAnalysisPhase

        public AnalysisPhase getAnalysisPhase()
        Returns the analysis phase under which the analyzer runs.
        Returns:
        the phase under which the analyzer runs

      • getFileFilter

        protected java.io.FileFilter getFileFilter()
        Description copied from class: AbstractFileTypeAnalyzer

        Returns the FileFilter used to determine which files are to be analyzed. An example would be an analyzer that inspected Java jar files. Implementors may use FileFilterBuilder.

        If the analyzer returns null it will not cause additional files to be analyzed, but will be executed against every file loaded.

        Specified by:
        getFileFilter in class AbstractFileTypeAnalyzer
        Returns:
        the file filter used to determine which files are to be analyzed

      • fetchMavenArtifacts

        protected java.util.List<MavenArtifact> fetchMavenArtifacts​(Dependency dependency)
                                                     throws java.io.IOException,
                                                            TooManyRequestsException
        Downloads the corresponding list of MavenArtifacts of the given dependency from MavenCentral.

        As the connection to MavenCentral is known to be unreliable, we implement a simple retry logic in order to compensate for 99% of the issues.

        Parameters:
        dependency - the dependency to analyze
        Returns:
        the downloaded list of MavenArtifacts
        Throws:
        java.io.FileNotFoundException - if the specified artifact is not found
        java.io.IOException - if connecting to MavenCentral finally failed
        TooManyRequestsException - if Central has received too many requests.

      • setCentralSearch

        protected void setCentralSearch​(CentralSearch searcher)
        Method used by unit tests to setup the analyzer.
        Parameters:
        searcher - the Central Search object to use.