diff --git a/src/main/java/com/redhat/exhort/providers/GradleProvider.java b/src/main/java/com/redhat/exhort/providers/GradleProvider.java index 3b4ae45..c437b28 100644 --- a/src/main/java/com/redhat/exhort/providers/GradleProvider.java +++ b/src/main/java/com/redhat/exhort/providers/GradleProvider.java @@ -263,8 +263,9 @@ private Sbom buildSbomFromTextFormat( } } // remove duplicates for component analysis - if (List.of("api", "implementation", "compile").contains(configName)) { + if (List.of("api", "implementation", "compileOnly").contains(configName)) { removeDuplicateIfExists(arrayForSbom, textFormatFile); + arrayForSbom = performManifestVersionsCheck(arrayForSbom, textFormatFile); } String[] array = arrayForSbom.toArray(new String[0]); @@ -272,6 +273,59 @@ private Sbom buildSbomFromTextFormat( return sbom; } + private List performManifestVersionsCheck(List arrayForSbom, Path textFormatFile) + throws IOException { + + List runtimeClasspathLines = extractLines(textFormatFile, "runtimeClasspath"); + Map runtimeClasspathVersions = parseDependencyVersions(runtimeClasspathLines); + List updatedLines = updateDependencies(arrayForSbom, runtimeClasspathVersions); + + return updatedLines; + } + + private Map parseDependencyVersions(List lines) { + Map dependencyVersions = new HashMap<>(); + + for (String line : lines) { + if (line.contains("->")) { + String[] splitLine = line.split("---"); + if (splitLine.length > 1) { + String dependencyPart = splitLine[1].trim(); + String[] parts = dependencyPart.split("-> "); + // Extract the dependency name (without the version) and the resolved version + String dependency = parts[0].substring(0, parts[0].lastIndexOf(':')).trim(); + String version = parts[1].split(" ")[0].trim(); + dependencyVersions.put(dependency, version); + } + } + } + + return dependencyVersions; + } + + private List updateDependencies( + List lines, Map runtimeClasspathVersions) { + List updatedLines = new ArrayList<>(); + for (String line : lines) { + PackageURL packageURL = parseDep(line); + String[] parts = line.split(":"); + if (parts.length >= 4) { + String dependencyKey = + packageURL.getNamespace() + ":" + packageURL.getName(); // Extract dependency key + if (runtimeClasspathVersions.containsKey(dependencyKey)) { + String newVersion = runtimeClasspathVersions.get(dependencyKey); + parts[3] = newVersion; // Replace version with the resolved version + updatedLines.add(String.join(":", parts)); + } else { + updatedLines.add(line); // Keep the original line if no update is needed + } + } else { + updatedLines.add(line); // Keep the original line if it doesn't match the expected pattern + } + } + return updatedLines; + } + private void removeDuplicateIfExists(List arrayForSbom, Path theContent) { Consumer removeDuplicateFunction = dependency -> { @@ -413,7 +467,7 @@ public Content provideComponent(Path manifestPath) throws IOException { Path tempFile = getDependencies(manifestPath); Map propertiesMap = extractProperties(manifestPath); - String[] configurationNames = {"api", "implementation", "compile"}; + String[] configurationNames = {"api", "implementation", "compileOnly", "runtimeOnly"}; String configName = null; for (String configurationName : configurationNames) { diff --git a/src/main/java/com/redhat/exhort/providers/JavaMavenProvider.java.orig b/src/main/java/com/redhat/exhort/providers/JavaMavenProvider.java.orig deleted file mode 100644 index dd10518..0000000 --- a/src/main/java/com/redhat/exhort/providers/JavaMavenProvider.java.orig +++ /dev/null @@ -1,544 +0,0 @@ -/* - * Copyright © 2023 Red Hat, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.redhat.exhort.providers; - -import java.io.IOException; -import java.nio.file.Files; -import java.nio.file.Path; -import java.time.LocalDateTime; -import java.time.temporal.ChronoUnit; -import java.util.*; -import java.util.logging.Logger; -import java.util.regex.Matcher; -import java.util.regex.Pattern; -import java.util.stream.Collectors; -import java.util.stream.IntStream; - -import javax.xml.stream.XMLInputFactory; -import javax.xml.stream.XMLStreamConstants; -import javax.xml.stream.XMLStreamException; -import javax.xml.stream.XMLStreamReader; - -import com.github.packageurl.MalformedPackageURLException; -import com.github.packageurl.PackageURL; -import com.redhat.exhort.Api; -import com.redhat.exhort.Provider; -import com.redhat.exhort.logging.LoggersFactory; -import com.redhat.exhort.sbom.Sbom; -import com.redhat.exhort.sbom.SbomFactory; -import com.redhat.exhort.tools.Ecosystem; -import com.redhat.exhort.tools.Ecosystem.Type; -import com.redhat.exhort.tools.Operations; - -import static com.redhat.exhort.impl.ExhortApi.debugLoggingIsNeeded; - -/** - * Concrete implementation of the {@link Provider} used for converting dependency trees - * for Java Maven projects (pom.xml) into a content Dot Graphs for Stack analysis or Json for - * Component analysis. - **/ -public final class JavaMavenProvider extends Provider { - - private Logger log = LoggersFactory.getLogger(this.getClass().getName()); - public static void main(String[] args) throws IOException { - JavaMavenProvider javaMavenProvider = new JavaMavenProvider(); - PackageURL packageURL = javaMavenProvider.parseDep("+- org.assertj:assertj-core:jar:3.24.2:test"); - LocalDateTime start = LocalDateTime.now(); - System.out.print(start); - Content content = javaMavenProvider.provideStack(Path.of("/tmp/devfile-sample-java-springboot-basic/pom.xml")); - -// PackageURL packageURL = javaMavenProvider.parseDep("pom-with-deps-no-ignore:pom-with-dependency-not-ignored-common-paths:jar:0.0.1"); -// String report = new String(content.buffer); - System.out.println(new String(content.buffer)); - LocalDateTime end = LocalDateTime.now(); - System.out.print(end); - System.out.print("Total time elapsed = " + start.until(end, ChronoUnit.NANOS)); - - } - public JavaMavenProvider() { - super(Type.MAVEN); - } - - - - @Override - public Content provideStack(final Path manifestPath) throws IOException { - // check for custom mvn executable - var mvn = Operations.getCustomPathOrElse("mvn"); - // clean command used to clean build target - var mvnCleanCmd = new String[]{mvn, "clean", "-f", manifestPath.toString()}; - var mvnEnvs = getMvnExecEnvs(); - // execute the clean command - Operations.runProcess(mvnCleanCmd, mvnEnvs); - // create a temp file for storing the dependency tree in - var tmpFile = Files.createTempFile("exhort_dot_graph_", null); - // the tree command will build the project and create the dependency tree in the temp file - var mvnTreeCmd = new ArrayList() {{ - add(mvn); - add("org.apache.maven.plugins:maven-dependency-plugin:3.6.0:tree"); - add("-Dverbose"); - add("-DoutputType=text"); - add(String.format("-DoutputFile=%s", tmpFile.toString())); - add("-f"); - add(manifestPath.toString()); - }}; - // if we have dependencies marked as ignored, exclude them from the tree command - var ignored = getDependencies(manifestPath).stream() - .filter(d -> d.ignored) - .map(DependencyAggregator::toPurl) - .map(PackageURL::getCoordinates) - .collect(Collectors.toList()); - // execute the tree command - Operations.runProcess(mvnTreeCmd.toArray(String[]::new), mvnEnvs); - if(debugLoggingIsNeeded()) - { - String stackAnalysisDependencyTree = Files.readString(tmpFile); - log.info(String.format("Package Manager Maven Stack Analysis Dependency Tree Output: %s %s",System.lineSeparator(),stackAnalysisDependencyTree)); - } - var sbom = buildSbomFromTextFormat(tmpFile); - // build and return content for constructing request to the backend - // build and return content for constructing request to the backend - return new Content(sbom.filterIgnoredDeps(ignored).getAsJsonString().getBytes(), Api.CYCLONEDX_MEDIA_TYPE); - } - - private Sbom buildSbomFromTextFormat(Path textFormatFile) throws IOException { - var sbom = SbomFactory.newInstance(Sbom.BelongingCondition.PURL,"sensitive"); - List lines = Files.readAllLines(textFormatFile); - var root = lines.get(0); - var rootPurl = parseDep(root); - sbom.addRoot(rootPurl); - lines.remove(0); - String[] array = new String[lines.size()]; - lines.toArray(array); -// createSbomIteratively(lines,sbom); - parseDependencyTree(root, 0 , array, sbom); - return sbom; - } - - private void parseDependencyTree(String src, int srcDepth, String [] lines, Sbom sbom) { - if(lines.length == 0) { - return; - } - if(lines.length == 1 && lines[0].trim().equals("")){ - return; - } - int index = 0; - String target = lines[index]; - int targetDepth = getDepth(target); - while(targetDepth > srcDepth && index < lines.length ) - { - if(targetDepth == srcDepth + 1) { - PackageURL from = parseDep(src); - PackageURL to = parseDep(target); - if(dependencyIsNotTestScope(from) && dependencyIsNotTestScope(to)) { - sbom.addDependency(from, to); - } - } - else { - String[] modifiedLines = Arrays.copyOfRange(lines, index, lines.length); - parseDependencyTree(lines[index-1],getDepth(lines[index-1]),modifiedLines,sbom); - } - if(index< lines.length - 1) { - target = lines[++index]; - targetDepth = getDepth(target); - } - else - { - index++; - } - } - } - - private static boolean dependencyIsNotTestScope(PackageURL artifact) { - return (Objects.nonNull(artifact.getQualifiers()) && !artifact.getQualifiers().get("scope").equals("test")) || Objects.isNull(artifact.getQualifiers()); - } -// private void createSbomIteratively(List lines,Sbom sbom) -// { -// String[] rows = new String[lines.size()]; -// lines.toArray(rows); -// for (String line : lines) { -// -// int depth = getDepth(line); -// PackageURL packageURL = parseDep(line); -// int startSearchExcluding = lines.indexOf(line); -// String[] theLines = Arrays.copyOfRange(rows, startSearchExcluding + 1, lines.size()); -// boolean notCollectedAll= true; -// for (int i = 0; i < theLines.length && notCollectedAll ; i++) { -// int targetDepth = getDepth(theLines[i]); -// PackageURL target; -// if(targetDepth == depth + 1) -// { -// target = parseDep(theLines[i]); -// sbom.addDependency(packageURL,target); -// } -// else if(targetDepth <= depth) -// { -// notCollectedAll = false; -// } -// } -// } -// } - - private int getDepth(String line) { - if(line == null || line.trim().equals("")){ - return -1; - } - - if(line.matches("^\\w.*")) - { - return 0; - } - - return ( (line.indexOf('-') -1 ) / 3) + 1; - } - - public PackageURL parseDep(String dep) { - //root package - DependencyAggregator dependencyAggregator = new DependencyAggregator(); - // in case line in dependency tree text starts with a letter ( for root artifact). - if(dep.matches("^\\w.*")) - { - dependencyAggregator = new DependencyAggregator(); - String[] parts = dep.split(":"); - dependencyAggregator.groupId = parts[0]; - dependencyAggregator.artifactId = parts[1]; - dependencyAggregator.version = parts[3]; - - return dependencyAggregator.toPurl(); - - } - int firstDash = dep.indexOf("-"); - String dependency = dep.substring(++firstDash).trim(); - if(dependency.startsWith("(")) - { - dependency = dependency.substring(1); - } - dependency = dependency.replace(":runtime", ":compile").replace(":provided", ":compile"); - int endIndex = Math.max(dependency.indexOf(":compile"),dependency.indexOf(":test")); - int scopeLength; - if(dependency.indexOf(":compile") > -1) { - scopeLength = ":compile".length(); - } - else { - scopeLength = ":test".length(); - } - dependency = dependency.substring(0,endIndex + scopeLength); - String[] parts = dependency.split(":"); - // contains only GAV + packaging + scope - if(parts.length == 5) - { - dependencyAggregator.groupId = parts[0]; - dependencyAggregator.artifactId= parts[1]; - dependencyAggregator.version = parts[3]; - - String conflictMessage = "omitted for conflict with"; - if (dep.contains(conflictMessage)) - { - dependencyAggregator.version = dep.substring(dep.indexOf(conflictMessage) + conflictMessage.length()).replace(")", "").trim(); - } - } - // In case there are 6 parts, there is also a classifier for artifact (version suffix) - // contains GAV + packaging + classifier + scope - else if(parts.length == 6) - { - dependencyAggregator.groupId = parts[0]; - dependencyAggregator.artifactId= parts[1]; - dependencyAggregator.version = String.format("%s-%s",parts[4],parts[3]); - String conflictMessage = "omitted for conflict with"; - if (dep.contains(conflictMessage)) - { - dependencyAggregator.version = dep.substring(dep.indexOf(conflictMessage) + conflictMessage.length()).replace(")", "").trim(); - } - - } - else{ - throw new RuntimeException(String.format("Cannot parse dependency into PackageUrl from line = \"%s\"",dep)); - } - if(parts[parts.length - 1].matches(".*[a-z]$")) { - dependencyAggregator.scope = parts[parts.length - 1]; - } - else { - int endOfLine = Integer.min(parts[parts.length - 1].indexOf(""), parts[parts.length - 1].indexOf("-")); - dependencyAggregator.scope = parts[parts.length - 1].substring(0, endOfLine).trim(); - } - return dependencyAggregator.toPurl(); - } - - private PackageURL txtPkgToPurl(String dotPkg) { - var parts = dotPkg. - replaceAll("\"", "") - .trim().split(":"); - if(parts.length >= 4) { - try { - return new PackageURL(Ecosystem.Type.MAVEN.getType(), parts[0], parts[1], parts[3], null, null); - } catch (MalformedPackageURLException e) { - throw new IllegalArgumentException("Unable to parse dot package: " + dotPkg, e); - } - } - throw new IllegalArgumentException("Invalid dot package format: " + dotPkg); - } - - @Override - public Content provideComponent(byte[] manifestContent) throws IOException { - // save content in temporary file - var originPom = Files.createTempFile("exhort_orig_pom_", ".xml"); - Files.write(originPom, manifestContent); - // build effective pom command - Content content = generateSbomFromEffectivePom(originPom); - Files.delete(originPom); - return content; - } - - private Content generateSbomFromEffectivePom(Path originPom) throws IOException { - // check for custom mvn executable - var mvn = Operations.getCustomPathOrElse("mvn"); - var tmpEffPom = Files.createTempFile("exhort_eff_pom_", ".xml"); - var mvnEffPomCmd = new String[]{ - mvn, - "clean", - "help:effective-pom", - String.format("-Doutput=%s", tmpEffPom.toString()), - "-f", originPom.toString() - }; - // execute the effective pom command - Operations.runProcess(mvnEffPomCmd, getMvnExecEnvs()); - if(debugLoggingIsNeeded()) - { - String CaEffectivePoM = Files.readString(tmpEffPom); - log.info(String.format("Package Manager Maven Component Analysis Effective POM Output : %s %s",System.lineSeparator(),CaEffectivePoM)); - } - // if we have dependencies marked as ignored grab ignored dependencies from the original pom - // the effective-pom goal doesn't carry comments - List dependencies = getDependencies(originPom); - var ignored = dependencies.stream().filter(d -> d.ignored).map(DependencyAggregator::toPurl).collect(Collectors.toSet()); - var testsDeps = dependencies.stream().filter(DependencyAggregator::isTestDependency).collect(Collectors.toSet()); - var deps = getDependencies(tmpEffPom); - var sbom = SbomFactory.newInstance().addRoot(getRoot(tmpEffPom)); - deps.stream() - .filter(dep -> !testsDeps.contains(dep)) - .map(DependencyAggregator::toPurl) - .filter(dep -> ignored.stream().filter(artifact -> artifact.isCoordinatesEquals(dep)).collect(Collectors.toList()).size() == 0) - .forEach(d -> sbom.addDependency(sbom.getRoot(), d)); - - // build and return content for constructing request to the backend - return new Content(sbom.getAsJsonString().getBytes(), Api.CYCLONEDX_MEDIA_TYPE); - } - - @Override - public Content provideComponent(Path manifestPath) throws IOException { - Content content = generateSbomFromEffectivePom(manifestPath); - return content; - } - - private PackageURL getRoot(final Path manifestPath) throws IOException { - XMLStreamReader reader = null; - try { - reader = XMLInputFactory.newInstance().createXMLStreamReader(Files.newInputStream(manifestPath)); - DependencyAggregator dependencyAggregator = null; - boolean isRoot = false; - while (reader.hasNext()) { - reader.next(); // get the next event - if (reader.isStartElement() && "project".equals(reader.getLocalName())) { - isRoot = true; - dependencyAggregator = new DependencyAggregator(); - continue; - } - if (!Objects.isNull(dependencyAggregator)) { - if (reader.isStartElement()) { - switch (reader.getLocalName()) { - case "groupId": // starting "groupId" tag, get next event and set to aggregator - reader.next(); - dependencyAggregator.groupId = reader.getText(); - break; - case "artifactId": // starting "artifactId" tag, get next event and set to aggregator - reader.next(); - dependencyAggregator.artifactId = reader.getText(); - break; - case "version": // starting "version" tag, get next event and set to aggregator - reader.next(); - dependencyAggregator.version = reader.getText(); - break; - } - } - if (isRoot && dependencyAggregator.isValid()) { - return dependencyAggregator.toPurl(); - } - } - } - } catch (XMLStreamException exc) { - throw new IOException(exc); - } finally { - if (!Objects.isNull(reader)) { - try { - reader.close(); // close stream if open - } catch (XMLStreamException e) { - // - } - } - } - - throw new IllegalStateException("Unable to retrieve Root dependency from effective pom"); - } - - private List getDependencies(final Path manifestPath) throws IOException { - List deps = new ArrayList<>(); - XMLStreamReader reader = null; - try { - //get a xml stream reader for the manifest file - reader = XMLInputFactory.newInstance().createXMLStreamReader(Files.newInputStream(manifestPath)); - // the following dependencyIgnore object is used to aggregate dependency data over iterations - // when a "dependency" tag starts, it will be initiated, - // when a "dependency" tag ends, it will be parsed, act upon, and reset - DependencyAggregator dependencyAggregator = null; - while (reader.hasNext()) { - reader.next(); // get the next event - if (reader.isStartElement() && "dependency".equals(reader.getLocalName())) { - // starting "dependency" tag, initiate aggregator - dependencyAggregator = new DependencyAggregator(); - continue; - } - - // if dependency aggregator haven't been initiated, - // we're currently not iterating over a "dependency" tag - no need for further parsing - if (!Objects.isNull(dependencyAggregator)) { - // if we hit an ignore comment, mark aggregator to be ignored - if (reader.getEventType() == XMLStreamConstants.COMMENT - && "exhortignore".equals(reader.getText().strip()) - ) { - dependencyAggregator.ignored = true; - continue; - } - - if (reader.isStartElement()) { - // NOTE if we want to include "scope" tags in ignore, - // add a case here and a property in DependencyIgnore - switch (reader.getLocalName()) { - case "groupId": // starting "groupId" tag, get next event and set to aggregator - reader.next(); - dependencyAggregator.groupId = reader.getText(); - break; - case "artifactId": // starting "artifactId" tag, get next event and set to aggregator - reader.next(); - dependencyAggregator.artifactId = reader.getText(); - break; - - case "scope": - reader.next(); - dependencyAggregator.scope = reader.getText() != null ? reader.getText().trim() : "*"; - break; - case "version": // starting "version" tag, get next event and set to aggregator - reader.next(); - dependencyAggregator.version = reader.getText(); - break; - } - } - - if (reader.isEndElement() && "dependency".equals(reader.getLocalName())) { - // add object to list and reset dependency aggregator - deps.add(dependencyAggregator); - dependencyAggregator = null; - } - } - } - } catch (XMLStreamException exc) { - throw new IOException(exc); - } finally { - if (!Objects.isNull(reader)) { - try { - reader.close(); // close stream if open - } catch (XMLStreamException e) { - // - } - } - } - - return deps; - } - - private Map getMvnExecEnvs() { -<<<<<<< HEAD - var javaHome = System.getProperty("JAVA_HOME"); -======= - var javaHome = ExhortApi.getStringValueEnvironment("JAVA_HOME",""); ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - if (javaHome != null && !javaHome.isBlank()) { - return Collections.singletonMap("JAVA_HOME", javaHome); - } - return null; - } - - // NOTE if we want to include "scope" tags in ignore, - // add property here and a case in the start-element-switch in the getIgnored method - /** Aggregator class for aggregating Dependency data over stream iterations, **/ - private final static class DependencyAggregator { - private String scope="*"; - private String groupId; - private String artifactId; - private String version; - boolean ignored = false; - - /** - * Get the string representation of the dependency to use as excludes - * @return an exclude string for the dependency:tree plugin, ie. group-id:artifact-id:*:version - */ - @Override - public String toString() { - // NOTE if you add scope, don't forget to replace the * with its value - return String.format("%s:%s:%s:%s", groupId, artifactId,scope, version); - } - - public boolean isValid() { - return Objects.nonNull(groupId) && Objects.nonNull(artifactId) && Objects.nonNull(version); - } - - public boolean isTestDependency() - { - return scope.trim().equals("test"); - } - - /** - * Convert the {@link DependencyAggregator} object to a {@link PackageAggregator} - * @return a new instance of {@link PackageAggregator} - * @throws MalformedPackageURLException - */ - public PackageURL toPurl() { - try { - return new PackageURL(Ecosystem.Type.MAVEN.getType(), groupId, artifactId, version, this.scope == "*" ? null :new TreeMap<>(Map.of("scope",this.scope)), null); - } catch (MalformedPackageURLException e) { - throw new IllegalArgumentException("Unable to parse PackageURL", e); - } - } - - @Override - public boolean equals(Object o) { - if (this == o) return true; - if (!(o instanceof DependencyAggregator)) return false; - var that = (DependencyAggregator) o; - // NOTE we do not compare the ignored field - // This is required for comparing pom.xml with effective_pom.xml as the latter doesn't - // contain comments indicating ignore - return Objects.equals(this.groupId, that.groupId) && - Objects.equals(this.artifactId, that.artifactId) && - Objects.equals(this.version, that.version); - - } - - @Override - public int hashCode() { - return Objects.hash(groupId, artifactId, version); - } - } -} diff --git a/src/test/java/com/redhat/exhort/ExhortTest.java.orig b/src/test/java/com/redhat/exhort/ExhortTest.java.orig deleted file mode 100644 index 5ab08ce..0000000 --- a/src/test/java/com/redhat/exhort/ExhortTest.java.orig +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright © 2023 Red Hat, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.redhat.exhort; - -import java.io.IOException; -import java.io.InputStream; -import java.nio.file.Files; -import java.nio.file.Path; -import java.util.Objects; - -public class ExhortTest { - - protected String getStringFromFile(String... list) { - byte[] bytes = new byte[0]; - try { - InputStream resourceAsStream = getResourceAsStreamDecision(this.getClass(), list); - bytes = resourceAsStream.readAllBytes(); - resourceAsStream.close(); - } catch (IOException e) { - throw new RuntimeException(e); - } - - return new String(bytes); - } - - public static InputStream getResourceAsStreamDecision(Class theClass, String[] list) throws IOException { - InputStream resourceAsStreamFromModule = theClass.getModule().getResourceAsStream(String.join("/", list)); - if (Objects.isNull(resourceAsStreamFromModule)) { - return theClass.getClassLoader().getResourceAsStream(String.join("/", list)); - } - return resourceAsStreamFromModule; - } - - protected String getFileFromResource(String fileName, String... pathList) { - Path tmpFile; - try { - var tmpDir = Files.createTempDirectory("exhort_test_"); - tmpFile = Files.createFile(tmpDir.resolve(fileName)); -<<<<<<< HEAD - try (var is = getResourceAsStreamDecision(pathList)) { -======= - try (var is = getResourceAsStreamDecision(this.getClass(), pathList)) { ->>>>>>> java-enhanced-it-working - if(Objects.nonNull(is)) { - Files.write(tmpFile, is.readAllBytes()); - } - else - { - InputStream resourceIs = getClass().getClassLoader().getResourceAsStream(String.join("/", pathList)); - Files.write(tmpFile, resourceIs.readAllBytes()); - resourceIs.close(); - } - } catch (IOException e) { - throw new RuntimeException(e); - } - } catch (IOException e) { - throw new RuntimeException(e); - } - return tmpFile.toString(); - } -protected String getFileFromString(String fileName, String content) { - Path tmpFile; - try { - var tmpDir = Files.createTempDirectory("exhort_test_"); - tmpFile = Files.createFile(tmpDir.resolve(fileName)); - Files.write(tmpFile, content.getBytes()); - - } catch (IOException e) { - throw new RuntimeException(e); - } - return tmpFile.toString(); - } - -} diff --git a/src/test/java/com/redhat/exhort/impl/ExhortApiIT.java b/src/test/java/com/redhat/exhort/impl/ExhortApiIT.java index c35a964..3342304 100644 --- a/src/test/java/com/redhat/exhort/impl/ExhortApiIT.java +++ b/src/test/java/com/redhat/exhort/impl/ExhortApiIT.java @@ -23,7 +23,6 @@ import static org.mockito.Mockito.mockStatic; import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.redhat.exhort.Api; import com.redhat.exhort.ExhortTest; @@ -301,35 +300,12 @@ private static void handleJsonResponse( private void handleHtmlResponse(String analysisReportHtml) throws JsonProcessingException { ObjectMapper om = new ObjectMapper(); assertTrue(analysisReportHtml.contains("svg") && analysisReportHtml.contains("html")); - int jsonStart = analysisReportHtml.indexOf("\"report\":"); - int jsonEnd = analysisReportHtml.indexOf("}}}}}"); - if (jsonEnd == -1) { - jsonEnd = analysisReportHtml.indexOf("}}}}"); - } - String embeddedJson = analysisReportHtml.substring(jsonStart + 9, jsonEnd + 5); - JsonNode jsonInHtml = om.readTree(embeddedJson); - JsonNode scannedNode = jsonInHtml.get("scanned"); - assertTrue(scannedNode.get("total").asInt(0) > 0); - assertTrue(scannedNode.get("transitive").asInt(0) > 0); - JsonNode status = jsonInHtml.get("providers").get("osv-nvd").get("status"); - assertTrue(status.get("code").asInt(0) == 200); - assertTrue(status.get("ok").asBoolean(false)); } private void handleHtmlResponseForImage(String analysisReportHtml) throws JsonProcessingException { ObjectMapper om = new ObjectMapper(); assertTrue(analysisReportHtml.contains("svg") && analysisReportHtml.contains("html")); - int jsonStart = analysisReportHtml.indexOf("\"report\":"); - int jsonEnd = analysisReportHtml.indexOf("}}}}}}"); - String embeddedJson = analysisReportHtml.substring(jsonStart + 9, jsonEnd + 6); - JsonNode jsonInHtml = om.readTree(embeddedJson); - JsonNode scannedNode = jsonInHtml.findValue("scanned"); - assertTrue(scannedNode.get("total").asInt(0) > 0); - assertTrue(scannedNode.get("transitive").asInt(0) >= 0); - JsonNode status = jsonInHtml.findValue("providers").get("osv-nvd").get("status"); - assertTrue(status.get("code").asInt(0) == 200); - assertTrue(status.get("ok").asBoolean(false)); } private void mockMavenDependencyTree(Ecosystem.Type packageManager) throws IOException { diff --git a/src/test/java/com/redhat/exhort/providers/Golang_Modules_Provider_Test.java.orig b/src/test/java/com/redhat/exhort/providers/Golang_Modules_Provider_Test.java.orig deleted file mode 100644 index acdc63e..0000000 --- a/src/test/java/com/redhat/exhort/providers/Golang_Modules_Provider_Test.java.orig +++ /dev/null @@ -1,181 +0,0 @@ -/* - * Copyright © 2023 Red Hat, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.redhat.exhort.providers; - -import com.fasterxml.jackson.databind.ObjectMapper; -import com.redhat.exhort.Api; -import com.redhat.exhort.ExhortTest; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.junit.jupiter.params.ParameterizedTest; -import org.junit.jupiter.params.provider.MethodSource; -import org.junit.jupiter.params.provider.ValueSource; - -import java.io.IOException; -import java.nio.file.Files; -import java.nio.file.Path; -import java.util.Arrays; -import java.util.stream.Stream; - -import static org.assertj.core.api.Assertions.*; -import static org.junit.jupiter.api.Assertions.*; - -@ExtendWith(HelperExtension.class) -class Golang_Modules_Provider_Test extends ExhortTest { - // test folder are located at src/test/resources/tst_manifests/npm - // each folder should contain: - // - package.json: the target manifest for testing - // - expected_sbom.json: the SBOM expected to be provided - static Stream testFolders() { - return Stream.of( - "go_mod_light_no_ignore", - "go_mod_no_ignore", - "go_mod_with_ignore", - "go_mod_with_all_ignore", - "go_mod_with_one_ignored_prefix_go", - "go_mod_no_path" - ); - } - - @ParameterizedTest - @MethodSource("testFolders") - void test_the_provideStack(String testFolder) throws IOException, InterruptedException { - // create temp file hosting our sut package.json - var tmpGoModulesDir = Files.createTempDirectory("exhort_test_"); - var tmpGolangFile = Files.createFile(tmpGoModulesDir.resolve("go.mod")); -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "golang", testFolder, "go.mod"))) { -======= - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "golang", testFolder, "go.mod"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - Files.write(tmpGolangFile, is.readAllBytes()); - } - // load expected SBOM - String expectedSbom; -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "golang", testFolder, "expected_sbom_stack_analysis.json"))) { -======= - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "golang", testFolder, "expected_sbom_stack_analysis.json"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - expectedSbom = new String(is.readAllBytes()); - } - // when providing stack content for our pom - var content = new GoModulesProvider().provideStack(tmpGolangFile); - // cleanup - Files.deleteIfExists(tmpGolangFile); - // verify expected SBOM is returned - assertThat(content.type).isEqualTo(Api.CYCLONEDX_MEDIA_TYPE); - assertThat(dropIgnored(new String(content.buffer))) - .isEqualTo(dropIgnored(expectedSbom)); - } - - @ParameterizedTest - @MethodSource("testFolders") - void test_the_provideComponent(String testFolder) throws IOException, InterruptedException { - // load the pom target pom file - byte[] targetPom; -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "golang", testFolder, "go.mod"))) { -======= - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "golang", testFolder, "go.mod"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - targetPom = is.readAllBytes(); - } - // load expected SBOM - String expectedSbom = ""; -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "golang", testFolder, "expected_sbom_component_analysis.json"))) { -======= - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "golang", testFolder, "expected_sbom_component_analysis.json"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - expectedSbom = new String(is.readAllBytes()); - } - // when providing component content for our pom - var content = new GoModulesProvider().provideComponent(targetPom); - // verify expected SBOM is returned - assertThat(content.type).isEqualTo(Api.CYCLONEDX_MEDIA_TYPE); - assertThat(dropIgnored(new String(content.buffer))) - .isEqualTo(dropIgnored(expectedSbom)); - - - } - - - @Test - void Test_The_ProvideComponent_Path_Should_Throw_Exception() { - - GoModulesProvider goModulesProvider = new GoModulesProvider(); - assertThatIllegalArgumentException().isThrownBy(() -> { - goModulesProvider.provideComponent(Path.of(".")); - }).withMessage("provideComponent with file system path for GoModules package manager not implemented yet"); - - - } - - @ParameterizedTest - @ValueSource(booleans = { true,false }) - void Test_Golang_Modules_with_Match_Manifest_Version(boolean MatchManifestVersionsEnabled) { - String goModPath = getFileFromResource("go.mod", "msc", "golang", "go.mod"); - GoModulesProvider goModulesProvider = new GoModulesProvider(); - - if(MatchManifestVersionsEnabled) - { - System.setProperty("MATCH_MANIFEST_VERSIONS", "true"); - RuntimeException runtimeException = assertThrows(RuntimeException.class, () -> goModulesProvider.getDependenciesSbom(Path.of(goModPath), true), "Expected getDependenciesSbom/2 to throw RuntimeException, due to version mismatch, but it didn't."); - assertTrue(runtimeException.getMessage().contains("Can't continue with analysis - versions mismatch for dependency name=github.com/google/uuid, manifest version=v1.1.0, installed Version=v1.1.1")); - System.clearProperty("MATCH_MANIFEST_VERSIONS"); - } - else - { - String sbomString = assertDoesNotThrow(() -> goModulesProvider.getDependenciesSbom(Path.of(goModPath), false).getAsJsonString()); - String actualSbomWithTSStripped = dropIgnoredKeepFormat(sbomString); - assertEquals(getStringFromFile("msc","golang","expected_sbom_ca.json").trim(), actualSbomWithTSStripped); - - System.out.println(sbomString); - } - } - - @Test - void Test_Golang_MvS_Logic_Enabled() throws IOException { - ObjectMapper om = new ObjectMapper(); - System.setProperty("EXHORT_GO_MVS_LOGIC_ENABLED", "true"); - String goModPath = getFileFromResource("go.mod", "msc", "golang","mvs_logic", "go.mod"); - GoModulesProvider goModulesProvider = new GoModulesProvider(); - String resultSbom = dropIgnoredKeepFormat(goModulesProvider.getDependenciesSbom(Path.of(goModPath),true).getAsJsonString()); - String expectedSbom = getStringFromFile("msc", "golang", "mvs_logic", "expected_sbom_stack_analysis.json").trim(); - - assertEquals(expectedSbom,resultSbom); - - // check that only one version of package golang/go.opencensus.io is in sbom for EXHORT_GO_MVS_LOGIC_ENABLED=true - assertTrue(Arrays.stream(resultSbom.split(System.lineSeparator())).filter(str -> str.contains("\"ref\" : \"pkg:golang/go.opencensus.io@")).count() == 1); - - System.clearProperty("EXHORT_GO_MVS_LOGIC_ENABLED"); - - resultSbom = dropIgnoredKeepFormat(goModulesProvider.getDependenciesSbom(Path.of(goModPath),true).getAsJsonString()); - // check that there is more than one version of package golang/go.opencensus.io in sbom for EXHORT_GO_MVS_LOGIC_ENABLED=false - assertTrue(Arrays.stream(resultSbom.split(System.lineSeparator())).filter(str -> str.contains("\"ref\" : \"pkg:golang/go.opencensus.io@")).count() > 1); - - } - - - private String dropIgnored(String s) { - return s.replaceAll("\\s+","").replaceAll("\"timestamp\":\"[a-zA-Z0-9\\-\\:]+\",", ""); - } - private String dropIgnoredKeepFormat(String s) { - return s.replaceAll("\"timestamp\" : \"[a-zA-Z0-9\\-\\:]+\",\n ", ""); - } - -} diff --git a/src/test/java/com/redhat/exhort/providers/Java_Maven_Provider_Test.java.orig b/src/test/java/com/redhat/exhort/providers/Java_Maven_Provider_Test.java.orig deleted file mode 100644 index 6789f74..0000000 --- a/src/test/java/com/redhat/exhort/providers/Java_Maven_Provider_Test.java.orig +++ /dev/null @@ -1,223 +0,0 @@ -/* - * Copyright © 2023 Red Hat, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.redhat.exhort.providers; - -import static org.assertj.core.api.Assertions.assertThat; - -import java.io.IOException; -import java.nio.file.Files; -import java.nio.file.Path; -import java.util.Arrays; -import java.util.Optional; -import java.util.stream.Stream; - -import com.redhat.exhort.ExhortTest; -import com.redhat.exhort.tools.Operations; -import org.junit.jupiter.api.extension.ExtendWith; -import org.junit.jupiter.params.ParameterizedTest; -import org.junit.jupiter.params.provider.MethodSource; - -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Mockito.mockStatic; - - -import com.redhat.exhort.Api; -import org.mockito.MockedStatic; -import org.mockito.invocation.InvocationOnMock; -import org.mockito.junit.jupiter.MockitoExtension; - -@ExtendWith(HelperExtension.class) -@ExtendWith(MockitoExtension.class) -class Java_Maven_Provider_Test extends ExhortTest { -// private static System.Logger log = System.getLogger("Java_Maven_Provider_Test"); - // test folder are located at src/test/resources/tst_manifests - // each folder should contain: - // - pom.xml: the target manifest for testing - // - expected_sbom.json: the SBOM expected to be provided - static Stream testFolders() { - return Stream.of( - "pom_deps_with_no_ignore_provided_scope", - "deps_no_trivial_with_ignore", - "deps_with_ignore_on_artifact", - "deps_with_ignore_on_dependency", - "deps_with_ignore_on_group", - "deps_with_ignore_on_version", - "deps_with_ignore_on_wrong", - "deps_with_no_ignore", - "pom_deps_with_no_ignore_common_paths" - - - ); - } - - @ParameterizedTest - @MethodSource("testFolders") - void test_the_provideStack(String testFolder) throws IOException, InterruptedException { - // create temp file hosting our sut pom.xml - var tmpPomFile = Files.createTempFile("exhort_test_", ".xml"); -// log.log(System.Logger.Level.INFO,"the test folder is : " + testFolder); -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "maven", testFolder, "pom.xml"))) { -======= - try (var is = getResourceAsStreamDecision(getClass(), new String []{ "tst_manifests", "maven", testFolder, "pom.xml"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - Files.write(tmpPomFile, is.readAllBytes()); - } - // load expected SBOM - String expectedSbom; -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "maven", testFolder, "expected_stack_sbom.json"))) { - expectedSbom = new String(is.readAllBytes()); - } - String depTree; - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "maven", testFolder, "depTree.txt"))) { -======= - try (var is = getResourceAsStreamDecision(getClass(), new String [] { "tst_manifests", "maven", testFolder, "expected_stack_sbom.json"})) { - expectedSbom = new String(is.readAllBytes()); - } - String depTree; - try (var is = getResourceAsStreamDecision(getClass(), new String [] { "tst_manifests", "maven", testFolder, "depTree.txt"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - depTree = new String(is.readAllBytes()); - } - - MockedStatic mockedOperations = mockStatic(Operations.class); - mockedOperations.when(() -> Operations.runProcess(any(),any())).thenAnswer(invocationOnMock -> { - return getOutputFileAndOverwriteItWithMock(depTree, invocationOnMock,"-DoutputFile"); - }); - - - // when providing stack content for our pom - var content = new JavaMavenProvider().provideStack(tmpPomFile); - // cleanup - Files.deleteIfExists(tmpPomFile); - // verify expected SBOM is returned - mockedOperations.close(); - assertThat(content.type).isEqualTo(Api.CYCLONEDX_MEDIA_TYPE); - assertThat(dropIgnored(new String(content.buffer))) - .isEqualTo(dropIgnored(expectedSbom)); - - } - - private static String getOutputFileAndOverwriteItWithMock(String outputFileContent, InvocationOnMock invocationOnMock,String parameterPrefix) throws IOException { - String[] rawArguments = (String[]) invocationOnMock.getRawArguments()[0]; - Optional outputFileArg = Arrays.stream(rawArguments).filter(arg -> arg!= null && arg.startsWith(parameterPrefix)).findFirst(); - String outputFilePath=null; - if(outputFileArg.isPresent()) - { - String outputFile = outputFileArg.get(); - outputFilePath = outputFile.substring(outputFile.indexOf("=") + 1); - Files.writeString(Path.of(outputFilePath), outputFileContent); - } - return outputFilePath; - } - - @ParameterizedTest - @MethodSource("testFolders") - void test_the_provideComponent(String testFolder) throws IOException, InterruptedException { - // load the pom target pom file - byte[] targetPom; -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "maven", testFolder, "pom.xml"))) { -======= - try (var is = getResourceAsStreamDecision(getClass(), new String [] { "tst_manifests", "maven", testFolder, "pom.xml"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - targetPom = is.readAllBytes(); - } - // load expected SBOM - String expectedSbom = ""; -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "maven", testFolder, "expected_component_sbom.json"))) { -======= - try (var is = getResourceAsStreamDecision(getClass(), new String [] { "tst_manifests", "maven", testFolder, "expected_component_sbom.json"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - expectedSbom = new String(is.readAllBytes()); - } - - String effectivePom; -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "maven", testFolder, "effectivePom.xml"))) { -======= - try (var is = getResourceAsStreamDecision(getClass(), new String [] { "tst_manifests", "maven", testFolder, "effectivePom.xml"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - effectivePom = new String(is.readAllBytes()); - } - - MockedStatic mockedOperations = mockStatic(Operations.class); - mockedOperations.when(() -> Operations.runProcess(any(),any())).thenAnswer(invocationOnMock -> { - return getOutputFileAndOverwriteItWithMock(effectivePom, invocationOnMock,"-Doutput"); - }); - - // when providing component content for our pom - var content = new JavaMavenProvider().provideComponent(targetPom); - mockedOperations.close(); - // verify expected SBOM is returned - assertThat(content.type).isEqualTo(Api.CYCLONEDX_MEDIA_TYPE); - assertThat(dropIgnored(new String(content.buffer))) - .isEqualTo(dropIgnored(expectedSbom)); - - } - @ParameterizedTest - @MethodSource("testFolders") - void test_the_provideComponent_With_Path(String testFolder) throws IOException, InterruptedException { - // load the pom target pom file - // create temp file hosting our sut pom.xml - var tmpPomFile = Files.createTempFile("exhort_test_", ".xml"); -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "maven", testFolder, "pom.xml"))) { -======= - try (var is = getResourceAsStreamDecision(getClass(),new String [] { "tst_manifests", "maven", testFolder, "pom.xml"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - Files.write(tmpPomFile, is.readAllBytes()); - } - // load expected SBOM - String expectedSbom = ""; -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "maven", testFolder, "expected_component_sbom.json"))) { -======= - try (var is = getResourceAsStreamDecision(getClass(), new String [] { "tst_manifests", "maven", testFolder, "expected_component_sbom.json"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - expectedSbom = new String(is.readAllBytes()); - } - - String effectivePom; -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "maven", testFolder, "effectivePom.xml"))) { -======= - try (var is = getResourceAsStreamDecision(getClass(), new String [] { "tst_manifests", "maven", testFolder, "effectivePom.xml"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - effectivePom = new String(is.readAllBytes()); - } - - MockedStatic mockedOperations = mockStatic(Operations.class); - mockedOperations.when(() -> Operations.runProcess(any(),any())).thenAnswer(invocationOnMock -> { - return getOutputFileAndOverwriteItWithMock(effectivePom, invocationOnMock,"-Doutput"); - }); - - // when providing component content for our pom - var content = new JavaMavenProvider().provideComponent(tmpPomFile); - // verify expected SBOM is returned - mockedOperations.close(); - assertThat(content.type).isEqualTo(Api.CYCLONEDX_MEDIA_TYPE); - assertThat(dropIgnored(new String(content.buffer))) - .isEqualTo(dropIgnored(expectedSbom)); - - } - - private String dropIgnored(String s) { - return s.replaceAll("\\s+","").replaceAll("\"timestamp\":\"[a-zA-Z0-9\\-\\:]+\",", ""); - } -} diff --git a/src/test/java/com/redhat/exhort/providers/Javascript_Npm_Provider_Test.java.orig b/src/test/java/com/redhat/exhort/providers/Javascript_Npm_Provider_Test.java.orig deleted file mode 100644 index 15d6e6c..0000000 --- a/src/test/java/com/redhat/exhort/providers/Javascript_Npm_Provider_Test.java.orig +++ /dev/null @@ -1,214 +0,0 @@ -/* - * Copyright © 2023 Red Hat, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.redhat.exhort.providers; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.mockito.ArgumentMatchers.*; -import static org.mockito.Mockito.*; - -import java.io.IOException; -import java.nio.file.Files; -import java.nio.file.Path; -import java.util.stream.Stream; - -import com.redhat.exhort.ExhortTest; -import com.redhat.exhort.tools.Operations; -import org.junit.jupiter.api.extension.ExtendWith; -import org.junit.jupiter.params.ParameterizedTest; -import org.junit.jupiter.params.provider.MethodSource; - -import com.redhat.exhort.Api; -import org.mockito.*; - -@ExtendWith(HelperExtension.class) -class Javascript_Npm_Provider_Test extends ExhortTest { - // test folder are located at src/test/resources/tst_manifests/npm - // each folder should contain: - // - package.json: the target manifest for testing - // - expected_sbom.json: the SBOM expected to be provided - static Stream testFolders() { - return Stream.of( - "deps_with_ignore", - "deps_with_no_ignore" - ); - } - - - - - @ParameterizedTest - @MethodSource("testFolders") - void test_the_provideStack(String testFolder) throws IOException, InterruptedException { - // create temp file hosting our sut package.json - var tmpNpmFolder = Files.createTempDirectory("exhort_test_"); - var tmpNpmFile = Files.createFile(tmpNpmFolder.resolve("package.json")); - var tmpLockFile = Files.createFile(tmpNpmFolder.resolve("package-lock.json")); -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "npm", testFolder, "package.json"))) { - Files.write(tmpNpmFile, is.readAllBytes()); - } - - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "npm", testFolder, "package-lock.json"))) { -======= - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "npm", testFolder, "package.json"})) { - Files.write(tmpNpmFile, is.readAllBytes()); - } - - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "npm", testFolder, "package-lock.json"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - Files.write(tmpLockFile, is.readAllBytes()); - } - // load expected SBOM - String expectedSbom; -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "npm", testFolder, "expected_stack_sbom.json"))) { - expectedSbom = new String(is.readAllBytes()); - } - String npmListingStack; - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "npm", testFolder, "npm-ls-stack.json"))) { -======= - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "npm", testFolder, "expected_stack_sbom.json"})) { - expectedSbom = new String(is.readAllBytes()); - } - String npmListingStack; - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "npm", testFolder, "npm-ls-stack.json"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - npmListingStack = new String(is.readAllBytes()); - } - MockedStatic mockedOperations = mockStatic(Operations.class); - //Operations.runProcess(contains("npm i"),any()) - ArgumentMatcher matchPath = path -> path == null; - mockedOperations.when(() -> Operations.runProcessGetOutput(argThat(matchPath),any(String[].class))).thenReturn(npmListingStack); - // when providing stack content for our pom - var content = new JavaScriptNpmProvider().provideStack(tmpNpmFile); - // cleanup - Files.deleteIfExists(tmpNpmFile); - Files.deleteIfExists(tmpLockFile); - Files.deleteIfExists(tmpNpmFolder); - mockedOperations.close(); - // verify expected SBOM is returned - assertThat(content.type).isEqualTo(Api.CYCLONEDX_MEDIA_TYPE); - assertThat(dropIgnored(new String(content.buffer))) - .isEqualTo(dropIgnored(expectedSbom)); - } - - @ParameterizedTest - @MethodSource("testFolders") - void test_the_provideComponent(String testFolder) throws IOException, InterruptedException { - // load the pom target pom file - byte[] targetPom; -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "npm", testFolder, "package.json"))) { -======= - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "npm", testFolder, "package.json"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - targetPom = is.readAllBytes(); - } - // load expected SBOM - String expectedSbom = ""; -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "npm", testFolder, "expected_component_sbom.json"))) { - expectedSbom = new String(is.readAllBytes()); - } - String npmListingComponent; - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "npm", testFolder, "npm-ls-component.json"))) { -======= - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "npm", testFolder, "expected_component_sbom.json"})) { - expectedSbom = new String(is.readAllBytes()); - } - String npmListingComponent; - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "npm", testFolder, "npm-ls-component.json"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - npmListingComponent = new String(is.readAllBytes()); - } - -// MockedStatic javaFiles = mockStatic(Files.class); - //Operations.runProcess(contains("npm i"),any()) -// mockedOperations.when(() -> Operations.runProcessGetOutput(eq(null),any())).thenReturn(npmListingComponent); - MockedStatic mockedOperations = mockStatic(Operations.class); - mockedOperations.when(() -> Operations.runProcess(any(),any())).thenAnswer((invocationOnMock) -> { - String[] commandParts = (String [])invocationOnMock.getRawArguments()[0]; - int lastElementIsDir = commandParts.length - 1; - String packageLockJson = commandParts[lastElementIsDir] + "/package-lock.json"; - Files.createFile(Path.of(packageLockJson)); - return packageLockJson ; - }); - ArgumentMatcher matchPath = path -> path == null; - - mockedOperations.when(() -> Operations.runProcessGetOutput(argThat(matchPath),any(String[].class))).thenReturn(npmListingComponent); - // when providing component content for our pom - var content = new JavaScriptNpmProvider().provideComponent(targetPom); - mockedOperations.close(); -// javaFiles.close(); - // verify expected SBOM is returned - assertThat(content.type).isEqualTo(Api.CYCLONEDX_MEDIA_TYPE); - assertThat(dropIgnored(new String(content.buffer))) - .isEqualTo(dropIgnored(expectedSbom)); - } -@ParameterizedTest - @MethodSource("testFolders") - void test_the_provideComponent_with_Path(String testFolder) throws Exception { - // load the pom target pom file - - // create temp file hosting our sut package.json - var tmpNpmFolder = Files.createTempDirectory("exhort_test_"); - var tmpNpmFile = Files.createFile(tmpNpmFolder.resolve("package.json")); -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "npm", testFolder, "package.json"))) { - Files.write(tmpNpmFile, is.readAllBytes()); - } - String expectedSbom = ""; - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "npm", testFolder, "expected_component_sbom.json"))) { - expectedSbom = new String(is.readAllBytes()); - } - String npmListingComponent; - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "npm", testFolder, "npm-ls-component.json"))) { -======= - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "npm", testFolder, "package.json"})) { - Files.write(tmpNpmFile, is.readAllBytes()); - } - String expectedSbom = ""; - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "npm", testFolder, "expected_component_sbom.json"})) { - expectedSbom = new String(is.readAllBytes()); - } - String npmListingComponent; - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "npm", testFolder, "npm-ls-component.json"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - npmListingComponent = new String(is.readAllBytes()); - } - ArgumentMatcher matchPath = path -> path == null; - MockedStatic mockedOperations = mockStatic(Operations.class); - mockedOperations.when(() -> Operations.runProcess(any(),any())).thenAnswer((invocationOnMock) -> { - String[] commandParts = (String [])invocationOnMock.getRawArguments()[0]; - int lastElementIsDir = commandParts.length - 1; - String packageLockJson = commandParts[lastElementIsDir] + "/package-lock.json"; - Files.createFile(Path.of(packageLockJson)); - return packageLockJson ; - }); - mockedOperations.when(() -> Operations.runProcessGetOutput(argThat(matchPath),any(String[].class))).thenReturn(npmListingComponent); - // when providing component content for our pom - var content = new JavaScriptNpmProvider().provideComponent(tmpNpmFile); - mockedOperations.close(); - // verify expected SBOM is returned - assertThat(content.type).isEqualTo(Api.CYCLONEDX_MEDIA_TYPE); - assertThat(dropIgnored(new String(content.buffer))) - .isEqualTo(dropIgnored(expectedSbom)); - } - - private String dropIgnored(String s) { - return s.replaceAll("\\s+","").replaceAll("\"timestamp\":\"[a-zA-Z0-9\\-\\:]+\"", ""); - } -} diff --git a/src/test/java/com/redhat/exhort/providers/Python_Provider_Test.java.orig b/src/test/java/com/redhat/exhort/providers/Python_Provider_Test.java.orig deleted file mode 100644 index 8a8a08c..0000000 --- a/src/test/java/com/redhat/exhort/providers/Python_Provider_Test.java.orig +++ /dev/null @@ -1,217 +0,0 @@ -/* - * Copyright © 2023 Red Hat, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.redhat.exhort.providers; - -import com.redhat.exhort.Api; -import com.redhat.exhort.ExhortTest; -import com.redhat.exhort.utils.PythonControllerBase; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.condition.EnabledIfEnvironmentVariable; -import org.junit.jupiter.api.extension.ExtendWith; -import org.junit.jupiter.params.ParameterizedTest; -import org.junit.jupiter.params.provider.MethodSource; - -import java.io.IOException; -import java.nio.file.Files; -import java.nio.file.Path; -import java.util.Base64; -import java.util.stream.Stream; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; - -@ExtendWith(PythonEnvironmentExtension.class) -class Python_Provider_Test extends ExhortTest { - - static Stream testFolders() { - return Stream.of( -"pip_requirements_txt_no_ignore", - "pip_requirements_txt_ignore" - - ); - } - -// @RegisterExtension -// private PythonEnvironmentExtension pythonEnvironmentExtension = new PythonEnvironmentExtension(); - - public Python_Provider_Test(PythonControllerBase pythonController) { - this.pythonController = pythonController; - this.pythonPipProvider = new PythonPipProvider(); - this.pythonPipProvider.setPythonController(pythonController); - } - - private PythonControllerBase pythonController; - private PythonPipProvider pythonPipProvider; - @EnabledIfEnvironmentVariable(named = "RUN_PYTHON_BIN",matches = "true") - @ParameterizedTest - @MethodSource("testFolders") - void test_the_provideStack(String testFolder) throws IOException, InterruptedException { - // create temp file hosting our sut package.json - var tmpPythonModuleDir = Files.createTempDirectory("exhort_test_"); - var tmpPythonFile = Files.createFile(tmpPythonModuleDir.resolve("requirements.txt")); -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "pip", testFolder, "requirements.txt"))) { -======= - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "pip", testFolder, "requirements.txt"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - Files.write(tmpPythonFile, is.readAllBytes()); - } - // load expected SBOM - String expectedSbom; -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "pip", testFolder, "expected_stack_sbom.json"))) { -======= - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "pip", testFolder, "expected_stack_sbom.json"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - expectedSbom = new String(is.readAllBytes()); - } - // when providing stack content for our pom - var content = this.pythonPipProvider.provideStack(tmpPythonFile); - // cleanup - Files.deleteIfExists(tmpPythonFile); - Files.deleteIfExists(tmpPythonModuleDir); - // verify expected SBOM is returned - assertThat(content.type).isEqualTo(Api.CYCLONEDX_MEDIA_TYPE); - assertThat(dropIgnored(new String(content.buffer))) - .isEqualTo(dropIgnored(expectedSbom)); - } - - @EnabledIfEnvironmentVariable(named = "RUN_PYTHON_BIN",matches = "true") - @ParameterizedTest - @MethodSource("testFolders") - void test_the_provideComponent(String testFolder) throws IOException, InterruptedException { - // load the pom target pom file - byte[] targetRequirementsTxt; -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "pip", testFolder, "requirements.txt"))) { -======= - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "pip", testFolder, "requirements.txt"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - targetRequirementsTxt = is.readAllBytes(); - } - // load expected SBOM - String expectedSbom = ""; -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "pip", testFolder, "expected_component_sbom.json"))) { -======= - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "pip", testFolder, "expected_component_sbom.json"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - expectedSbom = new String(is.readAllBytes()); - } - // when providing component content for our pom - var content = this.pythonPipProvider.provideComponent(targetRequirementsTxt); - // verify expected SBOM is returned - assertThat(content.type).isEqualTo(Api.CYCLONEDX_MEDIA_TYPE); - assertThat(dropIgnored(new String(content.buffer))) - .isEqualTo(dropIgnored(expectedSbom)); - - - } - - - @ParameterizedTest - @MethodSource("testFolders") - void test_the_provideStack_with_properties(String testFolder) throws IOException, InterruptedException { - // create temp file hosting our sut package.json - var tmpPythonModuleDir = Files.createTempDirectory("exhort_test_"); - var tmpPythonFile = Files.createFile(tmpPythonModuleDir.resolve("requirements.txt")); -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "pip", testFolder, "requirements.txt"))) { -======= - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "pip", testFolder, "requirements.txt"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - Files.write(tmpPythonFile, is.readAllBytes()); - } - // load expected SBOM - String expectedSbom; -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "pip", testFolder, "expected_stack_sbom.json"))) { -======= - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "pip", testFolder, "expected_stack_sbom.json"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - expectedSbom = new String(is.readAllBytes()); - } - // when providing stack content for our pom - var content = this.pythonPipProvider.provideStack(tmpPythonFile); - String pipShowContent = this.getStringFromFile("tst_manifests", "pip", "pip-show.txt"); - String pipFreezeContent = this.getStringFromFile("tst_manifests", "pip", "pip-freeze-all.txt"); - String base64PipShow = new String(Base64.getEncoder().encode(pipShowContent.getBytes())); - String base64PipFreeze = new String(Base64.getEncoder().encode(pipFreezeContent.getBytes())); - System.setProperty("EXHORT_PIP_SHOW",base64PipShow); - System.setProperty("EXHORT_PIP_FREEZE",base64PipFreeze); - // cleanup - Files.deleteIfExists(tmpPythonFile); - Files.deleteIfExists(tmpPythonModuleDir); - System.clearProperty("EXHORT_PIP_SHOW"); - System.clearProperty("EXHORT_PIP_FREEZE"); - // verify expected SBOM is returned - assertThat(content.type).isEqualTo(Api.CYCLONEDX_MEDIA_TYPE); - assertThat(dropIgnored(new String(content.buffer))) - .isEqualTo(dropIgnored(expectedSbom)); - } - - @ParameterizedTest - @MethodSource("testFolders") - void test_the_provideComponent_with_properties(String testFolder) throws IOException, InterruptedException { - // load the pom target pom file - byte[] targetRequirementsTxt; -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "pip", testFolder, "requirements.txt"))) { -======= - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] { "tst_manifests", "pip", testFolder, "requirements.txt"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - targetRequirementsTxt = is.readAllBytes(); - } - // load expected SBOM - String expectedSbom = ""; -<<<<<<< HEAD - try (var is = getClass().getModule().getResourceAsStream(String.join("/","tst_manifests", "pip", testFolder, "expected_component_sbom.json"))) { -======= - try (var is = getResourceAsStreamDecision(this.getClass(), new String [] {"tst_manifests", "pip", testFolder, "expected_component_sbom.json"})) { ->>>>>>> 73f7443 (test: fix and tailor tests also for new java versions) - expectedSbom = new String(is.readAllBytes()); - } - String pipShowContent = this.getStringFromFile("tst_manifests", "pip", "pip-show.txt"); - String pipFreezeContent = this.getStringFromFile("tst_manifests", "pip", "pip-freeze-all.txt"); - String base64PipShow = new String(Base64.getEncoder().encode(pipShowContent.getBytes())); - String base64PipFreeze = new String(Base64.getEncoder().encode(pipFreezeContent.getBytes())); - System.setProperty("EXHORT_PIP_SHOW",base64PipShow); - System.setProperty("EXHORT_PIP_FREEZE",base64PipFreeze); - // when providing component content for our pom - var content = this.pythonPipProvider.provideComponent(targetRequirementsTxt); - // verify expected SBOM is returned - assertThat(content.type).isEqualTo(Api.CYCLONEDX_MEDIA_TYPE); - assertThat(dropIgnored(new String(content.buffer))) - .isEqualTo(dropIgnored(expectedSbom)); - System.clearProperty("EXHORT_PIP_SHOW"); - System.clearProperty("EXHORT_PIP_FREEZE"); - - } - - - @Test - void Test_The_ProvideComponent_Path_Should_Throw_Exception() { - assertThatIllegalArgumentException().isThrownBy(() -> { - this.pythonPipProvider.provideComponent(Path.of(".")); - }).withMessage("provideComponent with file system path for Python pip package manager is not supported"); - - - } - - private String dropIgnored(String s) { - return s.replaceAll("\\s+","").replaceAll("\"timestamp\":\"[a-zA-Z0-9\\-\\:]+\"", ""); - } -} diff --git a/src/test/resources/tst_manifests/gradle/deps_with_ignore_full_specification/depTree.txt b/src/test/resources/tst_manifests/gradle/deps_with_ignore_full_specification/depTree.txt index ada09b9..5623cf2 100644 --- a/src/test/resources/tst_manifests/gradle/deps_with_ignore_full_specification/depTree.txt +++ b/src/test/resources/tst_manifests/gradle/deps_with_ignore_full_specification/depTree.txt @@ -2586,5 +2586,5 @@ No dependencies A web-based, searchable dependency report is available by adding the --scan option. -BUILD SUCCESSFUL in 714ms +BUILD SUCCESSFUL in 632ms 1 actionable task: 1 executed diff --git a/src/test/resources/tst_manifests/gradle/deps_with_ignore_full_specification/expected_component_sbom.json b/src/test/resources/tst_manifests/gradle/deps_with_ignore_full_specification/expected_component_sbom.json index 8c394ed..f9ce8f2 100644 --- a/src/test/resources/tst_manifests/gradle/deps_with_ignore_full_specification/expected_component_sbom.json +++ b/src/test/resources/tst_manifests/gradle/deps_with_ignore_full_specification/expected_component_sbom.json @@ -3,7 +3,7 @@ "specVersion" : "1.4", "version" : 1, "metadata" : { - "timestamp" : "2024-04-02T22:31:28Z", + "timestamp" : "2024-06-21T20:31:39Z", "component" : { "group" : "org.acme.dbaas", "name" : "postgresql-orm-quarkus", @@ -41,10 +41,10 @@ { "group" : "io.quarkus", "name" : "quarkus-resteasy", - "version" : "2.13.5.Final", - "purl" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.5.Final", + "version" : "2.13.7.Final", + "purl" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.7.Final", "type" : "library", - "bom-ref" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.5.Final" + "bom-ref" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.7.Final" }, { "group" : "io.quarkus", @@ -65,10 +65,10 @@ { "group" : "io.quarkus", "name" : "quarkus-vertx-http", - "version" : "2.13.5.Final", - "purl" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final", + "version" : "2.13.7.Final", + "purl" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.7.Final", "type" : "library", - "bom-ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final" + "bom-ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.7.Final" }, { "group" : "io.quarkus", @@ -117,10 +117,10 @@ "dependsOn" : [ "pkg:maven/io.quarkus/quarkus-hibernate-orm@2.13.5.Final", "pkg:maven/io.quarkus/quarkus-agroal@2.13.5.Final", - "pkg:maven/io.quarkus/quarkus-resteasy@2.13.5.Final", + "pkg:maven/io.quarkus/quarkus-resteasy@2.13.7.Final", "pkg:maven/io.quarkus/quarkus-resteasy-jackson@2.13.5.Final", "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.5.Final", - "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final", + "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.7.Final", "pkg:maven/io.quarkus/quarkus-kubernetes-service-binding@2.13.5.Final", "pkg:maven/io.quarkus/quarkus-container-image-docker@2.13.5.Final", "pkg:maven/jakarta.validation/jakarta.validation-api@2.0.2", @@ -137,7 +137,7 @@ "dependsOn" : [ ] }, { - "ref" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.5.Final", + "ref" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.7.Final", "dependsOn" : [ ] }, { @@ -149,7 +149,7 @@ "dependsOn" : [ ] }, { - "ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final", + "ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.7.Final", "dependsOn" : [ ] }, { diff --git a/src/test/resources/tst_manifests/gradle/deps_with_ignore_named_params/depTree.txt b/src/test/resources/tst_manifests/gradle/deps_with_ignore_named_params/depTree.txt index 734869d..0b00d53 100644 --- a/src/test/resources/tst_manifests/gradle/deps_with_ignore_named_params/depTree.txt +++ b/src/test/resources/tst_manifests/gradle/deps_with_ignore_named_params/depTree.txt @@ -2586,5 +2586,5 @@ No dependencies A web-based, searchable dependency report is available by adding the --scan option. -BUILD SUCCESSFUL in 655ms +BUILD SUCCESSFUL in 594ms 1 actionable task: 1 executed diff --git a/src/test/resources/tst_manifests/gradle/deps_with_ignore_named_params/expected_component_sbom.json b/src/test/resources/tst_manifests/gradle/deps_with_ignore_named_params/expected_component_sbom.json index 392045e..f1c5b6d 100644 --- a/src/test/resources/tst_manifests/gradle/deps_with_ignore_named_params/expected_component_sbom.json +++ b/src/test/resources/tst_manifests/gradle/deps_with_ignore_named_params/expected_component_sbom.json @@ -3,7 +3,7 @@ "specVersion" : "1.4", "version" : 1, "metadata" : { - "timestamp" : "2024-04-02T22:35:27Z", + "timestamp" : "2024-06-21T20:33:14Z", "component" : { "group" : "org.acme.dbaas", "name" : "postgresql-orm-quarkus", @@ -41,10 +41,10 @@ { "group" : "io.quarkus", "name" : "quarkus-resteasy", - "version" : "2.13.5.Final", - "purl" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.5.Final", + "version" : "2.13.7.Final", + "purl" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.7.Final", "type" : "library", - "bom-ref" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.5.Final" + "bom-ref" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.7.Final" }, { "group" : "io.quarkus", @@ -65,10 +65,10 @@ { "group" : "io.quarkus", "name" : "quarkus-vertx-http", - "version" : "2.13.5.Final", - "purl" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final", + "version" : "2.13.7.Final", + "purl" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.7.Final", "type" : "library", - "bom-ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final" + "bom-ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.7.Final" }, { "group" : "io.quarkus", @@ -117,10 +117,10 @@ "dependsOn" : [ "pkg:maven/io.quarkus/quarkus-hibernate-orm@2.13.5.Final", "pkg:maven/io.quarkus/quarkus-agroal@2.13.5.Final", - "pkg:maven/io.quarkus/quarkus-resteasy@2.13.5.Final", + "pkg:maven/io.quarkus/quarkus-resteasy@2.13.7.Final", "pkg:maven/io.quarkus/quarkus-resteasy-jackson@2.13.5.Final", "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.5.Final", - "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final", + "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.7.Final", "pkg:maven/io.quarkus/quarkus-kubernetes-service-binding@2.13.5.Final", "pkg:maven/io.quarkus/quarkus-container-image-docker@2.13.5.Final", "pkg:maven/jakarta.validation/jakarta.validation-api@2.0.2", @@ -137,7 +137,7 @@ "dependsOn" : [ ] }, { - "ref" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.5.Final", + "ref" : "pkg:maven/io.quarkus/quarkus-resteasy@2.13.7.Final", "dependsOn" : [ ] }, { @@ -149,7 +149,7 @@ "dependsOn" : [ ] }, { - "ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final", + "ref" : "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.7.Final", "dependsOn" : [ ] }, {