| Package | Description |
|---|---|
| org.owasp.dependencycheck.analyzer |
Analyzers are used to inspect the identified dependencies, collect Evidence, and process the dependencies.
|
| org.owasp.dependencycheck.analyzer.exception |
A collection of exception classes used within the analyzers.
|
| org.owasp.dependencycheck.data.elixir |
Contains classes for working with various Elixir project data.
|
| org.owasp.dependencycheck.data.golang |
Contains classes for working with the Go Lang project data.
|
| org.owasp.dependencycheck.processing |
Classes used to process the output of external tools.
|
| org.owasp.dependencycheck.utils |
Includes various utility classes such as a Settings wrapper, a Checksum utility, etc.
|
| org.owasp.dependencycheck.xml.pom |
This package contains classes used to parse pom.xml files.
|
| Modifier and Type | Method and Description |
|---|---|
void |
AbstractAnalyzer.analyze(Dependency dependency,
Engine engine)
Analyzes a given dependency.
|
void |
Analyzer.analyze(Dependency dependency,
Engine engine)
Analyzes the given dependency.
|
protected void |
NpmCPEAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a dependency and attempts to determine if there are any CPE
identifiers for this dependency.
|
void |
NuspecAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
protected void |
SwiftPackageManagerAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
void |
LibmanAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
void |
NugetconfAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
protected void |
NodeAuditAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
SwiftPackageResolvedAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
VulnerabilitySuppressionAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
GolangDepAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes go packages and adds evidence to the dependency.
|
void |
CentralAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
protected void |
ElixirMixAuditAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Determines if the analyzer can analyze the given file type.
|
protected void |
DartAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
void |
NexusAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
protected void |
PipfileAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
CpeSuppressionAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
CMakeAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes python packages and adds evidence to the dependency.
|
void |
AssemblyAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis on a single Dependency.
|
protected void |
UnusedSuppressionRuleAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
ComposerLockAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Entry point for the analyzer.
|
protected void |
PythonDistributionAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
KnownExploitedVulnerabilityAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Adds information about the known exploited vulnerabilities to the
analysis.
|
protected void |
PipAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
NvdCveAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a dependency and attempts to determine if there are any CPE
identifiers for this dependency.
|
void |
ArtifactoryAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
void |
ArchiveAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a given dependency.
|
protected void |
YarnAuditAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes the yarn lock file to determine vulnerable dependencies.
|
protected void |
HintAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
The HintAnalyzer uses knowledge about a dependency to add additional
information to help in identification of identifiers or vulnerabilities.
|
protected void |
AbstractSuppressionAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
CocoaPodsAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
FalsePositiveAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes the dependencies and removes bad/incorrect CPE associations
based on various heuristics.
|
protected abstract void |
AbstractAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a given dependency.
|
protected void |
MSBuildProjectAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
GolangModAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes go packages and adds evidence to the dependency.
|
protected void |
VersionFilterAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
The HintAnalyzer uses knowledge about a dependency to add additional
information to help in identification of identifiers or vulnerabilities.
|
protected void |
PipfilelockAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
RubyBundleAuditAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Determines if the analyzer can analyze the given file type.
|
void |
RetireJsAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes the specified JavaScript file.
|
protected void |
CarthageAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
AbstractDependencyComparingAnalyzer.analyzeDependency(Dependency ignore,
Engine engine)
Analyzes a set of dependencies.
|
protected void |
RubyBundlerAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
FileNameAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Collects information about the file name.
|
protected void |
AutoconfAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
CPEAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a dependency and attempts to determine if there are any CPE
identifiers for this dependency.
|
protected void |
RubyGemspecAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
PEAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Collects information about the file name.
|
protected void |
PinnedMavenInstallAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
void |
JarAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Loads a specified JAR file and collects information from the manifest and
checksums to identify the correct CPE information.
|
protected void |
PnpmAuditAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes the pnpm lock file to determine vulnerable dependencies.
|
protected void |
OssIndexAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
PoetryAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes poetry packages and adds evidence to the dependency.
|
protected void |
OpenSSLAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes python packages and adds evidence to the dependency.
|
protected void |
NodePackageAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
PythonPackageAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes python packages and adds evidence to the dependency.
|
protected void |
PerlCpanfileAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected boolean |
JarAnalyzer.analyzePOM(Dependency dependency,
java.util.List<JarAnalyzer.ClassNameInformation> classes,
Engine engine)
Attempts to find a pom.xml within the JAR file.
|
protected void |
CPEAnalyzer.determineCPE(Dependency dependency)
Searches the data store of CPE entries, trying to identify the CPE for
the given dependency based on the evidence contained within.
|
protected boolean |
CPEAnalyzer.determineIdentifiers(Dependency dependency,
java.lang.String vendor,
java.lang.String product,
Confidence currentConfidence)
Retrieves a list of CPE values from the CveDB based on the vendor and
product passed in.
|
protected void |
PerlCpanfileAnalyzer.processFileContents(java.util.List<java.lang.String> fileLines,
java.lang.String filePath,
Engine engine) |
static boolean |
AbstractNpmAnalyzer.shouldProcess(java.io.File pathname)
Determines if the path contains "/node_modules/" or "/bower_components/"
(i.e.
|
| Modifier and Type | Class and Description |
|---|---|
class |
SearchException
An exception thrown when an online searching fails (such as NPM).
|
| Modifier and Type | Method and Description |
|---|---|
void |
MixAuditJsonParser.process()
Process the input stream to create the list of dependencies.
|
| Modifier and Type | Method and Description |
|---|---|
static java.util.List<GoModDependency> |
GoModJsonParser.process(java.io.InputStream inputStream)
Process the input stream to create the list of dependencies.
|
| Modifier and Type | Method and Description |
|---|---|
void |
MixAuditProcessor.close()
Throws any exceptions that occurred during processing.
|
void |
GoModProcessor.close()
Throws any exceptions that occurred during processing.
|
| Modifier and Type | Method and Description |
|---|---|
static java.util.Properties |
PyPACoreMetadataParser.getProperties(java.io.File file)
Loads all key/value pairs from PyPA metadata specifications¶.
|
| Modifier and Type | Method and Description |
|---|---|
static void |
PomUtils.analyzePOM(Dependency dependency,
java.io.File pomFile)
Reads in the pom file and adds elements as evidence to the given
dependency.
|
static Model |
PomUtils.readPom(java.io.File file)
Reads in the specified POM and converts it to a Model.
|
static Model |
PomUtils.readPom(java.lang.String path,
java.util.jar.JarFile jar)
Retrieves the specified POM from a jar file and converts it to a Model.
|
Copyright© 2012-21 Jeremy Long. All Rights Reserved.