github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/pkg/java_metadata.go

github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/pkg/java_metadata.go (about)

     1  package pkg
     2  
     3  import (
     4  	"strings"
     5  
     6  	"github.com/anchore/syft/internal"
     7  	"github.com/anchore/syft/syft/file"
     8  )
     9  
    10  var jenkinsPluginPomPropertiesGroupIDs = []string{
    11  	"io.jenkins.plugins",
    12  	"org.jenkins.plugins",
    13  	"org.jenkins-ci.plugins",
    14  	"io.jenkins-ci.plugins",
    15  	"com.cloudbees.jenkins.plugins",
    16  }
    17  
    18  // JavaMetadata encapsulates all Java ecosystem metadata for a package as well as an (optional) parent relationship.
    19  type JavaMetadata struct {
    20  	VirtualPath    string         `json:"virtualPath" cyclonedx:"virtualPath"` // we need to include the virtual path in cyclonedx documents to prevent deduplication of jars within jars
    21  	Manifest       *JavaManifest  `mapstructure:"Manifest" json:"manifest,omitempty"`
    22  	PomProperties  *PomProperties `mapstructure:"PomProperties" json:"pomProperties,omitempty" cyclonedx:"-"`
    23  	PomProject     *PomProject    `mapstructure:"PomProject" json:"pomProject,omitempty"`
    24  	ArchiveDigests []file.Digest  `hash:"ignore" json:"digest,omitempty"`
    25  	Parent         *Package       `hash:"ignore" json:"-"` // note: the parent cannot be included in the minimal definition of uniqueness since this field is not reproducible in an encode-decode cycle (is lossy).
    26  }
    27  
    28  // PomProperties represents the fields of interest extracted from a Java archive's pom.properties file.
    29  type PomProperties struct {
    30  	Path       string            `mapstructure:"path" json:"path"`
    31  	Name       string            `mapstructure:"name" json:"name"`
    32  	GroupID    string            `mapstructure:"groupId" json:"groupId" cyclonedx:"groupID"`
    33  	ArtifactID string            `mapstructure:"artifactId" json:"artifactId" cyclonedx:"artifactID"`
    34  	Version    string            `mapstructure:"version" json:"version"`
    35  	Scope      string            `mapstructure:"scope" json:"scope,omitempty"`
    36  	Extra      map[string]string `mapstructure:",remain" json:"extraFields,omitempty"`
    37  }
    38  
    39  // PomProject represents fields of interest extracted from a Java archive's pom.xml file. See https://maven.apache.org/ref/3.6.3/maven-model/maven.html for more details.
    40  type PomProject struct {
    41  	Path        string     `json:"path"`
    42  	Parent      *PomParent `json:"parent,omitempty"`
    43  	GroupID     string     `json:"groupId"`
    44  	ArtifactID  string     `json:"artifactId"`
    45  	Version     string     `json:"version"`
    46  	Name        string     `json:"name"`
    47  	Description string     `json:"description,omitempty"`
    48  	URL         string     `json:"url,omitempty"`
    49  }
    50  
    51  // PomParent contains the fields within the <parent> tag in a pom.xml file
    52  type PomParent struct {
    53  	GroupID    string `json:"groupId"`
    54  	ArtifactID string `json:"artifactId"`
    55  	Version    string `json:"version"`
    56  }
    57  
    58  // PkgTypeIndicated returns the package Type indicated by the data contained in the PomProperties.
    59  func (p PomProperties) PkgTypeIndicated() Type {
    60  	if internal.HasAnyOfPrefixes(p.GroupID, jenkinsPluginPomPropertiesGroupIDs...) || strings.Contains(p.GroupID, ".jenkins.plugin") {
    61  		return JenkinsPluginPkg
    62  	}
    63  
    64  	return JavaPkg
    65  }
    66  
    67  // JavaManifest represents the fields of interest extracted from a Java archive's META-INF/MANIFEST.MF file.
    68  type JavaManifest struct {
    69  	Main          map[string]string            `json:"main,omitempty"`
    70  	NamedSections map[string]map[string]string `json:"namedSections,omitempty"`
    71  }