• Home
• com.metaeffekt.artifact.analysis
• ae-artifact-analysis
• 0.122.0
• source code
• MavenJarArtifactToSpdxPackage.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.metaeffekt.artifact.analysis.spdxbom.mapper.MavenJarArtifactToSpdxPackage Maven / Gradle / Ivy

/*
 * Copyright 2021-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.metaeffekt.artifact.analysis.spdxbom.mapper;

import com.metaeffekt.artifact.analysis.spdxbom.config.StoredConfig;
import com.metaeffekt.artifact.analysis.spdxbom.context.SpdxDocumentContext;
import com.metaeffekt.artifact.analysis.spdxbom.facade.SpdxApiFacade;
import com.metaeffekt.artifact.analysis.spdxbom.holder.FillPackageHolder;
import com.metaeffekt.artifact.terms.model.NormalizationMetaData;
import com.metaeffekt.artifact.terms.model.TermsMetaData;
import org.metaeffekt.core.inventory.processor.model.Artifact;
import org.spdx.library.InvalidSPDXAnalysisException;
import org.spdx.library.SpdxConstants;
import org.spdx.library.model.SpdxDocument;
import org.spdx.library.model.SpdxPackage;
import org.spdx.library.model.enumerations.ReferenceCategory;
import org.spdx.library.model.license.SpdxNoAssertionLicense;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

import static com.metaeffekt.artifact.analysis.spdxbom.mapper.PackageFillers.fillAuthors;
import static com.metaeffekt.artifact.analysis.spdxbom.mapper.PackageFillers.fillChecksums;
import static com.metaeffekt.artifact.analysis.spdxbom.mapper.PackageFillers.fillComment;
import static com.metaeffekt.artifact.analysis.spdxbom.mapper.PackageFillers.fillExternalRefWithPurl;
import static com.metaeffekt.artifact.analysis.spdxbom.mapper.PackageFillers.fillHomepageFromUrl;
import static com.metaeffekt.artifact.analysis.spdxbom.mapper.PackageFillers.fillOverflowKeyValueAnnotation;
import static com.metaeffekt.artifact.analysis.spdxbom.mapper.PackageFillers.fillRequired;
import static com.metaeffekt.artifact.analysis.spdxbom.mapper.PackageFillers.fillVersionInfo;

public class MavenJarArtifactToSpdxPackage extends AbstractArtifactMapper {
    public MavenJarArtifactToSpdxPackage(Map licenseStringAssessments, Set approvedAttributes, NormalizationMetaData normalizationMetaData) {
        super(licenseStringAssessments, approvedAttributes, normalizationMetaData);
    }

    @Override
    public Result getMapped(Artifact artifact, SpdxDocumentContext spdxDocumentContext) throws InvalidSPDXAnalysisException {
        Set attributesWritten = new HashSet<>();
        Set referencedLicenses = new HashSet<>();

        final SpdxDocument spdxDocument = spdxDocumentContext.getSpdxDocument();
        SpdxPackage.SpdxPackageBuilder spdxPackageBuilder = spdxDocument.createPackage(
                SpdxApiFacade.getNextSpdxId(null, spdxDocumentContext),
                artifact.getId(),
                new SpdxNoAssertionLicense(),
                SpdxConstants.NOASSERTION_VALUE,
                new SpdxNoAssertionLicense()
        );

        // create helper to run fill methods
        FillPackageHolder fillHolder = new FillPackageHolder(artifact, spdxPackageBuilder, attributesWritten);

        fillRequired(fillHolder);
        fillComment(fillHolder);
        fillHomepageFromUrl(fillHolder);

        fillExternalRefWithPurl(fillHolder, spdxDocument, this::getMavenPurlString, ReferenceCategory.PACKAGE_MANAGER);

        fillAuthors(fillHolder);

        // fill version
        fillVersionInfo(fillHolder);

        // fill checksums
        fillChecksums(fillHolder, spdxDocument);

        fillOverflowKeyValueAnnotation(fillHolder, spdxDocumentContext, this.keyValueApprovedAttributes);

        SpdxPackage built = spdxPackageBuilder.build();

        deriveLicensesAndCopyrights(artifact, spdxDocumentContext, attributesWritten, referencedLicenses, built);

        return new Result(built, attributesWritten, referencedLicenses);
    }

    @Override
    public StoredConfig getDefaultConfig() {
        StoredConfig storedConfig = new StoredConfig();

        storedConfig.mustMatch = new HashMap<>();
        // demand id, version and groupid being filled
        storedConfig.mustMatch.put(Artifact.Attribute.ID.getKey(), "[\\s\\S]+.jar");
        storedConfig.mustMatch.put(Artifact.Attribute.VERSION.getKey(), "[\\s\\S]+");
        storedConfig.mustMatch.put(Artifact.Attribute.GROUPID.getKey(), "[a-zA-Z0-9_.]+");

        storedConfig.mapperToUse = this.getClass().getSimpleName();

        storedConfig.specificity = 100;

        return storedConfig;
    }


}