Tweaks

Signed-off-by: Prabhu Subramanian <[email protected]>
CycloneDX · Dec 5, 2024 · 8eab486 · 8eab486
1 parent 86115e7
commit 8eab486
Show file tree

Hide file tree

Showing 7 changed files with 242 additions and 58 deletions.
diff --git a/lib/cli/index.js b/lib/cli/index.js
@@ -1303,6 +1303,8 @@ export async function createJavaBom(path, options) {
   // -t quarkus is supported
   let isQuarkus = options?.projectType?.includes("quarkus");
   let useMavenDepsTree = isQuarkus ? false : PREFER_MAVEN_DEPS_TREE;
+  // Is this a multi-module project
+  let rootModules;
   // maven - pom.xml
   const pomFiles = getAllFiles(
     path,
@@ -1318,10 +1320,14 @@ export async function createJavaBom(path, options) {
       // Quarkus projects require special treatment. To detect quarkus, we parse the first 3 maven file to look for a hit
       for (const pf of pomFiles.slice(0, 3)) {
         const pomMap = parsePom(pf);
+        if (!rootModules && pomMap?.modules?.length) {
+          rootModules = pomMap.modules;
+        }
         // In quarkus mode, we cannot use the maven deps tree
         if (pomMap.isQuarkus) {
           isQuarkus = true;
           useMavenDepsTree = false;
+          break;
         }
       }
     }
@@ -1361,6 +1367,16 @@ export async function createJavaBom(path, options) {
     let mavenCmd = getMavenCommand(path, path);
     for (const f of pomFiles) {
       const basePath = dirname(f);
+      if (
+        isQuarkus &&
+        !options.deep &&
+        rootModules?.includes(basename(basePath))
+      ) {
+        if (DEBUG_MODE) {
+          console.log("Skipped sub-module", basePath);
+        }
+        continue;
+      }
       const settingsXml = join(basePath, "settings.xml");
       if (existsSync(settingsXml)) {
         console.log(

diff --git a/lib/helpers/utils.js b/lib/helpers/utils.js
@@ -402,15 +402,12 @@ export function isFeatureEnabled(cliOptions, feature) {
     return true;
   }
   // Retry by replacing hyphens with underscore
-  if (
+  return !!(
     process.env[feature.replaceAll("-", "_").toUpperCase()] &&
     ["true", "1"].includes(
       process.env[feature.replaceAll("-", "_").toUpperCase()],
     )
-  ) {
-    return true;
-  }
-  return false;
+  );
 }
 
 /**
@@ -619,16 +616,10 @@ export function isSpdxLicenseExpression(license) {
   if (!license) {
     return false;
   }
-
   if (/[(\s]+/g.test(license)) {
     return true;
   }
-
-  if (license.endsWith("+")) {
-    return true; // GPL-2.0+ means GPL-2.0 or any later version, at the licensee’s option.
-  }
-
-  return false;
+  return !!license.endsWith("+");
 }
 
 /**
@@ -1065,8 +1056,8 @@ export async function parsePkgLock(pkgLockFile, options = {}) {
     const scope = node.dev === true ? "optional" : undefined;
     const integrity = node.integrity ? node.integrity : undefined;
 
-    let pkg = {};
-    let purlString = "";
+    let pkg;
+    let purlString;
     const author = node.package.author;
     const authorString =
       author instanceof Object
@@ -2516,10 +2507,12 @@ export async function parseMinJs(minJsFile) {
  * Parse pom file
  *
  * @param {string} pomFile pom file to parse
- * @returns {Object} Object containing pom properties and an array of dependencies
+ * @returns {Object} Object containing pom properties, modules, and array of dependencies
  */
 export function parsePom(pomFile) {
   const deps = [];
+  let modules;
+  let pomPurl;
   const properties = {};
   let isQuarkus = false;
   const xmlData = readFileSync(pomFile, "utf-8");
@@ -2536,11 +2529,37 @@ export function parsePom(pomFile) {
     "version",
     "name",
     "description",
+    "url",
+    "packaging",
   ]) {
     if (project?.[aprop]?._) {
       properties[aprop] = project[aprop]._;
     }
   }
+  // Take the version from the parent if available
+  if (!properties.version && project.parent) {
+    properties.version = project.parent.version._;
+  }
+  // Take the groupId from the parent if available
+  if (!properties.groupId && project.parent) {
+    properties.groupId = project.parent.groupId._;
+  }
+  if (project?.scm?.url?._) {
+    properties.scm = project.scm.url._;
+  }
+  if (properties.groupId || properties.artifactId) {
+    pomPurl = new PackageURL(
+      "maven",
+      properties.groupId || "",
+      properties.artifactId,
+      properties.version,
+      { type: properties.packaging || "jar" },
+      null,
+    ).toString();
+  }
+  if (project?.modules?.module) {
+    modules = project.modules.module.map((m) => m?._);
+  }
   if (project?.properties) {
     for (const aprop of Object.keys(project.properties)) {
       properties[aprop] = project.properties[aprop]?._;
@@ -2582,7 +2601,7 @@ export function parsePom(pomFile) {
         versionStr = version._;
       }
       if (versionStr?.includes("$")) {
-        versionStr = properties[versionStr.replace(/[${}]/g, "")];
+        versionStr = properties[versionStr?.replace(/[${}]/g, "")];
       }
       if (includeMavenTestScope || !adep.scope || adep.scope !== "test") {
         deps.push({
@@ -2613,7 +2632,7 @@ export function parsePom(pomFile) {
       }
     }
   }
-  return { isQuarkus, properties, dependencies: deps };
+  return { isQuarkus, pomPurl, modules, properties, dependencies: deps };
 }
 
 /**
@@ -3598,10 +3617,7 @@ export async function getMvnMetadata(
  */
 export function composePomXmlUrl({ urlPrefix, group, name, version }) {
   const groupPart = group.replace(/\./g, "/");
-  const fullUrl = `${
-    urlPrefix + groupPart
-  }/${name}/${version}/${name}-${version}.pom`;
-  return fullUrl;
+  return `${urlPrefix + groupPart}/${name}/${version}/${name}-${version}.pom`;
 }
 
 /**
@@ -3638,8 +3654,7 @@ export async function fetchPomXmlAsJson({ urlPrefix, group, name, version }) {
       return undefined;
     }
     const parentJson = xml2js(parentXml, options).project;
-    const result = { ...parentJson, ...pomJson };
-    return result;
+    return { ...parentJson, ...pomJson };
   }
   return pomJson;
 }
@@ -4463,7 +4478,7 @@ export async function parseReqFile(reqData, fetchDepsInfo) {
 export async function getPyModules(src, epkgList, options) {
   const allImports = {};
   const dependenciesList = [];
-  let modList = [];
+  let modList;
   const slicesFile = resolve(
     options.depsSlicesFile || options.usagesSlicesFile,
   );
@@ -4585,10 +4600,10 @@ export function parsePixiLockFile(pixiLockFileName, path) {
   const pixiLockData = _load(pixiFileData);
 
   // this function returns
-  let pkgList = [];
+  let pkgList;
   const formulationList = [];
   const rootList = [];
-  let dependenciesList = [];
+  let dependenciesList;
   // we do not set false because we have assumed that pixi lock is accurate
   const frozen = true;
 
@@ -4836,8 +4851,7 @@ export function getGithubUrlParts(repoUrl) {
     repoUrl = repoUrl.slice(0, -4);
   }
   repoUrl.replace(/\/$/, "");
-  const parts = repoUrl.split("/");
-  return parts;
+  return repoUrl.split("/");
 }
 
 /**
@@ -4985,7 +4999,6 @@ export async function getGoPkgLicense(repoMetadata) {
 }
 
 export async function getGoPkgComponent(group, name, version, hash) {
-  let pkg = {};
   let license = undefined;
   if (shouldFetchLicense()) {
     if (DEBUG_MODE) {
@@ -5002,7 +5015,7 @@ export async function getGoPkgComponent(group, name, version, hash) {
   const purlString = new PackageURL("golang", group, name, version)
     .toString()
     .replace(/%2F/g, "/");
-  pkg = {
+  return {
     group: group,
     name: name,
     version: version,
@@ -5011,7 +5024,6 @@ export async function getGoPkgComponent(group, name, version, hash) {
     purl: purlString,
     "bom-ref": decodeURIComponent(purlString),
   };
-  return pkg;
 }
 
 /**
@@ -7743,7 +7755,7 @@ export function parseNuspecData(nupkgFile, nuspecData) {
     }
     dependenciesMap[pkg["bom-ref"]] = dependsOn;
   } else if (m?.dependencies?.group) {
-    let dependencyGroups = [];
+    let dependencyGroups;
     if (Array.isArray(m.dependencies.group)) {
       dependencyGroups = m.dependencies.group;
     } else {
@@ -9530,8 +9542,7 @@ export async function collectGradleDependencies(
   for (const apom of pomFiles) {
     pomPathMap[basename(apom)] = apom;
   }
-  const jarNSMapping = await collectJarNS(GRADLE_CACHE_DIR, pomPathMap);
-  return jarNSMapping;
+  return await collectJarNS(GRADLE_CACHE_DIR, pomPathMap);
 }
 
 /**
@@ -9561,10 +9572,9 @@ export async function collectJarNS(jarPath, pomPathMap = {}) {
   const jarFiles = getAllFiles(jarPath, "**/*.jar");
   if (jarFiles?.length) {
     for (const jf of jarFiles) {
-      const jarname = jf;
       let pomname =
         pomPathMap[basename(jf).replace(".jar", ".pom")] ||
-        jarname.replace(".jar", ".pom");
+        jf.replace(".jar", ".pom");
       let pomData = undefined;
       let purl = undefined;
       // In some cases, the pom name might be slightly different to the jar name
@@ -9581,6 +9591,7 @@ export async function collectJarNS(jarPath, pomPathMap = {}) {
         }
       }
       if (existsSync(pomname)) {
+        // TODO: Replace with parsePom which contains pomPurl
         pomData = parsePomXml(readFileSync(pomname, { encoding: "utf-8" }));
         if (pomData) {
           const purlObj = new PackageURL(
@@ -9760,6 +9771,13 @@ export function convertJarNSToPackages(jarNSMapping) {
   return pkgList;
 }
 
+/**
+ * Deprecated function to parse pom.xml. Use parsePom instead.
+ *
+ * @deprecated
+ * @param pomXmlData XML contents
+ * @returns {Object} Parent component data
+ */
 export function parsePomXml(pomXmlData) {
   if (!pomXmlData) {
     return undefined;
@@ -10298,7 +10316,7 @@ export async function readZipEntry(
         break;
       }
     }
-    zip.close();
+    await zip.close();
   } catch (e) {
     console.log(e);
   }
@@ -10343,7 +10361,7 @@ export async function getJarClasses(jarFile) {
         );
       }
     }
-    zip.close();
+    await zip.close();
   } catch (e) {
     // node-stream-zip seems to fail on deno with a RangeError.
     // So we fallback to using jar -tf command
@@ -11771,7 +11789,7 @@ export function parseCmakeLikeFile(cmakeListFile, pkgType, options = {}) {
         const tmpB = (tmpA[1] || "")
           .trim()
           .replace(/["']/g, "")
-          .replace(/[ ]/g, ",")
+          .replace(/ /g, ",")
           .split(")")[0]
           .split(",")
           .filter((v) => v.length > 1);
@@ -11842,7 +11860,7 @@ export function parseCmakeLikeFile(cmakeListFile, pkgType, options = {}) {
         // find_package(Boost 1.79 COMPONENTS date_time)
         // find_library(PTHREADPOOL_LIB pthreadpool REQUIRED)
         if (tmpB) {
-          let working_name = undefined;
+          let working_name;
           if (l.startsWith("find_library")) {
             name_list.push(tmpB[1]);
             working_name = tmpB[1];
@@ -12030,7 +12048,7 @@ export function getCppModules(src, options, osPkgsList, epkgList) {
   const pkgType = "generic";
   const pkgList = [];
   const pkgAddedMap = {};
-  let sliceData = {};
+  let sliceData;
   const epkgMap = {};
   let parentComponent = undefined;
   const dependsOn = new Set();
@@ -12775,10 +12793,7 @@ export function isValidIriReference(iri) {
       iriIsValid = false;
     }
   }
-  if (iriIsValid) {
-    return true;
-  }
-  return false;
+  return iriIsValid;
 }
 
 /**

diff --git a/lib/helpers/utils.test.js b/lib/helpers/utils.test.js
@@ -2642,8 +2642,14 @@ test("get nget metadata", async () => {
 test("parsePomFile", () => {
   let data = parsePom("./test/data/pom-quarkus.xml");
   expect(data.dependencies.length).toEqual(46);
+  expect(data.modules).toBeUndefined();
   expect(data.properties).toBeDefined();
   expect(data.isQuarkus).toBeTruthy();
+  data = parsePom("./test/data/pom-quarkus-modules.xml");
+  expect(data.dependencies.length).toEqual(0);
+  expect(data.modules.length).toEqual(105);
+  expect(data.properties).toBeDefined();
+  expect(data.isQuarkus).toBeFalsy();
   data = parsePom("./test/pom.xml");
   expect(data.dependencies.length).toEqual(13);
   expect(data.isQuarkus).toBeFalsy();