1 /*
2 * This file is part of dependency-check-core.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17 */
18 package org.owasp.dependencycheck.analyzer;
19
20 import org.owasp.dependencycheck.Engine;
21 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
22 import org.owasp.dependencycheck.dependency.Dependency;
23 import org.owasp.dependencycheck.exception.InitializationException;
24 import org.owasp.dependencycheck.utils.Settings;
25
26 /**
27 * <p>
28 * An interface that defines an Analyzer that is used to identify Dependencies.
29 * An analyzer will collect information about the dependency in the form of
30 * Evidence.</p>
31 * <p>
32 * When the {@link org.owasp.dependencycheck.Engine} executes it will load the
33 * analyzers and call the methods in the following order:</p>
34 * <ol>
35 * <li>{@link #initialize(org.owasp.dependencycheck.utils.Settings)}</li>
36 * <li>{@link #prepare(org.owasp.dependencycheck.Engine)}</li>
37 * <li>{@link #analyze(org.owasp.dependencycheck.dependency.Dependency, org.owasp.dependencycheck.Engine)}</li>
38 * <li>{@link #close()}</li>
39 * </ol>
40 *
41 * @author Jeremy Long
42 */
43 public interface Analyzer {
44
45 /**
46 * Analyzes the given dependency. The analysis could be anything from
47 * identifying an Identifier for the dependency, to finding vulnerabilities,
48 * etc. Additionally, if the analyzer collects enough information to add a
49 * description or license information for the dependency it should be added.
50 *
51 * @param dependency a dependency to analyze.
52 * @param engine the engine that is scanning the dependencies - this is
53 * useful if we need to check other dependencies
54 * @throws AnalysisException is thrown if there is an error analyzing the
55 * dependency file
56 */
57 void analyze(Dependency dependency, Engine engine) throws AnalysisException;
58
59 /**
60 * Returns the name of the analyzer.
61 *
62 * @return the name of the analyzer.
63 */
64 String getName();
65
66 /**
67 * Returns the phase that the analyzer is intended to run in.
68 *
69 * @return the phase that the analyzer is intended to run in.
70 */
71 AnalysisPhase getAnalysisPhase();
72
73 /**
74 * Initializes the analyzer with the configured settings.
75 *
76 * @param settings the configured settings
77 */
78 void initialize(Settings settings);
79
80 /**
81 * The prepare method is called (once) prior to the analyze method being
82 * called on all of the dependencies.
83 *
84 * @param engine a reference to the dependency-check engine
85 * @throws InitializationException is thrown if an exception occurs
86 * initializing the analyzer.
87 */
88 void prepare(Engine engine) throws InitializationException;
89
90 /**
91 * The close method is called after all of the dependencies have been
92 * analyzed.
93 *
94 * @throws Exception is thrown if an exception occurs closing the analyzer.
95 */
96 void close() throws Exception;
97
98 /**
99 * Returns whether multiple instances of the same type of analyzer can run
100 * in parallel. Note that running analyzers of different types in parallel
101 * is not supported at all.
102 *
103 * @return {@code true} if the analyzer supports parallel processing,
104 * {@code false} else
105 */
106 boolean supportsParallelProcessing();
107
108 /**
109 * Get the value of enabled.
110 *
111 * @return the value of enabled
112 */
113 boolean isEnabled();
114
115 }