public class JarAnalyzer extends AbstractFileTypeAnalyzer
Modifier and Type | Class and Description |
---|---|
protected static class |
JarAnalyzer.ClassNameInformation
Stores information about a class name.
|
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
DEPENDENCY_ECOSYSTEM
A descriptor for the type of dependencies processed or added by this
analyzer.
|
Constructor and Description |
---|
JarAnalyzer() |
Modifier and Type | Method and Description |
---|---|
boolean |
accept(java.io.File pathname)
Determines if the file can be analyzed by the analyzer.
|
static java.lang.String |
addDescription(Dependency dependency,
java.lang.String description,
java.lang.String source,
java.lang.String key)
Adds a description to the given dependency.
|
protected static void |
addMatchingValues(java.util.List<JarAnalyzer.ClassNameInformation> classes,
java.lang.String value,
Dependency dep,
EvidenceType type)
Cycles through the collection of class name information to see if parts
of the package names are contained in the provided value.
|
void |
analyzeDependency(Dependency dependency,
Engine engine)
Loads a specified JAR file and collects information from the manifest and
checksums to identify the correct CPE information.
|
protected void |
analyzePackageNames(java.util.List<JarAnalyzer.ClassNameInformation> classNames,
Dependency dependency,
boolean addPackagesAsEvidence)
Analyzes the path information of the classes contained within the
JarAnalyzer to try and determine possible vendor or product names.
|
protected boolean |
analyzePOM(Dependency dependency,
java.util.List<JarAnalyzer.ClassNameInformation> classes,
Engine engine)
Attempts to find a pom.xml within the JAR file.
|
void |
closeAnalyzer()
Deletes any files extracted from the JAR during analysis.
|
protected java.util.List<JarAnalyzer.ClassNameInformation> |
collectClassNames(Dependency dependency)
Cycles through an enumeration of JarEntries, contained within the
dependency, and returns a list of the class names.
|
static void |
extractLicense(Model pom,
Dependency dependency)
Extracts the license information from the pom and adds it to the
dependency.
|
AnalysisPhase |
getAnalysisPhase()
Returns the phase that the analyzer is intended to run in.
|
protected java.lang.String |
getAnalyzerEnabledSettingKey()
Returns the key used in the properties file to reference the analyzer's
enabled property.
|
protected java.io.FileFilter |
getFileFilter()
Returns the FileFilter.
|
java.lang.String |
getName()
Returns the name of the analyzer.
|
protected boolean |
parseManifest(Dependency dependency,
java.util.List<JarAnalyzer.ClassNameInformation> classInformation)
Reads the manifest from the JAR file and collects the entries.
|
void |
prepareFileTypeAnalyzer(Engine engine)
Initializes the JarAnalyzer.
|
static boolean |
setPomEvidence(Dependency dependency,
Model pom,
java.util.List<JarAnalyzer.ClassNameInformation> classes,
boolean isMainPom)
Sets evidence from the pom on the supplied dependency.
|
getFilesMatched, newHashSet, prepareAnalyzer, setFilesMatched
analyze, close, getSettings, initialize, isEnabled, prepare, setEnabled, supportsParallelProcessing
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
analyze, close, initialize, isEnabled, prepare, supportsParallelProcessing
public static final java.lang.String DEPENDENCY_ECOSYSTEM
protected java.io.FileFilter getFileFilter()
getFileFilter
in class AbstractFileTypeAnalyzer
public java.lang.String getName()
public AnalysisPhase getAnalysisPhase()
public boolean accept(java.io.File pathname)
AbstractFileTypeAnalyzer
accept
in interface java.io.FileFilter
accept
in class AbstractFileTypeAnalyzer
pathname
- the path to the fileprotected java.lang.String getAnalyzerEnabledSettingKey()
getAnalyzerEnabledSettingKey
in class AbstractAnalyzer
public void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException
analyzeDependency
in class AbstractAnalyzer
dependency
- the dependency to analyze.engine
- the engine that is scanning the dependenciesAnalysisException
- is thrown if there is an error reading the JAR
file.protected boolean analyzePOM(Dependency dependency, java.util.List<JarAnalyzer.ClassNameInformation> classes, Engine engine) throws AnalysisException
dependency
- the dependency being analyzedclasses
- a collection of class name informationengine
- the analysis engine, used to add additional dependenciesAnalysisException
- is thrown if there is an exception parsing the
pompublic static boolean setPomEvidence(Dependency dependency, Model pom, java.util.List<JarAnalyzer.ClassNameInformation> classes, boolean isMainPom)
dependency
- the dependency to set data onpom
- the information from the pomclasses
- a collection of ClassNameInformation - containing data
about the fully qualified class names within the JAR file being analyzedisMainPom
- a flag indicating if this is the primary pom.protected void analyzePackageNames(java.util.List<JarAnalyzer.ClassNameInformation> classNames, Dependency dependency, boolean addPackagesAsEvidence)
classNames
- a list of class namesdependency
- a dependency to analyzeaddPackagesAsEvidence
- a flag indicating whether or not package
names should be added as evidence.protected boolean parseManifest(Dependency dependency, java.util.List<JarAnalyzer.ClassNameInformation> classInformation) throws java.io.IOException
Reads the manifest from the JAR file and collects the entries. Some vendorKey entries are:
dependency
- A reference to the dependencyclassInformation
- a collection of class informationjava.io.IOException
- if there is an issue reading the JAR filepublic static java.lang.String addDescription(Dependency dependency, java.lang.String description, java.lang.String source, java.lang.String key)
dependency
- a dependencydescription
- the descriptionsource
- the source of the evidencekey
- the "name" of the evidencepublic void prepareFileTypeAnalyzer(Engine engine) throws InitializationException
prepareFileTypeAnalyzer
in class AbstractFileTypeAnalyzer
engine
- a reference to the dependency-check engineInitializationException
- is thrown if there is an exception
creating a temporary directorypublic void closeAnalyzer()
closeAnalyzer
in class AbstractAnalyzer
protected java.util.List<JarAnalyzer.ClassNameInformation> collectClassNames(Dependency dependency)
dependency
- the dependency being analyzedprotected static void addMatchingValues(java.util.List<JarAnalyzer.ClassNameInformation> classes, java.lang.String value, Dependency dep, EvidenceType type)
classes
- a collection of class name informationvalue
- the value to check to see if it contains a package namedep
- the dependency to add new entries tootype
- the type of evidence (vendor, product, or version)public static void extractLicense(Model pom, Dependency dependency)
pom
- the pom objectdependency
- the dependency to add license information tooCopyright© 2012-21 Jeremy Long. All Rights Reserved.