feat: add option for external jar in CLI (#59)

README.md

@@ -35,10 +35,11 @@ java -jar classfile-fingerprint-0.8.1-SNAPSHOT.jar
 
 #### Optional parameters
 
-|       Parameter       |   Type   | Description                                                                                                                                                                                                  |
-|:---------------------:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `-a` or `--algorithm` | `String` | Algorithm used to generate the hash sum. Default: `SHA256`.<br/> All options are [written here](https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html#messagedigest-algorithms). |
-|  `-o` or `--output`   |  `File`  | Path to the output file. Default: `classfile.sha256.jsonl`                                                                                                                                                   |
+|         Parameter         |   Type   | Description                                                                                                                                                                                                  |
+|:-------------------------:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|   `-a` or `--algorithm`   | `String` | Algorithm used to generate the hash sum. Default: `SHA256`.<br/> All options are [written here](https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html#messagedigest-algorithms). |
+|    `-o` or `--output`     |  `Path`  | Path to the output file. Default: `classfile.sha256.jsonl`                                                                                                                                                   |
+| `-e` or `--external-jars` |  `Path`  | Configuration file to specify external jars. Default: `null`.                                                                                                                                                |
 
 
 ### Maven plugin

classfile-fingerprint/src/main/java/io/github/algomaster99/FromSbom.java

@@ -1,6 +1,7 @@
 package io.github.algomaster99;
 
 import static io.github.algomaster99.terminator.commons.jar.JarScanner.goInsideJarAndUpdateFingerprints;
+import static io.github.algomaster99.terminator.commons.jar.JarScanner.processExternalJars;
 
 import io.github.algomaster99.options.FromSbomOptions;
 import io.github.algomaster99.terminator.commons.cyclonedx.Bom14Schema;
@@ -48,6 +49,12 @@ public class FromSbom implements Runnable {
             description = "The output file.")
     private Path output = Path.of(String.format("classfile.%s.json", algorithm.toLowerCase()));
 
+    @CommandLine.Option(
+            names = {"-e", "--external-jars"},
+            required = false,
+            description = "Path to known external jars.")
+    private Path externalJars;
+
     public static void main(String[] args) {
         int exitCode = new CommandLine(new FromSbom()).execute(args);
         System.exit(exitCode);
@@ -56,7 +63,7 @@ public static void main(String[] args) {
     @Override
     public void run() {
         try {
-            FromSbomOptions options = new FromSbomOptions(input, algorithm, output);
+            FromSbomOptions options = new FromSbomOptions(input, algorithm, output, externalJars);
             Map<String, List<Provenance>> fingerprints = getFingerprints(options);
             ParsingHelper.serialiseFingerprints(fingerprints, options.getOutput());
         } catch (IOException e) {
@@ -67,6 +74,10 @@ public void run() {
     public static Map<String, List<Provenance>> getFingerprints(FromSbomOptions options) {
         Bom14Schema sbom = options.getInput();
         Map<String, List<Provenance>> fingerprints = new HashMap<>();
+        if (options.getExternalJars() != null) {
+            processExternalJars(options.getExternalJars().toFile(), fingerprints, options.getAlgorithm());
+        }
+
         for (Component component : sbom.getComponents()) {
             try {
                 File jarFile = JarDownloader.getMavenJarFile(

classfile-fingerprint/src/main/java/io/github/algomaster99/GenerateMojo.java

@@ -2,11 +2,8 @@
 
 import static io.github.algomaster99.terminator.commons.fingerprint.classfile.HashComputer.computeHash;
 import static io.github.algomaster99.terminator.commons.jar.JarScanner.goInsideJarAndUpdateFingerprints;
+import static io.github.algomaster99.terminator.commons.jar.JarScanner.processExternalJars;
 
-import com.fasterxml.jackson.core.type.TypeReference;
-import com.fasterxml.jackson.databind.InjectableValues;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import io.github.algomaster99.terminator.commons.data.ExternalJar;
 import io.github.algomaster99.terminator.commons.fingerprint.ParsingHelper;
 import io.github.algomaster99.terminator.commons.fingerprint.classfile.ClassFileAttributes;
 import io.github.algomaster99.terminator.commons.fingerprint.classfile.ClassfileVersion;
@@ -59,7 +56,7 @@ public class GenerateMojo extends AbstractMojo {
     public void execute() throws MojoExecutionException, MojoFailureException {
         processProjectItself();
         processDependencies();
-        processExternalJars();
+        processExternalJars(externalJars, fingerprints, algorithm);
 
         Path fingerprintFile = getFingerprintFile(project, algorithm);
         ParsingHelper.serialiseFingerprints(fingerprints, fingerprintFile);
@@ -161,33 +158,6 @@ private void walkOverClassDirectory(File artifactFileOnSystem, String groupId, S
         }
     }
 
-    private void processExternalJars() {
-        if (externalJars == null) {
-            getLog().info("No external jars are known.");
-            return;
-        }
-
-        ObjectMapper mapper = new ObjectMapper();
-        List<ExternalJar> externalJarList;
-        try {
-            InjectableValues inject = new InjectableValues.Std().addValue("configFile", externalJars.getAbsolutePath());
-            externalJarList = mapper.setInjectableValues(inject)
-                    .readerFor(new TypeReference<List<ExternalJar>>() {})
-                    .readValue(externalJars);
-        } catch (IOException e) {
-            throw new RuntimeException("Could not open external jar file: " + e);
-        }
-
-        for (ExternalJar jar : externalJarList) {
-            getLog().info("Processing external jar" + jar.path().getAbsolutePath());
-            goInsideJarAndUpdateFingerprints(
-                    jar.path().getAbsoluteFile(),
-                    fingerprints,
-                    algorithm,
-                    jar.path().getAbsolutePath());
-        }
-    }
-
     private static Path getFingerprintFile(MavenProject project, String algorithm) {
         try {
             Files.createDirectories(Path.of(project.getBuild().getDirectory()));

classfile-fingerprint/src/main/java/io/github/algomaster99/options/FromSbomOptions.java

@@ -10,11 +10,13 @@ public class FromSbomOptions {
     private final Bom14Schema input;
     private final String algorithm;
     private final Path output;
+    private final Path externalJars;
 
-    public FromSbomOptions(Path input, String algorithm, Path output) throws IOException {
+    public FromSbomOptions(Path input, String algorithm, Path output, Path externalJars) throws IOException {
         this.algorithm = algorithm;
         this.input = CycloneDX.getPOJO(Files.readString(input));
         this.output = output;
+        this.externalJars = externalJars;
     }
 
     public Bom14Schema getInput() {
@@ -28,4 +30,8 @@ public String getAlgorithm() {
     public Path getOutput() {
         return output;
     }
+
+    public Path getExternalJars() {
+        return externalJars;
+    }
 }

classfile-fingerprint/src/test/java/io/github/algomaster99/FromSbomTest.java

@@ -36,6 +36,6 @@ void guava(@TempDir Path junitTempDir) throws IOException {
     }
 
     private static FromSbomOptions getDefaultOptions(Path sbomFile) throws IOException {
-        return new FromSbomOptions(sbomFile, "SHA256", null);
+        return new FromSbomOptions(sbomFile, "SHA256", null, null);
     }
 }

terminator-commons/src/main/java/io/github/algomaster99/terminator/commons/jar/JarScanner.java

@@ -2,6 +2,10 @@
 
 import static io.github.algomaster99.terminator.commons.fingerprint.classfile.HashComputer.computeHash;
 
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.InjectableValues;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import io.github.algomaster99.terminator.commons.data.ExternalJar;
 import io.github.algomaster99.terminator.commons.fingerprint.classfile.ClassFileAttributes;
 import io.github.algomaster99.terminator.commons.fingerprint.classfile.ClassfileVersion;
 import io.github.algomaster99.terminator.commons.fingerprint.provenance.Jar;
@@ -63,6 +67,34 @@ public static void goInsideJarAndUpdateFingerprints(
         }
     }
 
+    public static void processExternalJars(
+            File externalJars, Map<String, List<Provenance>> fingerprints, String algorithm) {
+        if (externalJars == null) {
+            LOGGER.info("No external jars are known.");
+            return;
+        }
+
+        ObjectMapper mapper = new ObjectMapper();
+        List<ExternalJar> externalJarList;
+        try {
+            InjectableValues inject = new InjectableValues.Std().addValue("configFile", externalJars.getAbsolutePath());
+            externalJarList = mapper.setInjectableValues(inject)
+                    .readerFor(new TypeReference<List<ExternalJar>>() {})
+                    .readValue(externalJars);
+        } catch (IOException e) {
+            throw new RuntimeException("Could not open external jar file: " + e);
+        }
+
+        for (ExternalJar jar : externalJarList) {
+            LOGGER.info("Processing external jar" + jar.path().getAbsolutePath());
+            goInsideJarAndUpdateFingerprints(
+                    jar.path().getAbsoluteFile(),
+                    fingerprints,
+                    algorithm,
+                    jar.path().getAbsolutePath());
+        }
+    }
+
     private static void updateProvenanceList(
             List<Provenance> provenances, ClassFileAttributes classFileAttributes, String... provenanceInformation) {
         if (provenanceInformation.length == 3) {