Fix after refactor

google · Oct 22, 2024 · ab9429d · ab9429d
1 parent 29ad35f
commit ab9429d
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 9 deletions.
diff --git a/internal/lockfilescalibr/language/java/pomxmlnet/extractor.go b/internal/lockfilescalibr/language/java/pomxmlnet/extractor.go
@@ -54,6 +54,15 @@ func (e Extractor) Extract(ctx context.Context, input *filesystem.ScanInput) ([]
 	if err := datasource.NewMavenDecoder(input.Reader).Decode(&project); err != nil {
 		return nil, fmt.Errorf("could not extract from %s: %w", input.Path, err)
 	}
+	// Empty JDK and ActivationOS indicates merging the default profiles.
+	if err := project.MergeProfiles("", maven.ActivationOS{}); err != nil {
+		return nil, fmt.Errorf("failed to merge profiles: %w", err)
+	}
+	for _, repo := range project.Repositories {
+		if err := e.MavenRegistryAPIClient.AddRegistry(string(repo.URL)); err != nil {
+			return nil, fmt.Errorf("failed to add registry %s: %w", repo.URL, err)
+		}
+	}
 	// Merging parents data by parsing local parent pom.xml or fetching from upstream.
 	if err := mavenutil.MergeParents(ctx, e.MavenRegistryAPIClient, &project, project.Parent, 1, input.Path, true); err != nil {
 		return nil, fmt.Errorf("failed to merge parents: %w", err)
@@ -63,15 +72,19 @@ func (e Extractor) Extract(ctx context.Context, input *filesystem.ScanInput) ([]
 	//  - import dependency management
 	//  - fill in missing dependency version requirement
 	project.ProcessDependencies(func(groupID, artifactID, version maven.String) (maven.DependencyManagement, error) {
-		root := maven.Parent{ProjectKey: maven.ProjectKey{GroupID: groupID, ArtifactID: artifactID, Version: version}}
-		var result maven.Project
-		if err := mavenutil.MergeParents(ctx, e.MavenRegistryAPIClient, &result, root, 0, input.Path, false); err != nil {
-			return maven.DependencyManagement{}, err
-		}
-
-		return result.DependencyManagement, nil
+		return mavenutil.GetDependencyManagement(ctx, e.MavenRegistryAPIClient, groupID, artifactID, version)
 	})
 
+	if registries := e.MavenRegistryAPIClient.GetRegistries(); len(registries) > 0 {
+		clientRegs := make([]client.Registry, len(registries))
+		for i, reg := range registries {
+			clientRegs[i] = client.Registry{URL: reg}
+		}
+		if err := e.DependencyClient.AddRegistries(clientRegs); err != nil {
+			return nil, err
+		}
+	}
+
 	overrideClient := client.NewOverrideClient(e.DependencyClient)
 	resolver := mavenresolve.NewResolver(overrideClient)
 
@@ -114,6 +127,7 @@ func (e Extractor) Extract(ctx context.Context, input *filesystem.ScanInput) ([]
 	}
 	overrideClient.AddVersion(root, reqs)
 
+	client.PreFetch(ctx, overrideClient, reqs, input.Path)
 	g, err := resolver.Resolve(ctx, root.VersionKey)
 	if err != nil {
 		return nil, fmt.Errorf("failed resolving %v: %w", root, err)

diff --git a/internal/lockfilescalibr/language/java/pomxmlnet/extractor_test.go b/internal/lockfilescalibr/language/java/pomxmlnet/extractor_test.go
@@ -237,7 +237,8 @@ func TestExtractor_Extract(t *testing.T) {
 
 			resolutionClient := clienttest.NewMockResolutionClient(t, "testdata/universe/basic-universe.yaml")
 			extr := pomxmlnet.Extractor{
-				DependencyClient: resolutionClient,
+				DependencyClient:       resolutionClient,
+				MavenRegistryAPIClient: &datasource.MavenRegistryAPIClient{},
 			}
 
 			scanInput := extracttest.GenerateScanInputMock(t, tt.InputConfig)
@@ -339,10 +340,15 @@ func TestExtractor_Extract_WithMockServer(t *testing.T) {
 	</project>
 	`))
 
+	apiClient, err := datasource.NewMavenRegistryAPIClient(srv.URL)
+	if err != nil {
+		t.Fatalf("%v", err)
+	}
+
 	resolutionClient := clienttest.NewMockResolutionClient(t, "testdata/universe/basic-universe.yaml")
 	extr := pomxmlnet.Extractor{
 		DependencyClient:       resolutionClient,
-		MavenRegistryAPIClient: datasource.NewMavenRegistryAPIClient(srv.URL),
+		MavenRegistryAPIClient: apiClient,
 	}
 
 	scanInput := extracttest.GenerateScanInputMock(t, tt.InputConfig)

diff --git a/pkg/osvscanner/osvscanner.go b/pkg/osvscanner/osvscanner.go
@@ -19,6 +19,7 @@ import (
 	"github.com/google/osv-scanner/internal/depsdev"
 	"github.com/google/osv-scanner/internal/image"
 	"github.com/google/osv-scanner/internal/local"
+	"github.com/google/osv-scanner/internal/lockfilescalibr/language/java/pomxmlnet"
 	"github.com/google/osv-scanner/internal/manifest"
 	"github.com/google/osv-scanner/internal/output"
 	"github.com/google/osv-scanner/internal/resolution/client"
@@ -457,6 +458,31 @@ func extractMavenDeps(f lockfile.DepFile, actions TransitiveScanningActions) (lo
 	}, err
 }
 
+func createMavenExtractor(actions TransitiveScanningActions) (*pomxmlnet.Extractor, error) {
+	var depClient client.DependencyClient
+	var err error
+	if actions.NativeDataSource {
+		depClient, err = client.NewMavenRegistryClient(actions.MavenRegistry)
+	} else {
+		depClient, err = client.NewDepsDevClient(depsdev.DepsdevAPI)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	mavenClient, err := datasource.NewMavenRegistryAPIClient(actions.MavenRegistry)
+	if err != nil {
+		return nil, err
+	}
+
+	extractor := pomxmlnet.Extractor{
+		DependencyClient:       depClient,
+		MavenRegistryAPIClient: mavenClient,
+	}
+
+	return &extractor, nil
+}
+
 // scanSBOMFile will load, identify, and parse the SBOM path passed in, and add the dependencies specified
 // within to `query`
 func scanSBOMFile(r reporter.Reporter, path string, fromFSScan bool) ([]scannedPackage, error) {