Package org.owasp.dependencycheck.analyzer

Class NpmCPEAnalyzer

java.lang.Object

org.owasp.dependencycheck.analyzer.AbstractAnalyzer

org.owasp.dependencycheck.analyzer.CPEAnalyzer

org.owasp.dependencycheck.analyzer.NpmCPEAnalyzer

All Implemented Interfaces:

Analyzer

@ThreadSafe
public class NpmCPEAnalyzer
extends CPEAnalyzer

NpmCPEAnalyzer takes a project dependency and attempts to discern if there is an associated CPE. Unlike the CPEAnalyzer, the NpmCPEAnalyzer only includes product and vendor associates known to be related to node from the NVD data set. It uses the evidence contained within the dependency to search the Lucene index.

Author:

Jeremy Long

Field Summary

Fields inherited from class org.owasp.dependencycheck.analyzer.CPEAnalyzer

NVD_SEARCH_BROAD_URL, NVD_SEARCH_URL

Constructor Summary

Constructors

Constructor	Description
NpmCPEAnalyzer()

Method Summary

Modifier and Type	Method	Description
protected void	analyzeDependency(Dependency dependency, Engine engine)	Analyzes a dependency and attempts to determine if there are any CPE identifiers for this dependency.
AnalysisPhase	getAnalysisPhase()	Returns the analysis phase that this analyzer should run in.
protected java.lang.String	getAnalyzerEnabledSettingKey()	Returns the setting key to determine if the analyzer is enabled.
java.lang.String	getName()	Returns the name of this analyzer.
void	open(CveDB cve)	Opens the data source.

Methods inherited from class org.owasp.dependencycheck.analyzer.CPEAnalyzer

buildSearch, closeAnalyzer, collectTerms, determineCPE, determineIdentifiers, getCveDB, getMemoryIndex, main, prepareAnalyzer, searchCPE, setCpeSuppressionAnalyzer, setCveDB, setMemoryIndex

Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractAnalyzer

analyze, close, getSettings, initialize, isEnabled, prepare, setEnabled, supportsParallelProcessing

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

NpmCPEAnalyzer

public NpmCPEAnalyzer()

Method Detail

getAnalysisPhase

public AnalysisPhase getAnalysisPhase()

Returns the analysis phase that this analyzer should run in.

Specified by:

getAnalysisPhase in interface Analyzer

Overrides:

getAnalysisPhase in class CPEAnalyzer

Returns:

the analysis phase that this analyzer should run in.

getName

public java.lang.String getName()

Returns the name of this analyzer.

Specified by:

getName in interface Analyzer

Overrides:

getName in class CPEAnalyzer

Returns:

the name of this analyzer.

getAnalyzerEnabledSettingKey

protected java.lang.String getAnalyzerEnabledSettingKey()

Returns the setting key to determine if the analyzer is enabled.

Overrides:

getAnalyzerEnabledSettingKey in class CPEAnalyzer

Returns:

the key for the analyzer's enabled property

open

public void open(CveDB cve)
          throws java.io.IOException,
                 DatabaseException

Opens the data source.

Overrides:

open in class CPEAnalyzer

Parameters:

cve - a reference to the NVD CVE database

Throws:

java.io.IOException - when the Lucene directory to be queried does not exist or is corrupt.

DatabaseException - when the database throws an exception. This usually occurs when the database is in use by another process.

analyzeDependency

protected void analyzeDependency(Dependency dependency,
                                 Engine engine)
                          throws AnalysisException

Analyzes a dependency and attempts to determine if there are any CPE identifiers for this dependency.

Overrides:

analyzeDependency in class CPEAnalyzer

Parameters:

dependency - The Dependency to analyze.

engine - The analysis engine

Throws:

AnalysisException - is thrown if there is an issue analyzing the dependency.