From 0987947134a1cd3bd0e4b8030867caca1120f7dd Mon Sep 17 00:00:00 2001 From: Zvi Grinberg <75700623+zvigrinberg@users.noreply.github.com> Date: Mon, 29 Jul 2024 11:09:01 +0300 Subject: [PATCH] fix: add and fix missing configurations for gradle ca (#108) ## Description Retrofits https://github.com/RHEcosystemAppEng/exhort-javascript-api/pull/144 to exhort-java-api Fixes: https://issues.redhat.com/browse/TC-1557 ## Checklist - [x] I have followed this repository's contributing guidelines. - [x] I will adhere to the project's code of conduct. --------- Signed-off-by: Zvi Grinberg --- .../exhort/providers/GradleProvider.java | 35 +++++++++---------- .../expected_component_sbom.json | 19 ++++++++-- .../expected_component_sbom.json | 19 ++++++++-- 3 files changed, 48 insertions(+), 25 deletions(-) diff --git a/src/main/java/com/redhat/exhort/providers/GradleProvider.java b/src/main/java/com/redhat/exhort/providers/GradleProvider.java index c437b28..67defda 100644 --- a/src/main/java/com/redhat/exhort/providers/GradleProvider.java +++ b/src/main/java/com/redhat/exhort/providers/GradleProvider.java @@ -29,10 +29,7 @@ import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; +import java.util.*; import java.util.function.Consumer; import java.util.logging.Logger; import java.util.regex.Matcher; @@ -49,6 +46,9 @@ */ public final class GradleProvider extends BaseJavaProvider { + public static final String[] COMPONENT_ANALYSIS_CONFIGURATIONS = { + "api", "implementation", "compileOnlyApi", "compileOnly", "runtimeOnly" + }; private Logger log = LoggersFactory.getLogger(this.getClass().getName()); public GradleProvider() { @@ -67,7 +67,7 @@ public Content provideStack(final Path manifestPath) throws IOException { } Map propertiesMap = extractProperties(manifestPath); - var sbom = buildSbomFromTextFormat(tempFile, propertiesMap, "runtimeClasspath"); + var sbom = buildSbomFromTextFormat(tempFile, propertiesMap, new String[] {"runtimeClasspath"}); var ignored = getIgnoredDeps(manifestPath); return new Content( @@ -241,14 +241,20 @@ private Path getProperties(Path manifestPath) throws IOException { } private Sbom buildSbomFromTextFormat( - Path textFormatFile, Map propertiesMap, String configName) + Path textFormatFile, Map propertiesMap, String[] configNames) throws IOException { var sbom = SbomFactory.newInstance(Sbom.BelongingCondition.PURL, "sensitive"); String root = getRoot(textFormatFile, propertiesMap); var rootPurl = parseDep(root); sbom.addRoot(rootPurl); - List lines = extractLines(textFormatFile, configName); + List lines = new ArrayList<>(); + + for (String configName : configNames) { + List deps = extractLines(textFormatFile, configName); + lines.addAll(deps); + } + List arrayForSbom = new ArrayList<>(); for (String line : lines) { @@ -263,7 +269,7 @@ private Sbom buildSbomFromTextFormat( } } // remove duplicates for component analysis - if (List.of("api", "implementation", "compileOnly").contains(configName)) { + if (Arrays.equals(configNames, COMPONENT_ANALYSIS_CONFIGURATIONS)) { removeDuplicateIfExists(arrayForSbom, textFormatFile); arrayForSbom = performManifestVersionsCheck(arrayForSbom, textFormatFile); } @@ -467,20 +473,11 @@ public Content provideComponent(Path manifestPath) throws IOException { Path tempFile = getDependencies(manifestPath); Map propertiesMap = extractProperties(manifestPath); - String[] configurationNames = {"api", "implementation", "compileOnly", "runtimeOnly"}; + String[] configurationNames = COMPONENT_ANALYSIS_CONFIGURATIONS; String configName = null; - for (String configurationName : configurationNames) { - List directDependencies = extractLines(tempFile, configurationName); - - // Check if dependencies are found for the current configuration - if (!directDependencies.isEmpty()) { - configName = configurationName; - break; - } - } - var sbom = buildSbomFromTextFormat(tempFile, propertiesMap, configName); + var sbom = buildSbomFromTextFormat(tempFile, propertiesMap, configurationNames); var ignored = getIgnoredDeps(manifestPath); return new Content( diff --git a/src/test/resources/tst_manifests/gradle/deps_with_ignore_notations/expected_component_sbom.json b/src/test/resources/tst_manifests/gradle/deps_with_ignore_notations/expected_component_sbom.json index 8e846e7..90b1ca4 100644 --- a/src/test/resources/tst_manifests/gradle/deps_with_ignore_notations/expected_component_sbom.json +++ b/src/test/resources/tst_manifests/gradle/deps_with_ignore_notations/expected_component_sbom.json @@ -3,7 +3,7 @@ "specVersion" : "1.4", "version" : 1, "metadata" : { - "timestamp" : "2024-04-02T23:13:52Z", + "timestamp" : "2024-07-29T07:49:36Z", "component" : { "group" : "org.acme.dbaas", "name" : "postgresql-orm-quarkus", @@ -93,6 +93,14 @@ "purl" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final", "type" : "library", "bom-ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final" + }, + { + "group" : "io.quarkus", + "name" : "quarkus-hibernate-orm-deployment", + "version" : "2.0.2.Final", + "purl" : "pkg:maven/io.quarkus/quarkus-hibernate-orm-deployment@2.0.2.Final", + "type" : "library", + "bom-ref" : "pkg:maven/io.quarkus/quarkus-hibernate-orm-deployment@2.0.2.Final" } ], "dependencies" : [ @@ -107,7 +115,8 @@ "pkg:maven/io.quarkus/quarkus-kubernetes-service-binding@2.13.5.Final", "pkg:maven/io.quarkus/quarkus-container-image-docker@2.13.5.Final", "pkg:maven/jakarta.validation/jakarta.validation-api@2.0.2", - "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final" + "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final", + "pkg:maven/io.quarkus/quarkus-hibernate-orm-deployment@2.0.2.Final" ] }, { @@ -145,6 +154,10 @@ { "ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final", "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/io.quarkus/quarkus-hibernate-orm-deployment@2.0.2.Final", + "dependsOn" : [ ] } ] -} \ No newline at end of file +} diff --git a/src/test/resources/tst_manifests/gradle/deps_with_no_ignore_common_paths/expected_component_sbom.json b/src/test/resources/tst_manifests/gradle/deps_with_no_ignore_common_paths/expected_component_sbom.json index 72575d5..cc67822 100644 --- a/src/test/resources/tst_manifests/gradle/deps_with_no_ignore_common_paths/expected_component_sbom.json +++ b/src/test/resources/tst_manifests/gradle/deps_with_no_ignore_common_paths/expected_component_sbom.json @@ -3,7 +3,7 @@ "specVersion" : "1.4", "version" : 1, "metadata" : { - "timestamp" : "2024-04-02T23:16:00Z", + "timestamp" : "2024-07-29T07:58:24Z", "component" : { "group" : "org.acme.dbaas", "name" : "postgresql-orm-quarkus", @@ -93,6 +93,14 @@ "purl" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final", "type" : "library", "bom-ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final" + }, + { + "group" : "io.quarkus", + "name" : "quarkus-hibernate-orm-deployment", + "version" : "2.0.2.Final", + "purl" : "pkg:maven/io.quarkus/quarkus-hibernate-orm-deployment@2.0.2.Final", + "type" : "library", + "bom-ref" : "pkg:maven/io.quarkus/quarkus-hibernate-orm-deployment@2.0.2.Final" } ], "dependencies" : [ @@ -107,7 +115,8 @@ "pkg:maven/io.quarkus/quarkus-kubernetes-service-binding@2.13.5.Final", "pkg:maven/io.quarkus/quarkus-container-image-docker@2.13.5.Final", "pkg:maven/jakarta.validation/jakarta.validation-api@2.0.2", - "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final" + "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final", + "pkg:maven/io.quarkus/quarkus-hibernate-orm-deployment@2.0.2.Final" ] }, { @@ -145,6 +154,10 @@ { "ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final", "dependsOn" : [ ] + }, + { + "ref" : "pkg:maven/io.quarkus/quarkus-hibernate-orm-deployment@2.0.2.Final", + "dependsOn" : [ ] } ] -} \ No newline at end of file +}