com.sourceclear.plugins.DependencyGraphTranslator Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of srcclr-maven-plugin Show documentation

The SRC:CLR Maven Plugin analyzes the dependencies of your project, both immediate and transitive, to see if you are including any known security vulnerabilities through third-party packages in your project.

The newest version!

/*
  Copyright (c) 2015  SourceClear Inc.

  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
  You may obtain a copy of the License at

  http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
 */

package com.sourceclear.plugins;

import com.sourceclear.api.data.evidence.BuildType;
import com.sourceclear.api.data.evidence.Coordinates;
import com.sourceclear.engine.common.Component;
import com.sourceclear.engine.common.DependencyGraph;
import org.apache.maven.artifact.Artifact;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.shared.dependency.graph.DependencyNode;

import javax.annotation.Nonnull;
import java.util.List;

public class DependencyGraphTranslator {
  public DependencyGraphTranslator(@Nonnull String relativePathToPom) {
    this.relativePathToPom = relativePathToPom;
  }
  public DependencyGraph getSrcclrDependencyGraph(DependencyNode rootNode) throws MojoExecutionException {
    if (rootNode == null) {
      throw new MojoExecutionException("Maven unexpectedly returned a null dependency graph");
    }
    DependencyGraph.Builder depGraphBuilder = new DependencyGraph.Builder();
    List children = rootNode.getChildren();
    if (children != null) {
      for (DependencyNode child : children) {
        depGraphBuilder.withDirect(getSrcclrComponent(child));
      }
    }
    return depGraphBuilder.build();
  }

  protected Component getSrcclrComponent(DependencyNode innerNode) {
    Artifact nodeArtifact = innerNode.getArtifact();
    Coordinates coords =
        new Coordinates(
            BuildType.MAVEN,
            nodeArtifact.getGroupId(),
            nodeArtifact.getArtifactId(),
            nodeArtifact.getVersion());
    Component.Builder compBuilder = new Component.Builder(coords)
        .withFilename(relativePathToPom);

    List children = innerNode.getChildren();
    if (children != null) {
      for (DependencyNode child : children) {
        compBuilder.withDirect(getSrcclrComponent(child));
      }
    }
    return compBuilder.build();
  }

  String relativePathToPom;
}