Class YarnAuditAnalyzer
- java.lang.Object
-
- org.owasp.dependencycheck.analyzer.AbstractAnalyzer
-
- org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
-
- org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer
-
- org.owasp.dependencycheck.analyzer.YarnAuditAnalyzer
-
- All Implemented Interfaces:
java.io.FileFilter,Analyzer,FileTypeAnalyzer
@ThreadSafe public class YarnAuditAnalyzer extends AbstractNpmAnalyzer
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.StringYARN_PACKAGE_LOCKThe file name to scan.-
Fields inherited from class org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer
NPM_DEPENDENCY_ECOSYSTEM
-
-
Constructor Summary
Constructors Constructor Description YarnAuditAnalyzer()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voidanalyzeDependency(Dependency dependency, Engine engine)Analyzes the yarn lock file to determine vulnerable dependencies.AnalysisPhasegetAnalysisPhase()Returns the phase that the analyzer is intended to run in.protected java.lang.StringgetAnalyzerEnabledSettingKey()Returns the setting key to determine if the analyzer is enabled.protected java.io.FileFiltergetFileFilter()Returns theFileFilterused to determine which files are to be analyzed.java.lang.StringgetName()Returns the name of the analyzer.protected voidprepareFileTypeAnalyzer(Engine engine)Initializes the analyzer once before any analysis is performed.-
Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer
accept, createDependency, determineVersionFromMap, findDependency, gatherEvidence, getSearcher, processPackage, processPackage, processResults, replaceOrAddVulnerability, shouldProcess
-
Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
getFilesMatched, newHashSet, prepareAnalyzer, setFilesMatched
-
Methods inherited from class org.owasp.dependencycheck.analyzer.AbstractAnalyzer
analyze, close, closeAnalyzer, getSettings, initialize, isEnabled, prepare, setEnabled, supportsParallelProcessing
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.owasp.dependencycheck.analyzer.Analyzer
analyze, close, initialize, isEnabled, prepare, supportsParallelProcessing
-
-
-
-
Field Detail
-
YARN_PACKAGE_LOCK
public static final java.lang.String YARN_PACKAGE_LOCK
The file name to scan.- See Also:
- Constant Field Values
-
-
Method Detail
-
analyzeDependency
protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException
Analyzes the yarn lock file to determine vulnerable dependencies. Uses yarn audit --offline to generate the payload to be sent to the NPM API.- Specified by:
analyzeDependencyin classAbstractAnalyzer- Parameters:
dependency- the yarn lock fileengine- the analysis engine- Throws:
AnalysisException- thrown if there is an error analyzing the file
-
getAnalyzerEnabledSettingKey
protected java.lang.String getAnalyzerEnabledSettingKey()
Description copied from class:AbstractAnalyzerReturns the setting key to determine if the analyzer is enabled.
- Specified by:
getAnalyzerEnabledSettingKeyin classAbstractAnalyzer- Returns:
- the key for the analyzer's enabled property
-
getFileFilter
protected java.io.FileFilter getFileFilter()
Description copied from class:AbstractFileTypeAnalyzerReturns the
FileFilterused to determine which files are to be analyzed. An example would be an analyzer that inspected Java jar files. Implementors may useFileFilterBuilder.If the analyzer returns null it will not cause additional files to be analyzed, but will be executed against every file loaded.
- Specified by:
getFileFilterin classAbstractFileTypeAnalyzer- Returns:
- the file filter used to determine which files are to be analyzed
-
getName
public java.lang.String getName()
Description copied from interface:AnalyzerReturns the name of the analyzer.- Returns:
- the name of the analyzer.
-
getAnalysisPhase
public AnalysisPhase getAnalysisPhase()
Description copied from interface:AnalyzerReturns the phase that the analyzer is intended to run in.- Returns:
- the phase that the analyzer is intended to run in.
-
prepareFileTypeAnalyzer
protected void prepareFileTypeAnalyzer(Engine engine) throws InitializationException
Initializes the analyzer once before any analysis is performed.- Overrides:
prepareFileTypeAnalyzerin classAbstractNpmAnalyzer- Parameters:
engine- a reference to the dependency-check engine- Throws:
InitializationException- if there's an error during initialization
-
-