github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
gh-pages
DependencyCheck/analyzers/index.html
Jeremy Long 615f6e3750 documentation version 1.4.5
2017-01-22 17:22:46 -05:00

432 lines
15 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia Site Renderer 1.7.1 at 2017-01-22
| Rendered using Apache Maven Fluido Skin 1.5
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20170122" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check &#x2013; File Type Analyzers</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.5.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.5.min.js"></script>
<style type="text/css">
#bannerLeft { margin-top:-20px;margin-bottom:5px !important }
</style>
</head>
<body class="topBarDisabled">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
</a>
<div class="container-fluid">
<div id="banner">
<div class="pull-left">
<div id="bannerLeft">
<img src="../images/dc.svg" alt="OWASP dependency-check"/>
</div>
</div>
<div class="pull-right"> </div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li class="">
<a href="../#" title="">
</a>
<span class="divider">/</span>
</li>
<li class="active ">File Type Analyzers</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2017-01-22</li>
<li id="projectVersion" class="pull-right">
Version: 1.4.5
</li>
</ul>
</div>
<div class="row-fluid">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<span class="icon-chevron-right"></span>
General</a>
</li>
<li class="active">
<a href="#"><span class="icon-chevron-down"></span>File Type Analyzers</a>
<ul class="nav nav-list">
<li>
<a href="../analyzers/archive-analyzer.html" title="Archive">
<span class="none"></span>
Archive</a>
</li>
<li>
<a href="../analyzers/assembly-analyzer.html" title="Assembly">
<span class="none"></span>
Assembly</a>
</li>
<li>
<a href="../analyzers/autoconf.html" title="Autoconf">
<span class="none"></span>
Autoconf</a>
</li>
<li>
<a href="../analyzers/central-analyzer.html" title="Central">
<span class="none"></span>
Central</a>
</li>
<li>
<a href="../analyzers/cmake.html" title="CMake">
<span class="none"></span>
CMake</a>
</li>
<li>
<a href="../analyzers/cocoapods.html" title="CocoaPods">
<span class="none"></span>
CocoaPods</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar">
<span class="none"></span>
Jar</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus">
<span class="none"></span>
Nexus</a>
</li>
<li>
<a href="../analyzers/nodejs.html" title="Node.js">
<span class="none"></span>
Node.js</a>
</li>
<li>
<a href="../analyzers/nuspec-analyzer.html" title="Nuspec">
<span class="none"></span>
Nuspec</a>
</li>
<li>
<a href="../analyzers/openssl.html" title="OpenSSL">
<span class="none"></span>
OpenSSL</a>
</li>
<li>
<a href="../analyzers/python.html" title="Python">
<span class="none"></span>
Python</a>
</li>
<li>
<a href="../analyzers/ruby-gemspec.html" title="Ruby Gemspec">
<span class="none"></span>
Ruby Gemspec</a>
</li>
<li>
<a href="../analyzers/swift.html" title="Swift">
<span class="none"></span>
Swift</a>
</li>
</ul>
</li>
<li>
<a href="../modules.html" title="Modules">
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
<hr />
<div id="poweredBy">
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
<div class="g-plusone" data-href="https://github.com/jeremylong/DependencyCheck.git" data-size="tall" ></div>
<div class="clear"></div>
<div class="clear"></div>
<div id="twitter">
<a href="https://twitter.com/ctxt" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow ctxt</a>
<script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
</div>
<div class="clear"></div>
<div class="clear"></div>
<a href="http://maven.apache.org/" title="Maven" class="builtBy">
<img class="builtBy" alt="built with maven" src="http://jeremylong.github.io/DependencyCheck/images/logos/maven-feather.png" />
</a>
<a href="http://www.jetbrains.com/idea/" title="IntelliJ" class="builtBy">
<img class="builtBy" alt="developed using" src="http://jeremylong.github.io/DependencyCheck/images/logos/logo_intellij_idea.png" width="170px" />
</a>
</div>
</div>
</div>
<div id="bodyColumn" class="span10" >
<h1>File Type Analyzers</h1>
<p>OWASP dependency-check contains several file type analyzers that are used to extract identification information from the files analyzed.</p>
<table border="0" class="table table-striped">
<thead>
<tr class="a">
<th>Analyzer </th>
<th>File Types Scanned </th>
<th>Analysis Method </th>
</tr>
</thead>
<tbody>
<tr class="b">
<td><a href="./archive-analyzer.html">Archive</a> </td>
<td>Zip archive format (*.zip, *.ear, *.war, *.jar, *.sar, *.apk, *.nupkg); Tape Archive Format (*.tar); Gzip format (*.gz, *.tgz); Bzip2 format (*.bz2, *.tbz2) </td>
<td>Extracts archive contents, then scans contents with all available analyzers. </td>
</tr>
<tr class="a">
<td><a href="./assembly-analyzer.html">Assembly</a> </td>
<td>.NET Assemblies (*.exe, *.dll) </td>
<td>Uses <a class="externalLink" href="https://github.com/colezlaw/GrokAssembly">GrokAssembly.exe</a>, which requires .NET Framework or Mono runtime to be installed. </td>
</tr>
<tr class="b">
<td><a href="./cmake.html">CMake</a> </td>
<td>CMake project files (CMakeLists.txt) and scripts (*.cmake) </td>
<td>Regex scan for project initialization and version setting commands. </td>
</tr>
<tr class="a">
<td><a href="./jar-analyzer.html">Jar</a> </td>
<td>Java archive files (*.jar); Web application archive (*.war) </td>
<td>Examines archive manifest metadata, and Maven Project Object Model files (pom.xml). </td>
</tr>
<tr class="b">
<td><a href="./nuspec-analyzer.html">Nuspec</a> </td>
<td>Nuget package specification file (*.nuspec) </td>
<td>Uses XPath to parse specification XML. </td>
</tr>
<tr class="a">
<td><a href="./openssl.html">OpenSSL</a> </td>
<td>OpenSSL Version Source Header File (opensslv.h) </td>
<td>Regex parse of the OPENSSL_VERSION_NUMBER macro definition. </td>
</tr>
</tbody>
</table>
<div class="section">
<h2><a name="Experimental_Analyzers"></a>Experimental Analyzers</h2>
<p>The following analyzers can be enabled by enabling the <i>experimental</i> configuration option; see the documentation for the CLI, Ant, Maven, etc. for more information. These analyzers are considered experimental due to the higher false positive and false negative rates. Even though these are marked as experimental several teams have found them useful in their current state.</p>
<table border="0" class="table table-striped">
<thead>
<tr class="a">
<th>Analyzer </th>
<th>File Types Scanned </th>
<th>Analysis Method </th>
</tr>
</thead>
<tbody>
<tr class="b">
<td><a href="./autoconf.html">Autoconf</a> </td>
<td>Autoconf project configuration files (configure, configure.in, configure.ac) </td>
<td><a class="externalLink" href="https://en.wikipedia.org/wiki/Regular_expression">Regex</a> scan for AC_INIT metadata, including in generated configuration script. </td>
</tr>
<tr class="a">
<td><a href="./cmake.html">CMake</a> </td>
<td>CMake project files (CMakeLists.txt) and scripts (*.cmake) </td>
<td>Regex scan for project initialization and version setting commands. </td>
</tr>
<tr class="b">
<td><a href="./cocoapods.html">CocoaPods</a> </td>
<td>CocoaPods <tt>.podspec</tt> files </td>
<td>Extracts dependency information from specification file. </td>
</tr>
<tr class="a">
<td><a href="./composer-lock.html">Composer Lock</a> </td>
<td>PHP <a class="externalLink" href="http://getcomposer.org">Composer</a> Lock files (composer.lock) </td>
<td>Parses PHP <a class="externalLink" href="http://getcomposer.org">Composer</a> lock files for exact versions of dependencies. </td>
</tr>
<tr class="b">
<td><a href="./nodejs.html">Node.js</a> </td>
<td>NPM package specification files (package.json) </td>
<td>Parse JSON format for metadata. </td>
</tr>
<tr class="a">
<td><a href="./python.html">Python</a> </td>
<td>Python source files (*.py); Package metadata files (PKG-INFO, METADATA); Package Distribution Files (*.whl, *.egg, *.zip) </td>
<td>Regex scan of Python source files for setuptools metadata; Parse RFC822 header format for metadata in all other artifacts. </td>
</tr>
<tr class="b">
<td><a href="./ruby-gemspec.html">Ruby Gemspec</a> </td>
<td>Ruby makefiles (Rakefile); Ruby Gemspec files (*.gemspec) </td>
<td>Regex scan Gemspec initialization blocks for metadata. </td>
</tr>
<tr class="a">
<td><a href="./swift.html">SWIFT</a> </td>
<td>SWIFT Package Manager&#x2019;s <tt>Package.swift</tt> </td>
<td>Extracts dependency information from swift package file. </td>
</tr>
</tbody>
</table></div>
</div>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2017
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</footer>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink