View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
21  import org.owasp.dependencycheck.Engine;
22  import org.owasp.dependencycheck.dependency.Dependency;
23  import org.owasp.dependencycheck.utils.Settings;
24  import org.owasp.dependencycheck.xml.suppression.SuppressionRule;
25  
26  /**
27   * The suppression analyzer processes an externally defined XML document that complies with the suppressions.xsd schema.
28   * Any identified CPE entries within the dependencies that match will be removed.
29   *
30   * @author Jeremy Long
31   */
32  public class CpeSuppressionAnalyzer extends AbstractSuppressionAnalyzer {
33  
34      //<editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer">
35      /**
36       * The name of the analyzer.
37       */
38      private static final String ANALYZER_NAME = "Cpe Suppression Analyzer";
39      /**
40       * The phase that this analyzer is intended to run in.
41       */
42      private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.POST_IDENTIFIER_ANALYSIS;
43  
44      /**
45       * Returns the name of the analyzer.
46       *
47       * @return the name of the analyzer.
48       */
49      @Override
50      public String getName() {
51          return ANALYZER_NAME;
52      }
53  
54      /**
55       * Returns the phase that the analyzer is intended to run in.
56       *
57       * @return the phase that the analyzer is intended to run in.
58       */
59      @Override
60      public AnalysisPhase getAnalysisPhase() {
61          return ANALYSIS_PHASE;
62      }
63      //</editor-fold>
64  
65      @Override
66      protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
67  
68          if (getRules() == null || getRules().size() <= 0) {
69              return;
70          }
71  
72          for (final SuppressionRule rule : getRules()) {
73              rule.process(dependency);
74          }
75      }
76  
77      /**
78       * <p>
79       * Returns the setting key to determine if the analyzer is enabled.</p>
80       *
81       * @return the key for the analyzer's enabled property
82       */
83      @Override
84      protected String getAnalyzerEnabledSettingKey() {
85          return Settings.KEYS.ANALYZER_CPE_SUPPRESSION_ENABLED;
86      }
87  }