View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import org.owasp.dependencycheck.Engine;
21  import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
22  import org.owasp.dependencycheck.dependency.Dependency;
23  
24  /**
25   * An interface that defines an Analyzer that is used to identify Dependencies. An analyzer will collect information
26   * about the dependency in the form of Evidence.
27   *
28   * @author Jeremy Long
29   */
30  public interface Analyzer {
31  
32      /**
33       * Analyzes the given dependency. The analysis could be anything from identifying an Identifier for the dependency,
34       * to finding vulnerabilities, etc. Additionally, if the analyzer collects enough information to add a description
35       * or license information for the dependency it should be added.
36       *
37       * @param dependency a dependency to analyze.
38       * @param engine the engine that is scanning the dependencies - this is useful if we need to check other
39       * dependencies
40       * @throws AnalysisException is thrown if there is an error analyzing the dependency file
41       */
42      void analyze(Dependency dependency, Engine engine) throws AnalysisException;
43  
44      /**
45       * Returns the name of the analyzer.
46       *
47       * @return the name of the analyzer.
48       */
49      String getName();
50  
51      /**
52       * Returns the phase that the analyzer is intended to run in.
53       *
54       * @return the phase that the analyzer is intended to run in.
55       */
56      AnalysisPhase getAnalysisPhase();
57  
58      /**
59       * The initialize method is called (once) prior to the analyze method being called on all of the dependencies.
60       *
61       * @throws Exception is thrown if an exception occurs initializing the analyzer.
62       */
63      void initialize() throws Exception;
64  
65      /**
66       * The close method is called after all of the dependencies have been analyzed.
67       *
68       * @throws Exception is thrown if an exception occurs closing the analyzer.
69       */
70      void close() throws Exception;
71  }