major revision to patch issue #86; file type analyzers will no longer initialize if no files were detected that they can process during the scan phase.

Former-commit-id: 1d9ef39d5f7898de73ac72bbb9573af763368e95

dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java

@@ -29,6 +29,7 @@ import java.util.logging.Logger;
 import org.owasp.dependencycheck.analyzer.AnalysisPhase;
 import org.owasp.dependencycheck.analyzer.Analyzer;
 import org.owasp.dependencycheck.analyzer.AnalyzerService;
+import org.owasp.dependencycheck.analyzer.FileTypeAnalyzer;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.data.cpe.CpeMemoryIndex;
 import org.owasp.dependencycheck.data.cpe.IndexException;
@@ -62,9 +63,9 @@ public class Engine {
      */
     private final EnumMap<AnalysisPhase, List<Analyzer>> analyzers;
     /**
-     * A set of extensions supported by the analyzers.
+     * A Map of analyzers grouped by Analysis phase.
      */
-    private final Set<String> extensions;
+    private final Set<FileTypeAnalyzer> fileTypeAnalyzers;
 
     /**
      * Creates a new Engine.
@@ -72,9 +73,10 @@ public class Engine {
      * @throws DatabaseException thrown if there is an error connecting to the database
      */
     public Engine() throws DatabaseException {
-        this.extensions = new HashSet<String>();
         this.dependencies = new ArrayList<Dependency>();
         this.analyzers = new EnumMap<AnalysisPhase, List<Analyzer>>(AnalysisPhase.class);
+        this.fileTypeAnalyzers = new HashSet<FileTypeAnalyzer>();
+
         ConnectionFactory.initialize();
 
         boolean autoUpdate = true;
@@ -110,8 +112,8 @@ public class Engine {
         while (iterator.hasNext()) {
             final Analyzer a = iterator.next();
             analyzers.get(a.getAnalysisPhase()).add(a);
-            if (a.getSupportedExtensions() != null) {
+            if (a instanceof FileTypeAnalyzer) {
-                extensions.addAll(a.getSupportedExtensions());
+                this.fileTypeAnalyzers.add((FileTypeAnalyzer) a);
             }
         }
     }
@@ -253,7 +255,7 @@ public class Engine {
         final String fileName = file.getName();
         final String extension = FileUtils.getFileExtension(fileName);
         if (extension != null) {
-            if (extensions.contains(extension)) {
+            if (supportsExtension(extension)) {
                 final Dependency dependency = new Dependency(file);
                 dependencies.add(dependency);
             }
@@ -307,7 +309,12 @@ public class Engine {
                 final Set<Dependency> dependencySet = new HashSet<Dependency>();
                 dependencySet.addAll(dependencies);
                 for (Dependency d : dependencySet) {
-                    if (a.supportsExtension(d.getFileExtension())) {
+                    boolean shouldAnalyze = true;
+                    if (a instanceof FileTypeAnalyzer) {
+                        FileTypeAnalyzer fAnalyzer = (FileTypeAnalyzer) a;
+                        shouldAnalyze = fAnalyzer.supportsExtension(d.getFileExtension());
+                    }
+                    if (shouldAnalyze) {
                         final String msgFile = String.format("Begin Analysis of '%s'", d.getActualFilePath());
                         Logger.getLogger(Engine.class.getName()).log(Level.FINE, msgFile);
                         try {
@@ -416,15 +423,13 @@ public class Engine {
         if (ext == null) {
             return false;
         }
-        for (AnalysisPhase phase : AnalysisPhase.values()) {
+        boolean scan = false;
-            final List<Analyzer> analyzerList = analyzers.get(phase);
+        for (FileTypeAnalyzer a : this.fileTypeAnalyzers) {
-            for (Analyzer a : analyzerList) {
+            /* note, we can't break early on this loop as the analyzers need to know if
-                if (a.getSupportedExtensions() != null && a.supportsExtension(ext)) {
+             they have files to work on prior to initialization */
-                    return true;
+            scan |= a.supportsExtension(ext);
-                }
-            }
         }
-        return false;
+        return scan;
     }
 
     /**
@@ -452,4 +457,5 @@ public class Engine {
             throw new NoDataException("No documents exist");
         }
     }
+
 }

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java

@@ -17,33 +17,12 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
 /**
  *
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
 public abstract class AbstractAnalyzer implements Analyzer {
 
-    /**
-     * Utility method to help in the creation of the extensions set. This constructs a new Set that can be used in a
-     * final static declaration.<br/><br/>
-     *
-     * This implementation was copied from
-     * http://stackoverflow.com/questions/2041778/initialize-java-hashset-values-by-construction
-     *
-     * @param strings a list of strings to add to the set.
-     * @return a Set of strings.
-     */
-    protected static Set<String> newHashSet(String... strings) {
-        final Set<String> set = new HashSet<String>();
-
-        Collections.addAll(set, strings);
-        return set;
-    }
-
     /**
      * The initialize method does nothing for this Analyzer.
      *

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java

@@ -0,0 +1,109 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.analyzer;
+
+import com.hazelcast.logging.Logger;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.logging.Level;
+
+/**
+ *
+ * @author Jeremy Long <jeremy.long@owasp.org>
+ */
+public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implements FileTypeAnalyzer {
+
+    /**
+     * <p>
+     * Returns a list of supported file extensions. An example would be an analyzer that inspected java jar files. The
+     * getSupportedExtensions function would return a set with a single element "jar".</p>
+     *
+     * <p>
+     * <b>Note:</b> when implementing this the extensions returned MUST be lowercase.</p>
+     *
+     * @return The file extensions supported by this analyzer.
+     *
+     * <p>
+     * If the analyzer returns null it will not cause additional files to be analyzed but will be executed against every
+     * file loaded</p>
+     */
+    protected abstract Set<String> getSupportedExtensions();
+
+    /**
+     * Utility method to help in the creation of the extensions set. This constructs a new Set that can be used in a
+     * final static declaration.<br/><br/>
+     *
+     * This implementation was copied from
+     * http://stackoverflow.com/questions/2041778/initialize-java-hashset-values-by-construction
+     *
+     * @param strings a list of strings to add to the set.
+     * @return a Set of strings.
+     */
+    protected static Set<String> newHashSet(String... strings) {
+        final Set<String> set = new HashSet<String>();
+
+        Collections.addAll(set, strings);
+        return set;
+    }
+
+    /**
+     * Returns whether or not this analyzer can process the given extension.
+     *
+     * @param extension the file extension to test for support.
+     * @return whether or not the specified file extension is supported by this analyzer.
+     */
+    @Override
+    public boolean supportsExtension(String extension) {
+        Set<String> ext = getSupportedExtensions();
+        if (ext == null) {
+            String msg = String.format("The '%s%' analyzer is misconfigured and does not have any file extensions; it will be disabled", getName());
+            Logger.getLogger(AbstractFileTypeAnalyzer.class.getName()).log(Level.SEVERE, msg);
+            return false;
+        } else {
+            boolean match = ext.contains(extension);
+            if (match) {
+                filesMatched = match;
+            }
+            return match;
+        }
+    }
+    /**
+     * Whether the file type analyzer detected any files it needs to analyze.
+     */
+    private boolean filesMatched = false;
+
+    /**
+     * Get the value of filesMatched
+     *
+     * @return the value of filesMatched
+     */
+    public boolean isFilesMatched() {
+        return filesMatched;
+    }
+
+    /**
+     * Set the value of filesMatched
+     *
+     * @param filesMatched new value of filesMatched
+     */
+    public void setFilesMatched(boolean filesMatched) {
+        this.filesMatched = filesMatched;
+    }
+
+}

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java

@@ -51,17 +51,6 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer {
         return null;
     }
 
-    /**
-     * Returns whether or not this analyzer can process the given extension.
-     *
-     * @param extension the file extension to test for support.
-     * @return whether or not the specified file extension is supported by this analyzer.
-     */
-    @Override
-    public boolean supportsExtension(String extension) {
-        return true;
-    }
-
     //</editor-fold>
     /**
      * The initialize method loads the suppression XML file.

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/Analyzer.java

@@ -17,9 +17,8 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
-import java.util.Set;
 import org.owasp.dependencycheck.Engine;
+import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Dependency;
 
 /**
@@ -42,22 +41,6 @@ public interface Analyzer {
      */
     void analyze(Dependency dependency, Engine engine) throws AnalysisException;
 
-    /**
-     * <p>
-     * Returns a list of supported file extensions. An example would be an analyzer that inspected java jar files. The
-     * getSupportedExtensions function would return a set with a single element "jar".</p>
-     *
-     * <p>
-     * <b>Note:</b> when implementing this the extensions returned MUST be lowercase.</p>
-     *
-     * @return The file extensions supported by this analyzer.
-     *
-     * <p>
-     * If the analyzer returns null it will not cause additional files to be analyzed but will be executed against every
-     * file loaded</p>
-     */
-    Set<String> getSupportedExtensions();
-
     /**
      * Returns the name of the analyzer.
      *
@@ -65,14 +48,6 @@ public interface Analyzer {
      */
     String getName();
 
-    /**
-     * Returns whether or not this analyzer can process the given extension.
-     *
-     * @param extension the file extension to test for support.
-     * @return whether or not the specified file extension is supported by this analyzer.
-     */
-    boolean supportsExtension(String extension);
-
     /**
      * Returns the phase that the analyzer is intended to run in.
      *

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java

@@ -53,7 +53,7 @@ import org.owasp.dependencycheck.utils.Settings;
  *
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
-public class ArchiveAnalyzer extends AbstractAnalyzer implements Analyzer {
+public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, FileTypeAnalyzer {
 
     /**
      * The buffer size to use when extracting files from the archive.
@@ -108,6 +108,7 @@ public class ArchiveAnalyzer extends AbstractAnalyzer implements Analyzer {
      *
      * @return a list of file EXTENSIONS supported by this analyzer.
      */
+    @Override
     public Set<String> getSupportedExtensions() {
         return EXTENSIONS;
     }
@@ -117,25 +118,17 @@ public class ArchiveAnalyzer extends AbstractAnalyzer implements Analyzer {
      *
      * @return the name of the analyzer.
      */
+    @Override
     public String getName() {
         return ANALYZER_NAME;
     }
 
-    /**
-     * Returns whether or not this analyzer can process the given extension.
-     *
-     * @param extension the file extension to test for support.
-     * @return whether or not the specified file extension is supported by this analyzer.
-     */
-    public boolean supportsExtension(String extension) {
-        return EXTENSIONS.contains(extension);
-    }
-
     /**
      * Returns the phase that the analyzer is intended to run in.
      *
      * @return the phase that the analyzer is intended to run in.
      */
+    @Override
     public AnalysisPhase getAnalysisPhase() {
         return ANALYSIS_PHASE;
     }
@@ -148,6 +141,10 @@ public class ArchiveAnalyzer extends AbstractAnalyzer implements Analyzer {
      */
     @Override
     public void initialize() throws Exception {
+        super.initialize();
+        if (!isFilesMatched()) {
+            return;
+        }
         final File baseDir = Settings.getTempDirectory();
         if (!baseDir.exists()) {
             if (!baseDir.mkdirs()) {

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java

@@ -46,7 +46,7 @@ import org.xml.sax.SAXException;
  * @author colezlaw
  *
  */
-public class AssemblyAnalyzer extends AbstractAnalyzer {
+public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
 
     /**
      * The analyzer name
@@ -63,7 +63,7 @@ public class AssemblyAnalyzer extends AbstractAnalyzer {
     /**
      * The temp value for GrokAssembly.exe
      */
-    private File grokAssemblyExe;
+    private File grokAssemblyExe = null;
     /**
      * The DocumentBuilder for parsing the XML
      */
@@ -158,6 +158,9 @@ public class AssemblyAnalyzer extends AbstractAnalyzer {
     @Override
     public void initialize() throws Exception {
         super.initialize();
+        if (!isFilesMatched()) {
+            return; //no work to do, so don't initialize
+        }
         final File tempFile = File.createTempFile("GKA", ".exe", Settings.getTempDirectory());
         FileOutputStream fos = null;
         InputStream is = null;
@@ -220,7 +223,9 @@ public class AssemblyAnalyzer extends AbstractAnalyzer {
     public void close() throws Exception {
         super.close();
         try {
-            grokAssemblyExe.delete();
+            if (grokAssemblyExe != null) {
+                grokAssemblyExe.delete();
+            }
         } catch (SecurityException se) {
             LOG.fine("Can't delete temporary GrokAssembly.exe");
         }
@@ -246,17 +251,6 @@ public class AssemblyAnalyzer extends AbstractAnalyzer {
         return ANALYZER_NAME;
     }
 
-    /**
-     * Gets whether the analyzer supports the provided extension.
-     *
-     * @param extension the extension to check
-     * @return whether the analyzer supports the extension
-     */
-    @Override
-    public boolean supportsExtension(String extension) {
-        return SUPORTED_EXTENSIONS.contains(extension);
-    }
-
     /**
      * Returns the phase this analyzer runs under.
      *

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java

@@ -87,6 +87,36 @@ public class CPEAnalyzer implements Analyzer {
      */
     private CveDB cve;
 
+    /**
+     * Returns the name of this analyzer.
+     *
+     * @return the name of this analyzer.
+     */
+    @Override
+    public String getName() {
+        return "CPE Analyzer";
+    }
+
+    /**
+     * Returns the analysis phase that this analyzer should run in.
+     *
+     * @return the analysis phase that this analyzer should run in.
+     */
+    @Override
+    public AnalysisPhase getAnalysisPhase() {
+        return AnalysisPhase.IDENTIFIER_ANALYSIS;
+    }
+
+    /**
+     * Creates the CPE Lucene Index.
+     *
+     * @throws Exception is thrown if there is an issue opening the index.
+     */
+    @Override
+    public void initialize() throws Exception {
+        this.open();
+    }
+
     /**
      * Opens the data source.
      *
@@ -461,57 +491,6 @@ public class CPEAnalyzer implements Analyzer {
         }
     }
 
-    /**
-     * Returns true because this analyzer supports all dependency types.
-     *
-     * @return true.
-     */
-    @Override
-    public Set<String> getSupportedExtensions() {
-        return null;
-    }
-
-    /**
-     * Returns the name of this analyzer.
-     *
-     * @return the name of this analyzer.
-     */
-    @Override
-    public String getName() {
-        return "CPE Analyzer";
-    }
-
-    /**
-     * Returns true because this analyzer supports all dependency types.
-     *
-     * @param extension the file extension of the dependency being analyzed.
-     * @return true.
-     */
-    @Override
-    public boolean supportsExtension(String extension) {
-        return true;
-    }
-
-    /**
-     * Returns the analysis phase that this analyzer should run in.
-     *
-     * @return the analysis phase that this analyzer should run in.
-     */
-    @Override
-    public AnalysisPhase getAnalysisPhase() {
-        return AnalysisPhase.IDENTIFIER_ANALYSIS;
-    }
-
-    /**
-     * Opens the CPE Lucene Index.
-     *
-     * @throws Exception is thrown if there is an issue opening the index.
-     */
-    @Override
-    public void initialize() throws Exception {
-        this.open();
-    }
-
     /**
      * Retrieves a list of CPE values from the CveDB based on the vendor and product passed in. The list is then
      * validated to find only CPEs that are valid for the given dependency. It is possible that the CPE identified is a

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java

@@ -17,7 +17,6 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import java.io.File;
 import java.util.HashSet;
 import java.util.Iterator;
@@ -28,6 +27,7 @@ import java.util.logging.Logger;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import org.owasp.dependencycheck.Engine;
+import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.dependency.Identifier;
 import org.owasp.dependencycheck.utils.DependencyVersion;
@@ -57,10 +57,6 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
     private boolean analyzed = false;
     //</editor-fold>
     //<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer">
-    /**
-     * The set of file extensions supported by this analyzer.
-     */
-    private static final Set<String> EXTENSIONS = null;
     /**
      * The name of the analyzer.
      */
@@ -70,15 +66,6 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
      */
     private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.PRE_FINDING_ANALYSIS;
 
-    /**
-     * Returns a list of file EXTENSIONS supported by this analyzer.
-     *
-     * @return a list of file EXTENSIONS supported by this analyzer.
-     */
-    public Set<String> getSupportedExtensions() {
-        return EXTENSIONS;
-    }
-
     /**
      * Returns the name of the analyzer.
      *
@@ -88,16 +75,6 @@ public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Anal
         return ANALYZER_NAME;
     }
 
-    /**
-     * Returns whether or not this analyzer can process the given extension.
-     *
-     * @param extension the file extension to test for support
-     * @return whether or not the specified file extension is supported by this analyzer.
-     */
-    public boolean supportsExtension(String extension) {
-        return true;
-    }
-
     /**
      * Returns the phase that the analyzer is intended to run in.
      *

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java

@@ -43,10 +43,6 @@ import org.owasp.dependencycheck.dependency.VulnerableSoftware;
 public class FalsePositiveAnalyzer extends AbstractAnalyzer {
 
     //<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
-    /**
-     * The set of file extensions supported by this analyzer.
-     */
-    private static final Set<String> EXTENSIONS = null;
     /**
      * The name of the analyzer.
      */
@@ -56,15 +52,6 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
      */
     private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.POST_IDENTIFIER_ANALYSIS;
 
-    /**
-     * Returns a list of file EXTENSIONS supported by this analyzer.
-     *
-     * @return a list of file EXTENSIONS supported by this analyzer.
-     */
-    public Set<String> getSupportedExtensions() {
-        return EXTENSIONS;
-    }
-
     /**
      * Returns the name of the analyzer.
      *
@@ -74,16 +61,6 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
         return ANALYZER_NAME;
     }
 
-    /**
-     * Returns whether or not this analyzer can process the given extension.
-     *
-     * @param extension the file extension to test for support
-     * @return whether or not the specified file extension is supported by this analyzer.
-     */
-    public boolean supportsExtension(String extension) {
-        return true;
-    }
-
     /**
      * Returns the phase that the analyzer is intended to run in.
      *

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java

@@ -17,10 +17,9 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import java.io.File;
-import java.util.Set;
 import org.owasp.dependencycheck.Engine;
+import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.utils.DependencyVersion;
@@ -43,19 +42,6 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
      * The phase that this analyzer is intended to run in.
      */
     private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
-    /**
-     * The set of file extensions supported by this analyzer.
-     */
-    private static final Set<String> EXTENSIONS = null;
-
-    /**
-     * Returns a list of file EXTENSIONS supported by this analyzer.
-     *
-     * @return a list of file EXTENSIONS supported by this analyzer.
-     */
-    public Set<String> getSupportedExtensions() {
-        return EXTENSIONS;
-    }
 
     /**
      * Returns the name of the analyzer.
@@ -66,16 +52,6 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
         return ANALYZER_NAME;
     }
 
-    /**
-     * Returns whether or not this analyzer can process the given extension.
-     *
-     * @param extension the file extension to test for support.
-     * @return whether or not the specified file extension is supported by this analyzer.
-     */
-    public boolean supportsExtension(String extension) {
-        return true;
-    }
-
     /**
      * Returns the phase that the analyzer is intended to run in.
      *

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileTypeAnalyzer.java

@@ -0,0 +1,34 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.analyzer;
+
+/**
+ * An Analyzer that scans specific file types.
+ *
+ * @author Jeremy Long <jeremy.long@owasp.org>
+ */
+public interface FileTypeAnalyzer extends Analyzer {
+
+    /**
+     * Returns whether or not this analyzer can process the given extension.
+     *
+     * @param extension the file extension to test for support.
+     * @return whether or not the specified file extension is supported by this analyzer.
+     */
+    boolean supportsExtension(String extension);
+}

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java

@@ -17,11 +17,11 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.Set;
 import org.owasp.dependencycheck.Engine;
+import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Confidence;
 import org.owasp.dependencycheck.dependency.Dependency;
 import org.owasp.dependencycheck.dependency.Evidence;
@@ -41,44 +41,23 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer {
      * The phase that this analyzer is intended to run in.
      */
     private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.PRE_IDENTIFIER_ANALYSIS;
-    /**
-     * The set of file extensions supported by this analyzer.
-     */
-    private static final Set<String> EXTENSIONS = null;
-
-    /**
-     * Returns a list of file EXTENSIONS supported by this analyzer.
-     *
-     * @return a list of file EXTENSIONS supported by this analyzer.
-     */
-    public Set<String> getSupportedExtensions() {
-        return EXTENSIONS;
-    }
 
     /**
      * Returns the name of the analyzer.
      *
      * @return the name of the analyzer.
      */
+    @Override
     public String getName() {
         return ANALYZER_NAME;
     }
 
-    /**
-     * Returns whether or not this analyzer can process the given extension.
-     *
-     * @param extension the file extension to test for support.
-     * @return whether or not the specified file extension is supported by this analyzer.
-     */
-    public boolean supportsExtension(String extension) {
-        return true;
-    }
-
     /**
      * Returns the phase that the analyzer is intended to run in.
      *
      * @return the phase that the analyzer is intended to run in.
      */
+    @Override
     public AnalysisPhase getAnalysisPhase() {
         return ANALYSIS_PHASE;
     }

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java

@@ -79,7 +79,7 @@ import org.xml.sax.XMLReader;
  *
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
-public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
+public class JarAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, FileTypeAnalyzer {
 
     //<editor-fold defaultstate="collapsed" desc="Constants and Member Variables">
     /**
@@ -192,6 +192,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
      *
      * @return a list of file EXTENSIONS supported by this analyzer.
      */
+    @Override
     public Set<String> getSupportedExtensions() {
         return EXTENSIONS;
     }
@@ -201,20 +202,11 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
      *
      * @return the name of the analyzer.
      */
+    @Override
     public String getName() {
         return ANALYZER_NAME;
     }
 
-    /**
-     * Returns whether or not this analyzer can process the given extension.
-     *
-     * @param extension the file extension to test for support.
-     * @return whether or not the specified file extension is supported by this analyzer.
-     */
-    public boolean supportsExtension(String extension) {
-        return EXTENSIONS.contains(extension);
-    }
-
     /**
      * Returns the phase that the analyzer is intended to run in.
      *
@@ -914,6 +906,9 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
      */
     @Override
     public void initialize() throws Exception {
+        if (!this.isFilesMatched()) {
+            return; //no files matched, no need to initialize
+        }
         final File baseDir = Settings.getTempDirectory();
         if (!baseDir.exists()) {
             if (!baseDir.mkdirs()) {

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java

@@ -36,7 +36,7 @@ import org.owasp.dependencycheck.dependency.Dependency;
  *
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
-public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer {
+public class JavaScriptAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, FileTypeAnalyzer {
 
     //<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
     /**
@@ -72,17 +72,6 @@ public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer {
         return ANALYZER_NAME;
     }
 
-    /**
-     * Returns whether or not this analyzer can process the given extension.
-     *
-     * @param extension the file extension to test for support.
-     * @return whether or not the specified file extension is supported by this analyzer.
-     */
-    @Override
-    public boolean supportsExtension(String extension) {
-        return EXTENSIONS.contains(extension);
-    }
-
     /**
      * Returns the phase that the analyzer is intended to run in.
      *

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java

@@ -46,7 +46,7 @@ import org.owasp.dependencycheck.utils.Settings;
  *
  * @author colezlaw
  */
-public class NexusAnalyzer extends AbstractAnalyzer {
+public class NexusAnalyzer extends AbstractFileTypeAnalyzer implements Analyzer, FileTypeAnalyzer {
 
     /**
      * The logger
@@ -85,6 +85,10 @@ public class NexusAnalyzer extends AbstractAnalyzer {
      */
     @Override
     public void initialize() throws Exception {
+        if (!isFilesMatched()) {
+            enabled = false;
+            return; //no work to do so don't initialize
+        }
         enabled = Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED);
         LOGGER.fine("Initializing Nexus Analyzer");
         LOGGER.fine(String.format("Nexus Analyzer enabled: %s", enabled));
@@ -136,17 +140,6 @@ public class NexusAnalyzer extends AbstractAnalyzer {
         return SUPPORTED_EXTENSIONS;
     }
 
-    /**
-     * Determines whether the incoming extension is supported.
-     *
-     * @param extension the extension to check for support
-     * @return whether the extension is supported
-     */
-    @Override
-    public boolean supportsExtension(String extension) {
-        return SUPPORTED_EXTENSIONS.contains(extension);
-    }
-
     /**
      * Performs the analysis.
      *

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NuspecAnalyzer.java

@@ -34,7 +34,7 @@ import org.owasp.dependencycheck.dependency.Dependency;
  *
  * @author colezlaw
  */
-public class NuspecAnalyzer extends AbstractAnalyzer {
+public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
 
     /**
      * The logger
@@ -95,17 +95,6 @@ public class NuspecAnalyzer extends AbstractAnalyzer {
         return SUPPORTED_EXTENSIONS;
     }
 
-    /**
-     * Determines whether the incoming extension is supported.
-     *
-     * @param extension the extension to check for support
-     * @return whether the extension is supported
-     */
-    @Override
-    public boolean supportsExtension(String extension) {
-        return SUPPORTED_EXTENSIONS.contains(extension);
-    }
-
     /**
      * Performs the analysis.
      *

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java

@@ -17,12 +17,11 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import java.io.IOException;
 import java.sql.SQLException;
 import java.util.List;
-import java.util.Set;
 import org.owasp.dependencycheck.Engine;
+import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.dependency.Dependency;
@@ -62,6 +61,7 @@ public class NvdCveAnalyzer implements Analyzer {
     /**
      * Closes the data source.
      */
+    @Override
     public void close() {
         cveDB.close();
         cveDB = null;
@@ -96,6 +96,7 @@ public class NvdCveAnalyzer implements Analyzer {
      * @param engine The analysis engine
      * @throws AnalysisException is thrown if there is an issue analyzing the dependency
      */
+    @Override
     public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
         for (Identifier id : dependency.getIdentifiers()) {
             if ("cpe".equals(id.getType())) {
@@ -110,48 +111,32 @@ public class NvdCveAnalyzer implements Analyzer {
         }
     }
 
-    /**
-     * Returns true because this analyzer supports all dependency types.
-     *
-     * @return true.
-     */
-    public Set<String> getSupportedExtensions() {
-        return null;
-    }
-
     /**
      * Returns the name of this analyzer.
      *
      * @return the name of this analyzer.
      */
+    @Override
     public String getName() {
         return "NVD CVE Analyzer";
     }
 
-    /**
-     * Returns true because this analyzer supports all dependency types.
-     *
-     * @param extension the file extension of the dependency being analyzed.
-     * @return true.
-     */
-    public boolean supportsExtension(String extension) {
-        return true;
-    }
-
     /**
      * Returns the analysis phase that this analyzer should run in.
      *
      * @return the analysis phase that this analyzer should run in.
      */
+    @Override
     public AnalysisPhase getAnalysisPhase() {
         return AnalysisPhase.FINDING_ANALYSIS;
     }
 
     /**
-     * Opens the NVD CVE Lucene Index.
+     * Opens the database used to gather NVD CVE data.
      *
      * @throws Exception is thrown if there is an issue opening the index.
      */
+    @Override
     public void initialize() throws Exception {
         this.open();
     }

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzerTest.java

@@ -30,9 +30,9 @@ import org.junit.Test;
  *
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
-public class AbstractAnalyzerTest {
+public class AbstractFileTypeAnalyzerTest {
 
-    public AbstractAnalyzerTest() {
+    public AbstractFileTypeAnalyzerTest() {
     }
 
     @BeforeClass
@@ -56,7 +56,7 @@ public class AbstractAnalyzerTest {
      */
     @Test
     public void testNewHashSet() {
-        Set result = AbstractAnalyzer.newHashSet("one", "two");
+        Set result = AbstractFileTypeAnalyzer.newHashSet("one", "two");
         assertEquals(2, result.size());
         assertTrue(result.contains("one"));
         assertTrue(result.contains("two"));

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzerTest.java

@@ -79,18 +79,6 @@ public class AbstractSuppressionAnalyzerTest {
         assertNull(result);
     }
 
-    /**
-     * Test of supportsExtension method, of class AbstractSuppressionAnalyzer.
-     */
-    @Test
-    public void testSupportsExtension() {
-        String extension = "jar";
-        AbstractSuppressionAnalyzer instance = new AbstractSuppressionAnalyzerImpl();
-        boolean expResult = true;
-        boolean result = instance.supportsExtension(extension);
-        assertEquals(expResult, result);
-    }
-
     /**
      * Test of initialize method, of class AbstractSuppressionAnalyzer.
      */

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AnalyzerServiceTest.java

@@ -18,7 +18,6 @@
 package org.owasp.dependencycheck.analyzer;
 
 import java.util.Iterator;
-import java.util.Set;
 import org.junit.After;
 import org.junit.AfterClass;
 import static org.junit.Assert.assertTrue;
@@ -62,8 +61,7 @@ public class AnalyzerServiceTest {
         boolean found = false;
         while (result.hasNext()) {
             Analyzer a = result.next();
-            Set<String> e = a.getSupportedExtensions();
+            if ("Jar Analyzer".equals(a.getName())) {
-            if (e != null && e.contains("jar")) {
                 found = true;
             }
         }

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzerTest.java

@@ -147,6 +147,8 @@ public class ArchiveAnalyzerTest extends AbstractDatabaseTestCase {
     @Test
     public void testAnalyze() throws Exception {
         ArchiveAnalyzer instance = new ArchiveAnalyzer();
+        //trick the analyzer into thinking it is active.
+        instance.supportsExtension("ear");
         try {
             instance.initialize();
 
@@ -175,6 +177,8 @@ public class ArchiveAnalyzerTest extends AbstractDatabaseTestCase {
     @Test
     public void testAnalyzeTar() throws Exception {
         ArchiveAnalyzer instance = new ArchiveAnalyzer();
+        //trick the analyzer into thinking it is active so that it will initialize
+        instance.supportsExtension("tar");
         try {
             instance.initialize();
 

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzerTest.java

@@ -54,6 +54,8 @@ public class AssemblyAnalyzerTest {
     public void setUp() {
         try {
             analyzer = new AssemblyAnalyzer();
+            //trick the analyzer into thinking it is active, otherwise the initialize will do nothing.
+            analyzer.supportsExtension("dll");
             analyzer.initialize();
         } catch (Exception e) {
             LOGGER.log(Level.WARNING, "Exception setting up AssemblyAnalyzer. Tests will be incomplete", e);

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzerTest.java

@@ -17,11 +17,9 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import java.util.Set;
 import org.junit.After;
 import org.junit.AfterClass;
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNull;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
@@ -52,16 +50,6 @@ public class DependencyBundlingAnalyzerTest {
     public void tearDown() {
     }
 
-    /**
-     * Test of getSupportedExtensions method, of class DependencyBundlingAnalyzer.
-     */
-    @Test
-    public void testGetSupportedExtensions() {
-        DependencyBundlingAnalyzer instance = new DependencyBundlingAnalyzer();
-        Set<String> result = instance.getSupportedExtensions();
-        assertNull(result);
-    }
-
     /**
      * Test of getName method, of class DependencyBundlingAnalyzer.
      */
@@ -73,18 +61,6 @@ public class DependencyBundlingAnalyzerTest {
         assertEquals(expResult, result);
     }
 
-    /**
-     * Test of supportsExtension method, of class DependencyBundlingAnalyzer.
-     */
-    @Test
-    public void testSupportsExtension() {
-        String extension = "jar";
-        DependencyBundlingAnalyzer instance = new DependencyBundlingAnalyzer();
-        boolean expResult = true;
-        boolean result = instance.supportsExtension(extension);
-        assertEquals(expResult, result);
-    }
-
     /**
      * Test of getAnalysisPhase method, of class DependencyBundlingAnalyzer.
      */

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzerTest.java

@@ -15,11 +15,9 @@
  */
 package org.owasp.dependencycheck.analyzer;
 
-import java.util.Set;
 import org.junit.After;
 import org.junit.AfterClass;
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 import org.junit.Before;
 import org.junit.BeforeClass;
@@ -52,17 +50,6 @@ public class FalsePositiveAnalyzerTest {
     public void tearDown() {
     }
 
-    /**
-     * Test of getSupportedExtensions method, of class FalsePositiveAnalyzer.
-     */
-    @Test
-    public void testGetSupportedExtensions() {
-        FalsePositiveAnalyzer instance = new FalsePositiveAnalyzer();
-        Set<String> result = instance.getSupportedExtensions();
-        assertNull(result);
-
-    }
-
     /**
      * Test of getName method, of class FalsePositiveAnalyzer.
      */
@@ -74,18 +61,6 @@ public class FalsePositiveAnalyzerTest {
         assertEquals(expResult, result);
     }
 
-    /**
-     * Test of supportsExtension method, of class FalsePositiveAnalyzer.
-     */
-    @Test
-    public void testSupportsExtension() {
-        String extension = "any";
-        FalsePositiveAnalyzer instance = new FalsePositiveAnalyzer();
-        boolean expResult = true;
-        boolean result = instance.supportsExtension(extension);
-        assertEquals(expResult, result);
-    }
-
     /**
      * Test of getAnalysisPhase method, of class FalsePositiveAnalyzer.
      */

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzerTest.java

@@ -18,7 +18,6 @@
 package org.owasp.dependencycheck.analyzer;
 
 import java.io.File;
-import java.util.Set;
 import org.junit.After;
 import org.junit.AfterClass;
 import static org.junit.Assert.assertEquals;
@@ -53,17 +52,6 @@ public class FileNameAnalyzerTest {
     public void tearDown() {
     }
 
-    /**
-     * Test of getSupportedExtensions method, of class FileNameAnalyzer.
-     */
-    @Test
-    public void testGetSupportedExtensions() {
-        FileNameAnalyzer instance = new FileNameAnalyzer();
-        Set expResult = null;
-        Set result = instance.getSupportedExtensions();
-        assertEquals(expResult, result);
-    }
-
     /**
      * Test of getName method, of class FileNameAnalyzer.
      */
@@ -75,18 +63,6 @@ public class FileNameAnalyzerTest {
         assertEquals(expResult, result);
     }
 
-    /**
-     * Test of supportsExtension method, of class FileNameAnalyzer.
-     */
-    @Test
-    public void testSupportsExtension() {
-        String extension = "any";
-        FileNameAnalyzer instance = new FileNameAnalyzer();
-        boolean expResult = true;
-        boolean result = instance.supportsExtension(extension);
-        assertEquals(expResult, result);
-    }
-
     /**
      * Test of getAnalysisPhase method, of class FileNameAnalyzer.
      */