Package org.owasp.dependencycheck.analyzer

Class RubyBundleAuditAnalyzer

  • All Implemented Interfaces:
    java.io.FileFilter, Analyzer, FileTypeAnalyzer
    @ThreadSafe
public class RubyBundleAuditAnalyzer
extends AbstractFileTypeAnalyzer
    Used to analyze Ruby Bundler Gemspec.lock files utilizing the 3rd party bundle-audit tool.
    Author:
    Dale Visser

    • Field Detail

      • DEPENDENCY_ECOSYSTEM

        public static final java.lang.String DEPENDENCY_ECOSYSTEM
        A descriptor for the type of dependencies processed or added by this analyzer.
        See Also:
        Constant Field Values

      • CRITICALITY

        public static final java.lang.String CRITICALITY
        Criticality.
        See Also:
        Constant Field Values

    • Constructor Detail

      • RubyBundleAuditAnalyzer

        public RubyBundleAuditAnalyzer()

    • Method Detail

      • getFileFilter

        protected java.io.FileFilter getFileFilter()
        Description copied from class: AbstractFileTypeAnalyzer

        Returns the FileFilter used to determine which files are to be analyzed. An example would be an analyzer that inspected Java jar files. Implementors may use FileFilterBuilder.

        If the analyzer returns null it will not cause additional files to be analyzed, but will be executed against every file loaded.

        Specified by:
        getFileFilter in class AbstractFileTypeAnalyzer
        Returns:
        a filter that accepts files named Gemfile.lock

      • getName

        public java.lang.String getName()
        Returns the name of the analyzer.
        Returns:
        the name of the analyzer.

      • getAnalysisPhase

        public AnalysisPhase getAnalysisPhase()
        Returns the phase that the analyzer is intended to run in.
        Returns:
        the phase that the analyzer is intended to run in.

      • getAnalyzerEnabledSettingKey

        protected java.lang.String getAnalyzerEnabledSettingKey()
        Returns the key used in the properties file to reference the analyzer's enabled property.
        Specified by:
        getAnalyzerEnabledSettingKey in class AbstractAnalyzer
        Returns:
        the analyzer's enabled property setting key

      • analyzeDependency

        protected void analyzeDependency​(Dependency dependency,
                                 Engine engine)
                          throws AnalysisException
        Determines if the analyzer can analyze the given file type.
        Specified by:
        analyzeDependency in class AbstractAnalyzer
        Parameters:
        dependency - the dependency to determine if it can analyze
        engine - the dependency-checkException engine
        Throws:
        AnalysisException - thrown if there is an analysis exception.