added options to disable analyzers

dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java

@@ -435,6 +435,173 @@ public class Check extends Update {
     public void setNuspecAnalyzerEnabled(boolean nuspecAnalyzerEnabled) {
         this.nuspecAnalyzerEnabled = nuspecAnalyzerEnabled;
     }
+    /**
+     * Whether or not the PHP Composer Analyzer is enabled.
+     */
+    private boolean composerAnalyzerEnabled = true;
+
+    /**
+     * Get the value of composerAnalyzerEnabled
+     *
+     * @return the value of composerAnalyzerEnabled
+     */
+    public boolean isComposerAnalyzerEnabled() {
+        return composerAnalyzerEnabled;
+    }
+
+    /**
+     * Set the value of composerAnalyzerEnabled
+     *
+     * @param composerAnalyzerEnabled new value of composerAnalyzerEnabled
+     */
+    public void setComposerAnalyzerEnabled(boolean composerAnalyzerEnabled) {
+        this.composerAnalyzerEnabled = composerAnalyzerEnabled;
+    }
+
+    private boolean autoconfAnalyzerEnabled = true;
+
+    /**
+     * Get the value of autoconfAnalyzerEnabled
+     *
+     * @return the value of autoconfAnalyzerEnabled
+     */
+    public boolean isAutoconfAnalyzerEnabled() {
+        return autoconfAnalyzerEnabled;
+    }
+
+    /**
+     * Set the value of autoconfAnalyzerEnabled
+     *
+     * @param autoconfAnalyzerEnabled new value of autoconfAnalyzerEnabled
+     */
+    public void setAutoconfAnalyzerEnabled(boolean autoconfAnalyzerEnabled) {
+        this.autoconfAnalyzerEnabled = autoconfAnalyzerEnabled;
+    }
+
+    private boolean cmakeAnalyzerEnabled = true;
+
+    /**
+     * Get the value of cmakeAnalyzerEnabled
+     *
+     * @return the value of cmakeAnalyzerEnabled
+     */
+    public boolean isCMakeAnalyzerEnabled() {
+        return cmakeAnalyzerEnabled;
+    }
+
+    /**
+     * Set the value of cmakeAnalyzerEnabled
+     *
+     * @param cmakeAnalyzerEnabled new value of cmakeAnalyzerEnabled
+     */
+    public void setCMakeAnalyzerEnabled(boolean cmakeAnalyzerEnabled) {
+        this.cmakeAnalyzerEnabled = cmakeAnalyzerEnabled;
+    }
+    /**
+     * Whether or not the openssl analyzer is enabled.
+     */
+    private boolean opensslAnalyzerEnabled = true;
+
+    /**
+     * Get the value of opensslAnalyzerEnabled
+     *
+     * @return the value of opensslAnalyzerEnabled
+     */
+    public boolean isOpensslAnalyzerEnabled() {
+        return opensslAnalyzerEnabled;
+    }
+
+    /**
+     * Set the value of opensslAnalyzerEnabled
+     *
+     * @param opensslAnalyzerEnabled new value of opensslAnalyzerEnabled
+     */
+    public void setOpensslAnalyzerEnabled(boolean opensslAnalyzerEnabled) {
+        this.opensslAnalyzerEnabled = opensslAnalyzerEnabled;
+    }
+    /**
+     * Whether or not the Node.js Analyzer is enabled.
+     */
+    private boolean nodeAnalyzerEnabled = true;
+
+    /**
+     * Get the value of nodeAnalyzerEnabled
+     *
+     * @return the value of nodeAnalyzerEnabled
+     */
+    public boolean isNodeAnalyzerEnabled() {
+        return nodeAnalyzerEnabled;
+    }
+
+    /**
+     * Set the value of nodeAnalyzerEnabled
+     *
+     * @param nodeAnalyzerEnabled new value of nodeAnalyzerEnabled
+     */
+    public void setNodeAnalyzerEnabled(boolean nodeAnalyzerEnabled) {
+        this.nodeAnalyzerEnabled = nodeAnalyzerEnabled;
+    }
+
+    private boolean rubygemsAnalyzerEnabled = true;
+
+    /**
+     * Get the value of rubygemsAnalyzerEnabled
+     *
+     * @return the value of rubygemsAnalyzerEnabled
+     */
+    public boolean isRubygemsAnalyzerEnabled() {
+        return rubygemsAnalyzerEnabled;
+    }
+
+    /**
+     * Set the value of rubygemsAnalyzerEnabled
+     *
+     * @param rubygemsAnalyzerEnabled new value of rubygemsAnalyzerEnabled
+     */
+    public void setRubygemsAnalyzerEnabled(boolean rubygemsAnalyzerEnabled) {
+        this.rubygemsAnalyzerEnabled = rubygemsAnalyzerEnabled;
+    }
+
+    private boolean pyPackageAnalyzerEnabled = true;
+
+    /**
+     * Get the value of pyPackageAnalyzerEnabled
+     *
+     * @return the value of pyPackageAnalyzerEnabled
+     */
+    public boolean isPyPackageAnalyzerEnabled() {
+        return pyPackageAnalyzerEnabled;
+    }
+
+    /**
+     * Set the value of pyPackageAnalyzerEnabled
+     *
+     * @param pyPackageAnalyzerEnabled new value of pyPackageAnalyzerEnabled
+     */
+    public void setPyPackageAnalyzerEnabled(boolean pyPackageAnalyzerEnabled) {
+        this.pyPackageAnalyzerEnabled = pyPackageAnalyzerEnabled;
+    }
+
+    private boolean pyDistributionAnalyzerEnabled = true;
+
+    /**
+     * Get the value of pyDistributionAnalyzerEnabled
+     *
+     * @return the value of pyDistributionAnalyzerEnabled
+     */
+    public boolean isPyDistributionAnalyzerEnabled() {
+        return pyDistributionAnalyzerEnabled;
+    }
+
+    /**
+     * Set the value of pyDistributionAnalyzerEnabled
+     *
+     * @param pyDistributionAnalyzerEnabled new value of pyDistributionAnalyzerEnabled
+     */
+    public void setPyDistributionAnalyzerEnabled(boolean pyDistributionAnalyzerEnabled) {
+        this.pyDistributionAnalyzerEnabled = pyDistributionAnalyzerEnabled;
+    }
+
     /**
      * Whether or not the central analyzer is enabled.
      */
@@ -664,25 +831,28 @@ public class Check extends Update {
             Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile);
         }
 
-        //File Type Analyzer Settings
-        //JAR ANALYZER
         Settings.setBoolean(Settings.KEYS.ANALYZER_JAR_ENABLED, jarAnalyzerEnabled);
-        //NUSPEC ANALYZER
+
+        Settings.setBoolean(Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED, pyDistributionAnalyzerEnabled);
+        Settings.setBoolean(Settings.KEYS.ANALYZER_PYTHON_PACKAGE_ENABLED, pyPackageAnalyzerEnabled);
+        Settings.setBoolean(Settings.KEYS.ANALYZER_RUBY_GEMSPEC_ENABLED, rubygemsAnalyzerEnabled);
+        Settings.setBoolean(Settings.KEYS.ANALYZER_OPENSSL_ENABLED, opensslAnalyzerEnabled);
+        Settings.setBoolean(Settings.KEYS.ANALYZER_CMAKE_ENABLED, cmakeAnalyzerEnabled);
+        Settings.setBoolean(Settings.KEYS.ANALYZER_AUTOCONF_ENABLED, autoconfAnalyzerEnabled);
+        Settings.setBoolean(Settings.KEYS.ANALYZER_COMPOSER_LOCK_ENABLED, composerAnalyzerEnabled);
+        Settings.setBoolean(Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED, nodeAnalyzerEnabled);
+
         Settings.setBoolean(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, nuspecAnalyzerEnabled);
-        //CENTRAL ANALYZER
         Settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED, centralAnalyzerEnabled);
-        //NEXUS ANALYZER
         Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED, nexusAnalyzerEnabled);
         if (nexusUrl != null && !nexusUrl.isEmpty()) {
             Settings.setString(Settings.KEYS.ANALYZER_NEXUS_URL, nexusUrl);
         }
         Settings.setBoolean(Settings.KEYS.ANALYZER_NEXUS_PROXY, nexusUsesProxy);
-        //ARCHIVE ANALYZER
         Settings.setBoolean(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, archiveAnalyzerEnabled);
         if (zipExtensions != null && !zipExtensions.isEmpty()) {
             Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions);
         }
-        //ASSEMBLY ANALYZER
         Settings.setBoolean(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, assemblyAnalyzerEnabled);
         if (pathToMono != null && !pathToMono.isEmpty()) {
             Settings.setString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH, pathToMono);

dependency-check-ant/src/site/markdown/configuration.md

@@ -51,18 +51,26 @@ Note, that specific analyzers will automatically disable themselves if no file
 types that they support are detected - so specifically disabling them may not
 be needed.
 
-Property                | Description                                                               | Default Value
-------------------------|---------------------------------------------------------------------------|------------------
-archiveAnalyzerEnabled  | Sets whether the Archive Analyzer will be used.                           | true
-zipExtensions           | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. |  
-jarAnalyzer             | Sets whether the Jar Analyzer will be used.                                   | true
-centralAnalyzerEnabled  | Sets whether the Central Analyzer will be used. **Disabling this analyzer is not recommended as it could lead to false negatives (e.g. libraries that have vulnerabilities may not be reported correctly).** If this analyzer is being disabled there is a good chance you also want to disable the Nexus Analyzer (see below).                                  | true
-nexusAnalyzerEnabled    | Sets whether Nexus Analyzer will be used. This analyzer is superceded by the Central Analyzer; however, you can configure this to run against a Nexus Pro installation. | true
-nexusUrl                | Defines the Nexus web service endpoint (example http://domain.enterprise/nexus/service/local/). If not set the Nexus Analyzer will be disabled. |  
-nexusUsesProxy          | Whether or not the defined proxy should be used when connecting to Nexus. | true
-nuspecAnalyzerEnabled   | Sets whether or not the .NET Nuget Nuspec Analyzer will be used.          | true
-assemblyAnalyzerEnabled | Sets whether or not the .NET Assembly Analyzer should be used.            | true
-pathToMono              | The path to Mono for .NET assembly analysis on non-windows systems.       |  
+Property                      | Description                                                               | Default Value
+------------------------------|---------------------------------------------------------------------------|------------------
+archiveAnalyzerEnabled        | Sets whether the Archive Analyzer will be used.                           | true
+zipExtensions                 | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. |  
+jarAnalyzer                   | Sets whether the Jar Analyzer will be used.                               | true
+centralAnalyzerEnabled        | Sets whether the Central Analyzer will be used. **Disabling this analyzer is not recommended as it could lead to false negatives (e.g. libraries that have vulnerabilities may not be reported correctly).** If this analyzer is being disabled there is a good chance you also want to disable the Nexus Analyzer (see below).                                  | true
+nexusAnalyzerEnabled          | Sets whether Nexus Analyzer will be used. This analyzer is superceded by the Central Analyzer; however, you can configure this to run against a Nexus Pro installation. | true
+nexusUrl                      | Defines the Nexus web service endpoint (example http://domain.enterprise/nexus/service/local/). If not set the Nexus Analyzer will be disabled. |  
+nexusUsesProxy                | Whether or not the defined proxy should be used when connecting to Nexus. | true
+pyDistributionAnalyzerEnabled | Sets whether the Python Distribution Analyzer will be used.               | true
+pyPackageAnalyzerEnabled      | Sets whether the Python Package Analyzer will be used.                    | true
+rubygemsAnalyzerEnabled       | Sets whether the Ruby Gemspec Analyzer will be used.                      | true
+opensslAnalyzerEnabled        | Sets whether or not the openssl Analyzer should be used.                  | true
+cmakeAnalyzerEnabled          | Sets whether or not the CMake Analyzer should be used.                    | true
+autoconfAnalyzerEnabled       | Sets whether or not the autoconf Analyzer should be used.                 | true
+composerAnalyzerEnabled       | Sets whether or not the PHP Composer Lock File Analyzer should be used.   | true
+nodeAnalyzerEnabled           | Sets whether or not the Node.js Analyzer should be used.                  | true
+nuspecAnalyzerEnabled         | Sets whether or not the .NET Nuget Nuspec Analyzer will be used.          | true
+assemblyAnalyzerEnabled       | Sets whether or not the .NET Assembly Analyzer should be used.            | true
+pathToMono                    | The path to Mono for .NET assembly analysis on non-windows systems.       |  
 
 Advanced Configuration
 ====================