Skip to content

Commit

Permalink
fix code structure consistency
Browse files Browse the repository at this point in the history 
Signed-off-by: Hervé Boutemy <hboutemy@apache.org>
  • Loading branch information
@hboutemy
hboutemy committed Mar 15, 2023
1 parent f2467e7 commit bbaa81e
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 15 deletions.
29 changes: 15 additions & 14 deletions src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@
import org.cyclonedx.model.Component;
import org.cyclonedx.model.Dependency;
import org.cyclonedx.model.Metadata;
import org.cyclonedx.model.Component.Scope;
import org.cyclonedx.parsers.JsonParser;
import org.cyclonedx.parsers.Parser;
import org.cyclonedx.parsers.XmlParser;
Expand Down Expand Up @@ -263,31 +262,33 @@ public void execute() throws MojoExecutionException {
if (includeTestScope) scopes.add("test");

final Metadata metadata = modelConverter.convert(project, analysis + " " + String.join("+", scopes), projectType, schemaVersion(), includeLicenseText);

final Component rootComponent = metadata.getComponent();
final String rootBomRef = projectIdentities.get(rootComponent.getPurl());
if (rootBomRef != null) {
componentMap.remove(rootBomRef);
metadata.getComponent().setBomRef(rootBomRef);
}

projectDependenciesConverter.cleanupBomDependencies(metadata, componentMap, dependencyMap);

generateBom(analysis, metadata, componentMap, dependencyMap);
generateBom(analysis, metadata, new ArrayList<>(componentMap.values()), new ArrayList<>(dependencyMap.values()));
}
}

private void generateBom(String analysis, Metadata metadata, Map<String, Component> components, Map<String, Dependency> dependencies) throws MojoExecutionException {
private void generateBom(String analysis, Metadata metadata, List<Component> components, List<Dependency> dependencies) throws MojoExecutionException {
try {
getLog().info(String.format(MESSAGE_CREATING_BOM, schemaVersion, components.size()));
final Bom bom = new Bom();
bom.setComponents(new ArrayList<>(components.values()));
bom.setComponents(components);

if (schemaVersion().getVersion() >= 1.1 && includeBomSerialNumber) {
bom.setSerialNumber("urn:uuid:" + UUID.randomUUID());
}

if (schemaVersion().getVersion() >= 1.2) {
bom.setMetadata(metadata);
bom.setDependencies(new ArrayList<>(dependencies.values()));
bom.setDependencies(dependencies);
}

/*if (schemaVersion().getVersion() >= 1.3) {
Expand Down Expand Up @@ -395,7 +396,7 @@ protected void populateComponents(final Map<String, Component> components, final
final String purl = generatePackageUrl(artifact);
final String identity = purlToIdentity.get(purl);
if (identity != null) {
final Scope artifactScope = (dependencyAnalysis != null ? inferComponentScope(artifact, dependencyAnalysis) : null);
final Component.Scope artifactScope = (dependencyAnalysis != null ? inferComponentScope(artifact, dependencyAnalysis) : null);
final Component component = components.get(identity);
if (component == null) {
final Component newComponent = convert(artifact);
Expand All @@ -410,12 +411,12 @@ protected void populateComponents(final Map<String, Component> components, final
}

/**
* Infer BOM component scope based on Maven project dependency analysis.
* Infer BOM component scope (required/optional/excluded) based on Maven project dependency analysis.
*
* @param artifact Artifact from maven project
* @param projectDependencyAnalysis Maven Project Dependency Analysis data
*
* @return Component.Scope - Required: If the component is used (as detected by project dependency analysis). Optional: If it is unused
* @return Component.Scope - REQUIRED: If the component is used (as detected by project dependency analysis). OPTIONAL: If it is unused
*/
protected Component.Scope inferComponentScope(Artifact artifact, ProjectDependencyAnalysis projectDependencyAnalysis) {
if (projectDependencyAnalysis == null) {
Expand All @@ -440,22 +441,22 @@ protected Component.Scope inferComponentScope(Artifact artifact, ProjectDependen
return null;
}

private Scope mergeScopes(final Scope existing, final Scope project) {
private Component.Scope mergeScopes(final Component.Scope existing, final Component.Scope project) {
// If scope is null we don't know anything about the artifact, so we assume it's not optional.
// This is likely a result of the dependency analysis part being unable to run.
final Scope merged;
final Component.Scope merged;
if (existing == null) {
merged = (project == Scope.REQUIRED ? Scope.REQUIRED : null);
merged = (project == Component.Scope.REQUIRED ? Component.Scope.REQUIRED : null);
} else {
switch (existing) {
case REQUIRED:
merged = Scope.REQUIRED;
merged = Component.Scope.REQUIRED;
break;
case OPTIONAL:
merged = (project == Scope.REQUIRED || project == null ? project : existing);
merged = (project == Component.Scope.REQUIRED || project == null ? project : existing);
break;
case EXCLUDED:
merged = (project != Scope.EXCLUDED ? project : Scope.EXCLUDED);
merged = (project != Component.Scope.EXCLUDED ? project : Component.Scope.EXCLUDED);
break;
default:
merged = project;
Expand Down
1 change: 1 addition & 0 deletions src/main/java/org/cyclonedx/maven/CycloneDxMojo.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,7 @@ protected String extractComponentsAndDependencies(final Map<String, Component> c
projectIdentities.put(projectBomComponent.getPurl(), projectBomComponent.getBomRef());

populateComponents(components, getProject().getArtifacts(), projectPUrlToIdentity, doProjectDependencyAnalysis(getProject()));

dependencies.putAll(projectDependencies);

return "makeBom";
Expand Down
1 change: 1 addition & 0 deletions src/main/java/org/cyclonedx/maven/CycloneDxPackageMojo.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ protected String extractComponentsAndDependencies(Map<String, Component> compone
projectIdentities.put(projectBomComponent.getPurl(), projectBomComponent.getBomRef());

populateComponents(components, mavenProject.getArtifacts(), projectPUrlToIdentity, null);

dependencies.putAll(projectDependencies);
}

Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/cyclonedx/maven/ProjectDependenciesConverter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ public interface ProjectDependenciesConverter {
* The map will be modified to reflect the distinct names, with references and the map keys
* being updated.
*/
void normalizeDependencies(final CycloneDxSchema.Version schemaVersion, final Map<String, Dependency> dependencies, final Map<String, String> purlToIdentity) ;
void normalizeDependencies(CycloneDxSchema.Version schemaVersion, Map<String, Dependency> dependencies, Map<String, String> purlToIdentity) ;

/**
* Check consistency between BOM components and BOM dependencies, and cleanup: drop components found while walking the
Expand Down

0 comments on commit bbaa81e

Please sign in to comment.