github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-25 02:21:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

better javadoc

Browse Source
This commit is contained in:
bjiang
2016-05-06 16:14:16 -04:00
parent c0e5973517
commit 94c6778b89
1 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzer.java
View File

@@ -23,20 +23,24 @@ import java.io.FilenameFilter;
import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.Settings;
/** /**
* Used to leverage Ruby gems that are deployed or installed by Ruby bundler (http://bundler.io). * Used to leverage Ruby gems that are deployed or installed by Ruby bundler (http://bundler.io).
* The difference of scanning gems installed by the bundler is that "bundle install" creates * Ruby bundler creates new .gemspec files under a folder called "specifications" at deploy time,
* a set of new .gemspec files under a folder called "specifications", in addition to the original * in addition to the original .gemspec files from source. The advantage of bundler generated
* .gemspec files from source. The advantage of bundler generated .gemspec files is that * .gemspec files is that they contain fully resolved attributes thus provides more accurate
* they contain fully resolved attributes, and original .gemspec from source often contain variable * evidences, whereas the original .gemspec from source often contain variables for attributes
* for attributes. * that can't be used for evidences.
* *
* This analyzer takes advantage of the fully resolved .gemspec installed by the bundler for * This analyzer accepts the fully resolved .gemspec installed by the bundler for
* better dependency identification results. It also tries to resolve the dependency packagePath * better evidence results. It also tries to resolve the dependency packagePath
* to where the gem is actually installed. Then during <code>AnalysisPhase.PRE_FINDING_ANALYSIS</code> * to where the gem is actually installed. Then during <code>AnalysisPhase.PRE_FINDING_ANALYSIS</code>
* <code>DependencyBundlingAnalyzer</code> would merge the two dependencies together if they contain * <code>DependencyBundlingAnalyzer</code> would merge two .gemspec dependencies together if
* the same packagePath. * <code>Dependency.getPackagePath()</code> are the same.
*
* Note this analyzer share the same <code>Settings.KEYS.ANALYZER_RUBY_GEMSPEC_ENABLED</code> as
* <code>RubyGemspecAnalyzer</code>, so it will enabled/disabled with <code>RubyGemspecAnalyzer</code>.
* *
* @author Bianca Jiang (biancajiang@gmail.com) * @author Bianca Jiang (biancajiang@gmail.com)
*/ */
@@ -49,7 +53,7 @@ public class RubyBundlerAnalyzer extends RubyGemspecAnalyzer {
private static final String GEMS = "gems"; private static final String GEMS = "gems";
/** /**
* Only accept *.gemspec stubs generated by "bundle install --deployment" under "specifications" folder. * Only accept *.gemspec files generated by "bundle install --deployment" under "specifications" folder.
*/ */
@Override @Override
public boolean accept(File pathname) { public boolean accept(File pathname) {