Improved detection for standalone jar files (#652)

if group is empty use name as group try to fetch metadata from maven (including licence information) Signed-off-by: Nikemare <102925451+Nikemare@users.noreply.github.com>
CycloneDX · Oct 20, 2023 · 3aa81b5 · 3aa81b5
1 parent 439f871
commit 3aa81b5
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 12 deletions.
diff --git a/index.js b/index.js
@@ -1053,7 +1053,7 @@ const buildBomNSData = (options, pkgInfo, ptype, context) => {
  * @param path to the project
  * @param options Parse options from the cli
  */
-export const createJarBom = (path, options) => {
+export const createJarBom = async (path, options) => {
   let pkgList = [];
   let jarFiles = [];
   let nsMapping = {};
@@ -1094,6 +1094,9 @@ export const createJarBom = (path, options) => {
       if (dlist && dlist.length) {
         pkgList = pkgList.concat(dlist);
       }
+      if (pkgList.length) {
+        pkgList = await getMvnMetadata(pkgList);
+      }
     }
     // Clean up
     if (tempDir && tempDir.startsWith(tmpdir()) && rmSync) {
@@ -4729,7 +4732,7 @@ export const createMultiXBom = async (pathList, options) => {
     }
     // Jar scanning is enabled by default
     // See #330
-    bomData = createJarBom(path, options);
+    bomData = await createJarBom(path, options);
     if (
       bomData &&
       bomData.bomJson &&
@@ -4755,7 +4758,7 @@ export const createMultiXBom = async (pathList, options) => {
     }
   } // for
   if (options.lastWorkingDir && options.lastWorkingDir !== "") {
-    bomData = createJarBom(options.lastWorkingDir, options);
+    bomData = await createJarBom(options.lastWorkingDir, options);
     if (
       bomData &&
       bomData.bomJson &&
@@ -5229,20 +5232,20 @@ export const createBom = async (path, options) => {
     case "sbt":
       return await createJavaBom(path, options);
     case "jar":
-      return createJarBom(path, options);
+      return await createJarBom(path, options);
     case "gradle-index":
     case "gradle-cache":
       options.useGradleCache = true;
-      return createJarBom(GRADLE_CACHE_DIR, options);
+      return await createJarBom(GRADLE_CACHE_DIR, options);
     case "sbt-index":
     case "sbt-cache":
       options.useSbtCache = true;
-      return createJarBom(SBT_CACHE_DIR, options);
+      return await createJarBom(SBT_CACHE_DIR, options);
     case "maven-index":
     case "maven-cache":
     case "maven-repo":
       options.useMavenCache = true;
-      return createJarBom(
+      return await createJarBom(
         process.env.MAVEN_CACHE_DIR || join(homedir(), ".m2", "repository"),
         options
       );

diff --git a/utils.js b/utils.js
@@ -6299,11 +6299,8 @@ export const extractJarArchive = function (
             }
           }
           if (name && version) {
-            // If group and name are the same we only need the name
-            if (group == name) {
-              group = "";
-            }
-            group = group === "." ? "" : encodeForPurl(group || "") || "";
+            // if group is empty use name as group
+            group = encodeForPurl(group === "." ? name : group || name) || "";
             let apkg = {
               group,
               name: name ? encodeForPurl(name) : "",