View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import org.owasp.dependencycheck.Engine;
21  import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
22  import org.owasp.dependencycheck.dependency.Dependency;
23  import org.owasp.dependencycheck.exception.InitializationException;
24  
25  /**
26   * An interface that defines an Analyzer that is used to identify Dependencies.
27   * An analyzer will collect information about the dependency in the form of
28   * Evidence.
29   *
30   * @author Jeremy Long
31   */
32  public interface Analyzer {
33  
34      /**
35       * Analyzes the given dependency. The analysis could be anything from
36       * identifying an Identifier for the dependency, to finding vulnerabilities,
37       * etc. Additionally, if the analyzer collects enough information to add a
38       * description or license information for the dependency it should be added.
39       *
40       * @param dependency a dependency to analyze.
41       * @param engine the engine that is scanning the dependencies - this is
42       * useful if we need to check other dependencies
43       * @throws AnalysisException is thrown if there is an error analyzing the
44       * dependency file
45       */
46      void analyze(Dependency dependency, Engine engine) throws AnalysisException;
47  
48      /**
49       * Returns the name of the analyzer.
50       *
51       * @return the name of the analyzer.
52       */
53      String getName();
54  
55      /**
56       * Returns the phase that the analyzer is intended to run in.
57       *
58       * @return the phase that the analyzer is intended to run in.
59       */
60      AnalysisPhase getAnalysisPhase();
61  
62      /**
63       * The initialize method is called (once) prior to the analyze method being
64       * called on all of the dependencies.
65       *
66       * @throws InitializationException is thrown if an exception occurs
67       * initializing the analyzer.
68       */
69      void initialize() throws InitializationException;
70  
71      /**
72       * The close method is called after all of the dependencies have been
73       * analyzed.
74       *
75       * @throws Exception is thrown if an exception occurs closing the analyzer.
76       */
77      void close() throws Exception;
78  
79      /**
80       * Returns whether multiple instances of the same type of analyzer can run in parallel.
81       * Note that running analyzers of different types in parallel is not supported at all.
82       *
83       * @return {@code true} if the analyzer supports parallel processing, {@code false} else
84       */
85      boolean supportsParallelProcessing();
86      /**
87       * Get the value of enabled.
88       *
89       * @return the value of enabled
90       */
91      boolean isEnabled();
92  }