Skip to content

Commit

Permalink
Add subject info the sbom (#3529)
Browse files Browse the repository at this point in the history 
* Add generated components to the sbom, add a hash of each component.

* Store fullVer as PRODUCT_HOME is not available anymore after the archives have been created.

* Cleanup.

* Rebase

* Address linter comments.

* Fix joinPath when leading slashes are in a part.

* Determine the sbom target file name more robust.

* Use sha function from prepareWorkspace.sh.

* Add a joinPathOS method that converts paths to OS specific ones and use plan joinPath for files that are passed to cygwin programs.

* Add fail-safe method to get the target file name for any component.

* Make linter happy.
  • Loading branch information
@netomi
netomi authored Dec 5, 2023
1 parent feccf84 commit 5c41fcb
Show file tree
Hide file tree
Showing 4 changed files with 246 additions and 130 deletions.
97 changes: 66 additions & 31 deletions cyclonedx-lib/src/temurin/sbom/TemurinGenSBOM.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,18 +41,18 @@ public final class TemurinGenSBOM {

private TemurinGenSBOM() {
}

/**
* Main entry.
* @param args Arguments for sbom operation.
*/

public static void main(final String[] args) {
String cmd = null;
String comment = null;
String compName = null;
String description = null;
String fileName = null;
String hashes = null;
String hash = null;
String name = null;
String tool = null;
String type = null;
Expand All @@ -73,8 +73,8 @@ public static void main(final String[] args) {
url = args[++i];
} else if (args[i].equals("--comment")) {
comment = args[++i];
} else if (args[i].equals("--hashes")) {
hashes = args[++i];
} else if (args[i].equals("--hash")) {
hash = args[++i];
} else if (args[i].equals("--compName")) {
compName = args[++i];
} else if (args[i].equals("--description")) {
Expand All @@ -85,15 +85,17 @@ public static void main(final String[] args) {
tool = args[++i];
} else if (args[i].equals("--createNewSBOM")) {
cmd = "createNewSBOM";
} else if (args[i].equals("--addMetadata")) { // Metadata Component. We can set "name" for Metadata.
} else if (args[i].equals("--addMetadata")) { // Metadata Component. We can set "name" for Metadata.
cmd = "addMetadata";
} else if (args[i].equals("--addMetadataComponent")) { // Metadata Component. We can set "name" for Metadata->Component.
} else if (args[i].equals("--addMetadataComponent")) { // Metadata Component. We can set "name" for Metadata->Component.
cmd = "addMetadataComponent";
} else if (args[i].equals("--addMetadataProp")) { // MetaData Component --> Property -> name-value
} else if (args[i].equals("--addMetadataProp")) { // MetaData Component --> Property -> name-value
cmd = "addMetadataProperty";
} else if (args[i].equals("--addComponent")) { // Components->Property: will add name-value.
} else if (args[i].equals("--addComponent")) {
cmd = "addComponent";
} else if (args[i].equals("--addComponentProp")) { // Components->Property: will add name-value.
} else if (args[i].equals("--addComponentHash")) {
cmd = "addComponentHash";
} else if (args[i].equals("--addComponentProp")) { // Components --> Property: will add name-value.
cmd = "addComponentProp";
} else if (args[i].equals("--addExternalReference")) {
cmd = "addExternalReference";
Expand All @@ -106,22 +108,22 @@ public static void main(final String[] args) {
}
}
switch (cmd) {
case "createNewSBOM": // Creates JSON file
case "createNewSBOM": // Creates JSON file
Bom bom = createBom();
writeJSONfile(bom, fileName);
break;

case "addMetadata": // Adds Metadata --> name
case "addMetadata": // Adds Metadata --> name
bom = addMetadata(fileName);
writeJSONfile(bom, fileName);
break;

case "addMetadataComponent": // Adds Metadata --> Component--> name
case "addMetadataComponent": // Adds Metadata --> Component --> name
bom = addMetadataComponent(fileName, name, type, version, description);
writeJSONfile(bom, fileName);
break;

case "addMetadataProperty": // Adds MetaData--> Property --> name-value:
case "addMetadataProperty": // Adds MetaData --> Property --> name-value:
bom = addMetadataProperty(fileName, name, value);
writeJSONfile(bom, fileName);
break;
Expand All @@ -131,23 +133,28 @@ public static void main(final String[] args) {
writeJSONfile(bom, fileName);
break;

case "addComponent": // Adds Component
case "addComponent": // Adds Components --> Component --> name
bom = addComponent(fileName, compName, version, description);
writeJSONfile(bom, fileName);
break;

case "addComponentProp": // Adds Components --> name-value pairs
case "addComponentHash": // Adds Components --> Component --> hash
bom = addComponentHash(fileName, compName, hash);
writeJSONfile(bom, fileName);
break;

case "addComponentProp": // Adds Components --> Component --> name-value pairs
bom = addComponentProperty(fileName, compName, name, value);
writeJSONfile(bom, fileName);
break;

case "addExternalReference": // Adds external Reference
bom = addExternalReference(fileName, hashes, url, comment);
case "addExternalReference": // Adds external Reference
bom = addExternalReference(fileName, hash, url, comment);
writeJSONfile(bom, fileName);
break;

case "addComponentExternalReference": // Adds external Reference to component
bom = addComponentExternalReference(fileName, hashes, url, comment);
case "addComponentExternalReference": // Adds external Reference to component
bom = addComponentExternalReference(fileName, hash, url, comment);
writeJSONfile(bom, fileName);
break;
default:
Expand All @@ -163,7 +170,9 @@ static Bom createBom() {
Bom bom = new Bom();
return bom;
}
static Bom addMetadata(final String fileName) { // Method to store metadata --> name

// Method to store Metadata --> name.
static Bom addMetadata(final String fileName) {
Bom bom = readJSONfile(fileName);
Metadata meta = new Metadata();
OrganizationalEntity org = new OrganizationalEntity();
Expand All @@ -176,6 +185,7 @@ static Bom addMetadata(final String fileName) { // Method to store meta
bom.setMetadata(meta);
return bom;
}

static Bom addMetadataComponent(final String fileName, final String name, final String type, final String version, final String description) {
Bom bom = readJSONfile(fileName);
Metadata meta = new Metadata();
Expand All @@ -196,7 +206,9 @@ static Bom addMetadataComponent(final String fileName, final String name, final
bom.setMetadata(meta);
return bom;
}
static Bom addMetadataProperty(final String fileName, final String name, final String value) { // Method to store metadata --> Properties List --> name-values

// Method to store Metadata --> Properties List --> name-values.
static Bom addMetadataProperty(final String fileName, final String name, final String value) {
Bom bom = readJSONfile(fileName);
Metadata meta = new Metadata();
Property prop1 = new Property();
Expand All @@ -207,6 +219,7 @@ static Bom addMetadataProperty(final String fileName, final String name, final S
bom.setMetadata(meta);
return bom;
}

static Bom addMetadataTools(final String fileName, final String toolName, final String version) {
Bom bom = readJSONfile(fileName);
Metadata meta = new Metadata();
Expand All @@ -218,20 +231,36 @@ static Bom addMetadataTools(final String fileName, final String toolName, final
bom.setMetadata(meta);
return bom;
}
static Bom addComponent(final String fileName, final String compName, final String version, final String description) { // Method to store Component --> name & single name-value pair

// Method to store Component --> name & single name-value pair.
static Bom addComponent(final String fileName, final String compName, final String version, final String description) {
Bom bom = readJSONfile(fileName);
Component comp = new Component();
comp.setName(compName);
comp.setVersion(version);
comp.setType(Component.Type.FRAMEWORK);
comp.setDescription(description);
comp.setGroup("adoptium.net");
comp.setAuthor("Adoptium Temurin");
comp.setAuthor("Eclipse Temurin");
comp.setPublisher("Eclipse Temurin");
bom.addComponent(comp);
return bom;
}
static Bom addComponentProperty(final String fileName, final String compName, final String name, final String value) { // Method to add Component --> Property --> name-value pairs

static Bom addComponentHash(final String fileName, final String compName, final String hash) {
Bom bom = readJSONfile(fileName);
List<Component> componentArrayList = bom.getComponents();
for (Component item : componentArrayList) {
if (item.getName().equals(compName)) {
Hash hash1 = new Hash(Hash.Algorithm.SHA_256, hash);
item.addHash(hash1);
}
}
return bom;
}

// Method to add Component --> Property --> name-value pairs.
static Bom addComponentProperty(final String fileName, final String compName, final String name, final String value) {
Bom bom = readJSONfile(fileName);
List<Component> componentArrayList = bom.getComponents();
for (Component item : componentArrayList) {
Expand All @@ -244,21 +273,25 @@ static Bom addComponentProperty(final String fileName, final String compName, fi
}
return bom;
}
static Bom addExternalReference(final String fileName, final String hashes, final String url, final String comment) { // Method to store externalReferences: dependency_version_alsa

// Method to store externalReferences: dependency_version_alsa.
static Bom addExternalReference(final String fileName, final String hash, final String url, final String comment) {
Bom bom = readJSONfile(fileName);
ExternalReference extRef = new ExternalReference();
Hash hash1 = new Hash(Hash.Algorithm.SHA3_256, hashes);
Hash hash1 = new Hash(Hash.Algorithm.SHA3_256, hash);
extRef.setType(ExternalReference.Type.BUILD_SYSTEM); //required
extRef.setUrl(url); // required must be a valid URL with protocal
extRef.setUrl(url); // required must be a valid URL with protocol
extRef.setComment(comment);
extRef.addHash(hash1);
bom.addExternalReference(extRef);
return bom;
}
static Bom addComponentExternalReference(final String fileName, final String hashes, final String url, final String comment) { // Method to store externalReferences to store: openjdk_source

// Method to store externalReferences to store: openjdk_source.
static Bom addComponentExternalReference(final String fileName, final String hash, final String url, final String comment) {
Bom bom = readJSONfile(fileName);
ExternalReference extRef = new ExternalReference();
Hash hash1 = new Hash(Hash.Algorithm.SHA3_256, hashes);
Hash hash1 = new Hash(Hash.Algorithm.SHA3_256, hash);
Component comp = new Component();
extRef.addHash(hash1);
extRef.setUrl(url);
Expand All @@ -276,7 +309,8 @@ static String generateBomJson(final Bom bom) {
return json;
}

static void writeJSONfile(final Bom bom, final String fileName) { // Creates testJson.json file
// Writes the BOM object to the specified file.
static void writeJSONfile(final Bom bom, final String fileName) {
FileWriter file;
String json = generateBomJson(bom);
try {
Expand All @@ -288,7 +322,8 @@ static void writeJSONfile(final Bom bom, final String fileName) { // Cr
}
}

static Bom readJSONfile(final String fileName) { // Returns parse bom
// Returns a parsed BOM object from the specified file.
static Bom readJSONfile(final String fileName) {
Bom bom = null;
try {
FileReader reader = new FileReader(fileName);
Expand Down
Loading

0 comments on commit 5c41fcb

Please sign in to comment.