登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
开源项目 > DevOps/运维/网管 > DevOps工具 &&
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
13 Star 119 Fork 33

GVP京东开源 / sbom-tool

代码 Issues 1 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
gradle_file_parser.go 4.47 KB
一键复制 编辑 原始数据 按行查看 历史
jdtdevops 提交于 2024-01-22 15:42 . fix: typo
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175
// Copyright (c) 2023 Jingdong Technology Information Technology Co., Ltd.

// SBOM-TOOL is licensed under Mulan PSL v2.

// You can use this software according to the terms and conditions of the Mulan PSL v2.

// You may obtain a copy of Mulan PSL v2 at:

//          http://license.coscl.org.cn/MulanPSL2

// THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,

// EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,

// MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.

// See the Mulan PSL v2 for more details.



package maven



import (

	"bufio"

	"io"

	"os"

	"strings"



	"gitee.com/JD-opensource/sbom-tool/pkg/inventory/pckg/collector"

	"gitee.com/JD-opensource/sbom-tool/pkg/model"

)



var trimStringArr = []string{"\"", "'", "(", ")"}



type Plugin struct {

	GroupID string

	Version string

}



// GradleFileParser is a parser for build.gradle

// see: https://docs.gradle.org/current/userguide/working_with_files.html

type GradleFileParser struct{}



// NewJavaGradleFileParser returns a new GradleFileParser

func NewJavaGradleFileParser() *GradleFileParser {

	return &GradleFileParser{}

}



func (m *GradleFileParser) Type() model.PkgType {

	return model.PkgTypeMaven

}



func (m *GradleFileParser) Matcher() collector.FileMatcher {

	return &collector.FilePatternMatcher{Patterns: []string{"*build.gradle*"}}

}



func (m *GradleFileParser) Parse(filePath string) ([]model.Package, error) {

	f, err := os.Open(filePath)

	if err != nil {

		return nil, err

	}

	defer func(f *os.File) {

		_ = f.Close()

	}(f)

	return parseGradleFile(f, filePath)

}



// parseGradleFile parses build.gradle

func parseGradleFile(reader io.Reader, sourcePath string) ([]model.Package, error) {

	var pkgs []model.Package

	var plugins []Plugin

	dependencyScanner := bufio.NewScanner(reader)

	dependenciesSign := false

	dependencyEndFlagNum := 0

	pluginsSign := false



	for dependencyScanner.Scan() {

		line := dependencyScanner.Text()

		line = strings.TrimSpace(line)

		if line == "" {

			continue

		}



		if strings.HasPrefix(line, "exclude") {

			continue

		}



		if strings.HasPrefix(line, "dependencies {") {

			dependenciesSign = true



			continue

		}



		if strings.HasPrefix(line, "plugins {") {

			pluginsSign = true



			continue

		}



		if line == "}" {

			if dependencyEndFlagNum > 0 {

				dependencyEndFlagNum = dependencyEndFlagNum - 1

				continue

			}

			if dependencyEndFlagNum == 0 {

				dependenciesSign = false

			}



			pluginsSign = false

			continue

		}



		if pluginsSign {

			fields := strings.Fields(line)

			if len(fields) >= 3 && strings.Contains(line, "version") {

				start := strings.Index(fields[0], "(") + 1

				end := strings.Index(fields[0], ")")

				if start < 1 || end < 0 || start >= end {

					continue

				}

				groupName := trimCustomString(fields[0][start:end], trimStringArr)

				version := trimCustomString(fields[2], trimStringArr)

				plugin := Plugin{GroupID: groupName, Version: version}

				plugins = append(plugins, plugin)

			}

		}



		if dependenciesSign {

			if strings.Contains(line, "{") {

				dependencyEndFlagNum = dependencyEndFlagNum + 1

			}



			if strings.Contains(line, "classpath") || strings.Contains(line, "project(") || strings.Contains(line, "fileTree(") {

				continue

			}



			start := strings.IndexFunc(line, func(r rune) bool {

				return r == '(' || r == ' '

			}) + 1



			end := len(line) - 1

			dependencyStr := trimCustomString(line[start:end], trimStringArr)

			dependencyParts := strings.Split(dependencyStr, ":")



			if len(dependencyParts) == 2 {

				artifactId := dependencyParts[1]

				version, groupId := getVersionAndGroupIDFromPlugins(dependencyParts[0], plugins)

				pkg := newPackage(groupId, artifactId, version, sourcePath)

				if pkg != nil {

					pkgs = append(pkgs, *pkg)

				}

			}

			if len(dependencyParts) == 3 || len(dependencyParts) == 4 {

				artifactId := dependencyParts[1]

				groupId := dependencyParts[0]

				version := dependencyParts[2]

				if strings.Contains(version, "$") || strings.Contains(version, "+") {

					version = ""

				}

				pkg := newPackage(groupId, artifactId, version, sourcePath)

				if pkg != nil {

					pkgs = append(pkgs, *pkg)

				}

			}

		}

	}



	return pkgs, nil

}



func getVersionAndGroupIDFromPlugins(group string, plugins []Plugin) (string, string) {

	for _, v := range plugins {

		if v.GroupID == group {

			return v.Version, v.GroupID

		}

	}

	return "", ""

}



func trimCustomString(line string, stringArr []string) string {

	for _, str := range stringArr {

		line = strings.ReplaceAll(line, str, "")

	}

	return strings.Trim(line, " ")

}
Go
1
https://gitee.com/JD-opensource/sbom-tool.git
git@gitee.com:JD-opensource/sbom-tool.git
JD-opensource
sbom-tool
sbom-tool
v0.1.0
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部