From e83f01b6fa6abfbd3ac551f9d55b1a1c11a96490 Mon Sep 17 00:00:00 2001 From: Andrian Sevastyanov Date: Thu, 21 Mar 2024 12:27:18 -0600 Subject: [PATCH 01/10] Initial POC for Buildroot Detectable --- .../executable/resolver/MakeResolver.java | 8 ++ .../buildroot/BuildrootDependencyType.java | 5 ++ .../buildroot/BuildrootDetectable.java | 57 ++++++++++++ .../buildroot/BuildrootDetectableOptions.java | 15 ++++ .../buildroot/BuildrootExtractor.java | 86 +++++++++++++++++++ .../detectables/buildroot/model/Parser.java | 16 ++++ .../buildroot/model/ShowInfoComponent.java | 44 ++++++++++ .../detectable/factory/DetectableFactory.java | 9 ++ .../buildroot/unit/model/ParserTest.java | 73 ++++++++++++++++ .../detector/base/DetectorType.java | 1 + .../rule/builder/DetectableLookup.java | 2 +- .../DetectConfigurationFactory.java | 1 + .../configuration/DetectProperties.java | 35 ++++++-- .../DetectableOptionFactory.java | 9 ++ .../enumeration/DetectGroup.java | 1 + .../tool/detector/DetectorRuleFactory.java | 6 ++ .../executable/DetectExecutableOptions.java | 7 ++ .../executable/DetectExecutableResolver.java | 8 +- .../factory/DetectDetectableFactory.java | 5 ++ 19 files changed, 378 insertions(+), 10 deletions(-) create mode 100644 detectable/src/main/java/com/synopsys/integration/detectable/detectable/executable/resolver/MakeResolver.java create mode 100644 detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootDependencyType.java create mode 100644 detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootDetectable.java create mode 100644 detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootDetectableOptions.java create mode 100644 detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootExtractor.java create mode 100644 detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/model/Parser.java create mode 100644 detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/model/ShowInfoComponent.java create mode 100644 detectable/src/test/java/com/synopsys/integration/detectable/detectables/buildroot/unit/model/ParserTest.java diff --git a/detectable/src/main/java/com/synopsys/integration/detectable/detectable/executable/resolver/MakeResolver.java b/detectable/src/main/java/com/synopsys/integration/detectable/detectable/executable/resolver/MakeResolver.java new file mode 100644 index 0000000000..c879a67c5b --- /dev/null +++ b/detectable/src/main/java/com/synopsys/integration/detectable/detectable/executable/resolver/MakeResolver.java @@ -0,0 +1,8 @@ +package com.synopsys.integration.detectable.detectable.executable.resolver; + +import com.synopsys.integration.detectable.ExecutableTarget; +import com.synopsys.integration.detectable.detectable.exception.DetectableException; + +public interface MakeResolver { + ExecutableTarget resolveMake() throws DetectableException; +} diff --git a/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootDependencyType.java b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootDependencyType.java new file mode 100644 index 0000000000..7c1e2ae874 --- /dev/null +++ b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootDependencyType.java @@ -0,0 +1,5 @@ +package com.synopsys.integration.detectable.detectables.buildroot; + +public enum BuildrootDependencyType { + HOST +} diff --git a/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootDetectable.java b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootDetectable.java new file mode 100644 index 0000000000..d2c73dfff4 --- /dev/null +++ b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootDetectable.java @@ -0,0 +1,57 @@ +package com.synopsys.integration.detectable.detectables.buildroot; + +import com.synopsys.integration.bdio.graph.builder.MissingExternalIdException; +import com.synopsys.integration.common.util.finder.FileFinder; +import com.synopsys.integration.detectable.Detectable; +import com.synopsys.integration.detectable.DetectableEnvironment; +import com.synopsys.integration.detectable.ExecutableTarget; +import com.synopsys.integration.detectable.detectable.DetectableAccuracyType; +import com.synopsys.integration.detectable.detectable.Requirements; +import com.synopsys.integration.detectable.detectable.annotation.DetectableInfo; +import com.synopsys.integration.detectable.detectable.exception.DetectableException; +import com.synopsys.integration.detectable.detectable.executable.ExecutableFailedException; +import com.synopsys.integration.detectable.detectable.executable.resolver.MakeResolver; +import com.synopsys.integration.detectable.detectable.result.DetectableResult; +import com.synopsys.integration.detectable.extraction.Extraction; +import com.synopsys.integration.detectable.extraction.ExtractionEnvironment; +import com.synopsys.integration.executable.ExecutableRunnerException; + +@DetectableInfo(name = "Buildroot", language = "various", forge = "Buildroot", accuracy = DetectableAccuracyType.HIGH, requirementsMarkdown = "Files: .confg, Makefile. Executable: make.") +public class BuildrootDetectable extends Detectable { + public static final String CONFIG_FILENAME = ".config"; + public static final String MAKEFILE_FILENAME = "Makefile"; + + private final FileFinder fileFinder; + private final BuildrootExtractor buildrootExtractor; + private final MakeResolver makeResolver; + + private ExecutableTarget makeExe; + + public BuildrootDetectable(DetectableEnvironment environment, FileFinder fileFinder, BuildrootExtractor buildrootExtractor, MakeResolver makeResolver) { + super(environment); + + this.fileFinder = fileFinder; + this.buildrootExtractor = buildrootExtractor; + this.makeResolver = makeResolver; + } + + @Override + public DetectableResult applicable() { + Requirements requirements = new Requirements(fileFinder, environment); + requirements.file(CONFIG_FILENAME); + requirements.file(MAKEFILE_FILENAME); + return requirements.result(); + } + + @Override + public DetectableResult extractable() throws DetectableException { + Requirements requirements = new Requirements(fileFinder, environment); + makeExe = requirements.executable(makeResolver::resolveMake, "make"); + return requirements.result(); + } + + @Override + public Extraction extract(ExtractionEnvironment extractionEnvironment) throws ExecutableRunnerException, MissingExternalIdException, ExecutableFailedException { + return buildrootExtractor.extract(makeExe, environment.getDirectory()); + } +} diff --git a/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootDetectableOptions.java b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootDetectableOptions.java new file mode 100644 index 0000000000..922761dee1 --- /dev/null +++ b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootDetectableOptions.java @@ -0,0 +1,15 @@ +package com.synopsys.integration.detectable.detectables.buildroot; + +import com.synopsys.integration.detectable.detectable.util.EnumListFilter; + +public class BuildrootDetectableOptions { + private final EnumListFilter dependencyTypeFilter; + + public BuildrootDetectableOptions(EnumListFilter dependencyTypeFilter) { + this.dependencyTypeFilter = dependencyTypeFilter; + } + + public EnumListFilter getDependencyTypeFilter() { + return dependencyTypeFilter; + } +} diff --git a/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootExtractor.java b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootExtractor.java new file mode 100644 index 0000000000..9c6beea50d --- /dev/null +++ b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootExtractor.java @@ -0,0 +1,86 @@ +package com.synopsys.integration.detectable.detectables.buildroot; + +import java.io.File; +import java.util.Map; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.synopsys.integration.bdio.graph.builder.LazyExternalIdDependencyGraphBuilder; +import com.synopsys.integration.bdio.graph.builder.LazyId; +import com.synopsys.integration.bdio.graph.builder.MissingExternalIdException; +import com.synopsys.integration.bdio.model.Forge; +import com.synopsys.integration.bdio.model.dependency.Dependency; +import com.synopsys.integration.bdio.model.dependency.DependencyFactory; +import com.synopsys.integration.bdio.model.externalid.ExternalIdFactory; +import com.synopsys.integration.detectable.ExecutableTarget; +import com.synopsys.integration.detectable.ExecutableUtils; +import com.synopsys.integration.detectable.detectable.codelocation.CodeLocation; +import com.synopsys.integration.detectable.detectable.executable.DetectableExecutableRunner; +import com.synopsys.integration.detectable.detectable.executable.ExecutableFailedException; +import com.synopsys.integration.detectable.detectables.buildroot.model.Parser; +import com.synopsys.integration.detectable.detectables.buildroot.model.ShowInfoComponent; +import com.synopsys.integration.detectable.extraction.Extraction; +import com.synopsys.integration.detectable.util.ToolVersionLogger; +import com.synopsys.integration.executable.ExecutableRunnerException; + +public class BuildrootExtractor { + public static final Forge forge = new Forge("/", "buildroot"); + + private final Logger logger = LoggerFactory.getLogger(this.getClass()); + private final ExternalIdFactory externalIdFactory = new ExternalIdFactory(); + private final DependencyFactory dependencyFactory = new DependencyFactory(externalIdFactory); + private final Parser parser = new Parser(); + private final BuildrootDetectableOptions options; + private final DetectableExecutableRunner executableRunner; + private final ToolVersionLogger toolVersionLogger; + + public BuildrootExtractor(BuildrootDetectableOptions options, DetectableExecutableRunner executableRunner, ToolVersionLogger toolVersionLogger) { + this.options = options; + this.executableRunner = executableRunner; + this.toolVersionLogger = toolVersionLogger; + } + + public Extraction extract(ExecutableTarget makeExe, File workingDirectory) throws ExecutableRunnerException, MissingExternalIdException, ExecutableFailedException { + // log version of make + toolVersionLogger.log(workingDirectory, makeExe, "-v"); + + // log version of buildroot + toolVersionLogger.log(workingDirectory, makeExe, "print-version"); + + String output = executableRunner.executeSuccessfully(ExecutableUtils.createFromTarget(workingDirectory, makeExe, "show-info")).getStandardOutput(); + + Map components = parser.parse(output); + + LazyExternalIdDependencyGraphBuilder graph = new LazyExternalIdDependencyGraphBuilder(); + + for (ShowInfoComponent component : components.values()) { + String type = component.getType(); + if (type.equals("rootfs") || type.equals("host") && options.getDependencyTypeFilter().shouldExclude(BuildrootDependencyType.HOST)) { + logger.trace("Skipping component of type: " + type); + continue; + } + logger.trace("Processing buildroot component: " + component.getName()); + + LazyId id = makeLazyId(component); + + if (component.getReverseDependencies().size() == 0) { + graph.addChildToRoot(id); + } else { + for (String reverseDependency : component.getReverseDependencies()) { + LazyId reverseDependencyId = makeLazyId(components.get(reverseDependency)); + graph.addChildWithParent(id, reverseDependencyId); + } + } + + Dependency dependency = dependencyFactory.createNameVersionDependency(forge, component.getName(), component.getVersion()); + graph.setDependencyInfo(id, component.getName(), component.getVersion(), dependency.getExternalId()); + } + + return Extraction.success(new CodeLocation(graph.build())); + } + + private LazyId makeLazyId(ShowInfoComponent component) { + return LazyId.fromNameAndVersion(component.getName(), component.getVersion()); + } +} diff --git a/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/model/Parser.java b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/model/Parser.java new file mode 100644 index 0000000000..4a8f7aab25 --- /dev/null +++ b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/model/Parser.java @@ -0,0 +1,16 @@ +package com.synopsys.integration.detectable.detectables.buildroot.model; + +import java.lang.reflect.Type; +import java.util.Map; + +import com.google.gson.Gson; +import com.google.gson.reflect.TypeToken; + +public class Parser { + + public Map parse(String showInfoOutput) { + Gson gson = new Gson(); + Type type = new TypeToken>() {}.getType(); + return gson.fromJson(showInfoOutput, type); + } +} diff --git a/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/model/ShowInfoComponent.java b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/model/ShowInfoComponent.java new file mode 100644 index 0000000000..6f7d500478 --- /dev/null +++ b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/model/ShowInfoComponent.java @@ -0,0 +1,44 @@ +package com.synopsys.integration.detectable.detectables.buildroot.model; + +import java.util.List; + +import com.google.gson.annotations.SerializedName; +import com.synopsys.integration.util.Stringable; + +public class ShowInfoComponent extends Stringable { + private final String type; + private final String name; + private final String version; + private final List dependencies; + + @SerializedName("reverse_dependencies") + private final List reverseDependencies; + + public ShowInfoComponent(String type, String name, String version, List dependencies, List reverseDependencies) { + this.type = type; + this.name = name; + this.version = version; + this.dependencies = dependencies; + this.reverseDependencies = reverseDependencies; + } + + public String getType() { + return type; + } + + public String getName() { + return name; + } + + public String getVersion() { + return version; + } + + public List getDependencies() { + return dependencies; + } + + public List getReverseDependencies() { + return reverseDependencies; + } +} diff --git a/detectable/src/main/java/com/synopsys/integration/detectable/factory/DetectableFactory.java b/detectable/src/main/java/com/synopsys/integration/detectable/factory/DetectableFactory.java index 353ff88b87..71fc1a05c9 100644 --- a/detectable/src/main/java/com/synopsys/integration/detectable/factory/DetectableFactory.java +++ b/detectable/src/main/java/com/synopsys/integration/detectable/factory/DetectableFactory.java @@ -26,6 +26,7 @@ import com.synopsys.integration.detectable.detectable.executable.resolver.GradleResolver; import com.synopsys.integration.detectable.detectable.executable.resolver.JavaResolver; import com.synopsys.integration.detectable.detectable.executable.resolver.LernaResolver; +import com.synopsys.integration.detectable.detectable.executable.resolver.MakeResolver; import com.synopsys.integration.detectable.detectable.executable.resolver.MavenResolver; import com.synopsys.integration.detectable.detectable.executable.resolver.NpmResolver; import com.synopsys.integration.detectable.detectable.executable.resolver.PearResolver; @@ -59,6 +60,9 @@ import com.synopsys.integration.detectable.detectables.bitbake.parse.PwdOutputParser; import com.synopsys.integration.detectable.detectables.bitbake.transform.BitbakeDependencyGraphTransformer; import com.synopsys.integration.detectable.detectables.bitbake.transform.BitbakeGraphTransformer; +import com.synopsys.integration.detectable.detectables.buildroot.BuildrootDetectable; +import com.synopsys.integration.detectable.detectables.buildroot.BuildrootDetectableOptions; +import com.synopsys.integration.detectable.detectables.buildroot.BuildrootExtractor; import com.synopsys.integration.detectable.detectables.cargo.CargoExtractor; import com.synopsys.integration.detectable.detectables.cargo.CargoLockDetectable; import com.synopsys.integration.detectable.detectables.cargo.parse.CargoDependencyLineParser; @@ -347,6 +351,11 @@ public BitbakeDetectable createBitbakeDetectable(DetectableEnvironment environme return new BitbakeDetectable(environment, fileFinder, bitbakeDetectableOptions, bitbakeExtractor, bashResolver); } + public BuildrootDetectable createBuildrootDetectable(DetectableEnvironment environment, BuildrootDetectableOptions options, MakeResolver makeResolver) { + BuildrootExtractor buildrootExtractor = new BuildrootExtractor(options, executableRunner, toolVersionLogger); + return new BuildrootDetectable(environment, fileFinder, buildrootExtractor, makeResolver); + } + public CargoLockDetectable createCargoDetectable(DetectableEnvironment environment) { CargoTomlParser cargoTomlParser = new CargoTomlParser(); CargoDependencyLineParser cargoDependencyLineParser = new CargoDependencyLineParser(); diff --git a/detectable/src/test/java/com/synopsys/integration/detectable/detectables/buildroot/unit/model/ParserTest.java b/detectable/src/test/java/com/synopsys/integration/detectable/detectables/buildroot/unit/model/ParserTest.java new file mode 100644 index 0000000000..02a9e3f030 --- /dev/null +++ b/detectable/src/test/java/com/synopsys/integration/detectable/detectables/buildroot/unit/model/ParserTest.java @@ -0,0 +1,73 @@ +package com.synopsys.integration.detectable.detectables.buildroot.unit.model; + +import java.util.Map; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; + +import org.junit.jupiter.api.Test; + +import com.synopsys.integration.detectable.detectables.buildroot.model.Parser; +import com.synopsys.integration.detectable.detectables.buildroot.model.ShowInfoComponent; + +public class ParserTest { + + private static String sourceJson = "{\n" + // + " \"busybox\": {\n" + // + " \"type\": \"target\",\n" + // + " \"name\": \"busybox\",\n" + // + " \"virtual\": false,\n" + // + " \"version\": \"1.36.1\",\n" + // + " \"licenses\": \"GPL-2.0, bzip2-1.0.4\",\n" + // + " \"license_files\": [\n" + // + " \"LICENSE\",\n" + // + " \"archival/libarchive/bz/LICENSE\"\n" + // + " ],\n" + // + " \"redistributable\": true,\n" + // + " \"dl_dir\": \"busybox\",\n" + // + " \"downloads\": [\n" + // + " {\n" + // + " \"source\": \"busybox-1.36.1.tar.bz2\",\n" + // + " \"uris\": [\n" + // + " \"https+https://www.busybox.net/downloads\",\n" + // + " \"https|urlencode+https://sources.buildroot.net/busybox\",\n" + // + " \"https|urlencode+https://sources.buildroot.net\"\n" + // + " ]\n" + // + " }\n" + // + " ],\n" + // + " \"stamp_dir\": \"output/build/busybox-1.36.1\",\n" + // + " \"source_dir\": \"output/build/busybox-1.36.1\",\n" + // + " \"build_dir\": \"output/build/busybox-1.36.1/\",\n" + // + " \"install_target\": true,\n" + // + " \"install_staging\": false,\n" + // + " \"install_images\": false,\n" + // + " \"dependencies\": [\n" + // + " \"host-skeleton\",\n" + // + " \"host-tar\",\n" + // + " \"skeleton\",\n" + // + " \"toolchain\"\n" + // + " ],\n" + // + " \"reverse_dependencies\": [],\n" + // + " \"cpe-id\": \"cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*\",\n" + // + " \"ignore_cves\": [\n" + // + " \"CVE-2022-28391\"\n" + // + " ]\n" + // + " }}"; + + @Test + public void testParse() { + Map nameComponentMap = new Parser().parse(sourceJson); + + assertEquals(1, nameComponentMap.size()); + + ShowInfoComponent busyBox = nameComponentMap.get("busybox"); + + assertNotNull(busyBox); + + assertEquals("busybox", busyBox.getName()); + assertEquals("target", busyBox.getType()); + assertEquals("1.36.1", busyBox.getVersion()); + assertEquals(4, busyBox.getDependencies().size()); + assertEquals(0, busyBox.getReverseDependencies().size()); + } +} diff --git a/detector/src/main/java/com/synopsys/integration/detector/base/DetectorType.java b/detector/src/main/java/com/synopsys/integration/detector/base/DetectorType.java index c93de2ea55..99d269f812 100644 --- a/detector/src/main/java/com/synopsys/integration/detector/base/DetectorType.java +++ b/detector/src/main/java/com/synopsys/integration/detector/base/DetectorType.java @@ -7,6 +7,7 @@ // TODO: Get as close to the software managing the packages as possible public enum DetectorType { // TODO: 8.0.0 Rename DetectorTypes BITBAKE, + BUILDROOT, CARGO, CARTHAGE, COCOAPODS, diff --git a/detector/src/main/java/com/synopsys/integration/detector/rule/builder/DetectableLookup.java b/detector/src/main/java/com/synopsys/integration/detector/rule/builder/DetectableLookup.java index 558c073b71..745b85d14c 100644 --- a/detector/src/main/java/com/synopsys/integration/detector/rule/builder/DetectableLookup.java +++ b/detector/src/main/java/com/synopsys/integration/detector/rule/builder/DetectableLookup.java @@ -55,7 +55,7 @@ private static DetectableCreatable findDetectableCreator( try { return (T) method.invoke(factory, environment); } catch (IllegalAccessException | InvocationTargetException e) { - throw new RuntimeException(); + throw new RuntimeException(e); } }; } diff --git a/src/main/java/com/synopsys/integration/detect/configuration/DetectConfigurationFactory.java b/src/main/java/com/synopsys/integration/detect/configuration/DetectConfigurationFactory.java index 8de8b7b503..bc6ace80f8 100644 --- a/src/main/java/com/synopsys/integration/detect/configuration/DetectConfigurationFactory.java +++ b/src/main/java/com/synopsys/integration/detect/configuration/DetectConfigurationFactory.java @@ -470,6 +470,7 @@ public DetectExecutableOptions createDetectExecutableOptions() { detectConfiguration.getPathOrNull(DetectProperties.DETECT_FLUTTER_PATH), detectConfiguration.getPathOrNull(DetectProperties.DETECT_GRADLE_PATH), detectConfiguration.getPathOrNull(DetectProperties.DETECT_MAVEN_PATH), + detectConfiguration.getPathOrNull(DetectProperties.DETECT_MAKE_PATH), detectConfiguration.getPathOrNull(DetectProperties.DETECT_NPM_PATH), detectConfiguration.getPathOrNull(DetectProperties.DETECT_PEAR_PATH), detectConfiguration.getPathOrNull(DetectProperties.DETECT_PIP_PATH), diff --git a/src/main/java/com/synopsys/integration/detect/configuration/DetectProperties.java b/src/main/java/com/synopsys/integration/detect/configuration/DetectProperties.java index 997e0864da..b3de7d1afc 100644 --- a/src/main/java/com/synopsys/integration/detect/configuration/DetectProperties.java +++ b/src/main/java/com/synopsys/integration/detect/configuration/DetectProperties.java @@ -52,6 +52,7 @@ import com.synopsys.integration.detect.tool.signaturescanner.enums.ExtendedSnippetMode; import com.synopsys.integration.detectable.detectables.bazel.WorkspaceRule; import com.synopsys.integration.detectable.detectables.bitbake.BitbakeDependencyType; +import com.synopsys.integration.detectable.detectables.buildroot.BuildrootDependencyType; import com.synopsys.integration.detectable.detectables.conan.cli.config.ConanDependencyType; import com.synopsys.integration.detectable.detectables.dart.pubdep.DartPubDependencyType; import com.synopsys.integration.detectable.detectables.go.gomod.GoModDependencyType; @@ -368,6 +369,14 @@ private DetectProperties() { .setGroups(DetectGroup.BITBAKE, DetectGroup.SOURCE_SCAN) .build(); + public static final NoneEnumListProperty DETECT_BUILDROOT_DEPENDENCY_TYPES_EXCLUDED = + NoneEnumListProperty.newBuilder("detect.buildroot.dependency.types.excluded", NoneEnum.NONE, BuildrootDependencyType.class) + .setInfo("Buildroot Excluded Dependency Types", DetectPropertyFromVersion.VERSION_9_5_0) + .setHelp("The dependency types to exclude from the results.") + .setExample("HOST") + .setGroups(DetectGroup.BUILDROOT, DetectGroup.SOURCE_SCAN) + .build(); + public static final NullableStringProperty DETECT_BLACKDUCK_SIGNATURE_SCANNER_ARGUMENTS = NullableStringProperty.newBuilder("detect.blackduck.signature.scanner.arguments") .setInfo("Signature Scanner Arguments", DetectPropertyFromVersion.VERSION_4_2_0) @@ -1075,14 +1084,24 @@ private DetectProperties() { .build(); public static final BooleanProperty DETECT_MAVEN_INCLUDE_SHADED_DEPENDENCIES = - BooleanProperty.newBuilder("detect.maven.include.shaded.dependencies",false) - .setInfo("Include Shaded Dependencies", DetectPropertyFromVersion.VERSION_9_5_0) - .setHelp( - "If set to true, Detect will include shaded dependencies as part of BOM.", - "A shaded dependency is packaged inside the uber jar of the direct or transitive dependency referenced in the project. Detect will find the use of maven-shade-plugin from original POM file and based on that will derive information for these dependencies. This property will only be supported in build mode just like all other MAVEN properties." - ) - .setGroups(DetectGroup.MAVEN, DetectGroup.SOURCE_SCAN) - .build(); + BooleanProperty.newBuilder("detect.maven.include.shaded.dependencies",false) + .setInfo("Include Shaded Dependencies", DetectPropertyFromVersion.VERSION_9_5_0) + .setHelp( + "If set to true, Detect will include shaded dependencies as part of BOM.", + "A shaded dependency is packaged inside the uber jar of the direct or transitive dependency referenced in the project. Detect will find the use of maven-shade-plugin from original POM file and based on that will derive information for these dependencies. This property will only be supported in build mode just like all other MAVEN properties." + ) + .setGroups(DetectGroup.MAVEN, DetectGroup.SOURCE_SCAN) + .build(); + + public static final NullablePathProperty DETECT_MAKE_PATH = + NullablePathProperty.newBuilder("detect.make.path") + .setInfo("Make Executable", DetectPropertyFromVersion.VERSION_9_5_0) + .setHelp( + "The path to the Make executable.", + "If set, Detect will use the given Make executable instead of searching for one." + ) + .setGroups(DetectGroup.BUILDROOT, DetectGroup.GLOBAL) + .build(); public static final BooleanProperty DETECT_NOTICES_REPORT = BooleanProperty.newBuilder("detect.notices.report", false) diff --git a/src/main/java/com/synopsys/integration/detect/configuration/DetectableOptionFactory.java b/src/main/java/com/synopsys/integration/detect/configuration/DetectableOptionFactory.java index df67cb576b..4f38bbca89 100644 --- a/src/main/java/com/synopsys/integration/detect/configuration/DetectableOptionFactory.java +++ b/src/main/java/com/synopsys/integration/detect/configuration/DetectableOptionFactory.java @@ -15,6 +15,8 @@ import com.synopsys.integration.detectable.detectables.bazel.WorkspaceRule; import com.synopsys.integration.detectable.detectables.bitbake.BitbakeDependencyType; import com.synopsys.integration.detectable.detectables.bitbake.BitbakeDetectableOptions; +import com.synopsys.integration.detectable.detectables.buildroot.BuildrootDependencyType; +import com.synopsys.integration.detectable.detectables.buildroot.BuildrootDetectableOptions; import com.synopsys.integration.detectable.detectables.clang.ClangDetectableOptions; import com.synopsys.integration.detectable.detectables.conan.cli.config.ConanCliOptions; import com.synopsys.integration.detectable.detectables.conan.cli.config.ConanDependencyType; @@ -86,6 +88,13 @@ public BitbakeDetectableOptions createBitbakeDetectableOptions() { return new BitbakeDetectableOptions(buildEnvName, sourceArguments, packageNames, searchDepth, getFollowSymLinks(), dependencyTypeFilter); } + public BuildrootDetectableOptions createBuildrootDetectableOptions() { + EnumListFilter dependencyTypeFilter = EnumListFilter.fromExcluded( + detectConfiguration.getValue(DetectProperties.DETECT_BUILDROOT_DEPENDENCY_TYPES_EXCLUDED).representedValueSet() + ); + return new BuildrootDetectableOptions(dependencyTypeFilter); + } + public ClangDetectableOptions createClangDetectableOptions() { Boolean cleanup = detectConfiguration.getValue(DetectProperties.DETECT_CLEANUP); return new ClangDetectableOptions(cleanup); diff --git a/src/main/java/com/synopsys/integration/detect/configuration/enumeration/DetectGroup.java b/src/main/java/com/synopsys/integration/detect/configuration/enumeration/DetectGroup.java index 11f3e79a18..94d6f02a79 100644 --- a/src/main/java/com/synopsys/integration/detect/configuration/enumeration/DetectGroup.java +++ b/src/main/java/com/synopsys/integration/detect/configuration/enumeration/DetectGroup.java @@ -40,6 +40,7 @@ public enum DetectGroup implements Group { //Detector Groups BAZEL("bazel", DETECTORS), BITBAKE("bitbake", DETECTORS), + BUILDROOT("buildroot", DETECTORS), CARGO("cargo", DETECTORS), CONAN("conan", DETECTORS), CONDA("conda", DETECTORS), diff --git a/src/main/java/com/synopsys/integration/detect/tool/detector/DetectorRuleFactory.java b/src/main/java/com/synopsys/integration/detect/tool/detector/DetectorRuleFactory.java index 1abbe51258..4fcb5039ff 100644 --- a/src/main/java/com/synopsys/integration/detect/tool/detector/DetectorRuleFactory.java +++ b/src/main/java/com/synopsys/integration/detect/tool/detector/DetectorRuleFactory.java @@ -2,6 +2,7 @@ import com.synopsys.integration.detect.tool.detector.factory.DetectDetectableFactory; import com.synopsys.integration.detectable.detectables.bitbake.BitbakeDetectable; +import com.synopsys.integration.detectable.detectables.buildroot.BuildrootDetectable; import com.synopsys.integration.detectable.detectables.cargo.CargoLockDetectable; import com.synopsys.integration.detectable.detectables.carthage.CarthageLockDetectable; import com.synopsys.integration.detectable.detectables.clang.ClangDetectable; @@ -82,6 +83,11 @@ public DetectorRuleSet createRules(DetectDetectableFactory detectableFactory) { .search().defaults(); }); + rules.addDetector(DetectorType.BUILDROOT, detector -> { + detector.entryPoint(BuildrootDetectable.class) + .search().defaults(); + }); + rules.addDetector(DetectorType.XCODE, detector -> { detector.entryPoint(XcodeWorkspaceDetectable.class) .search().defaults(); diff --git a/src/main/java/com/synopsys/integration/detect/tool/detector/executable/DetectExecutableOptions.java b/src/main/java/com/synopsys/integration/detect/tool/detector/executable/DetectExecutableOptions.java index 7461666a53..74071e5cd2 100644 --- a/src/main/java/com/synopsys/integration/detect/tool/detector/executable/DetectExecutableOptions.java +++ b/src/main/java/com/synopsys/integration/detect/tool/detector/executable/DetectExecutableOptions.java @@ -13,6 +13,7 @@ public class DetectExecutableOptions { private final Path flutterPath; private final Path gradleUserPath; private final Path mavenUserPath; + private final Path makeUserPath; private final Path npmUserPath; private final Path pearUserPath; private final Path pipUserPath; @@ -38,6 +39,7 @@ public DetectExecutableOptions( Path flutterPath, Path gradleUserPath, Path mavenUserPath, + Path makeUserPath, Path npmUserPath, Path pearUserPath, Path pipUserPath, @@ -62,6 +64,7 @@ public DetectExecutableOptions( this.flutterPath = flutterPath; this.gradleUserPath = gradleUserPath; this.mavenUserPath = mavenUserPath; + this.makeUserPath = makeUserPath; this.npmUserPath = npmUserPath; this.pearUserPath = pearUserPath; this.pipUserPath = pipUserPath; @@ -117,6 +120,10 @@ public Path getMavenUserPath() { return mavenUserPath; } + public Path getMakeUserPath() { + return makeUserPath; + } + public Path getNpmUserPath() { return npmUserPath; } diff --git a/src/main/java/com/synopsys/integration/detect/tool/detector/executable/DetectExecutableResolver.java b/src/main/java/com/synopsys/integration/detect/tool/detector/executable/DetectExecutableResolver.java index 08054d8814..280fc1ead7 100644 --- a/src/main/java/com/synopsys/integration/detect/tool/detector/executable/DetectExecutableResolver.java +++ b/src/main/java/com/synopsys/integration/detect/tool/detector/executable/DetectExecutableResolver.java @@ -23,6 +23,7 @@ import com.synopsys.integration.detectable.detectable.executable.resolver.GradleResolver; import com.synopsys.integration.detectable.detectable.executable.resolver.JavaResolver; import com.synopsys.integration.detectable.detectable.executable.resolver.LernaResolver; +import com.synopsys.integration.detectable.detectable.executable.resolver.MakeResolver; import com.synopsys.integration.detectable.detectable.executable.resolver.MavenResolver; import com.synopsys.integration.detectable.detectable.executable.resolver.NpmResolver; import com.synopsys.integration.detectable.detectable.executable.resolver.PearResolver; @@ -36,7 +37,7 @@ public class DetectExecutableResolver implements JavaResolver, GradleResolver, BashResolver, ConanResolver, CondaResolver, CpanmResolver, CpanResolver, DartResolver, PearResolver, Rebar3Resolver, PythonResolver, PipResolver, - PipenvResolver, MavenResolver, NpmResolver, BazelResolver, + PipenvResolver, MavenResolver, NpmResolver, BazelResolver, MakeResolver, DockerResolver, GitResolver, SwiftResolver, GoResolver, LernaResolver, SbtResolver, FlutterResolver { private final DirectoryExecutableFinder directoryExecutableFinder; @@ -148,6 +149,11 @@ public ExecutableTarget resolveMaven(DetectableEnvironment environment) throws D return ExecutableTarget.forFile(resolveLocalNonCachedExecutable("mvnw", "mvn", environment, detectExecutableOptions.getMavenUserPath())); } + @Override + public ExecutableTarget resolveMake() throws DetectableException { + return ExecutableTarget.forFile(resolveCachedSystemExecutable("make", detectExecutableOptions.getMakeUserPath())); + } + @Override public ExecutableTarget resolveNpm(DetectableEnvironment environment) throws DetectableException { return ExecutableTarget.forFile(resolveLocalNonCachedExecutable("npm", "npm", environment, detectExecutableOptions.getNpmUserPath())); diff --git a/src/main/java/com/synopsys/integration/detect/tool/detector/factory/DetectDetectableFactory.java b/src/main/java/com/synopsys/integration/detect/tool/detector/factory/DetectDetectableFactory.java index 122b35722f..bb79f0aef9 100644 --- a/src/main/java/com/synopsys/integration/detect/tool/detector/factory/DetectDetectableFactory.java +++ b/src/main/java/com/synopsys/integration/detect/tool/detector/factory/DetectDetectableFactory.java @@ -9,6 +9,7 @@ import com.synopsys.integration.detectable.detectable.inspector.nuget.NugetInspectorResolver; import com.synopsys.integration.detectable.detectables.bazel.BazelDetectable; import com.synopsys.integration.detectable.detectables.bitbake.BitbakeDetectable; +import com.synopsys.integration.detectable.detectables.buildroot.BuildrootDetectable; import com.synopsys.integration.detectable.detectables.cargo.CargoLockDetectable; import com.synopsys.integration.detectable.detectables.carthage.CarthageLockDetectable; import com.synopsys.integration.detectable.detectables.clang.ClangDetectable; @@ -112,6 +113,10 @@ public BitbakeDetectable createBitbakeDetectable(DetectableEnvironment environme return detectableFactory.createBitbakeDetectable(environment, detectableOptionFactory.createBitbakeDetectableOptions(), detectExecutableResolver); } + public BuildrootDetectable createBuildrootDetectable(DetectableEnvironment environment) { + return detectableFactory.createBuildrootDetectable(environment, detectableOptionFactory.createBuildrootDetectableOptions(), detectExecutableResolver); + } + public CargoLockDetectable createCargoDetectable(DetectableEnvironment environment) { return detectableFactory.createCargoDetectable(environment); } From aff1dd829deb8cbfc7f59cc596219de27cb40e74 Mon Sep 17 00:00:00 2001 From: Andrian Sevastyanov Date: Fri, 22 Mar 2024 14:09:16 -0600 Subject: [PATCH 02/10] BuildrootDetectableTest --- .../functional/BuildrootDetectableTest.java | 88 ++ .../functional/buildroot/make-show-info.json | 1005 +++++++++++++++++ 2 files changed, 1093 insertions(+) create mode 100644 detectable/src/test/java/com/synopsys/integration/detectable/detectables/buildroot/functional/BuildrootDetectableTest.java create mode 100644 detectable/src/test/resources/detectables/functional/buildroot/make-show-info.json diff --git a/detectable/src/test/java/com/synopsys/integration/detectable/detectables/buildroot/functional/BuildrootDetectableTest.java b/detectable/src/test/java/com/synopsys/integration/detectable/detectables/buildroot/functional/BuildrootDetectableTest.java new file mode 100644 index 0000000000..4c1feb970f --- /dev/null +++ b/detectable/src/test/java/com/synopsys/integration/detectable/detectables/buildroot/functional/BuildrootDetectableTest.java @@ -0,0 +1,88 @@ +package com.synopsys.integration.detectable.detectables.buildroot.functional; + +import static org.junit.jupiter.api.Assertions.assertEquals; + +import java.io.IOException; + +import org.jetbrains.annotations.NotNull; + +import com.synopsys.integration.bdio.model.externalid.ExternalId; +import com.synopsys.integration.bdio.model.externalid.ExternalIdFactory; +import com.synopsys.integration.detectable.Detectable; +import com.synopsys.integration.detectable.DetectableEnvironment; +import com.synopsys.integration.detectable.ExecutableTarget; +import com.synopsys.integration.detectable.detectable.util.EnumListFilter; +import com.synopsys.integration.detectable.detectables.buildroot.BuildrootDependencyType; +import com.synopsys.integration.detectable.detectables.buildroot.BuildrootDetectableOptions; +import com.synopsys.integration.detectable.detectables.buildroot.BuildrootExtractor; +import com.synopsys.integration.detectable.extraction.Extraction; +import com.synopsys.integration.detectable.functional.DetectableFunctionalTest; +import com.synopsys.integration.detectable.util.FunctionalTestFiles; +import com.synopsys.integration.detectable.util.graph.NameVersionGraphAssert; + +public class BuildrootDetectableTest extends DetectableFunctionalTest { + public BuildrootDetectableTest() throws IOException { + super("buildroot"); + } + + @Override + protected void setup() throws IOException { + addFile(".config"); + addFile("Makefile"); + + addExecutableOutput( + createStandardOutput( + FunctionalTestFiles.asString("/buildroot/make-show-info.json") + ), + new String[] { + "make", + "show-info" + } + ); + } + + @Override + public @NotNull Detectable create(@NotNull DetectableEnvironment detectableEnvironment) { + return detectableFactory.createBuildrootDetectable( + detectableEnvironment, + new BuildrootDetectableOptions( + EnumListFilter.fromExcluded(BuildrootDependencyType.HOST) + ), + () -> ExecutableTarget.forCommand("make") + ); + } + + @Override + public void assertExtraction(@NotNull Extraction extraction) { + assertEquals(1, extraction.getCodeLocations().size()); + + ExternalIdFactory factory = new ExternalIdFactory(); + ExternalId busyboxId = factory.createNameVersionExternalId(BuildrootExtractor.forge, "busybox", "1.36.1"); + ExternalId gccId = factory.createNameVersionExternalId(BuildrootExtractor.forge, "gcc-final", "12.3.0"); + + ExternalId glibcId = factory.createNameVersionExternalId( + BuildrootExtractor.forge, + "glibc", + "2.38-44-gd37c2b20a4787463d192b32041c3406c2bd91de0" + ); + ExternalId linuxHeadersId = factory.createNameVersionExternalId(BuildrootExtractor.forge, "linux-headers", "6.6.18"); + + ExternalId libtoolId = factory.createNameVersionExternalId(BuildrootExtractor.forge, "libtool", "2.4.6"); + + + NameVersionGraphAssert graphAssert = new NameVersionGraphAssert( + BuildrootExtractor.forge, + extraction.getCodeLocations().get(0).getDependencyGraph() + ); + + graphAssert.hasDependency(busyboxId); + graphAssert.hasDependency(gccId); + graphAssert.hasDependency(glibcId); + graphAssert.hasDependency(linuxHeadersId); + + graphAssert.hasParentChildRelationship(glibcId, linuxHeadersId); + + graphAssert.hasNoDependency(libtoolId); + } + +} diff --git a/detectable/src/test/resources/detectables/functional/buildroot/make-show-info.json b/detectable/src/test/resources/detectables/functional/buildroot/make-show-info.json new file mode 100644 index 0000000000..96a0a8217a --- /dev/null +++ b/detectable/src/test/resources/detectables/functional/buildroot/make-show-info.json @@ -0,0 +1,1005 @@ +{ + "busybox": { + "type": "target", + "name": "busybox", + "virtual": false, + "version": "1.36.1", + "licenses": "GPL-2.0, bzip2-1.0.4", + "license_files": [ + "LICENSE", + "archival/libarchive/bz/LICENSE" + ], + "redistributable": true, + "dl_dir": "busybox", + "downloads": [ + { + "source": "busybox-1.36.1.tar.bz2", + "uris": [ + "https+https://www.busybox.net/downloads", + "https|urlencode+https://sources.buildroot.net/busybox", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/busybox-1.36.1", + "source_dir": "output/build/busybox-1.36.1", + "build_dir": "output/build/busybox-1.36.1/", + "install_target": true, + "install_staging": false, + "install_images": false, + "dependencies": [ + "host-skeleton", + "host-tar", + "skeleton", + "toolchain" + ], + "reverse_dependencies": [], + "cpe-id": "cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*", + "ignore_cves": [ + "CVE-2022-28391" + ] + }, + "gcc-final": { + "type": "target", + "name": "gcc-final", + "virtual": false, + "version": "12.3.0", + "licenses": "GPL-3.0-with-GCC-exception", + "license_files": [ + "COPYING.RUNTIME" + ], + "redistributable": true, + "dl_dir": "gcc", + "downloads": [ + { + "source": "gcc-12.3.0.tar.xz", + "uris": [ + "http+http://ftpmirror.gnu.org/gcc/gcc-12.3.0", + "https|urlencode+https://sources.buildroot.net/gcc", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/gcc-final-12.3.0", + "source_dir": "output/build/gcc-final-12.3.0", + "build_dir": "output/build/gcc-final-12.3.0/", + "install_target": true, + "install_staging": true, + "install_images": false, + "dependencies": [ + "host-gcc-final", + "host-skeleton", + "host-tar", + "skeleton" + ], + "reverse_dependencies": [ + "toolchain-buildroot" + ] + }, + "glibc": { + "type": "target", + "name": "glibc", + "virtual": false, + "version": "2.38-44-gd37c2b20a4787463d192b32041c3406c2bd91de0", + "licenses": "GPL-2.0+ (programs), LGPL-2.1+, BSD-3-Clause, MIT (library)", + "license_files": [ + "COPYING", + "COPYING.LIB", + "LICENSES" + ], + "redistributable": true, + "dl_dir": "glibc", + "downloads": [ + { + "source": "glibc-2.38-44-gd37c2b20a4787463d192b32041c3406c2bd91de0.tar.gz", + "uris": [ + "https+https://github.com/bminor/glibc/archive/2.38-44-gd37c2b20a4787463d192b32041c3406c2bd91de0", + "https|urlencode+https://sources.buildroot.net/glibc", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/glibc-2.38-44-gd37c2b20a4787463d192b32041c3406c2bd91de0", + "source_dir": "output/build/glibc-2.38-44-gd37c2b20a4787463d192b32041c3406c2bd91de0", + "build_dir": "output/build/glibc-2.38-44-gd37c2b20a4787463d192b32041c3406c2bd91de0/build", + "install_target": true, + "install_staging": true, + "install_images": false, + "dependencies": [ + "host-bison", + "host-gawk", + "host-gcc-initial", + "host-skeleton", + "host-tar", + "linux-headers", + "skeleton" + ], + "reverse_dependencies": [], + "cpe-id": "cpe:2.3:a:gnu:glibc:2.38:*:*:*:*:*:*:*", + "ignore_cves": [ + "CVE-2010-4756", + "CVE-2019-1010022", + "CVE-2019-1010023", + "CVE-2019-1010024", + "CVE-2019-1010025", + "CVE-2023-4527", + "CVE-2023-4806", + "CVE-2023-4911", + "CVE-2023-5156", + "CVE-2023-6246", + "CVE-2023-6779", + "CVE-2023-6780" + ] + }, + "host-acl": { + "type": "host", + "name": "acl", + "virtual": false, + "version": "2.3.2", + "licenses": "GPL-2.0+ (programs), LGPL-2.1+ (libraries)", + "license_files": [ + "doc/COPYING", + "doc/COPYING.LGPL" + ], + "redistributable": true, + "dl_dir": "acl", + "downloads": [ + { + "source": "acl-2.3.2.tar.xz", + "uris": [ + "https+https://download.savannah.nongnu.org/releases/acl", + "https|urlencode+https://sources.buildroot.net/acl", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/host-acl-2.3.2", + "source_dir": "output/build/host-acl-2.3.2", + "build_dir": "output/build/host-acl-2.3.2/", + "dependencies": [ + "host-attr", + "host-skeleton", + "host-tar" + ], + "reverse_dependencies": [], + "cpe-id": "cpe:2.3:a:acl_project:acl:2.3.2:*:*:*:*:*:*:*" + }, + "host-attr": { + "type": "host", + "name": "attr", + "virtual": false, + "version": "2.5.2", + "licenses": "GPL-2.0+ (programs), LGPL-2.1+ (libraries)", + "license_files": [ + "doc/COPYING", + "doc/COPYING.LGPL" + ], + "redistributable": true, + "dl_dir": "attr", + "downloads": [ + { + "source": "attr-2.5.2.tar.xz", + "uris": [ + "http+http://download.savannah.gnu.org/releases/attr", + "https|urlencode+https://sources.buildroot.net/attr", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/host-attr-2.5.2", + "source_dir": "output/build/host-attr-2.5.2", + "build_dir": "output/build/host-attr-2.5.2/", + "dependencies": [ + "host-autoconf", + "host-automake", + "host-libtool", + "host-skeleton", + "host-tar" + ], + "reverse_dependencies": [], + "cpe-id": "cpe:2.3:a:attr_project:attr:2.5.2:*:*:*:*:*:*:*" + }, + "host-autoconf": { + "type": "host", + "name": "autoconf", + "virtual": false, + "version": "2.72", + "licenses": "GPL-3.0+ with exceptions", + "license_files": [ + "COPYINGv3", + "COPYING.EXCEPTION" + ], + "redistributable": true, + "dl_dir": "autoconf", + "downloads": [ + { + "source": "autoconf-2.72.tar.xz", + "uris": [ + "http+http://ftpmirror.gnu.org/autoconf", + "https|urlencode+https://sources.buildroot.net/autoconf", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/host-autoconf-2.72", + "source_dir": "output/build/host-autoconf-2.72", + "build_dir": "output/build/host-autoconf-2.72/", + "dependencies": [ + "host-libtool", + "host-m4", + "host-skeleton", + "host-tar" + ], + "reverse_dependencies": [] + }, + "host-automake": { + "type": "host", + "name": "automake", + "virtual": false, + "version": "1.16.5", + "licenses": "GPL-2.0+", + "license_files": [ + "COPYING" + ], + "redistributable": true, + "dl_dir": "automake", + "downloads": [ + { + "source": "automake-1.16.5.tar.xz", + "uris": [ + "http+http://ftpmirror.gnu.org/automake", + "https|urlencode+https://sources.buildroot.net/automake", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/host-automake-1.16.5", + "source_dir": "output/build/host-automake-1.16.5", + "build_dir": "output/build/host-automake-1.16.5/", + "dependencies": [ + "host-autoconf", + "host-skeleton", + "host-tar" + ], + "reverse_dependencies": [], + "cpe-id": "cpe:2.3:a:gnu:automake:1.16.5:*:*:*:*:*:*:*" + }, + "host-binutils": { + "type": "host", + "name": "binutils", + "virtual": false, + "version": "2.41", + "licenses": "GPL-3.0+, libiberty LGPL-2.1+", + "license_files": [ + "COPYING3", + "COPYING.LIB" + ], + "redistributable": true, + "dl_dir": "binutils", + "downloads": [ + { + "source": "binutils-2.41.tar.xz", + "uris": [ + "http+http://ftpmirror.gnu.org/binutils", + "https|urlencode+https://sources.buildroot.net/binutils", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/host-binutils-2.41", + "source_dir": "output/build/host-binutils-2.41", + "build_dir": "output/build/host-binutils-2.41/", + "dependencies": [ + "host-skeleton", + "host-tar" + ], + "reverse_dependencies": [], + "cpe-id": "cpe:2.3:a:gnu:binutils:2.41:*:*:*:*:*:*:*" + }, + "host-bison": { + "type": "host", + "name": "bison", + "virtual": false, + "version": "3.8.2", + "licenses": "GPL-3.0+", + "license_files": [ + "COPYING" + ], + "redistributable": true, + "dl_dir": "bison", + "downloads": [ + { + "source": "bison-3.8.2.tar.xz", + "uris": [ + "http+http://ftpmirror.gnu.org/bison", + "https|urlencode+https://sources.buildroot.net/bison", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/host-bison-3.8.2", + "source_dir": "output/build/host-bison-3.8.2", + "build_dir": "output/build/host-bison-3.8.2/", + "dependencies": [ + "host-m4", + "host-skeleton", + "host-tar" + ], + "reverse_dependencies": [ + "glibc" + ], + "cpe-id": "cpe:2.3:a:gnu:bison:3.8.2:*:*:*:*:*:*:*" + }, + "host-fakeroot": { + "type": "host", + "name": "fakeroot", + "virtual": false, + "version": "1.32.1", + "licenses": "GPL-3.0+", + "license_files": [ + "COPYING" + ], + "redistributable": true, + "dl_dir": "fakeroot", + "downloads": [ + { + "source": "fakeroot_1.32.1.orig.tar.gz", + "uris": [ + "https+https://snapshot.debian.org/archive/debian/20230724T160429Z/pool/main/f/fakeroot", + "https|urlencode+https://sources.buildroot.net/fakeroot", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/host-fakeroot-1.32.1", + "source_dir": "output/build/host-fakeroot-1.32.1", + "build_dir": "output/build/host-fakeroot-1.32.1/", + "dependencies": [ + "host-acl", + "host-skeleton", + "host-tar" + ], + "reverse_dependencies": [] + }, + "host-gawk": { + "type": "host", + "name": "gawk", + "virtual": false, + "version": "5.3.0", + "licenses": "GPL-3.0+", + "license_files": [ + "COPYING" + ], + "redistributable": true, + "dl_dir": "gawk", + "downloads": [ + { + "source": "gawk-5.3.0.tar.xz", + "uris": [ + "http+http://ftpmirror.gnu.org/gawk", + "https|urlencode+https://sources.buildroot.net/gawk", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/host-gawk-5.3.0", + "source_dir": "output/build/host-gawk-5.3.0", + "build_dir": "output/build/host-gawk-5.3.0/", + "dependencies": [ + "host-skeleton", + "host-tar" + ], + "reverse_dependencies": [ + "glibc" + ] + }, + "host-gcc-final": { + "type": "host", + "name": "gcc-final", + "virtual": false, + "version": "12.3.0", + "licenses": "GPL-2.0, GPL-3.0, LGPL-2.1, LGPL-3.0", + "license_files": [ + "COPYING", + "COPYING3", + "COPYING.LIB", + "COPYING3.LIB" + ], + "redistributable": true, + "dl_dir": "gcc", + "downloads": [ + { + "source": "gcc-12.3.0.tar.xz", + "uris": [ + "http+http://ftpmirror.gnu.org/gcc/gcc-12.3.0", + "https|urlencode+https://sources.buildroot.net/gcc", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/host-gcc-final-12.3.0", + "source_dir": "output/build/host-gcc-final-12.3.0", + "build_dir": "output/build/host-gcc-final-12.3.0/build", + "dependencies": [ + "glibc", + "host-binutils", + "host-gmp", + "host-mpc", + "host-mpfr", + "host-skeleton", + "host-tar" + ], + "reverse_dependencies": [ + "gcc-final" + ] + }, + "host-gcc-initial": { + "type": "host", + "name": "gcc-initial", + "virtual": false, + "version": "12.3.0", + "licenses": "GPL-2.0, GPL-3.0, LGPL-2.1, LGPL-3.0", + "license_files": [ + "COPYING", + "COPYING3", + "COPYING.LIB", + "COPYING3.LIB" + ], + "redistributable": true, + "dl_dir": "gcc", + "downloads": [ + { + "source": "gcc-12.3.0.tar.xz", + "uris": [ + "http+http://ftpmirror.gnu.org/gcc/gcc-12.3.0", + "https|urlencode+https://sources.buildroot.net/gcc", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/host-gcc-initial-12.3.0", + "source_dir": "output/build/host-gcc-initial-12.3.0", + "build_dir": "output/build/host-gcc-initial-12.3.0/build", + "dependencies": [ + "host-binutils", + "host-gmp", + "host-mpc", + "host-mpfr", + "host-skeleton", + "host-tar" + ], + "reverse_dependencies": [ + "glibc" + ] + }, + "host-gmp": { + "type": "host", + "name": "gmp", + "virtual": false, + "version": "6.3.0", + "licenses": "LGPL-3.0+ or GPL-2.0+", + "license_files": [ + "COPYING.LESSERv3", + "COPYINGv2" + ], + "redistributable": true, + "dl_dir": "gmp", + "downloads": [ + { + "source": "gmp-6.3.0.tar.xz", + "uris": [ + "http+http://ftpmirror.gnu.org/gmp", + "https|urlencode+https://sources.buildroot.net/gmp", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/host-gmp-6.3.0", + "source_dir": "output/build/host-gmp-6.3.0", + "build_dir": "output/build/host-gmp-6.3.0/", + "dependencies": [ + "host-m4", + "host-skeleton", + "host-tar" + ], + "reverse_dependencies": [], + "cpe-id": "cpe:2.3:a:gmplib:gmp:6.3.0:*:*:*:*:*:*:*" + }, + "host-libtool": { + "type": "host", + "name": "libtool", + "virtual": false, + "version": "2.4.6", + "licenses": "GPL-2.0+ (libtool), LGPL-2.1+ (libltdl)", + "license_files": [ + "COPYING", + "libltdl/COPYING.LIB" + ], + "redistributable": true, + "dl_dir": "libtool", + "downloads": [ + { + "source": "libtool-2.4.6.tar.xz", + "uris": [ + "http+http://ftpmirror.gnu.org/libtool", + "https|urlencode+https://sources.buildroot.net/libtool", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/host-libtool-2.4.6", + "source_dir": "output/build/host-libtool-2.4.6", + "build_dir": "output/build/host-libtool-2.4.6/.", + "dependencies": [ + "host-m4", + "host-skeleton", + "host-tar" + ], + "reverse_dependencies": [], + "cpe-id": "cpe:2.3:a:gnu:libtool:2.4.6:*:*:*:*:*:*:*" + }, + "host-m4": { + "type": "host", + "name": "m4", + "virtual": false, + "version": "1.4.19", + "licenses": "GPL-3.0+", + "license_files": [ + "COPYING" + ], + "redistributable": true, + "dl_dir": "m4", + "downloads": [ + { + "source": "m4-1.4.19.tar.xz", + "uris": [ + "http+http://ftpmirror.gnu.org/m4", + "https|urlencode+https://sources.buildroot.net/m4", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/host-m4-1.4.19", + "source_dir": "output/build/host-m4-1.4.19", + "build_dir": "output/build/host-m4-1.4.19/", + "dependencies": [ + "host-skeleton", + "host-tar" + ], + "reverse_dependencies": [] + }, + "host-makedevs": { + "type": "host", + "name": "makedevs", + "virtual": false, + "version": "", + "licenses": "GPL-2.0", + "license_files": [], + "redistributable": true, + "dl_dir": "makedevs", + "downloads": [], + "stamp_dir": "output/build/host-makedevs", + "source_dir": "output/build/host-makedevs", + "build_dir": "output/build/host-makedevs/", + "dependencies": [ + "host-skeleton", + "host-tar" + ], + "reverse_dependencies": [] + }, + "host-mpc": { + "type": "host", + "name": "mpc", + "virtual": false, + "version": "1.2.1", + "licenses": "LGPL-3.0+", + "license_files": [ + "COPYING.LESSER" + ], + "redistributable": true, + "dl_dir": "mpc", + "downloads": [ + { + "source": "mpc-1.2.1.tar.gz", + "uris": [ + "http+http://ftpmirror.gnu.org/mpc", + "https|urlencode+https://sources.buildroot.net/mpc", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/host-mpc-1.2.1", + "source_dir": "output/build/host-mpc-1.2.1", + "build_dir": "output/build/host-mpc-1.2.1/", + "dependencies": [ + "host-gmp", + "host-mpfr", + "host-skeleton", + "host-tar" + ], + "reverse_dependencies": [] + }, + "host-mpfr": { + "type": "host", + "name": "mpfr", + "virtual": false, + "version": "4.1.1", + "licenses": "LGPL-3.0+", + "license_files": [ + "COPYING.LESSER" + ], + "redistributable": true, + "dl_dir": "mpfr", + "downloads": [ + { + "source": "mpfr-4.1.1.tar.xz", + "uris": [ + "http+http://www.mpfr.org/mpfr-4.1.1", + "https|urlencode+https://sources.buildroot.net/mpfr", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/host-mpfr-4.1.1", + "source_dir": "output/build/host-mpfr-4.1.1", + "build_dir": "output/build/host-mpfr-4.1.1/", + "dependencies": [ + "host-gmp", + "host-skeleton", + "host-tar" + ], + "reverse_dependencies": [], + "cpe-id": "cpe:2.3:a:mpfr:gnu_mpfr:4.1.1:*:*:*:*:*:*:*" + }, + "host-patchelf": { + "type": "host", + "name": "patchelf", + "virtual": false, + "version": "0.13", + "licenses": "GPL-3.0+", + "license_files": [ + "COPYING" + ], + "redistributable": true, + "dl_dir": "patchelf", + "downloads": [ + { + "source": "patchelf-0.13.tar.bz2", + "uris": [ + "https+https://github.com/NixOS/patchelf/releases/download/0.13", + "https|urlencode+https://sources.buildroot.net/patchelf", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/host-patchelf-0.13", + "source_dir": "output/build/host-patchelf-0.13", + "build_dir": "output/build/host-patchelf-0.13/", + "dependencies": [ + "host-skeleton", + "host-tar" + ], + "reverse_dependencies": [] + }, + "host-skeleton": { + "type": "host", + "name": "skeleton", + "virtual": false, + "version": "", + "licenses": "unknown", + "license_files": [], + "redistributable": true, + "dl_dir": "skeleton", + "downloads": [], + "stamp_dir": "output/build/host-skeleton", + "source_dir": "output/build/host-skeleton", + "build_dir": "output/build/host-skeleton/", + "dependencies": [], + "reverse_dependencies": [ + "busybox", + "gcc-final", + "glibc", + "host-patchelf", + "ifupdown-scripts", + "initscripts", + "linux-headers", + "skeleton", + "skeleton-init-common", + "skeleton-init-sysv", + "toolchain", + "toolchain-buildroot", + "urandom-scripts" + ] + }, + "host-tar": { + "type": "host", + "name": "tar", + "virtual": false, + "version": "1.34", + "licenses": "GPL-3.0+", + "license_files": [ + "COPYING" + ], + "redistributable": true, + "dl_dir": "tar", + "downloads": [ + { + "source": "tar-1.34.cpio.gz", + "uris": [ + "http+http://ftpmirror.gnu.org/tar", + "https|urlencode+https://sources.buildroot.net/tar", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/host-tar-1.34", + "source_dir": "output/build/host-tar-1.34", + "build_dir": "output/build/host-tar-1.34/", + "dependencies": [ + "host-skeleton" + ], + "reverse_dependencies": [ + "busybox", + "gcc-final", + "glibc", + "host-patchelf", + "ifupdown-scripts", + "initscripts", + "linux-headers", + "skeleton", + "skeleton-init-common", + "skeleton-init-sysv", + "toolchain", + "toolchain-buildroot", + "urandom-scripts" + ], + "cpe-id": "cpe:2.3:a:gnu:tar:1.34:*:*:*:*:*:*:*" + }, + "ifupdown-scripts": { + "type": "target", + "name": "ifupdown-scripts", + "virtual": false, + "version": "", + "licenses": "unknown", + "license_files": [], + "redistributable": true, + "dl_dir": "ifupdown-scripts", + "downloads": [], + "stamp_dir": "output/build/ifupdown-scripts", + "source_dir": "output/build/ifupdown-scripts", + "build_dir": "output/build/ifupdown-scripts/", + "install_target": true, + "install_staging": false, + "install_images": false, + "dependencies": [ + "host-skeleton", + "host-tar", + "skeleton", + "toolchain" + ], + "reverse_dependencies": [] + }, + "initscripts": { + "type": "target", + "name": "initscripts", + "virtual": false, + "version": "", + "licenses": "unknown", + "license_files": [], + "redistributable": true, + "dl_dir": "initscripts", + "downloads": [], + "stamp_dir": "output/build/initscripts", + "source_dir": "output/build/initscripts", + "build_dir": "output/build/initscripts/", + "install_target": true, + "install_staging": false, + "install_images": false, + "dependencies": [ + "host-skeleton", + "host-tar", + "skeleton", + "toolchain" + ], + "reverse_dependencies": [] + }, + "linux-headers": { + "type": "target", + "name": "linux-headers", + "virtual": false, + "version": "6.6.18", + "licenses": "GPL-2.0", + "license_files": [ + "COPYING", + "LICENSES/preferred/GPL-2.0", + "LICENSES/exceptions/Linux-syscall-note" + ], + "redistributable": true, + "dl_dir": "linux", + "downloads": [ + { + "source": "linux-6.6.18.tar.xz", + "uris": [ + "https+https://cdn.kernel.org/pub/linux/kernel/v6.x", + "https|urlencode+https://sources.buildroot.net/linux", + "https|urlencode+https://sources.buildroot.net" + ] + } + ], + "stamp_dir": "output/build/linux-headers-6.6.18", + "source_dir": "output/build/linux-headers-6.6.18", + "build_dir": "output/build/linux-headers-6.6.18/", + "install_target": true, + "install_staging": true, + "install_images": false, + "dependencies": [ + "host-skeleton", + "host-tar", + "skeleton" + ], + "reverse_dependencies": [ + "glibc" + ], + "cpe-id": "cpe:2.3:a:linux:linux_kernel:6.6.18:*:*:*:*:*:*:*" + }, + "rootfs-common": { + "type": "rootfs", + "image_name": null, + "dependencies": [ + "host-fakeroot", + "host-makedevs", + "host-tar" + ] + }, + "rootfs-tar": { + "type": "rootfs", + "image_name": "rootfs.tar", + "dependencies": [ + "host-tar", + "rootfs-common" + ] + }, + "skeleton": { + "type": "target", + "name": "skeleton", + "virtual": true, + "stamp_dir": "output/build/skeleton", + "source_dir": "output/build/skeleton", + "build_dir": "output/build/skeleton/", + "install_target": true, + "install_staging": false, + "install_images": false, + "dependencies": [ + "host-skeleton", + "host-tar", + "skeleton-init-sysv" + ], + "reverse_dependencies": [ + "busybox", + "gcc-final", + "glibc", + "ifupdown-scripts", + "initscripts", + "linux-headers", + "toolchain", + "toolchain-buildroot", + "urandom-scripts" + ] + }, + "skeleton-init-common": { + "type": "target", + "name": "skeleton-init-common", + "virtual": false, + "version": "", + "licenses": "unknown", + "license_files": [], + "redistributable": true, + "dl_dir": "skeleton-init-common", + "downloads": [], + "stamp_dir": "output/build/skeleton-init-common", + "source_dir": "output/build/skeleton-init-common", + "build_dir": "output/build/skeleton-init-common/", + "install_target": true, + "install_staging": true, + "install_images": false, + "dependencies": [ + "host-skeleton", + "host-tar" + ], + "reverse_dependencies": [ + "skeleton-init-sysv" + ] + }, + "skeleton-init-sysv": { + "type": "target", + "name": "skeleton-init-sysv", + "virtual": false, + "version": "", + "licenses": "unknown", + "license_files": [], + "redistributable": true, + "dl_dir": "skeleton-init-sysv", + "downloads": [], + "stamp_dir": "output/build/skeleton-init-sysv", + "source_dir": "output/build/skeleton-init-sysv", + "build_dir": "output/build/skeleton-init-sysv/", + "install_target": true, + "install_staging": false, + "install_images": false, + "dependencies": [ + "host-skeleton", + "host-tar", + "skeleton-init-common" + ], + "reverse_dependencies": [ + "skeleton" + ] + }, + "toolchain": { + "type": "target", + "name": "toolchain", + "virtual": true, + "stamp_dir": "output/build/toolchain", + "source_dir": "output/build/toolchain", + "build_dir": "output/build/toolchain/", + "install_target": true, + "install_staging": true, + "install_images": false, + "dependencies": [ + "host-skeleton", + "host-tar", + "skeleton", + "toolchain-buildroot" + ], + "reverse_dependencies": [ + "busybox", + "ifupdown-scripts", + "initscripts", + "urandom-scripts" + ] + }, + "toolchain-buildroot": { + "type": "target", + "name": "toolchain-buildroot", + "virtual": true, + "stamp_dir": "output/build/toolchain-buildroot", + "source_dir": "output/build/toolchain-buildroot", + "build_dir": "output/build/toolchain-buildroot/", + "install_target": true, + "install_staging": false, + "install_images": false, + "dependencies": [ + "gcc-final", + "host-skeleton", + "host-tar", + "skeleton" + ], + "reverse_dependencies": [ + "toolchain" + ] + }, + "urandom-scripts": { + "type": "target", + "name": "urandom-scripts", + "virtual": false, + "version": "", + "licenses": "unknown", + "license_files": [], + "redistributable": true, + "dl_dir": "urandom-scripts", + "downloads": [], + "stamp_dir": "output/build/urandom-scripts", + "source_dir": "output/build/urandom-scripts", + "build_dir": "output/build/urandom-scripts/", + "install_target": true, + "install_staging": false, + "install_images": false, + "dependencies": [ + "host-skeleton", + "host-tar", + "skeleton", + "toolchain" + ], + "reverse_dependencies": [] + } +} From ba2d59c5115ff073b6bee2ec4f873dfa27e79915 Mon Sep 17 00:00:00 2001 From: Andrian Sevastyanov Date: Fri, 22 Mar 2024 15:04:44 -0600 Subject: [PATCH 03/10] Better exception handling --- .../detectables/buildroot/BuildrootExtractor.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootExtractor.java b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootExtractor.java index 9c6beea50d..a58bb9bf9c 100644 --- a/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootExtractor.java +++ b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/buildroot/BuildrootExtractor.java @@ -6,6 +6,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.google.gson.JsonParseException; import com.synopsys.integration.bdio.graph.builder.LazyExternalIdDependencyGraphBuilder; import com.synopsys.integration.bdio.graph.builder.LazyId; import com.synopsys.integration.bdio.graph.builder.MissingExternalIdException; @@ -50,7 +51,12 @@ public Extraction extract(ExecutableTarget makeExe, File workingDirectory) throw String output = executableRunner.executeSuccessfully(ExecutableUtils.createFromTarget(workingDirectory, makeExe, "show-info")).getStandardOutput(); - Map components = parser.parse(output); + Map components; + try { + components = parser.parse(output); + } catch (JsonParseException e) { + return Extraction.failure("Unable to parse make show-info output"); + } LazyExternalIdDependencyGraphBuilder graph = new LazyExternalIdDependencyGraphBuilder(); From eda41f2453b6adb3c29a577717a3e06094ce1e1d Mon Sep 17 00:00:00 2001 From: shantyk <121134650+shantyk@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:28:23 -0600 Subject: [PATCH 04/10] Fix source of sonar scan failure. (#1075) --- .../ExternalIdDependencyGraphBuilder.java | 39 ++++++++++++------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/detectable/src/main/java/com/synopsys/integration/detectable/detectables/yarn/ExternalIdDependencyGraphBuilder.java b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/yarn/ExternalIdDependencyGraphBuilder.java index 1c569e7e9e..ad558d3b30 100644 --- a/detectable/src/main/java/com/synopsys/integration/detectable/detectables/yarn/ExternalIdDependencyGraphBuilder.java +++ b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/yarn/ExternalIdDependencyGraphBuilder.java @@ -16,7 +16,7 @@ public class ExternalIdDependencyGraphBuilder extends LazyExternalIdDependencyGraphBuilder { public LazyDependencyInfo checkAndHandleMissingExternalId(LazyBuilderMissingExternalIdHandler lazyBuilderHandler, LazyId lazyId) throws MissingExternalIdException { - LazyDependencyInfo lazyDependencyInfo = this.infoForId(lazyId); + LazyDependencyInfo lazyDependencyInfo = this.infoForIdCopy(lazyId); if (lazyDependencyInfo.getExternalId() == null) { ExternalId handledExternalId = lazyBuilderHandler.handleMissingExternalId(lazyId, lazyDependencyInfo); if (handledExternalId == null || lazyId == null) { @@ -36,7 +36,12 @@ public Set getRootLazyIds() { private final Map dependencyInfo = new HashMap<>(); - private LazyDependencyInfo infoForId(LazyId id) { + /** + * This method exactly duplicates the same method (minus -Copy suffix in method signature) from the parent class. + * @param id + * @return + */ + private LazyDependencyInfo infoForIdCopy(LazyId id) { LazyDependencyInfo info = dependencyInfo.get(id); if (info.getAliasId() != null) { info = dependencyInfo.get(info.getAliasId()); @@ -60,7 +65,7 @@ public BasicDependencyGraph build(LazyBuilderMissingExternalIdHandler lazyBuilde BasicDependencyGraph mutableDependencyGraph = new BasicDependencyGraph(); for (LazyId lazyId : dependencyInfo.keySet()) { - LazyDependencyInfo lazyDependencyInfo = infoForId(lazyId); + LazyDependencyInfo lazyDependencyInfo = infoForIdCopy(lazyId); if (lazyDependencyInfo.getExternalId() == null) { ExternalId handledExternalId = lazyBuilderHandler.handleMissingExternalId(lazyId, lazyDependencyInfo); if (handledExternalId == null || lazyId == null) { @@ -72,11 +77,11 @@ public BasicDependencyGraph build(LazyBuilderMissingExternalIdHandler lazyBuilde } for (LazyId lazyId : dependencyInfo.keySet()) { - LazyDependencyInfo lazyDependencyInfo = infoForId(lazyId); + LazyDependencyInfo lazyDependencyInfo = infoForIdCopy(lazyId); Dependency dependency = new Dependency(lazyDependencyInfo.getName(), lazyDependencyInfo.getVersion(), lazyDependencyInfo.getExternalId(), null); for (LazyId child : lazyDependencyInfo.getChildren()) { - LazyDependencyInfo childInfo = infoForId(child); + LazyDependencyInfo childInfo = infoForIdCopy(child); mutableDependencyGraph.addParentWithChild(dependency, new Dependency(childInfo.getName(), childInfo.getVersion(), childInfo.getExternalId(), null)); } @@ -89,21 +94,25 @@ public BasicDependencyGraph build(LazyBuilderMissingExternalIdHandler lazyBuilde return mutableDependencyGraph; } - private void ensureDependencyInfoExists(LazyId lazyId) { + /** + * This method exactly duplicates the same method (minus -Copy suffix in method signature) from the parent class. + * @param lazyId + */ + private void ensureDependencyInfoExistsCopy(LazyId lazyId) { dependencyInfo.computeIfAbsent(lazyId, key -> new LazyDependencyInfo()); } @Override public void setDependencyAsAlias(LazyId realLazyId, LazyId fakeLazyId) { - ensureDependencyInfoExists(realLazyId); - ensureDependencyInfoExists(fakeLazyId); + ensureDependencyInfoExistsCopy(realLazyId); + ensureDependencyInfoExistsCopy(fakeLazyId); LazyDependencyInfo info = dependencyInfo.get(fakeLazyId); info.setAliasId(realLazyId); } @Override public void setDependencyInfo(LazyId id, String name, String version, ExternalId externalId) { - ensureDependencyInfoExists(id); + ensureDependencyInfoExistsCopy(id); LazyDependencyInfo info = dependencyInfo.get(id); info.setName(name); info.setVersion(version); @@ -112,29 +121,29 @@ public void setDependencyInfo(LazyId id, String name, String version, ExternalId @Override public void setDependencyName(LazyId id, String name) { - ensureDependencyInfoExists(id); + ensureDependencyInfoExistsCopy(id); LazyDependencyInfo info = dependencyInfo.get(id); info.setName(name); } @Override public void setDependencyVersion(LazyId id, String version) { - ensureDependencyInfoExists(id); + ensureDependencyInfoExistsCopy(id); LazyDependencyInfo info = dependencyInfo.get(id); info.setVersion(version); } @Override public void setDependencyExternalId(LazyId id, ExternalId externalId) { - ensureDependencyInfoExists(id); + ensureDependencyInfoExistsCopy(id); LazyDependencyInfo info = dependencyInfo.get(id); info.setExternalId(externalId); } @Override public void addParentWithChild(LazyId parent, LazyId child) { - ensureDependencyInfoExists(child); - ensureDependencyInfoExists(parent); + ensureDependencyInfoExistsCopy(child); + ensureDependencyInfoExistsCopy(parent); dependencyInfo.get(parent).getChildren().add(child); } @@ -188,7 +197,7 @@ public void addChildWithParents(LazyId child, LazyId... parents) { @Override public void addChildToRoot(LazyId child) { - ensureDependencyInfoExists(child); + ensureDependencyInfoExistsCopy(child); rootLazyIds.add(child); } From e0724c16f0f0a231c280d82d53b8e4548c3c8c0d Mon Sep 17 00:00:00 2001 From: shanty Date: Thu, 21 Mar 2024 12:41:41 -0600 Subject: [PATCH 05/10] Rebase master after sonar cloud fixes went in post branch cut off. Update version in build.gradle to be 9.5.1-SNAPSHOT --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 70cf72a408..f450c10732 100644 --- a/build.gradle +++ b/build.gradle @@ -21,7 +21,7 @@ buildscript { group = 'com.synopsys.integration' -version = '9.6.0-SNAPSHOT' +version = '9.5.1-SNAPSHOT' apply plugin: 'com.synopsys.integration.solution' apply plugin: 'org.springframework.boot' From 6474ff6136b582e7919be586fb48dcf16cd918a9 Mon Sep 17 00:00:00 2001 From: shantyk <121134650+shantyk@users.noreply.github.com> Date: Thu, 21 Mar 2024 14:18:04 -0600 Subject: [PATCH 06/10] Sonar cloud fixes for 9.5 (#1077) * Fix sonar cloud complaint about using static access for parent class * Attempt at refactoring to reduce method complexity complaint by sonar * Update method name as per Dev's suggestion * Attempt at reducing method complexity from 22 to 17 * Reduce method complexity from 17 to less than 15 to resolve sonar cloud issue. --- .../maven/cli/MavenCodeLocationPackager.java | 5 +- .../detectables/yarn/YarnTransformer.java | 58 +++++++++++-------- 2 files changed, 37 insertions(+), 26 deletions(-) diff --git a/detectable/src/main/java/com/synopsys/integration/detectable/detectables/maven/cli/MavenCodeLocationPackager.java b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/maven/cli/MavenCodeLocationPackager.java index 565e9b3131..a2b1db8fb4 100644 --- a/detectable/src/main/java/com/synopsys/integration/detectable/detectables/maven/cli/MavenCodeLocationPackager.java +++ b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/maven/cli/MavenCodeLocationPackager.java @@ -4,7 +4,6 @@ import java.util.*; import java.util.regex.Pattern; -import com.synopsys.integration.detectable.detectables.projectinspector.ProjectInspectorParser; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -202,6 +201,10 @@ private void populateGraphDependencies(ExcludedIncludedWildcardFilter scopeFilte dependencyParentStack.push(dependency); } } + addShadedDependenciesToGraph(dependency); + } + + private void addShadedDependenciesToGraph(ScopedDependency dependency) { if(!shadedDependenciesConverted.isEmpty() && shadedDependenciesConverted.containsKey(dependency.getExternalId())) { for(Dependency childDependency: shadedDependenciesConverted.get(dependency.getExternalId())) { currentGraph.addParentWithChild(dependency, childDependency); diff --git a/detectable/src/main/java/com/synopsys/integration/detectable/detectables/yarn/YarnTransformer.java b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/yarn/YarnTransformer.java index 26edc01b14..e9b7af2862 100644 --- a/detectable/src/main/java/com/synopsys/integration/detectable/detectables/yarn/YarnTransformer.java +++ b/detectable/src/main/java/com/synopsys/integration/detectable/detectables/yarn/YarnTransformer.java @@ -134,7 +134,7 @@ private DependencyGraph buildGraphForProject( if (shouldInclude(entryName, entry.getVersion())) { LazyId id = generateComponentDependencyId(entryName, entry.getVersion()); graphBuilder.setDependencyInfo(id, entryName, entry.getVersion(), generateComponentExternalId(entryName, entry.getVersion())); - ExternalIdDependencyGraphBuilder.LazyDependencyInfo parentInfo = graphBuilder.checkAndHandleMissingExternalId(lazyBuilderHandler, id); + LazyExternalIdDependencyGraphBuilder.LazyDependencyInfo parentInfo = graphBuilder.checkAndHandleMissingExternalId(lazyBuilderHandler, id); Dependency parent = new Dependency(parentInfo.getName(), parentInfo.getVersion(), parentInfo.getExternalId(), null); mutableDependencyGraph.addDirectDependency(parent); collectYarnDependencies(lazyBuilderHandler, graphBuilder, mutableDependencyGraph, yarnLockResult, entry, resolvedEntryIdVersionMap, parent); @@ -158,35 +158,43 @@ private void collectYarnDependencies( ) throws MissingExternalIdException { for (YarnLockDependency dependency : entry.getDependencies()) { if (!isWorkspace(yarnLockResult.getWorkspaceData(), dependency)) { - Map idVersionMap = resolvedEntryIdVersionMap.get(dependency.getName()); - String dependencyVersion; - if (idVersionMap != null) { - dependencyVersion = idVersionMap.get(dependency.getVersion()); - if (dependencyVersion == null) { - if (idVersionMap.values().isEmpty()) { - logger.warn("Dependency {} with version definition {} not found in the Yarn map entries {}", dependency.getName(), dependency.getVersion(), idVersionMap.toString()); - dependencyVersion = dependency.getVersion(); - } else { - // 1. Choose first version. - dependencyVersion = (String) idVersionMap.values().toArray()[0]; - } - // 2. Try to auto-resolve to one of the versions. - } - } else { - dependencyVersion = dependency.getVersion(); - } + String dependencyVersion = getDependencyVersion(resolvedEntryIdVersionMap, dependency); LazyId stringDependencyId = generateComponentDependencyId(dependency.getName(), dependencyVersion); - if (yarnDependencyTypeFilter.shouldInclude(YarnDependencyType.NON_PRODUCTION) || !dependency.isOptional()) { - graphBuilder.setDependencyInfo(stringDependencyId, dependency.getName(), dependencyVersion, generateComponentExternalId(dependency.getName(), dependencyVersion)); - //graphBuilder.addChildWithParent(stringDependencyId, id); - LazyDependencyInfo childInfo = graphBuilder.checkAndHandleMissingExternalId(lazyBuilderHandler, stringDependencyId); - Dependency child = new Dependency(childInfo.getName(), childInfo.getVersion(), childInfo.getExternalId(), null); - mutableDependencyGraph.addChildWithParent(child, parent); + includeNonProductionOrOptionalIfNeeded(dependency, dependencyVersion, parent,lazyBuilderHandler, graphBuilder, mutableDependencyGraph, stringDependencyId); + } + } + } + private String getDependencyVersion(Map> resolvedEntryIdVersionMap, YarnLockDependency dependency) { + Map idVersionMap = resolvedEntryIdVersionMap.get(dependency.getName()); + String dependencyVersion; + if (idVersionMap != null) { + dependencyVersion = idVersionMap.get(dependency.getVersion()); + if (dependencyVersion == null) { + if (idVersionMap.values().isEmpty()) { + logger.warn("Dependency {} with version definition {} not found in the Yarn map entries {}", dependency.getName(), dependency.getVersion(), idVersionMap.toString()); + dependencyVersion = dependency.getVersion(); } else { - logger.trace("Excluding optional dependency: {}", stringDependencyId); + // 1. Choose first version. + dependencyVersion = (String) idVersionMap.values().toArray()[0]; } + // 2. Try to auto-resolve to one of the versions. } + } else { + dependencyVersion = dependency.getVersion(); + } + return dependencyVersion; + } + + private void includeNonProductionOrOptionalIfNeeded(YarnLockDependency dependency, String dependencyVersion, Dependency parent, LazyBuilderMissingExternalIdHandler lazyBuilderHandler, ExternalIdDependencyGraphBuilder graphBuilder, BasicDependencyGraph mutableDependencyGraph, LazyId stringDependencyId) throws MissingExternalIdException { + if (yarnDependencyTypeFilter.shouldInclude(YarnDependencyType.NON_PRODUCTION) || !dependency.isOptional()) { + graphBuilder.setDependencyInfo(stringDependencyId, dependency.getName(), dependencyVersion, generateComponentExternalId(dependency.getName(), dependencyVersion)); + LazyDependencyInfo childInfo = graphBuilder.checkAndHandleMissingExternalId(lazyBuilderHandler, stringDependencyId); + Dependency child = new Dependency(childInfo.getName(), childInfo.getVersion(), childInfo.getExternalId(), null); + mutableDependencyGraph.addChildWithParent(child, parent); + + } else { + logger.trace("Excluding optional dependency: {}", stringDependencyId); } } From dcb77c266bac745b18b3be744865d21a79b97d58 Mon Sep 17 00:00:00 2001 From: blackduck-serv-builder Date: Thu, 21 Mar 2024 17:34:00 -0400 Subject: [PATCH 07/10] Release 9.5.1-SIGQA1 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index f450c10732..b5542b4c29 100644 --- a/build.gradle +++ b/build.gradle @@ -21,7 +21,7 @@ buildscript { group = 'com.synopsys.integration' -version = '9.5.1-SNAPSHOT' +version = '9.5.1-SIGQA1' apply plugin: 'com.synopsys.integration.solution' apply plugin: 'org.springframework.boot' From b1b1f3724ab0e3ca4ec1fa2bd6f9162fcb71308d Mon Sep 17 00:00:00 2001 From: blackduck-serv-builder Date: Thu, 21 Mar 2024 17:43:37 -0400 Subject: [PATCH 08/10] Using the next snapshot post release 9.5.1-SIGQA2-SNAPSHOT --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index b5542b4c29..ebb6683a17 100644 --- a/build.gradle +++ b/build.gradle @@ -21,7 +21,7 @@ buildscript { group = 'com.synopsys.integration' -version = '9.5.1-SIGQA1' +version = '9.5.1-SIGQA2-SNAPSHOT' apply plugin: 'com.synopsys.integration.solution' apply plugin: 'org.springframework.boot' From 1509bf6ded9aa9e367f3f1fd6c852ea6605c3501 Mon Sep 17 00:00:00 2001 From: shanty Date: Thu, 21 Mar 2024 16:03:50 -0600 Subject: [PATCH 09/10] Update version in build.gradle to 9.5.0-SIGQA2-SNAPSHOT --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index ebb6683a17..226d46053a 100644 --- a/build.gradle +++ b/build.gradle @@ -21,7 +21,7 @@ buildscript { group = 'com.synopsys.integration' -version = '9.5.1-SIGQA2-SNAPSHOT' +version = '9.5.0-SIGQA2-SNAPSHOT' apply plugin: 'com.synopsys.integration.solution' apply plugin: 'org.springframework.boot' From 324d7b22dd46a5ae09d64f82633eecbee07fa38d Mon Sep 17 00:00:00 2001 From: shanty Date: Thu, 21 Mar 2024 16:31:33 -0600 Subject: [PATCH 10/10] Merge 9.5.z to master after sonar changes --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 226d46053a..70cf72a408 100644 --- a/build.gradle +++ b/build.gradle @@ -21,7 +21,7 @@ buildscript { group = 'com.synopsys.integration' -version = '9.5.0-SIGQA2-SNAPSHOT' +version = '9.6.0-SNAPSHOT' apply plugin: 'com.synopsys.integration.solution' apply plugin: 'org.springframework.boot'