Add ability to flag analyzers as experimental so that they are not always enabled

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/AnalyzerServiceTest.java

@@ -18,9 +18,12 @@
 package org.owasp.dependencycheck.analyzer;
 
 import java.util.Iterator;
+import java.util.List;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 import org.junit.Test;
 import org.owasp.dependencycheck.BaseDBTestCase;
+import org.owasp.dependencycheck.utils.Settings;
 
 /**
  *
@@ -34,15 +37,42 @@ public class AnalyzerServiceTest extends BaseDBTestCase {
     @Test
     public void testGetAnalyzers() {
         AnalyzerService instance = new AnalyzerService(Thread.currentThread().getContextClassLoader());
-        Iterator<Analyzer> result = instance.getAnalyzers();
+        List<Analyzer> result = instance.getAnalyzers();
 
         boolean found = false;
-        while (result.hasNext()) {
-            Analyzer a = result.next();
+        for (Analyzer a : result) {
             if ("Jar Analyzer".equals(a.getName())) {
                 found = true;
             }
         }
         assertTrue("JarAnalyzer loaded", found);
     }
+    
+    /**
+     * Test of getAnalyzers method, of class AnalyzerService.
+     */
+    @Test
+    public void testGetExperimentalAnalyzers() {
+        Settings.setBoolean(Settings.KEYS.ANALYZER_EXPERIMENTAL_ENABLED, false);
+        AnalyzerService instance = new AnalyzerService(Thread.currentThread().getContextClassLoader());
+        List<Analyzer> result = instance.getAnalyzers();
+        String experimental = "CMake Analyzer";
+        boolean found = false;
+        for (Analyzer a : result) {
+            if (experimental.equals(a.getName())) {
+                found = true;
+            }
+        }
+        assertFalse("Experimental analyzer loaded when set to false", found);
+        
+        Settings.setBoolean(Settings.KEYS.ANALYZER_EXPERIMENTAL_ENABLED, true);
+        result = instance.getAnalyzers();
+        found = false;
+        for (Analyzer a : result) {
+            if (experimental.equals(a.getName())) {
+                found = true;
+            }
+        }
+        assertTrue("Experimental analyzer not loaded when set to true", found);
+    }
 }

dependency-check-core/src/test/resources/dependencycheck.properties

@@ -58,12 +58,6 @@ cve.url-2.0.base=https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz
 cpe.validfordays=30
 cpe.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz
 
-# file type analyzer settings:
-analyzer.archive.enabled=true
-analyzer.jar.enabled=true
-analyzer.nuspec.enabled=true
-analyzer.assembly.enabled=true
-analyzer.composer.lock.enabled=true
 
 # the URL for searching Nexus for SHA-1 hashes and whether it's enabled
 analyzer.nexus.enabled=true
@@ -82,7 +76,7 @@ archive.scan.depth=3
 # use HEAD (default) or GET as HTTP request method for query timestamp
 downloader.quick.query.timestamp=true
 
-
+analyzer.experimental.enabled=true
 analyzer.jar.enabled=true
 analyzer.archive.enabled=true
 analyzer.node.package.enabled=true