feat: Carthage analyzer (#6614)

Co-authored-by: Jeremy Long <[email protected]>

ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java

@@ -356,6 +356,10 @@ public class Check extends Update {
      * Whether or not the CocoaPods Analyzer is enabled.
      */
     private Boolean cocoapodsAnalyzerEnabled;
+    /**
+     * Whether or not the Carthage Analyzer is enabled.
+     */
+    private Boolean carthageAnalyzerEnabled;
 
     /**
      * Whether or not the Swift package Analyzer is enabled.
@@ -1105,6 +1109,24 @@ public void setCocoapodsAnalyzerEnabled(Boolean cocoapodsAnalyzerEnabled) {
         this.cocoapodsAnalyzerEnabled = cocoapodsAnalyzerEnabled;
     }
 
+    /**
+     * Returns if the Carthage analyzer is enabled.
+     *
+     * @return if the Carthage analyzer is enabled
+     */
+    public boolean isCarthageAnalyzerEnabled() {
+        return carthageAnalyzerEnabled;
+    }
+
+    /**
+     * Sets whether or not the Carthage analyzer is enabled.
+     *
+     * @param carthageAnalyzerEnabled the state of the Carthage analyzer
+     */
+    public void setCarthageAnalyzerEnabled(Boolean carthageAnalyzerEnabled) {
+        this.carthageAnalyzerEnabled = carthageAnalyzerEnabled;
+    }
+
     /**
      * Returns whether or not the Swift package Analyzer is enabled.
      *
@@ -2144,6 +2166,7 @@ protected void populateSettings() throws BuildException {
         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_SWIFT_PACKAGE_MANAGER_ENABLED, swiftPackageManagerAnalyzerEnabled);
         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_SWIFT_PACKAGE_RESOLVED_ENABLED, swiftPackageResolvedAnalyzerEnabled);
         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_COCOAPODS_ENABLED, cocoapodsAnalyzerEnabled);
+        getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_CARTHAGE_ENABLED, carthageAnalyzerEnabled);
         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_ENABLED, bundleAuditAnalyzerEnabled);
         getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_PATH, bundleAuditPath);
         getSettings().setStringIfNotNull(Settings.KEYS.ANALYZER_BUNDLE_AUDIT_WORKING_DIRECTORY, bundleAuditWorkingDirectory);

ant/src/site/markdown/configuration.md

@@ -124,6 +124,7 @@ nuspecAnalyzerEnabled               | Sets whether the .NET Nuget Nuspec Analyze
 nugetconfAnalyzerEnabled            | Sets whether the [experimental](../analyzers/index.html) .NET Nuget packages.config Analyzer will be used. `enableExperimental` must be set to true. | true
 libmanAnalyzerEnabled               | Sets whether the Libman Analyzer will be used.                                                             | true
 cocoapodsAnalyzerEnabled            | Sets whether the [experimental](../analyzers/index.html) Cocoapods Analyzer should be used. `enableExperimental` must be set to true. | true
+carthageAnalyzerEnabled             | Sets whether the [experimental](../analyzers/index.html) Carthage Analyzer should be used. `enableExperimental` must be set to true. | true
 mixAuditAnalyzerEnabled             | Sets whether the [experimental](../analyzers/index.html) Mix Audit Analyzer should be used. `enableExperimental` must be set to true. | true
 mixAuditPath                        | Sets the path to the mix_audit executable; only used if mix audit analyzer is enabled and experimental analyzers are enabled.  |  
 bundleAuditAnalyzerEnabled          | Sets whether the [experimental](../analyzers/index.html) Bundle Audit Analyzer should be used. `enableExperimental` must be set to true. | true

cli/src/main/java/org/owasp/dependencycheck/App.java

@@ -575,6 +575,8 @@ protected void populateSettings(CliParser cli) throws InvalidSettingException {
                 !cli.isDisabled(CliParser.ARGUMENT.DISABLE_SWIFT_RESOLVED, Settings.KEYS.ANALYZER_SWIFT_PACKAGE_RESOLVED_ENABLED));
         settings.setBoolean(Settings.KEYS.ANALYZER_COCOAPODS_ENABLED,
                 !cli.isDisabled(CliParser.ARGUMENT.DISABLE_COCOAPODS, Settings.KEYS.ANALYZER_COCOAPODS_ENABLED));
+        settings.setBoolean(Settings.KEYS.ANALYZER_CARTHAGE_ENABLED,
+                !cli.isDisabled(CliParser.ARGUMENT.DISABLE_CARTHAGE, Settings.KEYS.ANALYZER_CARTHAGE_ENABLED));
         settings.setBoolean(Settings.KEYS.ANALYZER_RUBY_GEMSPEC_ENABLED,
                 !cli.isDisabled(CliParser.ARGUMENT.DISABLE_RUBYGEMS, Settings.KEYS.ANALYZER_RUBY_GEMSPEC_ENABLED));
         settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED,

cli/src/main/java/org/owasp/dependencycheck/CliParser.java

@@ -494,6 +494,7 @@ private void addAdvancedOptions(final Options options) {
                 .addOption(newOption(ARGUMENT.DISABLE_OSSINDEX, "Disable the Sonatype OSS Index Analyzer."))
                 .addOption(newOption(ARGUMENT.DISABLE_OSSINDEX_CACHE, "Disallow the OSS Index Analyzer from caching results"))
                 .addOption(newOption(ARGUMENT.DISABLE_COCOAPODS, "Disable the CocoaPods Analyzer."))
+                .addOption(newOption(ARGUMENT.DISABLE_CARTHAGE, "Disable the Carthage Analyzer."))
                 .addOption(newOption(ARGUMENT.DISABLE_SWIFT, "Disable the swift package Analyzer."))
                 .addOption(newOption(ARGUMENT.DISABLE_SWIFT_RESOLVED, "Disable the swift package resolved Analyzer."))
                 .addOption(newOption(ARGUMENT.DISABLE_GO_DEP, "Disable the Golang Package Analyzer."))
@@ -1286,6 +1287,10 @@ public static class ARGUMENT {
          * Disables the cocoapods analyzer.
          */
         public static final String DISABLE_COCOAPODS = "disableCocoapodsAnalyzer";
+        /**
+         * Disables the Carthage analyzer.
+         */
+        public static final String DISABLE_CARTHAGE = "disableCarthageAnalyzer";
         /**
          * Disables the swift package manager analyzer.
          */

cli/src/main/resources/completion-for-dependency-check.sh

@@ -32,6 +32,7 @@ _odc_completions()
             --disableCentralCache
             --disableCmake
             --disableCocoapodsAnalyzer
+            --disableCarthageAnalyzer
             --disableComposer
             --disableDart
             --disableFileName

cli/src/site/markdown/arguments.md

@@ -63,6 +63,7 @@ Advanced Options
 |       | \-\-disableRubygems                   |                 | Sets whether the [experimental](../analyzers/index.html) Ruby Gemspec Analyzer will be used.                                                                                                           |          |
 |       | \-\-disableBundleAudit                |                 | Sets whether the [experimental](../analyzers/index.html) Ruby Bundler Audit Analyzer will be used.                                                                                                     |          |
 |       | \-\-disableCocoapodsAnalyzer          |                 | Sets whether the [experimental](../analyzers/index.html) Cocoapods Analyzer will be used.                                                                                                              |          |
+|       | \-\-disableCarthageAnalyzer           |                 | Sets whether the [experimental](../analyzers/index.html) Carthage Analyzer will be used.                                                                                                               |          |
 |       | \-\-disableSwiftPackageManagerAnalyzer |                 | Sets whether the [experimental](../analyzers/index.html) Swift Package Manager Analyzer will be used.                                                                                                 |          |
 |       | \-\-disableSwiftPackageResolvedAnalyzer|                 | Sets whether the [experimental](../analyzers/index.html) Swift Package Resolved Analyzer will be used.                                                                                                |          |
 |       | \-\-disableAutoconf                   |                 | Sets whether the [experimental](../analyzers/index.html) Autoconf Analyzer will be used.                                                                                                               |          |

cli/src/test/resources/sample.properties

@@ -21,6 +21,7 @@ analyzer.openssl.enabled=true
 analyzer.central.enabled=true
 analyzer.nexus.enabled=false
 analyzer.cocoapods.enabled=true
+analyzer.carthage.enabled=true
 analyzer.swift.package.manager.enabled=true
 #whether the nexus analyzer uses the proxy
 analyzer.nexus.proxy=true

cli/src/test/resources/sample2.properties

@@ -21,6 +21,7 @@ analyzer.openssl.enabled=false
 analyzer.central.enabled=false
 analyzer.nexus.enabled=true
 analyzer.cocoapods.enabled=false
+analyzer.carthage.enabled=false
 analyzer.swift.package.manager.enabled=false
 #whether the nexus analyzer uses the proxy
 analyzer.nexus.proxy=false

core/src/main/java/org/owasp/dependencycheck/analyzer/AnalysisPhase.java

@@ -42,6 +42,7 @@ public enum AnalysisPhase {
      * {@link AutoconfAnalyzer}
      * {@link CMakeAnalyzer}
      * {@link CentralAnalyzer}
+     * {@link CarthageAnalyzer}
      * {@link CocoaPodsAnalyzer}
      * {@link ComposerLockAnalyzer}
      * {@link DartAnalyzer}