-
Notifications
You must be signed in to change notification settings - Fork 511
/
java_metadata.go
78 lines (65 loc) · 3.21 KB
/
java_metadata.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
package pkg
import (
"strings"
"github.com/anchore/syft/syft/linux"
"github.com/anchore/syft/internal"
)
var _ urlIdentifier = (*JavaMetadata)(nil)
var jenkinsPluginPomPropertiesGroupIDs = []string{
"io.jenkins.plugins",
"org.jenkins.plugins",
"org.jenkins-ci.plugins",
"io.jenkins-ci.plugins",
"com.cloudbees.jenkins.plugins",
}
// JavaMetadata encapsulates all Java ecosystem metadata for a package as well as an (optional) parent relationship.
type JavaMetadata struct {
VirtualPath string `json:"virtualPath"`
Manifest *JavaManifest `mapstructure:"Manifest" json:"manifest,omitempty"`
PomProperties *PomProperties `mapstructure:"PomProperties" json:"pomProperties,omitempty" cyclonedx:"-"`
PomProject *PomProject `mapstructure:"PomProject" json:"pomProject,omitempty"`
PURL string `hash:"ignore" json:"-"` // pURLs and CPEs are ignored for package IDs
Parent *Package `hash:"ignore" json:"-"` // note: the parent cannot be included in the minimal definition of uniqueness since this field is not reproducible in an encode-decode cycle (is lossy).
}
// PomProperties represents the fields of interest extracted from a Java archive's pom.properties file.
type PomProperties struct {
Path string `mapstructure:"path" json:"path"`
Name string `mapstructure:"name" json:"name"`
GroupID string `mapstructure:"groupId" json:"groupId" cyclonedx:"groupID"`
ArtifactID string `mapstructure:"artifactId" json:"artifactId" cyclonedx:"artifactID"`
Version string `mapstructure:"version" json:"version"`
Extra map[string]string `mapstructure:",remain" json:"extraFields"`
}
// PomProject represents fields of interest extracted from a Java archive's pom.xml file. See https://maven.apache.org/ref/3.6.3/maven-model/maven.html for more details.
type PomProject struct {
Path string `json:"path"`
Parent *PomParent `json:"parent,omitempty"`
GroupID string `json:"groupId"`
ArtifactID string `json:"artifactId"`
Version string `json:"version"`
Name string `json:"name"`
Description string `json:"description,omitempty"`
URL string `json:"url,omitempty"`
}
// PomParent contains the fields within the <parent> tag in a pom.xml file
type PomParent struct {
GroupID string `json:"groupId"`
ArtifactID string `json:"artifactId"`
Version string `json:"version"`
}
// PkgTypeIndicated returns the package Type indicated by the data contained in the PomProperties.
func (p PomProperties) PkgTypeIndicated() Type {
if internal.HasAnyOfPrefixes(p.GroupID, jenkinsPluginPomPropertiesGroupIDs...) || strings.Contains(p.GroupID, ".jenkins.plugin") {
return JenkinsPluginPkg
}
return JavaPkg
}
// JavaManifest represents the fields of interest extracted from a Java archive's META-INF/MANIFEST.MF file.
type JavaManifest struct {
Main map[string]string `json:"main,omitempty"`
NamedSections map[string]map[string]string `json:"namedSections,omitempty"`
}
// PackageURL returns the PURL for the specific Maven package (see https://github.com/package-url/purl-spec)
func (m JavaMetadata) PackageURL(_ *linux.Release) string {
return m.PURL
}