Capture the java namespaces in deep mode under properties

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
CycloneDX · Oct 2, 2023 · 81a084d · 81a084d
1 parent 2ebf793
commit 81a084d
Show file tree

Hide file tree

Showing 9 changed files with 309 additions and 113 deletions.
diff --git a/ci/Dockerfile b/ci/Dockerfile
@@ -17,11 +17,10 @@ ARG SWIFT_BRANCH=swift-5.8-release
 ARG SWIFT_VERSION=swift-5.8-RELEASE
 ARG SWIFT_WEBROOT=https://download.swift.org
 ARG JAVA_VERSION=20.0.2-graalce
-ARG SBT_VERSION=1.9.3
-ARG MAVEN_VERSION=3.9.3
-ARG GRADLE_VERSION=8.2.1
-ARG GO_VERSION=1.20.6
-ARG CLJ_VERSION=1.11.1.1347
+ARG SBT_VERSION=1.9.6
+ARG MAVEN_VERSION=3.9.4
+ARG GRADLE_VERSION=8.3
+ARG GO_VERSION=1.21.1
 
 ENV GOPATH=/opt/app-root/go \
     JAVA_VERSION=$JAVA_VERSION \
@@ -111,9 +110,9 @@ RUN set -e; \
     && chmod +x lein \
     && mv lein /usr/local/bin/ \
     && /usr/local/bin/lein \
-    && curl -O https://download.clojure.org/install/linux-install-$CLJ_VERSION.sh \
-    && chmod +x linux-install-$CLJ_VERSION.sh \
-    && sudo ./linux-install-$CLJ_VERSION.sh \
+    && curl -L -O https://github.com/clojure/brew-install/releases/latest/download/linux-install.sh \
+    && chmod +x linux-install.sh \
+    && sudo ./linux-install.sh \
     && useradd -ms /bin/bash cyclonedx \
     && npm install --unsafe-perm -g @microsoft/rush --omit=dev \
     && pecl channel-update pecl.php.net \

diff --git a/ci/Dockerfile-deno b/ci/Dockerfile-deno
@@ -17,11 +17,10 @@ ARG SWIFT_BRANCH=swift-5.8-release
 ARG SWIFT_VERSION=swift-5.8-RELEASE
 ARG SWIFT_WEBROOT=https://download.swift.org
 ARG JAVA_VERSION=20.0.2-graalce
-ARG SBT_VERSION=1.9.3
-ARG MAVEN_VERSION=3.9.3
-ARG GRADLE_VERSION=8.2.1
-ARG GO_VERSION=1.20.6
-ARG CLJ_VERSION=1.11.1.1347
+ARG SBT_VERSION=1.9.6
+ARG MAVEN_VERSION=3.9.4
+ARG GRADLE_VERSION=8.3
+ARG GO_VERSION=1.21.1
 
 ENV GOPATH=/opt/app-root/go \
     JAVA_VERSION=$JAVA_VERSION \
@@ -114,9 +113,9 @@ RUN set -e; \
     && chmod +x lein \
     && mv lein /usr/local/bin/ \
     && /usr/local/bin/lein \
-    && curl -O https://download.clojure.org/install/linux-install-$CLJ_VERSION.sh \
-    && chmod +x linux-install-$CLJ_VERSION.sh \
-    && sudo ./linux-install-$CLJ_VERSION.sh \
+    && curl -L -O https://github.com/clojure/brew-install/releases/latest/download/linux-install.sh \
+    && chmod +x linux-install.sh \
+    && sudo ./linux-install.sh \
     && useradd -ms /bin/bash cyclonedx \
     && pecl channel-update pecl.php.net \
     && pecl install timezonedb \

diff --git a/ci/Dockerfile-ppc64 b/ci/Dockerfile-ppc64
@@ -11,11 +11,10 @@ LABEL maintainer="cyclonedx" \
       org.opencontainers.image.description="Container image for cyclonedx cdxgen SBoM generator" \
       org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-ppc64 -r /app --server"
 
-ARG SBT_VERSION=1.9.3
-ARG MAVEN_VERSION=3.9.3
-ARG GRADLE_VERSION=8.2.1
-ARG GO_VERSION=1.20.6
-ARG CLJ_VERSION=1.11.1.1347
+ARG SBT_VERSION=1.9.6
+ARG MAVEN_VERSION=3.9.4
+ARG GRADLE_VERSION=8.3
+ARG GO_VERSION=1.21.1
 
 ENV GOPATH=/opt/app-root/go \
     SBT_VERSION=$SBT_VERSION \
@@ -90,9 +89,9 @@ RUN set -e; \
     && chmod +x lein \
     && mv lein /usr/local/bin/ \
     && /usr/local/bin/lein \
-    && curl -O https://download.clojure.org/install/linux-install-$CLJ_VERSION.sh \
-    && chmod +x linux-install-$CLJ_VERSION.sh \
-    && sudo ./linux-install-$CLJ_VERSION.sh \
+    && curl -L -O https://github.com/clojure/brew-install/releases/latest/download/linux-install.sh \
+    && chmod +x linux-install.sh \
+    && sudo ./linux-install.sh \
     && useradd -ms /bin/bash cyclonedx \
     && npm install --unsafe-perm -g @microsoft/rush --omit=dev \
     && pecl channel-update pecl.php.net \

diff --git a/index.js b/index.js
@@ -1127,17 +1127,11 @@ export const createJavaBom = async (path, options) => {
         console.log(`Retrieving packages from ${path}`);
       }
       const tempDir = mkdtempSync(join(tmpdir(), "war-deps-"));
-      pkgList = extractJarArchive(path, tempDir);
+      jarNSMapping = collectJarNS(tempDir);
+      pkgList = extractJarArchive(path, tempDir, jarNSMapping);
       if (pkgList.length) {
         pkgList = await getMvnMetadata(pkgList);
       }
-      // Should we attempt to resolve class names
-      if (options.resolveClass) {
-        console.log(
-          "Creating class names list based on available jars. This might take a few mins ..."
-        );
-        jarNSMapping = collectJarNS(tempDir);
-      }
       // Clean up
       if (tempDir && tempDir.startsWith(tmpdir()) && rmSync) {
         console.log(`Cleaning up ${tempDir}`);
@@ -1192,7 +1186,7 @@ export const createJavaBom = async (path, options) => {
         }
         const mavenCmd = getMavenCommand(basePath, path);
         // Should we attempt to resolve class names
-        if (options.resolveClass) {
+        if (options.resolveClass || options.deep) {
           console.log(
             "Creating class names list based on available jars. This might take a few mins ..."
           );
@@ -1351,7 +1345,7 @@ export const createJavaBom = async (path, options) => {
       }
       if (pkgList) {
         pkgList = trimComponents(pkgList, "json");
-        pkgList = await getMvnMetadata(pkgList);
+        pkgList = await getMvnMetadata(pkgList, jarNSMapping);
         return buildBomNSData(options, pkgList, "maven", {
           src: path,
           filename: pomFiles.join(", "),
@@ -1551,15 +1545,14 @@ export const createJavaBom = async (path, options) => {
         );
         options.failOnError && process.exit(1);
       }
-
-      pkgList = await getMvnMetadata(pkgList);
       // Should we attempt to resolve class names
-      if (options.resolveClass) {
+      if (options.resolveClass || options.deep) {
         console.log(
           "Creating class names list based on available jars. This might take a few mins ..."
         );
         jarNSMapping = collectJarNS(GRADLE_CACHE_DIR);
       }
+      pkgList = await getMvnMetadata(pkgList, jarNSMapping);
       return buildBomNSData(options, pkgList, "maven", {
         src: path,
         filename: gradleFiles.join(", "),
@@ -1654,7 +1647,8 @@ export const createJavaBom = async (path, options) => {
             console.log("Bazel unexpectedly didn't produce any output");
             options.failOnError && process.exit(1);
           }
-          pkgList = await getMvnMetadata(pkgList);
+          // FIXME: How do we retrieve jarNSMapping for bazel projects?
+          pkgList = await getMvnMetadata(pkgList, jarNSMapping);
           return buildBomNSData(options, pkgList, "maven", {
             src: path,
             filename: "BUILD",
@@ -1835,14 +1829,14 @@ export const createJavaBom = async (path, options) => {
       if (DEBUG_MODE) {
         console.log(`Found ${pkgList.length} packages`);
       }
-      pkgList = await getMvnMetadata(pkgList);
       // Should we attempt to resolve class names
-      if (options.resolveClass) {
+      if (options.resolveClass || options.deep) {
         console.log(
           "Creating class names list based on available jars. This might take a few mins ..."
         );
         jarNSMapping = collectJarNS(SBT_CACHE_DIR);
       }
+      pkgList = await getMvnMetadata(pkgList, jarNSMapping);
       return buildBomNSData(options, pkgList, "maven", {
         src: path,
         filename: sbtProjects.join(", "),