From d76e887dc686414d51ea25be5e332fb394174bad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9=20Boutemy?= Date: Wed, 6 Dec 2023 02:04:59 +0100 Subject: [PATCH] use metadata properties in UUID #420 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Hervé Boutemy --- src/it/makeBom/verify.groovy | 1 - .../org/cyclonedx/maven/BaseCycloneDxMojo.java | 17 +++++++++++++---- .../java/org/cyclonedx/maven/Issue420Test.java | 6 ++---- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/src/it/makeBom/verify.groovy b/src/it/makeBom/verify.groovy index 28f59f0e..4f548021 100644 --- a/src/it/makeBom/verify.groovy +++ b/src/it/makeBom/verify.groovy @@ -9,7 +9,6 @@ assert bomFileXml.text.contains('https://github.c assert !bomFileXml.text.contains('') // Reproducible Builds -assert !bomFileJson.text.contains('"serialNumber"') assert !bomFileJson.text.contains('"timestamp"') assert bomFileJson.text.contains('"name" : "cdx:reproducible",') assert bomFileJson.text.contains('"value" : "enabled"') diff --git a/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java b/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java index c0c44744..34ba8a08 100644 --- a/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java +++ b/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java @@ -341,7 +341,7 @@ private void generateBom(String analysis, Metadata metadata, List com } if (schemaVersion().getVersion() >= 1.1 && includeBomSerialNumber) { - String serialNumber = generateSerialNumber(); + String serialNumber = generateSerialNumber(metadata.getProperties()); bom.setSerialNumber(serialNumber); } @@ -371,9 +371,18 @@ private void generateBom(String analysis, Metadata metadata, List com } } - private String generateSerialNumber() { - String seed = String.format("%s:%s:%s", project.getGroupId(), project.getArtifactId(), project.getVersion()); - UUID uuid = UUID.nameUUIDFromBytes(seed.getBytes(StandardCharsets.UTF_8)); + private String generateSerialNumber(List properties) { + String gav = String.format("%s:%s:%s", project.getGroupId(), project.getArtifactId(), project.getVersion()); + StringBuilder sb = new StringBuilder(gav); + if (properties != null) { + for(Property prop: properties) { + sb.append(';'); + sb.append(prop.getName()); + sb.append('='); + sb.append(prop.getValue()); + } + } + UUID uuid = UUID.nameUUIDFromBytes(sb.toString().getBytes(StandardCharsets.UTF_8)); return String.format("urn:uuid:%s", uuid); } diff --git a/src/test/java/org/cyclonedx/maven/Issue420Test.java b/src/test/java/org/cyclonedx/maven/Issue420Test.java index a4d8b14d..9638dcd4 100644 --- a/src/test/java/org/cyclonedx/maven/Issue420Test.java +++ b/src/test/java/org/cyclonedx/maven/Issue420Test.java @@ -22,15 +22,13 @@ @MavenVersions({"3.6.3"}) public class Issue420Test extends BaseMavenVerifier { - private static final String SERIAL_NUMBER = "urn:uuid:f1a73cb3-dab9-3592-a2a9-825cf9eab862"; - public Issue420Test(MavenRuntimeBuilder runtimeBuilder) throws Exception { super(runtimeBuilder); } @Test public void testDefaults() throws Exception { - test(new String[0], SERIAL_NUMBER); + test(new String[0], "urn:uuid:af111a48-2091-3e2e-ad2e-60b1975b651d"); } @Test @@ -40,7 +38,7 @@ public void testDefaultsWhenSerialNumberIsDisabled() throws Exception { @Test public void testWhenOutputTimestampIsSet() throws Exception { - test(new String[]{"-Dproject.build.outputTimestamp=2023-11-08T00:00:00Z"}, SERIAL_NUMBER); + test(new String[]{"-Dproject.build.outputTimestamp=2023-11-08T00:00:00Z"}, "urn:uuid:3e383c4c-ef61-3eba-8214-3ecd46c4bbee"); } @Test