diff --git a/build.sbt b/build.sbt index fc118ce1..ab051b2b 100644 --- a/build.sbt +++ b/build.sbt @@ -1,6 +1,6 @@ name := "chen" ThisBuild / organization := "io.appthreat" -ThisBuild / version := "2.2.2" +ThisBuild / version := "2.2.3" ThisBuild / scalaVersion := "3.5.2" val cpgVersion = "1.0.1" @@ -38,6 +38,12 @@ ThisBuild / libraryDependencies ++= Seq( "org.slf4j" % "slf4j-nop" % "2.0.16" % Optional, ) +ThisBuild / excludeDependencies ++= Seq( + ExclusionRule("com.google.protobuf", "protobuf-java-util"), + ExclusionRule("com.github.tototoshi", "scala-csv_3"), + ExclusionRule("au.com.bytecode", "opencsv") +) + ThisBuild / compile / javacOptions ++= Seq( "-g", // debug symbols "-Xlint", diff --git a/codemeta.json b/codemeta.json index b2e6635f..9a56dbd6 100644 --- a/codemeta.json +++ b/codemeta.json @@ -7,7 +7,7 @@ "downloadUrl": "https://github.com/AppThreat/chen", "issueTracker": "https://github.com/AppThreat/chen/issues", "name": "chen", - "version": "2.2.2", + "version": "2.2.3", "description": "Code Hierarchy Exploration Net (chen) is an advanced exploration toolkit for your application source code and its dependency hierarchy.", "applicationCategory": "code-analysis", "keywords": [ diff --git a/meta.yaml b/meta.yaml index 7b976cbe..c0a4f3db 100644 --- a/meta.yaml +++ b/meta.yaml @@ -1,4 +1,4 @@ -{% set version = "2.2.2" %} +{% set version = "2.2.3" %} package: name: chen diff --git a/platform/frontends/jimple2cpg/build.sbt b/platform/frontends/jimple2cpg/build.sbt index d6a78b03..faaf57b6 100644 --- a/platform/frontends/jimple2cpg/build.sbt +++ b/platform/frontends/jimple2cpg/build.sbt @@ -4,7 +4,8 @@ dependsOn(Projects.dataflowengineoss, Projects.x2cpg % "compile->compile;test->t libraryDependencies ++= Seq( "io.appthreat" %% "cpg2" % Versions.cpg, - "org.soot-oss" % "soot" % "4.5.0", + "commons-io" % "commons-io" % "2.17.0", + "org.soot-oss" % "soot" % "4.6.0", "org.scala-lang.modules" % "scala-asm" % "9.7.0-scala-2", "org.ow2.asm" % "asm" % "9.7.1", "org.ow2.asm" % "asm-analysis" % "9.7.1", diff --git a/platform/frontends/x2cpg/src/main/resources/tags-vocab.txt b/platform/frontends/x2cpg/src/main/resources/tags-vocab.txt index 2c0303cc..27b10d52 100644 --- a/platform/frontends/x2cpg/src/main/resources/tags-vocab.txt +++ b/platform/frontends/x2cpg/src/main/resources/tags-vocab.txt @@ -90,3 +90,20 @@ jdbm kerberos oidc oauth2 +bluetooth +wifi +wireless +driver +graphics +firmware +gyroscope +accelerometer +mobile +network +battery +registry +payment +stripe +apple-pay +icloud +azure \ No newline at end of file diff --git a/platform/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/CdxPass.scala b/platform/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/CdxPass.scala index 4616cd99..3bca73fa 100644 --- a/platform/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/CdxPass.scala +++ b/platform/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/CdxPass.scala @@ -19,7 +19,7 @@ class CdxPass(atom: Cpg) extends CpgPass(atom): val language: String = atom.metaData.language.head // Number of tags needed - private val TAGS_COUNT: Int = 2 + private val TAGS_COUNT: Int = 3 // Number of dots to use in the package namespace // Example: org.apache.logging.* would be used for tagging purposes @@ -94,9 +94,14 @@ class CdxPass(atom: Cpg) extends CpgPass(atom): val compType = comp.hcursor.downField("type").as[String].getOrElse("") val compDescription: String = comp.hcursor.downField("description").as[String].getOrElse("") - val descTags = keywords.filter(k => - compDescription.toLowerCase().contains(" " + k) - ).take(TAGS_COUNT) + // Reuse existing tags from the xBOM + val compTags: List[String] = + comp.hcursor.downField("tags").as[List[String]].getOrElse(List.empty) + val descTags = if compTags.nonEmpty then compTags.take(TAGS_COUNT) + else + keywords.filter(k => + compDescription.toLowerCase().contains(" " + k) + ).take(TAGS_COUNT) if (language == Languages.PYTHON || language == Languages.PYTHONSRC) && compPurl.startsWith( "pkg:pypi" ) diff --git a/pyproject.toml b/pyproject.toml index 2f4180c5..756969f5 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "appthreat-chen" -version = "2.2.2" +version = "2.2.3" description = "Code Hierarchy Exploration Net (chen)" authors = ["Team AppThreat "] license = "Apache-2.0"