github.com/google/osv-scalibr@v0.4.1/extractor/filesystem/language/java/gradleverificationmetadataxml/gradleverificationmetadataxml.go (about) 1 // Copyright 2025 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Package gradleverificationmetadataxml extracts Gradle files. 16 package gradleverificationmetadataxml 17 18 import ( 19 "context" 20 "encoding/xml" 21 "fmt" 22 "path/filepath" 23 24 "github.com/google/osv-scalibr/extractor" 25 "github.com/google/osv-scalibr/extractor/filesystem" 26 "github.com/google/osv-scalibr/extractor/filesystem/language/java/javalockfile" 27 "github.com/google/osv-scalibr/inventory" 28 "github.com/google/osv-scalibr/plugin" 29 "github.com/google/osv-scalibr/purl" 30 ) 31 32 const ( 33 // Name is the unique name of this extractor. 34 Name = "java/gradleverificationmetadataxml" 35 ) 36 37 type gradleVerificationMetadataFile struct { 38 Components []struct { 39 Group string `xml:"group,attr"` 40 Name string `xml:"name,attr"` 41 Version string `xml:"version,attr"` 42 } `xml:"components>component"` 43 } 44 45 // Extractor extracts Maven packages from Gradle verification metadata files. 46 type Extractor struct{} 47 48 // New returns a new instance of the extractor. 49 func New() filesystem.Extractor { return &Extractor{} } 50 51 // Name of the extractor 52 func (e Extractor) Name() string { return Name } 53 54 // Version of the extractor 55 func (e Extractor) Version() int { return 0 } 56 57 // Requirements of the extractor 58 func (e Extractor) Requirements() *plugin.Capabilities { 59 return &plugin.Capabilities{} 60 } 61 62 // FileRequired returns true if the specified file matches Gradle verification metadata lockfile patterns. 63 func (e Extractor) FileRequired(api filesystem.FileAPI) bool { 64 path := api.Path() 65 return filepath.Base(filepath.Dir(path)) == "gradle" && filepath.Base(path) == "verification-metadata.xml" 66 } 67 68 // Extract extracts packages from verification-metadata.xml files passed through the scan input. 69 func (e Extractor) Extract(ctx context.Context, input *filesystem.ScanInput) (inventory.Inventory, error) { 70 var parsedLockfile *gradleVerificationMetadataFile 71 72 err := xml.NewDecoder(input.Reader).Decode(&parsedLockfile) 73 74 if err != nil { 75 return inventory.Inventory{}, fmt.Errorf("could not extract: %w", err) 76 } 77 78 packages := make([]*extractor.Package, 0, len(parsedLockfile.Components)) 79 80 for _, component := range parsedLockfile.Components { 81 packages = append(packages, &extractor.Package{ 82 Name: component.Group + ":" + component.Name, 83 Version: component.Version, 84 PURLType: purl.TypeMaven, 85 Metadata: &javalockfile.Metadata{ 86 ArtifactID: component.Name, 87 GroupID: component.Group, 88 }, 89 Locations: []string{input.Path}, 90 }) 91 } 92 93 return inventory.Inventory{Packages: packages}, nil 94 } 95 96 var _ filesystem.Extractor = Extractor{}