fix dump file
This commit is contained in:
retanoj
6
CHANGES
6
CHANGES
@@ -2,6 +2,12 @@ Changelog
|
||||
|
||||
=========
|
||||
|
||||
Version 1.0.9
|
||||
|
||||
- feature Add parent and modules fields to dump file
|
||||
- feature `-DonlyAnalyze` allow not have `endpoint`
|
||||
- bugfix Fix `-DoutputDepToFile` only dump last module dependencies bug
|
||||
|
||||
Version 1.0.8
|
||||
|
||||
- feature dump dependencies tree to file include / exclude scan result
|
||||
|
||||
2
pom.xml
2
pom.xml
@@ -8,7 +8,7 @@
|
||||
|
||||
<groupId>com.immomo.momosec</groupId>
|
||||
<artifactId>mosec-maven-plugin</artifactId>
|
||||
<version>1.0.8</version>
|
||||
<version>1.0.9</version>
|
||||
<packaging>maven-plugin</packaging>
|
||||
|
||||
<name>Mosec Maven Plugin</name>
|
||||
|
||||
@@ -37,7 +37,10 @@ import org.eclipse.aether.repository.RemoteRepository;
|
||||
import java.io.BufferedReader;
|
||||
import java.io.InputStreamReader;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.TreeSet;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import static com.immomo.momosec.maven.plugins.Renderer.writeToFile;
|
||||
|
||||
@@ -104,13 +107,16 @@ public class MosecTest extends AbstractMojo {
|
||||
@Parameter(property = "onlyAnalyze", defaultValue = "false")
|
||||
private Boolean onlyAnalyze;
|
||||
|
||||
private static List<JsonObject> collectTree = new ArrayList<>();
|
||||
private static List<String> totalProjectsByGAV = null;
|
||||
|
||||
public void execute() throws MojoFailureException {
|
||||
String env_endpoint = System.getenv(Constants.MOSEC_ENDPOINT_ENV);
|
||||
if (env_endpoint != null) {
|
||||
endpoint = env_endpoint;
|
||||
}
|
||||
|
||||
if (endpoint == null) {
|
||||
if (Boolean.FALSE.equals(onlyAnalyze) && endpoint == null) {
|
||||
throw new MojoFailureException(Constants.ERROR_ON_NULL_ENDPOINT);
|
||||
}
|
||||
|
||||
@@ -142,20 +148,25 @@ public class MosecTest extends AbstractMojo {
|
||||
);
|
||||
collector.collectDependencies();
|
||||
JsonObject projectTree = collector.getTree();
|
||||
String jsonDepTree = new GsonBuilder().setPrettyPrinting().create().toJson(projectTree);
|
||||
getLog().debug(jsonDepTree);
|
||||
|
||||
collectTree.add(projectTree);
|
||||
if (Boolean.TRUE.equals(onlyAnalyze)) {
|
||||
if (this.isAnalyzeTotalFinished()
|
||||
&& outputDepToFile != null
|
||||
&& !"".equals(outputDepToFile)
|
||||
) {
|
||||
writeToFile(outputDepToFile, new GsonBuilder().setPrettyPrinting().create().toJson(collectTree));
|
||||
}
|
||||
|
||||
getLog().info("onlyAnalyze mode, Done.");
|
||||
return;
|
||||
}
|
||||
|
||||
projectTree.addProperty("type", Constants.BUILD_TOOL_TYPE);
|
||||
projectTree.addProperty("language", Constants.PROJECT_LANGUAGE);
|
||||
projectTree.addProperty("severityLevel", severityLevel);
|
||||
String jsonDepTree = new GsonBuilder().setPrettyPrinting().create().toJson(projectTree);
|
||||
getLog().debug(jsonDepTree);
|
||||
|
||||
if (Boolean.TRUE.equals(onlyAnalyze)) {
|
||||
if (!"".equals(outputDepToFile) && outputDepToFile != null) {
|
||||
writeToFile(outputDepToFile, jsonDepTree);
|
||||
}
|
||||
getLog().info("onlyAnalyze mode, Done.");
|
||||
return;
|
||||
}
|
||||
|
||||
HttpPost request = new HttpPost(endpoint);
|
||||
request.addHeader("content-type", Constants.CONTENT_TYPE_JSON);
|
||||
@@ -177,9 +188,6 @@ public class MosecTest extends AbstractMojo {
|
||||
} catch (JsonParseException | IllegalStateException e) {
|
||||
throw new NetworkErrorException(Constants.ERROR_ON_API);
|
||||
}
|
||||
if (!"".equals(outputDepToFile) && outputDepToFile != null) {
|
||||
writeToFile(outputDepToFile, jsonDepTree, responseJson);
|
||||
}
|
||||
Renderer renderer = new Renderer(getLog(), failOnVuln);
|
||||
renderer.renderResponse(responseJson);
|
||||
|
||||
@@ -196,4 +204,28 @@ public class MosecTest extends AbstractMojo {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
private boolean isAnalyzeTotalFinished() {
|
||||
if (totalProjectsByGAV == null) {
|
||||
Object key = repositorySystemSession.getWorkspaceReader().getRepository().getKey();
|
||||
if (key instanceof HashSet) {
|
||||
HashSet<String> gavs = (HashSet<String>) key;
|
||||
totalProjectsByGAV = (List<String>) gavs.stream().collect(Collectors.toList());
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
List<String> analyzedProjectsByGAV = collectTree.stream()
|
||||
.map(o -> String.format("%s:%s", o.get("name").getAsString(), o.get("version").getAsString()))
|
||||
.collect(Collectors.toList());
|
||||
|
||||
if (totalProjectsByGAV == null
|
||||
|| analyzedProjectsByGAV == null
|
||||
|| totalProjectsByGAV.size() != analyzedProjectsByGAV.size()
|
||||
) {
|
||||
return false;
|
||||
}
|
||||
return new TreeSet<String>(totalProjectsByGAV).equals(new TreeSet<String>(analyzedProjectsByGAV));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,8 +15,10 @@
|
||||
*/
|
||||
package com.immomo.momosec.maven.plugins;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
import com.google.gson.JsonArray;
|
||||
import com.google.gson.JsonObject;
|
||||
import org.apache.maven.model.Model;
|
||||
import org.apache.maven.project.MavenProject;
|
||||
import org.eclipse.aether.DefaultRepositorySystemSession;
|
||||
import org.eclipse.aether.RepositorySystem;
|
||||
@@ -93,6 +95,17 @@ public class ProjectDependencyCollector {
|
||||
DependencyNode node = collectResult.getRoot();
|
||||
|
||||
this.tree = createJsonTree(node, null);
|
||||
MavenProject parent = this.project.getParent();
|
||||
if (parent == null) {
|
||||
this.tree.add("parent", new JsonObject());
|
||||
} else {
|
||||
JsonObject jParent = new JsonObject();
|
||||
jParent.addProperty("name", String.format("%s:%s", parent.getGroupId(), parent.getArtifactId()));
|
||||
jParent.addProperty("version", parent.getVersion());
|
||||
this.tree.add("parent", jParent);
|
||||
}
|
||||
|
||||
tree.add("modules", (new Gson()).toJsonTree(this.project.getModules()).getAsJsonArray());
|
||||
}
|
||||
|
||||
private JsonObject createJsonTree(DependencyNode depNode, JsonArray ancestors) {
|
||||
|
||||
66
src/test/resources/projects/module-project/dumpDepFile.txt
Normal file
66
src/test/resources/projects/module-project/dumpDepFile.txt
Normal file
@@ -0,0 +1,66 @@
|
||||
[
|
||||
{
|
||||
"version": "1.0.0",
|
||||
"name": "com.immomo.momosec:ModuleProject",
|
||||
"from": [
|
||||
"com.immomo.momosec:ModuleProject@1.0.0"
|
||||
],
|
||||
"dependencies": {},
|
||||
"parent": {},
|
||||
"modules": [
|
||||
"moduleA",
|
||||
"moduleB"
|
||||
]
|
||||
},
|
||||
{
|
||||
"version": "1.0.0",
|
||||
"name": "com.immomo.momosec:ModuleA",
|
||||
"from": [
|
||||
"com.immomo.momosec:ModuleA@1.0.0"
|
||||
],
|
||||
"dependencies": {},
|
||||
"parent": {
|
||||
"name": "com.immomo.momosec:ModuleProject",
|
||||
"version": "1.0.0"
|
||||
},
|
||||
"modules": [
|
||||
"moduleSubA"
|
||||
]
|
||||
},
|
||||
{
|
||||
"version": "1.0.0",
|
||||
"name": "com.immomo.momosec:ModuleSubA",
|
||||
"from": [
|
||||
"com.immomo.momosec:ModuleSubA@1.0.0"
|
||||
],
|
||||
"dependencies": {
|
||||
"com.alibaba:fastjson": {
|
||||
"version": "1.2.33",
|
||||
"name": "com.alibaba:fastjson",
|
||||
"from": [
|
||||
"com.immomo.momosec:ModuleSubA@1.0.0",
|
||||
"com.alibaba:fastjson@1.2.33"
|
||||
],
|
||||
"dependencies": {}
|
||||
}
|
||||
},
|
||||
"parent": {
|
||||
"name": "com.immomo.momosec:ModuleA",
|
||||
"version": "1.0.0"
|
||||
},
|
||||
"modules": []
|
||||
},
|
||||
{
|
||||
"version": "1.0.0",
|
||||
"name": "com.immomo.momosec:ModuleB",
|
||||
"from": [
|
||||
"com.immomo.momosec:ModuleB@1.0.0"
|
||||
],
|
||||
"dependencies": {},
|
||||
"parent": {
|
||||
"name": "com.immomo.momosec:ModuleProject",
|
||||
"version": "1.0.0"
|
||||
},
|
||||
"modules": []
|
||||
}
|
||||
]
|
||||
@@ -0,0 +1,19 @@
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<parent>
|
||||
<groupId>com.immomo.momosec</groupId>
|
||||
<artifactId>ModuleA</artifactId>
|
||||
<version>1.0.0</version>
|
||||
</parent>
|
||||
<artifactId>ModuleSubA</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>com.alibaba</groupId>
|
||||
<artifactId>fastjson</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
||||
16
src/test/resources/projects/module-project/moduleA/pom.xml
Normal file
16
src/test/resources/projects/module-project/moduleA/pom.xml
Normal file
@@ -0,0 +1,16 @@
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<parent>
|
||||
<groupId>com.immomo.momosec</groupId>
|
||||
<artifactId>ModuleProject</artifactId>
|
||||
<version>1.0.0</version>
|
||||
</parent>
|
||||
<artifactId>ModuleA</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
|
||||
<modules>
|
||||
<module>moduleSubA</module>
|
||||
</modules>
|
||||
</project>
|
||||
13
src/test/resources/projects/module-project/moduleB/pom.xml
Normal file
13
src/test/resources/projects/module-project/moduleB/pom.xml
Normal file
@@ -0,0 +1,13 @@
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<parent>
|
||||
<groupId>com.immomo.momosec</groupId>
|
||||
<artifactId>ModuleProject</artifactId>
|
||||
<version>1.0.0</version>
|
||||
</parent>
|
||||
<artifactId>ModuleB</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
|
||||
</project>
|
||||
26
src/test/resources/projects/module-project/pom.xml
Normal file
26
src/test/resources/projects/module-project/pom.xml
Normal file
@@ -0,0 +1,26 @@
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<groupId>com.immomo.momosec</groupId>
|
||||
<artifactId>ModuleProject</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
<version>1.0.0</version>
|
||||
|
||||
<modules>
|
||||
<module>moduleA</module>
|
||||
<module>moduleB</module>
|
||||
</modules>
|
||||
|
||||
<name>Mosec Maven Plugin Test Project</name>
|
||||
|
||||
<dependencyManagement>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>com.alibaba</groupId>
|
||||
<artifactId>fastjson</artifactId>
|
||||
<version>1.2.33</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
</project>
|
||||
Reference in New Issue
Block a user