diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java index 7f836538d..79b744a27 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/Engine.java @@ -522,11 +522,16 @@ public class Engine implements FileFilter { continue; } - executeAnalysisTasks(analyzer, exceptions); + if (analyzer.isEnabled()) { + executeAnalysisTasks(analyzer, exceptions); - final long analyzerDurationMillis = System.currentTimeMillis() - analyzerStart; - final long analyzerDurationSeconds = TimeUnit.MILLISECONDS.toSeconds(analyzerDurationMillis); - LOGGER.info("Finished {} ({} seconds)", analyzer.getName(), analyzerDurationSeconds); + final long analyzerDurationMillis = System.currentTimeMillis() - analyzerStart; + final long analyzerDurationSeconds = TimeUnit.MILLISECONDS.toSeconds(analyzerDurationMillis); + LOGGER.info("Finished {} ({} seconds)", analyzer.getName(), analyzerDurationSeconds); + } + else { + LOGGER.debug("Skipping {} (not enabled)", analyzer.getName()); + } } } for (AnalysisPhase phase : AnalysisPhase.values()) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java index d3a7201e9..5ec83de53 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java @@ -81,6 +81,23 @@ public abstract class AbstractAnalyzer implements Analyzer { */ protected abstract void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException; + /** + * Initializes a given Analyzer. This will be skipped if the analyzer is disabled. + * + * @throws InitializationException thrown if there is an exception + */ + protected void initializeAnalyzer() throws InitializationException { + } + + /** + * Closes a given Analyzer. This will be skipped if the analyzer is disabled. + * + * @throws Exception thrown if there is an exception + */ + protected void closeAnalyzer() throws Exception { + } + + /** * Analyzes a given dependency. If the dependency is an archive, such as a * WAR or EAR, the contents are extracted, scanned, and added to the list of @@ -103,14 +120,19 @@ public abstract class AbstractAnalyzer implements Analyzer { * @throws InitializationException thrown if there is an exception */ @Override - public void initialize() throws InitializationException { + public final void initialize() throws InitializationException { final String key = getAnalyzerEnabledSettingKey(); try { this.setEnabled(Settings.getBoolean(key, true)); } catch (InvalidSettingException ex) { LOGGER.warn("Invalid setting for property '{}'", key); LOGGER.debug("", ex); - LOGGER.warn("{} has been disabled", getName()); + } + + if (isEnabled()) { + initializeAnalyzer(); + } else { + LOGGER.debug("{} has been disabled", getName()); } } @@ -120,10 +142,13 @@ public abstract class AbstractAnalyzer implements Analyzer { * @throws Exception thrown if there is an exception */ @Override - public void close() throws Exception { - //do nothing + public final void close() throws Exception { + if (isEnabled()) { + closeAnalyzer(); + } } + /** * The default is to support parallel processing. * diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java index 4ebcc6b68..e55cf0307 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.java @@ -74,8 +74,7 @@ public abstract class AbstractFileTypeAnalyzer extends AbstractAnalyzer implemen * initialization */ @Override - public final void initialize() throws InitializationException { - super.initialize(); + protected final void initializeAnalyzer() throws InitializationException { if (filesMatched) { initializeFileTypeAnalyzer(); } else { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java index f670c0094..0b2906f81 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.java @@ -67,8 +67,7 @@ public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer { * @throws InitializationException thrown if there is an exception */ @Override - public void initialize() throws InitializationException { - super.initialize(); + public void initializeAnalyzer() throws InitializationException { try { loadSuppressionData(); } catch (SuppressionParseException ex) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java index 8cbdc9f0b..a7008ef06 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java @@ -204,7 +204,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { * files */ @Override - public void close() throws Exception { + public void closeAnalyzer() throws Exception { if (tempFileLocation != null && tempFileLocation.exists()) { LOGGER.debug("Attempting to delete temporary files"); final boolean success = FileUtils.delete(tempFileLocation); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java index 6d1e21ce7..75284a833 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.java @@ -288,8 +288,7 @@ public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer { * @throws Exception thrown if there is a problem closing the analyzer */ @Override - public void close() throws Exception { - super.close(); + public void closeAnalyzer() throws Exception { try { if (grokAssemblyExe != null && !grokAssemblyExe.delete()) { LOGGER.debug("Unable to delete temporary GrokAssembly.exe; attempting delete on exit"); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java index cea9beffc..b2ff57026 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java @@ -138,8 +138,7 @@ public class CPEAnalyzer extends AbstractAnalyzer { * the index. */ @Override - public void initialize() throws InitializationException { - super.initialize(); + public void initializeAnalyzer() throws InitializationException { try { this.open(); } catch (IOException ex) { @@ -180,7 +179,7 @@ public class CPEAnalyzer extends AbstractAnalyzer { * Closes the data sources. */ @Override - public void close() { + public void closeAnalyzer() { if (cpe != null) { cpe.close(); cpe = null; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java index a0a8b00d0..588c99d84 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java @@ -99,8 +99,7 @@ public class HintAnalyzer extends AbstractAnalyzer { * @throws InitializationException thrown if there is an exception */ @Override - public void initialize() throws InitializationException { - super.initialize(); + public void initializeAnalyzer() throws InitializationException { try { loadHintRules(); } catch (HintParseException ex) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index 58d396b83..7e4d1c5dc 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -912,7 +912,7 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * Deletes any files extracted from the JAR during analysis. */ @Override - public void close() { + public void closeAnalyzer() { if (tempFileLocation != null && tempFileLocation.exists()) { LOGGER.debug("Attempting to delete temporary files"); final boolean success = FileUtils.delete(tempFileLocation); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java index 4b7c55619..be9d0ed31 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java @@ -71,7 +71,7 @@ public class NvdCveAnalyzer extends AbstractAnalyzer { * Closes the data source. */ @Override - public void close() { + public void closeAnalyzer() { cveDB.close(); cveDB = null; } @@ -171,8 +171,7 @@ public class NvdCveAnalyzer extends AbstractAnalyzer { * the index. */ @Override - public void initialize() throws InitializationException { - super.initialize(); + public void initializeAnalyzer() throws InitializationException { try { this.open(); } catch (SQLException ex) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java index 8fa73202e..578c8d8f4 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java @@ -273,7 +273,7 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { * Deletes any files extracted from the Wheel during analysis. */ @Override - public void close() { + public void closeAnalyzer() { if (tempFileLocation != null && tempFileLocation.exists()) { LOGGER.debug("Attempting to delete temporary files"); final boolean success = FileUtils.delete(tempFileLocation);