From 73608d438ba06f506f7799c9e53bf9c11a9e5e33 Mon Sep 17 00:00:00 2001 From: Aman Sharma Date: Tue, 22 Aug 2023 15:24:54 +0200 Subject: [PATCH] feat: add option for external jar in CLI (#59) --- README.md | 9 ++--- .../java/io/github/algomaster99/FromSbom.java | 13 ++++++- .../io/github/algomaster99/GenerateMojo.java | 34 ++----------------- .../algomaster99/options/FromSbomOptions.java | 8 ++++- .../io/github/algomaster99/FromSbomTest.java | 2 +- .../terminator/commons/jar/JarScanner.java | 32 +++++++++++++++++ 6 files changed, 59 insertions(+), 39 deletions(-) diff --git a/README.md b/README.md index 2c84c32d..db8b3ab7 100644 --- a/README.md +++ b/README.md @@ -35,10 +35,11 @@ java -jar classfile-fingerprint-0.8.1-SNAPSHOT.jar #### Optional parameters -| Parameter | Type | Description | -|:---------------------:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `-a` or `--algorithm` | `String` | Algorithm used to generate the hash sum. Default: `SHA256`.
All options are [written here](https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html#messagedigest-algorithms). | -| `-o` or `--output` | `File` | Path to the output file. Default: `classfile.sha256.jsonl` | +| Parameter | Type | Description | +|:-------------------------:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `-a` or `--algorithm` | `String` | Algorithm used to generate the hash sum. Default: `SHA256`.
All options are [written here](https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html#messagedigest-algorithms). | +| `-o` or `--output` | `Path` | Path to the output file. Default: `classfile.sha256.jsonl` | +| `-e` or `--external-jars` | `Path` | Configuration file to specify external jars. Default: `null`. | ### Maven plugin diff --git a/classfile-fingerprint/src/main/java/io/github/algomaster99/FromSbom.java b/classfile-fingerprint/src/main/java/io/github/algomaster99/FromSbom.java index d06978b6..5cdc5278 100644 --- a/classfile-fingerprint/src/main/java/io/github/algomaster99/FromSbom.java +++ b/classfile-fingerprint/src/main/java/io/github/algomaster99/FromSbom.java @@ -1,6 +1,7 @@ package io.github.algomaster99; import static io.github.algomaster99.terminator.commons.jar.JarScanner.goInsideJarAndUpdateFingerprints; +import static io.github.algomaster99.terminator.commons.jar.JarScanner.processExternalJars; import io.github.algomaster99.options.FromSbomOptions; import io.github.algomaster99.terminator.commons.cyclonedx.Bom14Schema; @@ -48,6 +49,12 @@ public class FromSbom implements Runnable { description = "The output file.") private Path output = Path.of(String.format("classfile.%s.json", algorithm.toLowerCase())); + @CommandLine.Option( + names = {"-e", "--external-jars"}, + required = false, + description = "Path to known external jars.") + private Path externalJars; + public static void main(String[] args) { int exitCode = new CommandLine(new FromSbom()).execute(args); System.exit(exitCode); @@ -56,7 +63,7 @@ public static void main(String[] args) { @Override public void run() { try { - FromSbomOptions options = new FromSbomOptions(input, algorithm, output); + FromSbomOptions options = new FromSbomOptions(input, algorithm, output, externalJars); Map> fingerprints = getFingerprints(options); ParsingHelper.serialiseFingerprints(fingerprints, options.getOutput()); } catch (IOException e) { @@ -67,6 +74,10 @@ public void run() { public static Map> getFingerprints(FromSbomOptions options) { Bom14Schema sbom = options.getInput(); Map> fingerprints = new HashMap<>(); + if (options.getExternalJars() != null) { + processExternalJars(options.getExternalJars().toFile(), fingerprints, options.getAlgorithm()); + } + for (Component component : sbom.getComponents()) { try { File jarFile = JarDownloader.getMavenJarFile( diff --git a/classfile-fingerprint/src/main/java/io/github/algomaster99/GenerateMojo.java b/classfile-fingerprint/src/main/java/io/github/algomaster99/GenerateMojo.java index 55322e1d..f85f70d9 100644 --- a/classfile-fingerprint/src/main/java/io/github/algomaster99/GenerateMojo.java +++ b/classfile-fingerprint/src/main/java/io/github/algomaster99/GenerateMojo.java @@ -2,11 +2,8 @@ import static io.github.algomaster99.terminator.commons.fingerprint.classfile.HashComputer.computeHash; import static io.github.algomaster99.terminator.commons.jar.JarScanner.goInsideJarAndUpdateFingerprints; +import static io.github.algomaster99.terminator.commons.jar.JarScanner.processExternalJars; -import com.fasterxml.jackson.core.type.TypeReference; -import com.fasterxml.jackson.databind.InjectableValues; -import com.fasterxml.jackson.databind.ObjectMapper; -import io.github.algomaster99.terminator.commons.data.ExternalJar; import io.github.algomaster99.terminator.commons.fingerprint.ParsingHelper; import io.github.algomaster99.terminator.commons.fingerprint.classfile.ClassFileAttributes; import io.github.algomaster99.terminator.commons.fingerprint.classfile.ClassfileVersion; @@ -59,7 +56,7 @@ public class GenerateMojo extends AbstractMojo { public void execute() throws MojoExecutionException, MojoFailureException { processProjectItself(); processDependencies(); - processExternalJars(); + processExternalJars(externalJars, fingerprints, algorithm); Path fingerprintFile = getFingerprintFile(project, algorithm); ParsingHelper.serialiseFingerprints(fingerprints, fingerprintFile); @@ -161,33 +158,6 @@ private void walkOverClassDirectory(File artifactFileOnSystem, String groupId, S } } - private void processExternalJars() { - if (externalJars == null) { - getLog().info("No external jars are known."); - return; - } - - ObjectMapper mapper = new ObjectMapper(); - List externalJarList; - try { - InjectableValues inject = new InjectableValues.Std().addValue("configFile", externalJars.getAbsolutePath()); - externalJarList = mapper.setInjectableValues(inject) - .readerFor(new TypeReference>() {}) - .readValue(externalJars); - } catch (IOException e) { - throw new RuntimeException("Could not open external jar file: " + e); - } - - for (ExternalJar jar : externalJarList) { - getLog().info("Processing external jar" + jar.path().getAbsolutePath()); - goInsideJarAndUpdateFingerprints( - jar.path().getAbsoluteFile(), - fingerprints, - algorithm, - jar.path().getAbsolutePath()); - } - } - private static Path getFingerprintFile(MavenProject project, String algorithm) { try { Files.createDirectories(Path.of(project.getBuild().getDirectory())); diff --git a/classfile-fingerprint/src/main/java/io/github/algomaster99/options/FromSbomOptions.java b/classfile-fingerprint/src/main/java/io/github/algomaster99/options/FromSbomOptions.java index aa9e24a3..42e7352c 100644 --- a/classfile-fingerprint/src/main/java/io/github/algomaster99/options/FromSbomOptions.java +++ b/classfile-fingerprint/src/main/java/io/github/algomaster99/options/FromSbomOptions.java @@ -10,11 +10,13 @@ public class FromSbomOptions { private final Bom14Schema input; private final String algorithm; private final Path output; + private final Path externalJars; - public FromSbomOptions(Path input, String algorithm, Path output) throws IOException { + public FromSbomOptions(Path input, String algorithm, Path output, Path externalJars) throws IOException { this.algorithm = algorithm; this.input = CycloneDX.getPOJO(Files.readString(input)); this.output = output; + this.externalJars = externalJars; } public Bom14Schema getInput() { @@ -28,4 +30,8 @@ public String getAlgorithm() { public Path getOutput() { return output; } + + public Path getExternalJars() { + return externalJars; + } } diff --git a/classfile-fingerprint/src/test/java/io/github/algomaster99/FromSbomTest.java b/classfile-fingerprint/src/test/java/io/github/algomaster99/FromSbomTest.java index eadc753b..5bad1646 100644 --- a/classfile-fingerprint/src/test/java/io/github/algomaster99/FromSbomTest.java +++ b/classfile-fingerprint/src/test/java/io/github/algomaster99/FromSbomTest.java @@ -36,6 +36,6 @@ void guava(@TempDir Path junitTempDir) throws IOException { } private static FromSbomOptions getDefaultOptions(Path sbomFile) throws IOException { - return new FromSbomOptions(sbomFile, "SHA256", null); + return new FromSbomOptions(sbomFile, "SHA256", null, null); } } diff --git a/terminator-commons/src/main/java/io/github/algomaster99/terminator/commons/jar/JarScanner.java b/terminator-commons/src/main/java/io/github/algomaster99/terminator/commons/jar/JarScanner.java index 391c8352..ce5a86bd 100644 --- a/terminator-commons/src/main/java/io/github/algomaster99/terminator/commons/jar/JarScanner.java +++ b/terminator-commons/src/main/java/io/github/algomaster99/terminator/commons/jar/JarScanner.java @@ -2,6 +2,10 @@ import static io.github.algomaster99.terminator.commons.fingerprint.classfile.HashComputer.computeHash; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.InjectableValues; +import com.fasterxml.jackson.databind.ObjectMapper; +import io.github.algomaster99.terminator.commons.data.ExternalJar; import io.github.algomaster99.terminator.commons.fingerprint.classfile.ClassFileAttributes; import io.github.algomaster99.terminator.commons.fingerprint.classfile.ClassfileVersion; import io.github.algomaster99.terminator.commons.fingerprint.provenance.Jar; @@ -63,6 +67,34 @@ public static void goInsideJarAndUpdateFingerprints( } } + public static void processExternalJars( + File externalJars, Map> fingerprints, String algorithm) { + if (externalJars == null) { + LOGGER.info("No external jars are known."); + return; + } + + ObjectMapper mapper = new ObjectMapper(); + List externalJarList; + try { + InjectableValues inject = new InjectableValues.Std().addValue("configFile", externalJars.getAbsolutePath()); + externalJarList = mapper.setInjectableValues(inject) + .readerFor(new TypeReference>() {}) + .readValue(externalJars); + } catch (IOException e) { + throw new RuntimeException("Could not open external jar file: " + e); + } + + for (ExternalJar jar : externalJarList) { + LOGGER.info("Processing external jar" + jar.path().getAbsolutePath()); + goInsideJarAndUpdateFingerprints( + jar.path().getAbsoluteFile(), + fingerprints, + algorithm, + jar.path().getAbsolutePath()); + } + } + private static void updateProvenanceList( List provenances, ClassFileAttributes classFileAttributes, String... provenanceInformation) { if (provenanceInformation.length == 3) {