io.github.chains_project.maven_lockfile.reporting.LockFileDifference Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of maven-lockfile Show documentation

This plugin is a state-of-the-art solution that can be used to validate the integrity of a maven repository. It does this by generating a lock file that contains the checksums of all the artifacts in the repository. The lock file can then be used to validate the integrity of the repository. This guards the supply chain against malicious actors that might tamper with the artifacts in the repository.

The newest version!

package io.github.chains_project.maven_lockfile.reporting;

import com.google.common.collect.Sets;
import io.github.chains_project.maven_lockfile.data.LockFile;
import io.github.chains_project.maven_lockfile.data.MavenPlugin;
import io.github.chains_project.maven_lockfile.graph.DependencyNode;
import java.util.HashSet;
import java.util.Set;

public class LockFileDifference {

    private final Set missingDependenciesInProject;
    private final Set missingDependenciesInFile;

    private final Set missingPluginsInProject;
    private final Set missingPluginsInFile;

    private LockFileDifference(
            Set missingDependenciesInProject,
            Set missingDependenciesInFile,
            Set missingPluginsInProject,
            Set missingPluginsInFile) {
        this.missingDependenciesInProject = missingDependenciesInProject;
        this.missingDependenciesInFile = missingDependenciesInFile;
        this.missingPluginsInProject = missingPluginsInProject;
        this.missingPluginsInFile = missingPluginsInFile;
    }

    public static LockFileDifference diff(LockFile lockFileFromFile, LockFile lockFileFromProject) {
        Set dependenciesFromFile = new HashSet<>(lockFileFromFile.getDependencies());
        Set dependenciesFromProject = new HashSet<>(lockFileFromProject.getDependencies());
        Set missingDependenciesInProject =
                Sets.difference(dependenciesFromFile, dependenciesFromProject);
        Set missingDependenciesInFile = Sets.difference(dependenciesFromProject, dependenciesFromFile);
        Set pluginsFromFile = new HashSet<>(lockFileFromFile.getMavenPlugins());
        Set pluginsFromProject = new HashSet<>(lockFileFromProject.getMavenPlugins());
        Set missingPluginsInProject = Sets.difference(pluginsFromFile, pluginsFromProject);
        Set missingPluginsInFile = Sets.difference(pluginsFromProject, pluginsFromFile);

        return new LockFileDifference(
                missingDependenciesInProject, missingDependenciesInFile, missingPluginsInProject, missingPluginsInFile);
    }

    /**
     * @return the missingDependenciesInFile
     */
    public Set getMissingDependenciesInFile() {
        return new HashSet<>(missingDependenciesInFile);
    }

    /**
     * @return the missingDependenciesInProject
     */
    public Set getMissingDependenciesInProject() {
        return new HashSet<>(missingDependenciesInProject);
    }
    /**
     * @return the missingPluginsInFile
     */
    public Set getMissingPluginsInFile() {
        return new HashSet<>(missingPluginsInFile);
    }
    /**
     * @return the missingPluginsInProject
     */
    public Set getMissingPluginsInProject() {
        return new HashSet<>(missingPluginsInProject);
    }
}