Class PnpmAuditAnalyzer
- java.lang.Object
-
- org.owasp.dependencycheck.analyzer.AbstractAnalyzer
-
- org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
-
- org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer
-
- org.owasp.dependencycheck.analyzer.PnpmAuditAnalyzer
-
- All Implemented Interfaces:
java.io.FileFilter,Analyzer,FileTypeAnalyzer
@ThreadSafe public class PnpmAuditAnalyzer extends AbstractNpmAnalyzer
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.StringPNPM_PACKAGE_LOCKThe file name to scan.-
Fields inherited from class org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer
NPM_DEPENDENCY_ECOSYSTEM
-
-
Constructor Summary
Constructors Constructor Description PnpmAuditAnalyzer()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voidanalyzeDependency(Dependency dependency, Engine engine)Analyzes the pnpm lock file to determine vulnerable dependencies.AnalysisPhasegetAnalysisPhase()Returns the phase that the analyzer is intended to run in.protected java.lang.StringgetAnalyzerEnabledSettingKey()Returns the setting key to determine if the analyzer is enabled.protected java.io.FileFiltergetFileFilter()Returns theFileFilterused to determine which files are to be analyzed.java.lang.StringgetName()Returns the name of the analyzer.protected voidprepareFileTypeAnalyzer(Engine engine)Initializes the analyzer once before any analysis is performed.-
Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer
accept, createDependency, determineVersionFromMap, findDependency, gatherEvidence, getSearcher, processPackage, processPackage, processResults, replaceOrAddVulnerability, shouldProcess
-
Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
getFilesMatched, newHashSet, prepareAnalyzer, setFilesMatched
-
Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractAnalyzer
analyze, close, closeAnalyzer, getSettings, initialize, isEnabled, prepare, setEnabled, supportsParallelProcessing
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.owasp.dependencycheck.analyzer.Analyzer
analyze, close, initialize, isEnabled, prepare, supportsParallelProcessing
-
-
-
-
Field Detail
-
PNPM_PACKAGE_LOCK
public static final java.lang.String PNPM_PACKAGE_LOCK
The file name to scan.- See Also:
- Constant Field Values
-
-
Method Detail
-
analyzeDependency
protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException
Analyzes the pnpm lock file to determine vulnerable dependencies. Uses pnpm audit --json to vulnerabilities report from NPM API.- Specified by:
analyzeDependencyin classAbstractAnalyzer- Parameters:
dependency- the pnpm lock fileengine- the analysis engine- Throws:
AnalysisException- thrown if there is an error analyzing the file
-
getAnalyzerEnabledSettingKey
protected java.lang.String getAnalyzerEnabledSettingKey()
Description copied from class:AbstractAnalyzerReturns the setting key to determine if the analyzer is enabled.
- Specified by:
getAnalyzerEnabledSettingKeyin classAbstractAnalyzer- Returns:
- the key for the analyzer's enabled property
-
getFileFilter
protected java.io.FileFilter getFileFilter()
Description copied from class:AbstractFileTypeAnalyzerReturns the
FileFilterused to determine which files are to be analyzed. An example would be an analyzer that inspected Java jar files. Implementors may useFileFilterBuilder.If the analyzer returns null it will not cause additional files to be analyzed, but will be executed against every file loaded.
- Specified by:
getFileFilterin classAbstractFileTypeAnalyzer- Returns:
- the file filter used to determine which files are to be analyzed
-
getName
public java.lang.String getName()
Description copied from interface:AnalyzerReturns the name of the analyzer.- Returns:
- the name of the analyzer.
-
getAnalysisPhase
public AnalysisPhase getAnalysisPhase()
Description copied from interface:AnalyzerReturns the phase that the analyzer is intended to run in.- Returns:
- the phase that the analyzer is intended to run in.
-
prepareFileTypeAnalyzer
protected void prepareFileTypeAnalyzer(Engine engine) throws InitializationException
Initializes the analyzer once before any analysis is performed.- Overrides:
prepareFileTypeAnalyzerin classAbstractNpmAnalyzer- Parameters:
engine- a reference to the dependency-check engine- Throws:
InitializationException- if there's an error during initialization
-
-