Class GolangModAnalyzer
- java.lang.Object
-
- org.owasp.dependencycheck.analyzer.AbstractAnalyzer
-
- org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
-
- org.owasp.dependencycheck.analyzer.GolangModAnalyzer
-
- All Implemented Interfaces:
java.io.FileFilter,Analyzer,FileTypeAnalyzer
public class GolangModAnalyzer extends AbstractFileTypeAnalyzer
Go mod dependency analyzer.- Author:
- Matthijs van den Bos
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.StringDEPENDENCY_ECOSYSTEMA descriptor for the type of dependencies processed or added by this analyzer.static java.lang.StringGO_MODLock file name.
-
Constructor Summary
Constructors Constructor Description GolangModAnalyzer()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voidanalyzeDependency(Dependency dependency, Engine engine)Analyzes go packages and adds evidence to the dependency.AnalysisPhasegetAnalysisPhase()Tell that we are used for information collection.protected java.lang.StringgetAnalyzerEnabledSettingKey()Returns the key name for the analyzers enabled setting.protected java.io.FileFiltergetFileFilter()Returns the FileFilterjava.lang.StringgetName()Returns the name of the Golang Mode Analyzer.protected voidprepareFileTypeAnalyzer(Engine engine)Initialize the go mod analyzer; ensures that go is installed and can be called.-
Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
accept, getFilesMatched, newHashSet, prepareAnalyzer, setFilesMatched
-
Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractAnalyzer
analyze, close, closeAnalyzer, getSettings, initialize, isEnabled, prepare, setEnabled, supportsParallelProcessing
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.owasp.dependencycheck.analyzer.Analyzer
analyze, close, initialize, isEnabled, prepare, supportsParallelProcessing
-
-
-
-
Field Detail
-
DEPENDENCY_ECOSYSTEM
public static final java.lang.String DEPENDENCY_ECOSYSTEM
A descriptor for the type of dependencies processed or added by this analyzer.- See Also:
- Constant Field Values
-
GO_MOD
public static final java.lang.String GO_MOD
Lock file name. Please note that go.sum is NOT considered a lock file and may contain dependencies that are no longer used and dependencies of dependencies. According to here, go.mod should be used for reproducible builds: https://github.com/golang/go/wiki/Modules#is-gosum-a-lock-file-why-does-gosum-include-information-for-module-versions-i-am-no-longer-using- See Also:
- Constant Field Values
-
-
Method Detail
-
getName
public java.lang.String getName()
Returns the name of the Golang Mode Analyzer.- Returns:
- the name of the analyzer
-
getAnalysisPhase
public AnalysisPhase getAnalysisPhase()
Tell that we are used for information collection.- Returns:
- INFORMATION_COLLECTION
-
getAnalyzerEnabledSettingKey
protected java.lang.String getAnalyzerEnabledSettingKey()
Returns the key name for the analyzers enabled setting.- Specified by:
getAnalyzerEnabledSettingKeyin classAbstractAnalyzer- Returns:
- the key name for the analyzers enabled setting
-
getFileFilter
protected java.io.FileFilter getFileFilter()
Returns the FileFilter- Specified by:
getFileFilterin classAbstractFileTypeAnalyzer- Returns:
- the FileFilter
-
prepareFileTypeAnalyzer
protected void prepareFileTypeAnalyzer(Engine engine) throws InitializationException
Initialize the go mod analyzer; ensures that go is installed and can be called.- Specified by:
prepareFileTypeAnalyzerin classAbstractFileTypeAnalyzer- Parameters:
engine- a reference to the dependency-check engine- Throws:
InitializationException- never thrown
-
analyzeDependency
protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException
Analyzes go packages and adds evidence to the dependency.- Specified by:
analyzeDependencyin classAbstractAnalyzer- Parameters:
dependency- the dependency being analyzedengine- the engine being used to perform the scan- Throws:
AnalysisException- thrown if there is an unrecoverable error analyzing the dependency
-
-