-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #49 from siculo/issue/5-BOM-verification
Issue/5 bom verification
- Loading branch information
Showing
16 changed files
with
244 additions
and
64 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
package io.github.siculo.sbtbom | ||
|
||
class BomError(message: String) extends Exception(message) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
package io.github.siculo.sbtbom | ||
|
||
import io.github.siculo.sbtbom.PluginConstants._ | ||
import org.apache.commons.io.FileUtils | ||
import org.cyclonedx.model.Bom | ||
import org.cyclonedx.parsers.XmlParser | ||
import org.cyclonedx.{BomGeneratorFactory, CycloneDxSchema} | ||
import sbt._ | ||
|
||
import java.nio.charset.Charset | ||
import scala.collection.JavaConverters._ | ||
|
||
case class BomTaskProperties(report: UpdateReport, currentConfiguration: Configuration, log: Logger, schemaVersion: String) | ||
|
||
abstract class BomTask[T](protected val properties: BomTaskProperties) { | ||
|
||
def execute: T | ||
|
||
protected def getBomText: String = { | ||
val params: BomExtractorParams = extractorParams(currentConfiguration) | ||
val bom: Bom = new BomExtractor(params, report, log).bom | ||
val bomText: String = getXmlText(bom) | ||
logBomInfo(params, bom) | ||
bomText | ||
} | ||
|
||
protected def writeToFile(destFile: File, text: String): Unit = { | ||
FileUtils.write(destFile, text, Charset.forName("UTF-8"), false) | ||
} | ||
|
||
protected def validateBomFile(bomFile: File): Unit = { | ||
val parser = new XmlParser() | ||
val exceptions = parser.validate(bomFile, schemaVersion).asScala | ||
if (exceptions.nonEmpty) { | ||
val message = s"The BOM file ${bomFile.getAbsolutePath} does not conform to the CycloneDX BOM standard as defined by the XSD" | ||
log.error(s"$message:") | ||
exceptions.foreach { | ||
exception => | ||
log.error(s"- ${exception.getMessage}") | ||
} | ||
throw new BomError(message) | ||
} | ||
} | ||
|
||
@throws[BomError] | ||
protected def raiseException(message: String): Unit = { | ||
log.error(message) | ||
throw new BomError(message) | ||
} | ||
|
||
private def extractorParams(currentConfiguration: Configuration): BomExtractorParams = | ||
BomExtractorParams(schemaVersion, currentConfiguration) | ||
|
||
private def getXmlText(bom: Bom): String = { | ||
val bomGenerator = BomGeneratorFactory.createXml(schemaVersion, bom) | ||
bomGenerator.generate | ||
val bomText = bomGenerator.toXmlString | ||
bomText | ||
} | ||
|
||
protected def logBomInfo(params: BomExtractorParams, bom: Bom): Unit = { | ||
log.info(s"Schema version: ${schemaVersion.getVersionString}") | ||
// log.info(s"Serial number : ${bom.getSerialNumber}") | ||
log.info(s"Scope : ${params.configuration.id}") | ||
} | ||
|
||
protected def report: UpdateReport = properties.report | ||
|
||
protected def currentConfiguration: Configuration = properties.currentConfiguration | ||
|
||
protected def log: Logger = properties.log | ||
|
||
protected lazy val schemaVersion: CycloneDxSchema.Version = | ||
supportedVersions.find(_.getVersionString == properties.schemaVersion) match { | ||
case Some(foundVersion) => foundVersion | ||
case None => | ||
val message = s"Unsupported schema version ${properties.schemaVersion}" | ||
log.error(message) | ||
throw new BomError(message) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
package io.github.siculo.sbtbom | ||
|
||
class ListBomTask(properties: BomTaskProperties) extends BomTask[String](properties) { | ||
override def execute: String = { | ||
log.info("Creating bom") | ||
val bomText = getBomText | ||
log.info("Bom created") | ||
bomText | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
package io.github.siculo.sbtbom | ||
|
||
import sbt._ | ||
|
||
class MakeBomTask(properties: BomTaskProperties, | ||
bomFile: File) | ||
extends BomTask[File](properties) { | ||
|
||
override def execute: File = { | ||
log.info(s"Creating bom file ${bomFile.getAbsolutePath}") | ||
val bomText = getBomText | ||
writeToFile(bomFile, bomText) | ||
validateBomFile(bomFile) | ||
log.info(s"Bom file ${bomFile.getAbsolutePath} created") | ||
bomFile | ||
} | ||
} | ||
|
22 changes: 22 additions & 0 deletions
22
src/main/scala/io/github/siculo/sbtbom/PluginConstants.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
package io.github.siculo.sbtbom | ||
|
||
import org.cyclonedx.CycloneDxSchema | ||
|
||
object PluginConstants { | ||
val supportedVersions: Seq[CycloneDxSchema.Version] = Seq( | ||
CycloneDxSchema.Version.VERSION_10, | ||
CycloneDxSchema.Version.VERSION_11, | ||
CycloneDxSchema.Version.VERSION_12, | ||
CycloneDxSchema.Version.VERSION_13, | ||
CycloneDxSchema.Version.VERSION_14 | ||
) | ||
val defaultSupportedVersion = CycloneDxSchema.Version.VERSION_10 | ||
val supportedVersionsDescr: String = { | ||
supportedVersions.take(supportedVersions.size - 1).map(schemaVersionDescr).mkString(", ") + " or " + schemaVersionDescr(supportedVersions.last) | ||
} | ||
val defaultSupportedVersionDescr: String = schemaVersionDescr(defaultSupportedVersion) | ||
|
||
private def schemaVersionDescr(version: CycloneDxSchema.Version): String = { | ||
s""""${version.getVersionString}"""" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
package io.github.siculo.sbtbom.model | ||
|
||
case class License(name: String, url: Option[String]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
package io.github.siculo.sbtbom.model | ||
|
||
import org.cyclonedx.model.Component.{Scope, Type} | ||
|
||
case class Module( | ||
group: String, | ||
name: String, | ||
version: String, | ||
modified: Boolean, | ||
componentType: Type, | ||
componentScope: Scope, | ||
licenses: Seq[License] | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
import sbt.Keys._ | ||
|
||
lazy val root = (project in file(".")) | ||
.settings( | ||
name := "dependencies", | ||
version := "0.1", | ||
libraryDependencies ++= Dependencies.library, | ||
Test / bomFileName := "bom.xml", | ||
scalaVersion := "2.12.8", | ||
bomSchemaVersion := "999", | ||
check := Def.sequential( | ||
Compile / clean, | ||
Compile / compile, | ||
checkTask | ||
).value | ||
) | ||
|
||
lazy val check = taskKey[Unit]("check") | ||
lazy val checkTask = Def.task { | ||
val s: TaskStreams = streams.value | ||
s.log.info("Verifying makeBom param validation...") | ||
(Test / makeBom).value | ||
} |
15 changes: 15 additions & 0 deletions
15
src/sbt-test/schemaVersion/unsupported/project/Dependencies.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
import sbt._ | ||
|
||
object Dependencies { | ||
|
||
private val circeVersion = "0.10.0" | ||
private val scalatestVersion = "3.0.5" | ||
|
||
lazy val library = Seq( | ||
"io.circe" %% "circe-core" % circeVersion, | ||
"io.circe" %% "circe-generic" % circeVersion, | ||
"io.circe" %% "circe-parser" % circeVersion, | ||
"org.scalatest" %% "scalatest" % scalatestVersion % Test, | ||
) | ||
|
||
} |
1 change: 1 addition & 0 deletions
1
src/sbt-test/schemaVersion/unsupported/project/build.properties
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
sbt.version=1.5.2 |
17 changes: 17 additions & 0 deletions
17
src/sbt-test/schemaVersion/unsupported/project/plugins.sbt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
( | ||
sys.props.get("plugin.version"), | ||
sys.props.get("plugin.organization") | ||
) match { | ||
case (Some(version), Some(organization)) => | ||
addSbtPlugin(organization % "sbt-bom" % version) | ||
case (None, _) => | ||
sys.error( | ||
"""|The system property 'plugin.version' is not defined. | ||
|Specify this property using the scriptedLaunchOpts -D.""".stripMargin | ||
) | ||
case (_, None) => | ||
sys.error( | ||
"""|The system property 'plugin.organization' is not defined. | ||
|Specify this property using the scriptedLaunchOpts -D.""".stripMargin | ||
) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
-> check |
12 changes: 12 additions & 0 deletions
12
src/test/scala/io/github/siculo/sbtbom/PluginConstantsSpec.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
package io.github.siculo.sbtbom | ||
|
||
import org.scalatest.matchers.should.Matchers | ||
import org.scalatest.wordspec.AnyWordSpec | ||
|
||
class PluginConstantsSpec extends AnyWordSpec with Matchers { | ||
"PluginConstants" should { | ||
"return the description of the supported versions" in { | ||
PluginConstants.supportedVersionsDescr shouldBe """"1.0", "1.1", "1.2", "1.3" or "1.4"""" | ||
} | ||
} | ||
} |