Skip to content

Commit

Permalink
fix: fix for the component analysis to show gradle resolved version f…
Browse files Browse the repository at this point in the history
…or the package in the dropdown

Signed-off-by: Olga Lavtar <olavtar@redhat.com>
  • Loading branch information
olavtar committed Jun 21, 2024
1 parent 711b039 commit c62928b
Show file tree
Hide file tree
Showing 5 changed files with 90 additions and 39 deletions.
81 changes: 66 additions & 15 deletions src/main/java/com/redhat/exhort/providers/GradleProvider.java
Original file line number Diff line number Diff line change
Expand Up @@ -251,27 +251,78 @@ private Sbom buildSbomFromTextFormat(
List<String> lines = extractLines(textFormatFile, configName);
List<String> arrayForSbom = new ArrayList<>();

for (String line : lines) {
line = line.replaceAll("---", "-").replaceAll(" ", " ");
line = line.replaceAll(":(.*):(.*) -> (.*)$", ":$1:$3");
line = line.replaceAll("(.*):(.*):(.*)$", "$1:$2:jar:$3");
line = line.replaceAll(" \\(n\\)$", "");
line = line.replaceAll(" \\(\\*\\)", "");
line = line.replaceAll("$", ":compile");
if (containsVersion(line)) {
arrayForSbom.add(line);
for (String line : lines) {
line = line.replaceAll("---", "-").replaceAll(" ", " ");
line = line.replaceAll(":(.*):(.*) -> (.*)$", ":$1:$3");
line = line.replaceAll("(.*):(.*):(.*)$", "$1:$2:jar:$3");
line = line.replaceAll(" \\(n\\)$", "");
line = line.replaceAll(" \\(\\*\\)", "");
line = line.replaceAll("$", ":compile");
if (containsVersion(line)) {
arrayForSbom.add(line);
}
}
// remove duplicates for component analysis
if (List.of("api", "implementation", "compileOnly").contains(configName)) {
removeDuplicateIfExists(arrayForSbom, textFormatFile);
arrayForSbom = performManifestVersionsCheck(arrayForSbom, textFormatFile);
}
}
// remove duplicates for component analysis
if (List.of("api", "implementation", "compile").contains(configName)) {
removeDuplicateIfExists(arrayForSbom, textFormatFile);
}

String[] array = arrayForSbom.toArray(new String[0]);
parseDependencyTree(root, 0, array, sbom);
return sbom;
}

private List<String> performManifestVersionsCheck(List<String> arrayForSbom, Path textFormatFile) throws IOException {

List<String> runtimeClasspathLines = extractLines(textFormatFile, "runtimeClasspath");
Map<String, String> runtimeClasspathVersions = parseDependencyVersions(runtimeClasspathLines);
List<String> updatedLines = updateDependencies(arrayForSbom, runtimeClasspathVersions);

return updatedLines;
}

private Map<String, String> parseDependencyVersions(List<String> lines) {
Map<String, String> dependencyVersions = new HashMap<>();

for (String line : lines) {
if (line.contains("->")) {
String[] splitLine = line.split("---");
if (splitLine.length > 1) {
String dependencyPart = splitLine[1].trim();
String[] parts = dependencyPart.split("-> ");
// Extract the dependency name (without the version) and the resolved version
String dependency = parts[0].substring(0, parts[0].lastIndexOf(':')).trim();
String version = parts[1].split(" ")[0].trim();
dependencyVersions.put(dependency, version);
}
}
}

return dependencyVersions;
}

private List<String> updateDependencies(List<String> lines, Map<String, String> runtimeClasspathVersions) {
List<String> updatedLines = new ArrayList<>();
for (String line : lines) {
PackageURL packageURL = parseDep(line);
String[] parts = line.split(":");
if (parts.length >= 4) {
String dependencyKey = packageURL.getNamespace() + ":" + packageURL.getName(); // Extract dependency key
if (runtimeClasspathVersions.containsKey(dependencyKey)) {
String newVersion = runtimeClasspathVersions.get(dependencyKey);
parts[3] = newVersion; // Replace version with the resolved version
updatedLines.add(String.join(":", parts));
} else {
updatedLines.add(line); // Keep the original line if no update is needed
}
} else {
updatedLines.add(line); // Keep the original line if it doesn't match the expected pattern
}
}
return updatedLines;
}

private void removeDuplicateIfExists(List<String> arrayForSbom, Path theContent) {
Consumer<String> removeDuplicateFunction =
dependency -> {
Expand Down Expand Up @@ -413,7 +464,7 @@ public Content provideComponent(Path manifestPath) throws IOException {
Path tempFile = getDependencies(manifestPath);
Map<String, String> propertiesMap = extractProperties(manifestPath);

String[] configurationNames = {"api", "implementation", "compile"};
String[] configurationNames = {"api", "implementation", "compileOnly", "runtimeOnly"};

String configName = null;
for (String configurationName : configurationNames) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2586,5 +2586,5 @@ No dependencies

A web-based, searchable dependency report is available by adding the --scan option.

BUILD SUCCESSFUL in 714ms
BUILD SUCCESSFUL in 632ms
1 actionable task: 1 executed
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"specVersion" : "1.4",
"version" : 1,
"metadata" : {
"timestamp" : "2024-04-02T22:31:28Z",
"timestamp" : "2024-06-21T20:31:39Z",
"component" : {
"group" : "org.acme.dbaas",
"name" : "postgresql-orm-quarkus",
Expand Down Expand Up @@ -41,10 +41,10 @@
{
"group" : "io.quarkus",
"name" : "quarkus-resteasy",
"version" : "2.13.5.Final",
"purl" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.5.Final",
"version" : "2.13.7.Final",
"purl" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.7.Final",
"type" : "library",
"bom-ref" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.5.Final"
"bom-ref" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.7.Final"
},
{
"group" : "io.quarkus",
Expand All @@ -65,10 +65,10 @@
{
"group" : "io.quarkus",
"name" : "quarkus-vertx-http",
"version" : "2.13.5.Final",
"purl" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final",
"version" : "2.13.7.Final",
"purl" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.7.Final",
"type" : "library",
"bom-ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final"
"bom-ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.7.Final"
},
{
"group" : "io.quarkus",
Expand Down Expand Up @@ -117,10 +117,10 @@
"dependsOn" : [
"pkg:maven/io.quarkus/quarkus-hibernate-orm@2.13.5.Final",
"pkg:maven/io.quarkus/quarkus-agroal@2.13.5.Final",
"pkg:maven/io.quarkus/quarkus-resteasy@2.13.5.Final",
"pkg:maven/io.quarkus/quarkus-resteasy@2.13.7.Final",
"pkg:maven/io.quarkus/quarkus-resteasy-jackson@2.13.5.Final",
"pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.5.Final",
"pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final",
"pkg:maven/io.quarkus/quarkus-vertx-http@2.13.7.Final",
"pkg:maven/io.quarkus/quarkus-kubernetes-service-binding@2.13.5.Final",
"pkg:maven/io.quarkus/quarkus-container-image-docker@2.13.5.Final",
"pkg:maven/jakarta.validation/jakarta.validation-api@2.0.2",
Expand All @@ -137,7 +137,7 @@
"dependsOn" : [ ]
},
{
"ref" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.5.Final",
"ref" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.7.Final",
"dependsOn" : [ ]
},
{
Expand All @@ -149,7 +149,7 @@
"dependsOn" : [ ]
},
{
"ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final",
"ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.7.Final",
"dependsOn" : [ ]
},
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2586,5 +2586,5 @@ No dependencies

A web-based, searchable dependency report is available by adding the --scan option.

BUILD SUCCESSFUL in 655ms
BUILD SUCCESSFUL in 594ms
1 actionable task: 1 executed
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"specVersion" : "1.4",
"version" : 1,
"metadata" : {
"timestamp" : "2024-04-02T22:35:27Z",
"timestamp" : "2024-06-21T20:33:14Z",
"component" : {
"group" : "org.acme.dbaas",
"name" : "postgresql-orm-quarkus",
Expand Down Expand Up @@ -41,10 +41,10 @@
{
"group" : "io.quarkus",
"name" : "quarkus-resteasy",
"version" : "2.13.5.Final",
"purl" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.5.Final",
"version" : "2.13.7.Final",
"purl" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.7.Final",
"type" : "library",
"bom-ref" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.5.Final"
"bom-ref" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.7.Final"
},
{
"group" : "io.quarkus",
Expand All @@ -65,10 +65,10 @@
{
"group" : "io.quarkus",
"name" : "quarkus-vertx-http",
"version" : "2.13.5.Final",
"purl" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final",
"version" : "2.13.7.Final",
"purl" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.7.Final",
"type" : "library",
"bom-ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final"
"bom-ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.7.Final"
},
{
"group" : "io.quarkus",
Expand Down Expand Up @@ -117,10 +117,10 @@
"dependsOn" : [
"pkg:maven/io.quarkus/quarkus-hibernate-orm@2.13.5.Final",
"pkg:maven/io.quarkus/quarkus-agroal@2.13.5.Final",
"pkg:maven/io.quarkus/quarkus-resteasy@2.13.5.Final",
"pkg:maven/io.quarkus/quarkus-resteasy@2.13.7.Final",
"pkg:maven/io.quarkus/quarkus-resteasy-jackson@2.13.5.Final",
"pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.5.Final",
"pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final",
"pkg:maven/io.quarkus/quarkus-vertx-http@2.13.7.Final",
"pkg:maven/io.quarkus/quarkus-kubernetes-service-binding@2.13.5.Final",
"pkg:maven/io.quarkus/quarkus-container-image-docker@2.13.5.Final",
"pkg:maven/jakarta.validation/jakarta.validation-api@2.0.2",
Expand All @@ -137,7 +137,7 @@
"dependsOn" : [ ]
},
{
"ref" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.5.Final",
"ref" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.7.Final",
"dependsOn" : [ ]
},
{
Expand All @@ -149,7 +149,7 @@
"dependsOn" : [ ]
},
{
"ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final",
"ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.7.Final",
"dependsOn" : [ ]
},
{
Expand Down

0 comments on commit c62928b

Please sign in to comment.