Skip to content

Commit

Permalink
Merge pull request #144 from RHEcosystemAppEng/fix/add-configs-to-ca-…
Browse files Browse the repository at this point in the history
…gradle

fix: add and fix missing configurations for gradle ca
  • Loading branch information
zvigrinberg authored Jun 13, 2024
2 parents eb41cdc + 74e1522 commit 3726b7a
Show file tree
Hide file tree
Showing 4 changed files with 352 additions and 315 deletions.
8 changes: 7 additions & 1 deletion src/analysis.js
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,13 @@ async function requestStack(provider, manifest, url, html = false, opts = {}) {
* @returns {Promise<import('../generated/backend/AnalysisReport').AnalysisReport>}
*/
async function requestComponent(provider, data, url, opts = {}, path = '') {
opts["source-manifest"]= Buffer.from(data).toString('base64')
if(data.trim() !== "") {
opts["source-manifest"]= Buffer.from(data).toString('base64')
// for gradle component analysis is an exception and requires only path exclusively, and not data content.
}else {
opts["source-manifest"]= Buffer.from(fs.readFileSync(path).toString()).toString('base64')
}

let provided = provider.provideComponent(data, opts,path) // throws error if content providing failed
opts["source-manifest"]= ""
opts[rhdaOperationTypeHeader.toUpperCase().replaceAll("-","_")] = "component-analysis"
Expand Down
41 changes: 23 additions & 18 deletions src/providers/java_gradle.js
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ function removeDuplicateIfExists(arrayForSbom,theContent) {
};
}

const componentAnalysisConfigs = ["api", "implementation", "compileOnly","runtimeOnly"];
export default class Java_gradle extends Base_java {

/**
Expand Down Expand Up @@ -141,7 +142,7 @@ export default class Java_gradle extends Base_java {
if (process.env["EXHORT_DEBUG"] === "true") {
console.log("Dependency tree that will be used as input for creating the BOM =>" + EOL + EOL + content)
}
let sbom = this.#buildSbomFileFromTextFormat(content, properties, "runtimeClasspath", manifest,opts)
let sbom = this.#buildSbomFileFromTextFormat(content, properties, ["runtimeClasspath"], manifest,opts)
return sbom
}

Expand Down Expand Up @@ -192,19 +193,19 @@ export default class Java_gradle extends Base_java {
#getSbomForComponentAnalysis(opts = {}, manifestPath) {
let content = this.#getDependencies(manifestPath)
let properties = this.#extractProperties(manifestPath, opts)
let configurationNames = new Array()
configurationNames.push("api", "implementation", "compile")
let configName
for (let config of configurationNames) {
let directDeps = this.#extractLines(content, config);
if (directDeps.length > 0) {
configName = config
break

}
}

let sbom = this.#buildSbomFileFromTextFormat(content, properties, configName, manifestPath, opts)
let configurationNames = componentAnalysisConfigs

// let configName
// for (let config of configurationNames) {
// let directDeps = this.#extractLines(content, config);
// if (directDeps.length > 0) {
// configName = config
// break
//
// }
// }

let sbom = this.#buildSbomFileFromTextFormat(content, properties, configurationNames, manifestPath, opts)
return sbom

}
Expand Down Expand Up @@ -248,15 +249,19 @@ export default class Java_gradle extends Base_java {
*
* @param content {string} - content of the dependency tree received from gradle dependencies command
* @param properties {Object} - properties of the gradle project.
* @param configName {string} - the configuration name of dependencies to include in sbom.
* @param configNames {string[]} - the configuration name of dependencies to include in sbom.
* @return {string} return sbom json string of the build.gradle manifest file
*/
#buildSbomFileFromTextFormat(content, properties, configName, manifestPath, opts = {}) {
#buildSbomFileFromTextFormat(content, properties, configNames, manifestPath, opts = {}) {
let sbom = new Sbom();
let root = `${properties.group}:${properties[ROOT_PROJECT_KEY_NAME].match(/Root project '(.+)'/)[1]}:jar:${properties.version}`
let rootPurl = this.parseDep(root)
sbom.addRoot(rootPurl)
let lines = this.#extractLines(content, configName)
let lines = new Array()
configNames.forEach(configName => {
let deps = this.#extractLines(content, configName)
lines = lines.concat(deps)
})
// transform gradle dependency tree to the form of maven dependency tree to use common sbom build algorithm in Base_java parent */
let arrayForSbom = lines.filter(dep => dep.trim() !== "").map(dependency => dependency.replaceAll("---", "-").replaceAll(" ", " "))
.map(dependency => dependency.replaceAll(/:(.*):(.*) -> (.*)$/g, ":$1:$3"))
Expand All @@ -267,7 +272,7 @@ export default class Java_gradle extends Base_java {
if(arrayForSbom.length > 0 && !containsVersion(arrayForSbom[0])) {
arrayForSbom = arrayForSbom.slice(1)
}
if( ["api", "implementation", "compile"].includes(configName) ) {
if( configNames === componentAnalysisConfigs ) {
arrayForSbom.forEach( removeDuplicateIfExists.call(this, arrayForSbom,content))
}
this.parseDependencyTree(root + ":compile", 0, arrayForSbom, sbom)
Expand Down
Loading

0 comments on commit 3726b7a

Please sign in to comment.