Package org.owasp.dependencycheck.analyzer

Class PinnedMavenInstallAnalyzer

  • All Implemented Interfaces:
    java.io.FileFilter, Analyzer, FileTypeAnalyzer
    @ThreadSafe
public class PinnedMavenInstallAnalyzer
extends AbstractFileTypeAnalyzer
    Used to analyze Maven pinned dependency files named *install*.json, a Java Maven dependency lockfile like Python's requirements.txt.
    Author:
    dhalperi
    See Also:
    rules_jvm_external

    • Constructor Detail

      • PinnedMavenInstallAnalyzer

        public PinnedMavenInstallAnalyzer()

    • Method Detail

      • getFileFilter

        protected java.io.FileFilter getFileFilter()
        Description copied from class: AbstractFileTypeAnalyzer

        Returns the FileFilter used to determine which files are to be analyzed. An example would be an analyzer that inspected Java jar files. Implementors may use FileFilterBuilder.

        If the analyzer returns null it will not cause additional files to be analyzed, but will be executed against every file loaded.

        Specified by:
        getFileFilter in class AbstractFileTypeAnalyzer
        Returns:
        the file filter used to determine which files are to be analyzed

      • getName

        public java.lang.String getName()
        Description copied from interface: Analyzer
        Returns the name of the analyzer.
        Returns:
        the name of the analyzer.

      • getAnalysisPhase

        public AnalysisPhase getAnalysisPhase()
        Description copied from interface: Analyzer
        Returns the phase that the analyzer is intended to run in.
        Returns:
        the phase that the analyzer is intended to run in.

      • getAnalyzerEnabledSettingKey

        protected java.lang.String getAnalyzerEnabledSettingKey()
        Description copied from class: AbstractAnalyzer

        Returns the setting key to determine if the analyzer is enabled.

        Specified by:
        getAnalyzerEnabledSettingKey in class AbstractAnalyzer
        Returns:
        the key for the analyzer's enabled property

      • analyzeDependency

        protected void analyzeDependency​(Dependency dependency,
                                 Engine engine)
                          throws AnalysisException
        Description copied from class: AbstractAnalyzer
        Analyzes a given dependency. If the dependency is an archive, such as a WAR or EAR, the contents are extracted, scanned, and added to the list of dependencies within the engine.
        Specified by:
        analyzeDependency in class AbstractAnalyzer
        Parameters:
        dependency - the dependency to analyze
        engine - the engine scanning
        Throws:
        AnalysisException - thrown if there is an analysis exception