@ThreadSafe public class NodePackageAnalyzer extends AbstractNpmAnalyzer
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
DEPENDENCY_ECOSYSTEM
A descriptor for the type of dependencies processed or added by this
analyzer.
|
static java.lang.String |
NODE_MODULES_DIRNAME
The name of the directory that contains node modules.
|
static java.lang.String |
PACKAGE_JSON
The file name to scan.
|
static java.lang.String |
PACKAGE_LOCK_JSON
The file name to scan.
|
static java.lang.String |
SHRINKWRAP_JSON
The file name to scan.
|
NPM_DEPENDENCY_ECOSYSTEM
Constructor and Description |
---|
NodePackageAnalyzer() |
Modifier and Type | Method and Description |
---|---|
protected void |
analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a given dependency.
|
AnalysisPhase |
getAnalysisPhase()
Returns the phase that the analyzer is intended to run in.
|
protected java.lang.String |
getAnalyzerEnabledSettingKey()
Returns the key used in the properties file to reference the enabled
property for the analyzer.
|
protected java.io.FileFilter |
getFileFilter()
Returns the FileFilter
|
java.lang.String |
getName()
Returns the name of the analyzer.
|
protected void |
prepareFileTypeAnalyzer(Engine engine)
Performs validation on the configuration to ensure that the correct
analyzers are in place.
|
static boolean |
shouldSkipDependency(java.lang.String name,
java.lang.String version)
Checks if the given dependency should be skipped.
|
static boolean |
shouldSkipDependency(java.lang.String name,
java.lang.String version,
boolean optional,
boolean fileExist)
should process the dependency ? Will return true if you need to skip it .
|
accept, createDependency, determineVersionFromMap, findDependency, gatherEvidence, getSearcher, processPackage, processPackage, processResults, replaceOrAddVulnerability, shouldProcess
getFilesMatched, newHashSet, prepareAnalyzer, setFilesMatched
analyze, close, closeAnalyzer, getSettings, initialize, isEnabled, prepare, setEnabled, supportsParallelProcessing
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
analyze, close, initialize, isEnabled, prepare, supportsParallelProcessing
public static final java.lang.String DEPENDENCY_ECOSYSTEM
public static final java.lang.String PACKAGE_JSON
public static final java.lang.String PACKAGE_LOCK_JSON
public static final java.lang.String SHRINKWRAP_JSON
public static final java.lang.String NODE_MODULES_DIRNAME
protected java.io.FileFilter getFileFilter()
getFileFilter
in class AbstractFileTypeAnalyzer
protected void prepareFileTypeAnalyzer(Engine engine) throws InitializationException
prepareFileTypeAnalyzer
in class AbstractNpmAnalyzer
engine
- the dependency-check engineInitializationException
- thrown if there is a configuration errorpublic java.lang.String getName()
public AnalysisPhase getAnalysisPhase()
protected java.lang.String getAnalyzerEnabledSettingKey()
getAnalyzerEnabledSettingKey
in class AbstractAnalyzer
protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException
AbstractAnalyzer
analyzeDependency
in class AbstractAnalyzer
dependency
- the dependency to analyzeengine
- the engine scanningAnalysisException
- thrown if there is an analysis exceptionpublic static boolean shouldSkipDependency(java.lang.String name, java.lang.String version, boolean optional, boolean fileExist)
name
- the name of the dependencyversion
- the version of the dependencyoptional
- is the dependency optional ?fileExist
- is the package.json available for this file ?public static boolean shouldSkipDependency(java.lang.String name, java.lang.String version)
name
- the name of the dependency to testversion
- the version of the dependency to testtrue
if the dependency should be skipped; otherwise
false
shouldSkipDependency(java.lang.String,
java.lang.String, boolean, boolean)
Copyright© 2012-21 Jeremy Long. All Rights Reserved.