From ab9429d2517ffbadf27b75fe31143918007d6720 Mon Sep 17 00:00:00 2001 From: Rex P Date: Tue, 22 Oct 2024 15:47:38 +1100 Subject: [PATCH] Fix after refactor --- .../language/java/pomxmlnet/extractor.go | 28 ++++++++++++++----- .../language/java/pomxmlnet/extractor_test.go | 10 +++++-- pkg/osvscanner/osvscanner.go | 26 +++++++++++++++++ 3 files changed, 55 insertions(+), 9 deletions(-) diff --git a/internal/lockfilescalibr/language/java/pomxmlnet/extractor.go b/internal/lockfilescalibr/language/java/pomxmlnet/extractor.go index df989141faf..0fe2a502ed3 100644 --- a/internal/lockfilescalibr/language/java/pomxmlnet/extractor.go +++ b/internal/lockfilescalibr/language/java/pomxmlnet/extractor.go @@ -54,6 +54,15 @@ func (e Extractor) Extract(ctx context.Context, input *filesystem.ScanInput) ([] if err := datasource.NewMavenDecoder(input.Reader).Decode(&project); err != nil { return nil, fmt.Errorf("could not extract from %s: %w", input.Path, err) } + // Empty JDK and ActivationOS indicates merging the default profiles. + if err := project.MergeProfiles("", maven.ActivationOS{}); err != nil { + return nil, fmt.Errorf("failed to merge profiles: %w", err) + } + for _, repo := range project.Repositories { + if err := e.MavenRegistryAPIClient.AddRegistry(string(repo.URL)); err != nil { + return nil, fmt.Errorf("failed to add registry %s: %w", repo.URL, err) + } + } // Merging parents data by parsing local parent pom.xml or fetching from upstream. if err := mavenutil.MergeParents(ctx, e.MavenRegistryAPIClient, &project, project.Parent, 1, input.Path, true); err != nil { return nil, fmt.Errorf("failed to merge parents: %w", err) @@ -63,15 +72,19 @@ func (e Extractor) Extract(ctx context.Context, input *filesystem.ScanInput) ([] // - import dependency management // - fill in missing dependency version requirement project.ProcessDependencies(func(groupID, artifactID, version maven.String) (maven.DependencyManagement, error) { - root := maven.Parent{ProjectKey: maven.ProjectKey{GroupID: groupID, ArtifactID: artifactID, Version: version}} - var result maven.Project - if err := mavenutil.MergeParents(ctx, e.MavenRegistryAPIClient, &result, root, 0, input.Path, false); err != nil { - return maven.DependencyManagement{}, err - } - - return result.DependencyManagement, nil + return mavenutil.GetDependencyManagement(ctx, e.MavenRegistryAPIClient, groupID, artifactID, version) }) + if registries := e.MavenRegistryAPIClient.GetRegistries(); len(registries) > 0 { + clientRegs := make([]client.Registry, len(registries)) + for i, reg := range registries { + clientRegs[i] = client.Registry{URL: reg} + } + if err := e.DependencyClient.AddRegistries(clientRegs); err != nil { + return nil, err + } + } + overrideClient := client.NewOverrideClient(e.DependencyClient) resolver := mavenresolve.NewResolver(overrideClient) @@ -114,6 +127,7 @@ func (e Extractor) Extract(ctx context.Context, input *filesystem.ScanInput) ([] } overrideClient.AddVersion(root, reqs) + client.PreFetch(ctx, overrideClient, reqs, input.Path) g, err := resolver.Resolve(ctx, root.VersionKey) if err != nil { return nil, fmt.Errorf("failed resolving %v: %w", root, err) diff --git a/internal/lockfilescalibr/language/java/pomxmlnet/extractor_test.go b/internal/lockfilescalibr/language/java/pomxmlnet/extractor_test.go index b3e7996e695..5eb95ab9a79 100644 --- a/internal/lockfilescalibr/language/java/pomxmlnet/extractor_test.go +++ b/internal/lockfilescalibr/language/java/pomxmlnet/extractor_test.go @@ -237,7 +237,8 @@ func TestExtractor_Extract(t *testing.T) { resolutionClient := clienttest.NewMockResolutionClient(t, "testdata/universe/basic-universe.yaml") extr := pomxmlnet.Extractor{ - DependencyClient: resolutionClient, + DependencyClient: resolutionClient, + MavenRegistryAPIClient: &datasource.MavenRegistryAPIClient{}, } scanInput := extracttest.GenerateScanInputMock(t, tt.InputConfig) @@ -339,10 +340,15 @@ func TestExtractor_Extract_WithMockServer(t *testing.T) { `)) + apiClient, err := datasource.NewMavenRegistryAPIClient(srv.URL) + if err != nil { + t.Fatalf("%v", err) + } + resolutionClient := clienttest.NewMockResolutionClient(t, "testdata/universe/basic-universe.yaml") extr := pomxmlnet.Extractor{ DependencyClient: resolutionClient, - MavenRegistryAPIClient: datasource.NewMavenRegistryAPIClient(srv.URL), + MavenRegistryAPIClient: apiClient, } scanInput := extracttest.GenerateScanInputMock(t, tt.InputConfig) diff --git a/pkg/osvscanner/osvscanner.go b/pkg/osvscanner/osvscanner.go index c4c9c929cf3..3a38c14fcd5 100644 --- a/pkg/osvscanner/osvscanner.go +++ b/pkg/osvscanner/osvscanner.go @@ -19,6 +19,7 @@ import ( "github.com/google/osv-scanner/internal/depsdev" "github.com/google/osv-scanner/internal/image" "github.com/google/osv-scanner/internal/local" + "github.com/google/osv-scanner/internal/lockfilescalibr/language/java/pomxmlnet" "github.com/google/osv-scanner/internal/manifest" "github.com/google/osv-scanner/internal/output" "github.com/google/osv-scanner/internal/resolution/client" @@ -457,6 +458,31 @@ func extractMavenDeps(f lockfile.DepFile, actions TransitiveScanningActions) (lo }, err } +func createMavenExtractor(actions TransitiveScanningActions) (*pomxmlnet.Extractor, error) { + var depClient client.DependencyClient + var err error + if actions.NativeDataSource { + depClient, err = client.NewMavenRegistryClient(actions.MavenRegistry) + } else { + depClient, err = client.NewDepsDevClient(depsdev.DepsdevAPI) + } + if err != nil { + return nil, err + } + + mavenClient, err := datasource.NewMavenRegistryAPIClient(actions.MavenRegistry) + if err != nil { + return nil, err + } + + extractor := pomxmlnet.Extractor{ + DependencyClient: depClient, + MavenRegistryAPIClient: mavenClient, + } + + return &extractor, nil +} + // scanSBOMFile will load, identify, and parse the SBOM path passed in, and add the dependencies specified // within to `query` func scanSBOMFile(r reporter.Reporter, path string, fromFSScan bool) ([]scannedPackage, error) {