Skip to content

Commit

Permalink
replace CDX 1.5 deprecated tool
Browse files Browse the repository at this point in the history
fixes #487

Signed-off-by: Hervé Boutemy <[email protected]>
  • Loading branch information
hboutemy committed Jun 29, 2024
1 parent 7f34a10 commit 4c77122
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 17 deletions.
40 changes: 31 additions & 9 deletions src/main/java/org/cyclonedx/maven/DefaultModelConverter.java
Original file line number Diff line number Diff line change
Expand Up @@ -35,10 +35,12 @@
import org.cyclonedx.CycloneDxSchema;
import org.cyclonedx.model.Component;
import org.cyclonedx.model.ExternalReference;
import org.cyclonedx.model.Hash;
import org.cyclonedx.model.License;
import org.cyclonedx.model.LicenseChoice;
import org.cyclonedx.model.Metadata;
import org.cyclonedx.model.Tool;
import org.cyclonedx.model.metadata.ToolInformation;
import org.cyclonedx.util.BomUtils;
import org.cyclonedx.util.LicenseResolver;
import org.eclipse.aether.artifact.ArtifactProperties;
Expand All @@ -53,6 +55,7 @@
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Properties;
import java.util.TreeMap;
Expand Down Expand Up @@ -342,23 +345,44 @@ else if (licenseChoiceToResolve.getExpression() != null && CycloneDxSchema.Versi

@Override
public Metadata convertMavenProject(final MavenProject project, String projectType, CycloneDxSchema.Version schemaVersion, boolean includeLicenseText, ExternalReference[] externalReferences) {
final Tool tool = new Tool();
final Metadata metadata = new Metadata();

// prepare properties and hash values from the current mojo
final Properties properties = readPluginProperties();
tool.setVendor(properties.getProperty("vendor"));
tool.setName(properties.getProperty("name"));
tool.setVersion(properties.getProperty("version"));
// Attempt to add hash values from the current mojo
List<Hash> hashes = null;
final Artifact self = new DefaultArtifact(properties.getProperty("groupId"), properties.getProperty("artifactId"),
properties.getProperty("version"), Artifact.SCOPE_COMPILE, "jar", null, new DefaultArtifactHandler());
final Artifact resolved = session.getLocalRepository().find(self);
if (resolved != null) {
try {
resolved.setFile(new File(resolved.getFile() + ".jar"));
tool.setHashes(BomUtils.calculateHashes(resolved.getFile(), schemaVersion));
hashes = BomUtils.calculateHashes(resolved.getFile(), schemaVersion);
} catch (IOException e) {
logger.warn("Unable to calculate hashes of self", e);
}
}
if (schemaVersion.compareTo(CycloneDxSchema.Version.VERSION_15) < 0) {
// CycloneDX up to 1.4+ use metadata.tools.tool
final Tool tool = new Tool();
tool.setVendor(properties.getProperty("vendor"));
tool.setName(properties.getProperty("name"));
tool.setVersion(properties.getProperty("version"));
tool.setHashes(hashes);
metadata.addTool(tool);
} else {
// CycloneDX 1.5+: use metadata.tools.component
ToolInformation toolInfo = new ToolInformation();
Component toolComponent = new Component();
toolComponent.setType(Component.Type.LIBRARY);
toolComponent.setGroup(properties.getProperty("groupId"));
toolComponent.setName(properties.getProperty("artifactId"));
toolComponent.setVersion(properties.getProperty("version"));
toolComponent.setDescription(properties.getProperty("name"));
toolComponent.setAuthor(properties.getProperty("vendor"));
toolComponent.setHashes(hashes);
toolInfo.setComponents(Collections.singletonList(toolComponent));
metadata.setToolChoice(toolInfo);
}

final Component component = new Component();
component.setGroup(project.getGroupId());
Expand All @@ -369,10 +393,8 @@ public Metadata convertMavenProject(final MavenProject project, String projectTy
component.setBomRef(component.getPurl());
setExternalReferences(component, externalReferences);
extractComponentMetadata(project, component, schemaVersion, includeLicenseText);

final Metadata metadata = new Metadata();
metadata.addTool(tool);
metadata.setComponent(component);

return metadata;
}

Expand Down
11 changes: 4 additions & 7 deletions src/test/java/org/cyclonedx/maven/Issue314OptionalTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@
import org.junit.runner.RunWith;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

import io.takari.maven.testing.executor.MavenRuntime.MavenRuntimeBuilder;
import io.takari.maven.testing.executor.MavenVersions;
Expand Down Expand Up @@ -52,9 +51,8 @@ public void testBytecodeDependencyTree() throws Exception {

final Document bom = readXML(new File(projDir, "dependency_A/target/bom.xml"));

final NodeList componentsList = bom.getElementsByTagName("components");
assertEquals("Expected a single components element", 1, componentsList.getLength());
final Element components = (Element)componentsList.item(0);
final Element components = getElement(getElement(bom, "bom"), "components");
assertNotNull("bom is missing components", components);

final Element componentBNode = getComponentNode(components, ISSUE_314_DEPENDENCY_B);
final Element componentBScope = getElement(componentBNode, "scope");
Expand Down Expand Up @@ -92,9 +90,8 @@ public void testMavenOptionalDependencyTree() throws Exception {

final Document bom = readXML(new File(projDir, "dependency_A/target/bom.xml"));

final NodeList componentsList = bom.getElementsByTagName("components");
assertEquals("Expected a single components element", 1, componentsList.getLength());
final Element components = (Element)componentsList.item(0);
final Element components = getElement(getElement(bom, "bom"), "components");
assertNotNull("bom is missing components", components);

final Element componentBNode = getComponentNode(components, ISSUE_314_DEPENDENCY_B);
final Element componentBScope = getElement(componentBNode, "scope");
Expand Down
2 changes: 1 addition & 1 deletion src/test/java/org/cyclonedx/maven/TestUtils.java
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
import org.xml.sax.SAXException;

class TestUtils {
static Element getElement(final Element parent, final String elementName) throws Exception {
static Element getElement(final Node parent, final String elementName) throws Exception {
Element element = null;
Node child = parent.getFirstChild();
while (child != null) {
Expand Down

0 comments on commit 4c77122

Please sign in to comment.