fix: add and fix missing configurations for gradle ca (#108)

## Description Retrofits RHEcosystemAppEng/exhort-javascript-api#144 to exhort-java-api Fixes: https://issues.redhat.com/browse/TC-1557 ## Checklist - [x] I have followed this repository's contributing guidelines. - [x] I will adhere to the project's code of conduct. --------- Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
RHEcosystemAppEng · Jul 29, 2024 · 0987947 · 0987947
1 parent 1146394
commit 0987947
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 25 deletions.
diff --git a/src/main/java/com/redhat/exhort/providers/GradleProvider.java b/src/main/java/com/redhat/exhort/providers/GradleProvider.java
@@ -29,10 +29,7 @@
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 import java.util.function.Consumer;
 import java.util.logging.Logger;
 import java.util.regex.Matcher;
@@ -49,6 +46,9 @@
  */
 public final class GradleProvider extends BaseJavaProvider {
 
+  public static final String[] COMPONENT_ANALYSIS_CONFIGURATIONS = {
+    "api", "implementation", "compileOnlyApi", "compileOnly", "runtimeOnly"
+  };
   private Logger log = LoggersFactory.getLogger(this.getClass().getName());
 
   public GradleProvider() {
@@ -67,7 +67,7 @@ public Content provideStack(final Path manifestPath) throws IOException {
     }
     Map<String, String> propertiesMap = extractProperties(manifestPath);
 
-    var sbom = buildSbomFromTextFormat(tempFile, propertiesMap, "runtimeClasspath");
+    var sbom = buildSbomFromTextFormat(tempFile, propertiesMap, new String[] {"runtimeClasspath"});
     var ignored = getIgnoredDeps(manifestPath);
 
     return new Content(
@@ -241,14 +241,20 @@ private Path getProperties(Path manifestPath) throws IOException {
   }
 
   private Sbom buildSbomFromTextFormat(
-      Path textFormatFile, Map<String, String> propertiesMap, String configName)
+      Path textFormatFile, Map<String, String> propertiesMap, String[] configNames)
       throws IOException {
     var sbom = SbomFactory.newInstance(Sbom.BelongingCondition.PURL, "sensitive");
     String root = getRoot(textFormatFile, propertiesMap);
 
     var rootPurl = parseDep(root);
     sbom.addRoot(rootPurl);
-    List<String> lines = extractLines(textFormatFile, configName);
+    List<String> lines = new ArrayList<>();
+
+    for (String configName : configNames) {
+      List<String> deps = extractLines(textFormatFile, configName);
+      lines.addAll(deps);
+    }
+
     List<String> arrayForSbom = new ArrayList<>();
 
     for (String line : lines) {
@@ -263,7 +269,7 @@ private Sbom buildSbomFromTextFormat(
       }
     }
     // remove duplicates for component analysis
-    if (List.of("api", "implementation", "compileOnly").contains(configName)) {
+    if (Arrays.equals(configNames, COMPONENT_ANALYSIS_CONFIGURATIONS)) {
       removeDuplicateIfExists(arrayForSbom, textFormatFile);
       arrayForSbom = performManifestVersionsCheck(arrayForSbom, textFormatFile);
     }
@@ -467,20 +473,11 @@ public Content provideComponent(Path manifestPath) throws IOException {
     Path tempFile = getDependencies(manifestPath);
     Map<String, String> propertiesMap = extractProperties(manifestPath);
 
-    String[] configurationNames = {"api", "implementation", "compileOnly", "runtimeOnly"};
+    String[] configurationNames = COMPONENT_ANALYSIS_CONFIGURATIONS;
 
     String configName = null;
-    for (String configurationName : configurationNames) {
-      List<String> directDependencies = extractLines(tempFile, configurationName);
-
-      // Check if dependencies are found for the current configuration
-      if (!directDependencies.isEmpty()) {
-        configName = configurationName;
-        break;
-      }
-    }
 
-    var sbom = buildSbomFromTextFormat(tempFile, propertiesMap, configName);
+    var sbom = buildSbomFromTextFormat(tempFile, propertiesMap, configurationNames);
     var ignored = getIgnoredDeps(manifestPath);
 
     return new Content(

diff --git a/...st/resources/tst_manifests/gradle/deps_with_ignore_notations/expected_component_sbom.json b/...st/resources/tst_manifests/gradle/deps_with_ignore_notations/expected_component_sbom.json
@@ -3,7 +3,7 @@
   "specVersion" : "1.4",
   "version" : 1,
   "metadata" : {
-    "timestamp" : "2024-04-02T23:13:52Z",
+    "timestamp" : "2024-07-29T07:49:36Z",
     "component" : {
       "group" : "org.acme.dbaas",
       "name" : "postgresql-orm-quarkus",
@@ -93,6 +93,14 @@
       "purl" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final",
       "type" : "library",
       "bom-ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final"
+    },
+    {
+      "group" : "io.quarkus",
+      "name" : "quarkus-hibernate-orm-deployment",
+      "version" : "2.0.2.Final",
+      "purl" : "pkg:maven/io.quarkus/quarkus-hibernate-orm-deployment@2.0.2.Final",
+      "type" : "library",
+      "bom-ref" : "pkg:maven/io.quarkus/quarkus-hibernate-orm-deployment@2.0.2.Final"
     }
   ],
   "dependencies" : [
@@ -107,7 +115,8 @@
         "pkg:maven/io.quarkus/quarkus-kubernetes-service-binding@2.13.5.Final",
         "pkg:maven/io.quarkus/quarkus-container-image-docker@2.13.5.Final",
         "pkg:maven/jakarta.validation/jakarta.validation-api@2.0.2",
-        "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final"
+        "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final",
+        "pkg:maven/io.quarkus/quarkus-hibernate-orm-deployment@2.0.2.Final"
       ]
     },
     {
@@ -145,6 +154,10 @@
     {
       "ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final",
       "dependsOn" : [ ]
+    },
+    {
+      "ref" : "pkg:maven/io.quarkus/quarkus-hibernate-orm-deployment@2.0.2.Final",
+      "dependsOn" : [ ]
     }
   ]
-}
+}
diff --git a/...ources/tst_manifests/gradle/deps_with_no_ignore_common_paths/expected_component_sbom.json b/...ources/tst_manifests/gradle/deps_with_no_ignore_common_paths/expected_component_sbom.json
@@ -3,7 +3,7 @@
   "specVersion" : "1.4",
   "version" : 1,
   "metadata" : {
-    "timestamp" : "2024-04-02T23:16:00Z",
+    "timestamp" : "2024-07-29T07:58:24Z",
     "component" : {
       "group" : "org.acme.dbaas",
       "name" : "postgresql-orm-quarkus",
@@ -93,6 +93,14 @@
       "purl" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final",
       "type" : "library",
       "bom-ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final"
+    },
+    {
+      "group" : "io.quarkus",
+      "name" : "quarkus-hibernate-orm-deployment",
+      "version" : "2.0.2.Final",
+      "purl" : "pkg:maven/io.quarkus/quarkus-hibernate-orm-deployment@2.0.2.Final",
+      "type" : "library",
+      "bom-ref" : "pkg:maven/io.quarkus/quarkus-hibernate-orm-deployment@2.0.2.Final"
     }
   ],
   "dependencies" : [
@@ -107,7 +115,8 @@
         "pkg:maven/io.quarkus/quarkus-kubernetes-service-binding@2.13.5.Final",
         "pkg:maven/io.quarkus/quarkus-container-image-docker@2.13.5.Final",
         "pkg:maven/jakarta.validation/jakarta.validation-api@2.0.2",
-        "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final"
+        "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final",
+        "pkg:maven/io.quarkus/quarkus-hibernate-orm-deployment@2.0.2.Final"
       ]
     },
     {
@@ -145,6 +154,10 @@
     {
       "ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final",
       "dependsOn" : [ ]
+    },
+    {
+      "ref" : "pkg:maven/io.quarkus/quarkus-hibernate-orm-deployment@2.0.2.Final",
+      "dependsOn" : [ ]
     }
   ]
-}
+}