View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
21  import org.owasp.dependencycheck.Engine;
22  import org.owasp.dependencycheck.dependency.Dependency;
23  import org.owasp.dependencycheck.suppression.SuppressionRule;
24  
25  /**
26   * The suppression analyzer processes an externally defined XML document that complies with the suppressions.xsd schema.
27   * Any identified Vulnerability entries within the dependencies that match will be removed.
28   *
29   * @author Jeremy Long
30   */
31  public class VulnerabilitySuppressionAnalyzer extends AbstractSuppressionAnalyzer {
32  
33      //<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer">
34      /**
35       * The name of the analyzer.
36       */
37      private static final String ANALYZER_NAME = "Vulnerability Suppression Analyzer";
38      /**
39       * The phase that this analyzer is intended to run in.
40       */
41      private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.POST_FINDING_ANALYSIS;
42  
43      /**
44       * Returns the name of the analyzer.
45       *
46       * @return the name of the analyzer.
47       */
48      @Override
49      public String getName() {
50          return ANALYZER_NAME;
51      }
52  
53      /**
54       * Returns the phase that the analyzer is intended to run in.
55       *
56       * @return the phase that the analyzer is intended to run in.
57       */
58      @Override
59      public AnalysisPhase getAnalysisPhase() {
60          return ANALYSIS_PHASE;
61      }
62      //</editor-fold>
63  
64      @Override
65      public void analyze(final Dependency dependency, final Engine engine) throws AnalysisException {
66  
67          if (getRules() == null || getRules().size() <= 0) {
68              return;
69          }
70  
71          for (final SuppressionRule rule : getRules()) {
72              rule.process(dependency);
73          }
74      }
75  }