mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-04-23 08:48:50 +02:00
add the ability to enable/disable the NSP analyzer and updated the site documentation
This commit is contained in:
Jeremy Long
@@ -58,6 +58,11 @@ public class Check extends Update {
|
||||
* Whether or not the Node.js Analyzer is enabled.
|
||||
*/
|
||||
private Boolean nodeAnalyzerEnabled;
|
||||
/**
|
||||
* Whether or not the NSP Analyzer is enabled.
|
||||
*/
|
||||
private Boolean nspAnalyzerEnabled;
|
||||
|
||||
/**
|
||||
* Whether or not the Ruby Bundle Audit Analyzer is enabled.
|
||||
*/
|
||||
@@ -737,6 +742,22 @@ public class Check extends Update {
|
||||
public void setNodeAnalyzerEnabled(Boolean nodeAnalyzerEnabled) {
|
||||
this.nodeAnalyzerEnabled = nodeAnalyzerEnabled;
|
||||
}
|
||||
/**
|
||||
* Get the value of nspAnalyzerEnabled.
|
||||
*
|
||||
* @return the value of nspAnalyzerEnabled
|
||||
*/
|
||||
public Boolean isNspAnalyzerEnabled() {
|
||||
return nspAnalyzerEnabled;
|
||||
}
|
||||
/**
|
||||
* Set the value of nspAnalyzerEnabled.
|
||||
*
|
||||
* @param nspAnalyzerEnabled new value of nspAnalyzerEnabled
|
||||
*/
|
||||
public void setNspAnalyzerEnabled(Boolean nspAnalyzerEnabled) {
|
||||
this.nspAnalyzerEnabled = nspAnalyzerEnabled;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the value of rubygemsAnalyzerEnabled.
|
||||
@@ -1008,6 +1029,7 @@ public class Check extends Update {
|
||||
Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_AUTOCONF_ENABLED, autoconfAnalyzerEnabled);
|
||||
Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_COMPOSER_LOCK_ENABLED, composerAnalyzerEnabled);
|
||||
Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED, nodeAnalyzerEnabled);
|
||||
Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_NSP_PACKAGE_ENABLED, nspAnalyzerEnabled);
|
||||
Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, nuspecAnalyzerEnabled);
|
||||
Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, centralAnalyzerEnabled);
|
||||
Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_NEXUS_ENABLED, nexusAnalyzerEnabled);
|
||||
|
||||
@@ -56,7 +56,7 @@ types that they support are detected - so specifically disabling them may not
|
||||
be needed.
|
||||
|
||||
Property | Description | Default Value
|
||||
------------------------------|-----------------------------------------------------------------------------------|------------------
|
||||
------------------------------|------------------------------------------------------------------------------------------------------------|------------------
|
||||
archiveAnalyzerEnabled | Sets whether the Archive Analyzer will be used. | true
|
||||
zipExtensions | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. |
|
||||
jarAnalyzer | Sets whether the Jar Analyzer will be used. | true
|
||||
@@ -72,6 +72,7 @@ cmakeAnalyzerEnabled | Sets whether the [experimental](../analyzers/ind
|
||||
autoconfAnalyzerEnabled | Sets whether the [experimental](../analyzers/index.html) autoconf Analyzer should be used. | true
|
||||
composerAnalyzerEnabled | Sets whether the [experimental](../analyzers/index.html) PHP Composer Lock File Analyzer should be used. | true
|
||||
nodeAnalyzerEnabled | Sets whether the [experimental](../analyzers/index.html) Node.js Analyzer should be used. | true
|
||||
nspAnalyzerEnabled | Sets whether the NSP Analyzer should be used. | true
|
||||
nuspecAnalyzerEnabled | Sets whether the .NET Nuget Nuspec Analyzer will be used. | true
|
||||
cocoapodsAnalyzerEnabled | Sets whether the [experimental](../analyzers/index.html) Cocoapods Analyzer should be used. | true
|
||||
bundleAuditAnalyzerEnabled | Sets whether the [experimental](../analyzers/index.html) Bundle Audit Analyzer should be used. | true
|
||||
|
||||
@@ -455,6 +455,7 @@ public class App {
|
||||
Settings.setBoolean(Settings.KEYS.ANALYZER_OPENSSL_ENABLED, !cli.isOpenSSLDisabled());
|
||||
Settings.setBoolean(Settings.KEYS.ANALYZER_COMPOSER_LOCK_ENABLED, !cli.isComposerDisabled());
|
||||
Settings.setBoolean(Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED, !cli.isNodeJsDisabled());
|
||||
Settings.setBoolean(Settings.KEYS.ANALYZER_NSP_PACKAGE_ENABLED, !cli.isNspDisabled());
|
||||
Settings.setBoolean(Settings.KEYS.ANALYZER_SWIFT_PACKAGE_MANAGER_ENABLED, !cli.isSwiftPackageAnalyzerDisabled());
|
||||
Settings.setBoolean(Settings.KEYS.ANALYZER_COCOAPODS_ENABLED, !cli.isCocoapodsAnalyzerDisabled());
|
||||
Settings.setBoolean(Settings.KEYS.ANALYZER_RUBY_GEMSPEC_ENABLED, !cli.isRubyGemspecDisabled());
|
||||
|
||||
@@ -490,6 +490,8 @@ public final class CliParser {
|
||||
.addOption(swiftPackageManagerAnalyzerEnabled)
|
||||
.addOption(Option.builder().longOpt(ARGUMENT.DISABLE_NODE_JS)
|
||||
.desc("Disable the Node.js Package Analyzer.").build())
|
||||
.addOption(Option.builder().longOpt(ARGUMENT.DISABLE_NSP)
|
||||
.desc("Disable the NSP Package Analyzer.").build())
|
||||
.addOption(nexusUrl)
|
||||
.addOption(nexusUsesProxy)
|
||||
.addOption(additionalZipExtensions)
|
||||
@@ -733,6 +735,15 @@ public final class CliParser {
|
||||
public boolean isNodeJsDisabled() {
|
||||
return hasDisableOption(ARGUMENT.DISABLE_NODE_JS, Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED);
|
||||
}
|
||||
/**
|
||||
* Returns true if the disableNSP command line argument was specified.
|
||||
*
|
||||
* @return true if the disableNSP command line argument was specified;
|
||||
* otherwise false
|
||||
*/
|
||||
public boolean isNspDisabled() {
|
||||
return hasDisableOption(ARGUMENT.DISABLE_NSP, Settings.KEYS.ANALYZER_NSP_PACKAGE_ENABLED);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns true if the disableCocoapodsAnalyzer command line argument was
|
||||
@@ -1443,6 +1454,10 @@ public final class CliParser {
|
||||
* Disables the Node.js Package Analyzer.
|
||||
*/
|
||||
public static final String DISABLE_NODE_JS = "disableNodeJS";
|
||||
/**
|
||||
* Disables the NSP Analyzer.
|
||||
*/
|
||||
public static final String DISABLE_NSP = "disableNSP";
|
||||
/**
|
||||
* The URL of the nexus server.
|
||||
*/
|
||||
|
||||
@@ -24,7 +24,7 @@ Short | Argument Name | Parameter | Description | Requir
|
||||
Advanced Options
|
||||
================
|
||||
Short | Argument Name | Parameter | Description | Default Value
|
||||
-------|-----------------------|-----------------|----------------------------------------------------------------------------------|-------------------
|
||||
-------|------------------------|-----------------|----------------------------------------------------------------------------------|-------------------
|
||||
| \-\-cveUrl12Modified | \<url\> | URL for the modified CVE 1.2 | https://nvd.nist.gov/download/nvdcve-Modified.xml.gz
|
||||
| \-\-cveUrl20Modified | \<url\> | URL for the modified CVE 2.0 | https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz
|
||||
| \-\-cveUrl12Base | \<url\> | Base URL for each year's CVE 1.2, the %d will be replaced with the year | https://nvd.nist.gov/download/nvdcve-%d.xml.gz
|
||||
@@ -34,6 +34,7 @@ Short | Argument Name | Paramete
|
||||
| \-\-disablePyDist | | Sets whether the [experimental](../analyzers/index.html) Python Distribution Analyzer will be used. | false
|
||||
| \-\-disablePyPkg | | Sets whether the [experimental](../analyzers/index.html) Python Package Analyzer will be used. | false
|
||||
| \-\-disableNodeJS | | Sets whether the [experimental](../analyzers/index.html) Node.js Package Analyzer will be used. | false
|
||||
| \-\-disableNSP | | Sets whether the NSP Analyzer will be used. | false
|
||||
| \-\-disableRubygems | | Sets whether the [experimental](../analyzers/index.html) Ruby Gemspec Analyzer will be used. | false
|
||||
| \-\-disableBundleAudit | | Sets whether the [experimental](../analyzers/index.html) Ruby Bundler Audit Analyzer will be used. | false
|
||||
| \-\-disableCocoapodsAnalyzer | | Sets whether the [experimental](../analyzers/index.html) Cocoapods Analyzer will be used. | false
|
||||
|
||||
@@ -269,6 +269,11 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
|
||||
*/
|
||||
@Parameter(property = "nodeAnalyzerEnabled", required = false)
|
||||
private Boolean nodeAnalyzerEnabled;
|
||||
/**
|
||||
* Sets whether or not the Node Security Project Analyzer should be used.
|
||||
*/
|
||||
@Parameter(property = "nspAnalyzerEnabled", required = false)
|
||||
private Boolean nspAnalyzerEnabled;
|
||||
|
||||
/**
|
||||
* Whether or not the .NET Assembly Analyzer is enabled.
|
||||
@@ -929,6 +934,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
|
||||
Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_AUTOCONF_ENABLED, autoconfAnalyzerEnabled);
|
||||
Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_COMPOSER_LOCK_ENABLED, composerAnalyzerEnabled);
|
||||
Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED, nodeAnalyzerEnabled);
|
||||
Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_NSP_PACKAGE_ENABLED, nspAnalyzerEnabled);
|
||||
Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_ENABLED, bundleAuditAnalyzerEnabled);
|
||||
Settings.setStringIfNotNull(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_PATH, bundleAuditPath);
|
||||
Settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_COCOAPODS_ENABLED, cocoapodsAnalyzerEnabled);
|
||||
|
||||
@@ -56,6 +56,7 @@ cmakeAnalyzerEnabled | Sets whether the [experimental](../analyzers/ind
|
||||
autoconfAnalyzerEnabled | Sets whether the [experimental](../analyzers/index.html) autoconf Analyzer should be used. | true
|
||||
composerAnalyzerEnabled | Sets whether the [experimental](../analyzers/index.html) PHP Composer Lock File Analyzer should be used. | true
|
||||
nodeAnalyzerEnabled | Sets whether the [experimental](../analyzers/index.html) Node.js Analyzer should be used. | true
|
||||
nspAnalyzerEnabled | Sets whether the NSP Analyzer should be used. | true
|
||||
nuspecAnalyzerEnabled | Sets whether the .NET Nuget Nuspec Analyzer will be used. | true
|
||||
cocoapodsAnalyzerEnabled | Sets whether the [experimental](../analyzers/index.html) Cocoapods Analyzer should be used. | true
|
||||
bundleAuditAnalyzerEnabled | Sets whether the [experimental](../analyzers/index.html) Bundle Audit Analyzer should be used. | true
|
||||
|
||||
@@ -9,6 +9,7 @@ to extract identification information from the files analyzed.
|
||||
| [Assembly](./assembly-analyzer.html) | .NET Assemblies (\*.exe, \*.dll) | Uses [GrokAssembly.exe](https://github.com/colezlaw/GrokAssembly), which requires .NET Framework or Mono runtime to be installed. |
|
||||
| [CMake](./cmake.html) | CMake project files (CMakeLists.txt) and scripts (\*.cmake) | Regex scan for project initialization and version setting commands. |
|
||||
| [Jar](./jar-analyzer.html) | Java archive files (\*.jar); Web application archive (\*.war) | Examines archive manifest metadata, and Maven Project Object Model files (pom.xml). |
|
||||
| [NSP](./nsp-analyzer.html) | [Node Security Project](https://nodesecurity.io) is used to analyze Node.js' `package.json` files for known vulnerable packages.|
|
||||
| [Nuspec](./nuspec-analyzer.html) | Nuget package specification file (\*.nuspec) | Uses XPath to parse specification XML. |
|
||||
| [OpenSSL](./openssl.html) | OpenSSL Version Source Header File (opensslv.h) | Regex parse of the OPENSSL_VERSION_NUMBER macro definition. |
|
||||
|
||||
|
||||
16
src/site/markdown/analyzers/nsp-analyzer
Normal file
16
src/site/markdown/analyzers/nsp-analyzer
Normal file
@@ -0,0 +1,16 @@
|
||||
Node.js Analyzer
|
||||
================
|
||||
|
||||
OWASP dependency-check includes a [Node Security Project (NSP)](https://nodesecurity.io)
|
||||
analyzer that will scan `package.json` files. The analyzer will filter the given
|
||||
package.json down to a specific white-list of allowed entries and submit the data
|
||||
to the NSP for analysis.
|
||||
|
||||
This analyzer is enabled by default and requires that the machine performing the
|
||||
analysis can reach out to the Internet.
|
||||
|
||||
White-list of entries sent to NSP include: name, version, engine, dependencies,
|
||||
devDependencies, optionalDependencies, peerDependencies, bundleDependencies, and
|
||||
bundledDependencies
|
||||
|
||||
Files Types Scanned: [package.json](https://docs.npmjs.com/files/package.json)
|
||||
@@ -110,6 +110,7 @@ cmakeEnabled | Sets whether or not the [experimental](../analyzers/inde
|
||||
autoconfEnabled | Sets whether or not the [experimental](../analyzers/index.html) autoconf Analyzer should be used. | true
|
||||
composerEnabled | Sets whether or not the [experimental](../analyzers/index.html) PHP Composer Lock File Analyzer should be used. | true
|
||||
nodeEnabled | Sets whether or not the [experimental](../analyzers/index.html) Node.js Analyzer should be used. | true
|
||||
nspEnabled | Sets whether the NSP Analyzer should be used. | true
|
||||
cocoapodsEnabled | Sets whether or not the [experimental](../analyzers/index.html) Cocoapods Analyzer should be used. | true
|
||||
swiftEnabled | Sets whether or not the [experimental](../analyzers/index.html) Swift Package Manager Analyzer should be used. | true
|
||||
bundleAuditEnabled | Sets whether or not the [experimental](../analyzers/index.html) Ruby Bundle Audit Analyzer should be used. | true
|
||||
|
||||
Reference in New Issue
Block a user