From 4c77122a533aa8d2bbb1a485befb5d44f1a760a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9=20Boutemy?= Date: Thu, 20 Jun 2024 22:39:47 +0200 Subject: [PATCH] replace CDX 1.5 deprecated tool MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fixes #487 Signed-off-by: Hervé Boutemy --- .../maven/DefaultModelConverter.java | 40 ++++++++++++++----- .../cyclonedx/maven/Issue314OptionalTest.java | 11 ++--- .../java/org/cyclonedx/maven/TestUtils.java | 2 +- 3 files changed, 36 insertions(+), 17 deletions(-) diff --git a/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java b/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java index 2d28c5fb..7799f55d 100644 --- a/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java +++ b/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java @@ -35,10 +35,12 @@ import org.cyclonedx.CycloneDxSchema; import org.cyclonedx.model.Component; import org.cyclonedx.model.ExternalReference; +import org.cyclonedx.model.Hash; import org.cyclonedx.model.License; import org.cyclonedx.model.LicenseChoice; import org.cyclonedx.model.Metadata; import org.cyclonedx.model.Tool; +import org.cyclonedx.model.metadata.ToolInformation; import org.cyclonedx.util.BomUtils; import org.cyclonedx.util.LicenseResolver; import org.eclipse.aether.artifact.ArtifactProperties; @@ -53,6 +55,7 @@ import java.net.URI; import java.net.URISyntaxException; import java.util.Arrays; +import java.util.Collections; import java.util.List; import java.util.Properties; import java.util.TreeMap; @@ -342,23 +345,44 @@ else if (licenseChoiceToResolve.getExpression() != null && CycloneDxSchema.Versi @Override public Metadata convertMavenProject(final MavenProject project, String projectType, CycloneDxSchema.Version schemaVersion, boolean includeLicenseText, ExternalReference[] externalReferences) { - final Tool tool = new Tool(); + final Metadata metadata = new Metadata(); + + // prepare properties and hash values from the current mojo final Properties properties = readPluginProperties(); - tool.setVendor(properties.getProperty("vendor")); - tool.setName(properties.getProperty("name")); - tool.setVersion(properties.getProperty("version")); - // Attempt to add hash values from the current mojo + List hashes = null; final Artifact self = new DefaultArtifact(properties.getProperty("groupId"), properties.getProperty("artifactId"), properties.getProperty("version"), Artifact.SCOPE_COMPILE, "jar", null, new DefaultArtifactHandler()); final Artifact resolved = session.getLocalRepository().find(self); if (resolved != null) { try { resolved.setFile(new File(resolved.getFile() + ".jar")); - tool.setHashes(BomUtils.calculateHashes(resolved.getFile(), schemaVersion)); + hashes = BomUtils.calculateHashes(resolved.getFile(), schemaVersion); } catch (IOException e) { logger.warn("Unable to calculate hashes of self", e); } } + if (schemaVersion.compareTo(CycloneDxSchema.Version.VERSION_15) < 0) { + // CycloneDX up to 1.4+ use metadata.tools.tool + final Tool tool = new Tool(); + tool.setVendor(properties.getProperty("vendor")); + tool.setName(properties.getProperty("name")); + tool.setVersion(properties.getProperty("version")); + tool.setHashes(hashes); + metadata.addTool(tool); + } else { + // CycloneDX 1.5+: use metadata.tools.component + ToolInformation toolInfo = new ToolInformation(); + Component toolComponent = new Component(); + toolComponent.setType(Component.Type.LIBRARY); + toolComponent.setGroup(properties.getProperty("groupId")); + toolComponent.setName(properties.getProperty("artifactId")); + toolComponent.setVersion(properties.getProperty("version")); + toolComponent.setDescription(properties.getProperty("name")); + toolComponent.setAuthor(properties.getProperty("vendor")); + toolComponent.setHashes(hashes); + toolInfo.setComponents(Collections.singletonList(toolComponent)); + metadata.setToolChoice(toolInfo); + } final Component component = new Component(); component.setGroup(project.getGroupId()); @@ -369,10 +393,8 @@ public Metadata convertMavenProject(final MavenProject project, String projectTy component.setBomRef(component.getPurl()); setExternalReferences(component, externalReferences); extractComponentMetadata(project, component, schemaVersion, includeLicenseText); - - final Metadata metadata = new Metadata(); - metadata.addTool(tool); metadata.setComponent(component); + return metadata; } diff --git a/src/test/java/org/cyclonedx/maven/Issue314OptionalTest.java b/src/test/java/org/cyclonedx/maven/Issue314OptionalTest.java index ae04756c..ede58f91 100644 --- a/src/test/java/org/cyclonedx/maven/Issue314OptionalTest.java +++ b/src/test/java/org/cyclonedx/maven/Issue314OptionalTest.java @@ -16,7 +16,6 @@ import org.junit.runner.RunWith; import org.w3c.dom.Document; import org.w3c.dom.Element; -import org.w3c.dom.NodeList; import io.takari.maven.testing.executor.MavenRuntime.MavenRuntimeBuilder; import io.takari.maven.testing.executor.MavenVersions; @@ -52,9 +51,8 @@ public void testBytecodeDependencyTree() throws Exception { final Document bom = readXML(new File(projDir, "dependency_A/target/bom.xml")); - final NodeList componentsList = bom.getElementsByTagName("components"); - assertEquals("Expected a single components element", 1, componentsList.getLength()); - final Element components = (Element)componentsList.item(0); + final Element components = getElement(getElement(bom, "bom"), "components"); + assertNotNull("bom is missing components", components); final Element componentBNode = getComponentNode(components, ISSUE_314_DEPENDENCY_B); final Element componentBScope = getElement(componentBNode, "scope"); @@ -92,9 +90,8 @@ public void testMavenOptionalDependencyTree() throws Exception { final Document bom = readXML(new File(projDir, "dependency_A/target/bom.xml")); - final NodeList componentsList = bom.getElementsByTagName("components"); - assertEquals("Expected a single components element", 1, componentsList.getLength()); - final Element components = (Element)componentsList.item(0); + final Element components = getElement(getElement(bom, "bom"), "components"); + assertNotNull("bom is missing components", components); final Element componentBNode = getComponentNode(components, ISSUE_314_DEPENDENCY_B); final Element componentBScope = getElement(componentBNode, "scope"); diff --git a/src/test/java/org/cyclonedx/maven/TestUtils.java b/src/test/java/org/cyclonedx/maven/TestUtils.java index 0f6cc2e7..837155de 100644 --- a/src/test/java/org/cyclonedx/maven/TestUtils.java +++ b/src/test/java/org/cyclonedx/maven/TestUtils.java @@ -16,7 +16,7 @@ import org.xml.sax.SAXException; class TestUtils { - static Element getElement(final Element parent, final String elementName) throws Exception { + static Element getElement(final Node parent, final String elementName) throws Exception { Element element = null; Node child = parent.getFirstChild(); while (child != null) {