Better java with deps detection

Signed-off-by: Prabhu Subramanian <[email protected]>
AppThreat · May 3, 2023 · bfb0960 · bfb0960
1 parent 6c76018
commit bfb0960
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 9 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -4,7 +4,7 @@ LABEL maintainer="appthreat" \
       org.opencontainers.image.authors="Team AppThreat <[email protected]>" \
       org.opencontainers.image.source="https://github.com/appthreat/cpggen" \
       org.opencontainers.image.url="https://github.com/appthreat/cpggen" \
-      org.opencontainers.image.version="1.0.2" \
+      org.opencontainers.image.version="1.0.3" \
       org.opencontainers.image.vendor="AppThreat" \
       org.opencontainers.image.licenses="Apache-2.0" \
       org.opencontainers.image.title="cpggen" \

diff --git a/Dockerfile-alma8 b/Dockerfile-alma8
@@ -4,7 +4,7 @@ LABEL maintainer="appthreat" \
       org.opencontainers.image.authors="Team AppThreat <[email protected]>" \
       org.opencontainers.image.source="https://github.com/appthreat/cpggen" \
       org.opencontainers.image.url="https://github.com/appthreat/cpggen" \
-      org.opencontainers.image.version="1.0.2" \
+      org.opencontainers.image.version="1.0.3" \
       org.opencontainers.image.vendor="AppThreat" \
       org.opencontainers.image.licenses="Apache-2.0" \
       org.opencontainers.image.title="cpggen" \

diff --git a/README.md b/README.md
@@ -31,15 +31,15 @@ Download the executable binary for your operating system from the [releases page
 - cdxgen with Node.js 18 - Generates SBoM
 
 ```bash
-curl -LO https://github.com/AppThreat/cpggen/releases/download/v1.0.2/cpggen-linux-amd64
+curl -LO https://github.com/AppThreat/cpggen/releases/download/v1.0.3/cpggen-linux-amd64
 chmod +x cpggen-linux-amd64
 ./cpggen-linux-amd64 --help
 ```
 
 On Windows,
 
 ```powershell
-curl -LO https://github.com/appthreat/cpggen/releases/download/v1.0.2/cpggen.exe
+curl -LO https://github.com/appthreat/cpggen/releases/download/v1.0.3/cpggen.exe
 .\cpggen.exe --help
 ```
 

diff --git a/cpggen/executor.py b/cpggen/executor.py
@@ -131,6 +131,7 @@ def get(configName, default_value=None):
     "cpp-with-deps": "%(joern_home)sc2cpg%(bin_ext)s -J-Xmx%(memory)s -o %(cpg_out)s %(src)s --with-include-auto-discovery",
     "java": "%(joern_home)sjavasrc2cpg -J-Xmx%(memory)s -o %(cpg_out)s %(src)s",
     "java-with-deps": "%(joern_home)sjavasrc2cpg -J-Xmx%(memory)s -o %(cpg_out)s %(src)s --fetch-dependencies --inference-jar-paths %(home_dir)s/.m2",
+    "java-with-gradle-deps": "%(joern_home)sjavasrc2cpg -J-Xmx%(memory)s -o %(cpg_out)s %(src)s --fetch-dependencies --inference-jar-paths %(home_dir)s/.gradle/caches/modules-2/files-2.1",
     "binary": "%(joern_home)sghidra2cpg -J-Xmx%(memory)s -o %(cpg_out)s %(src)s",
     "js": "%(joern_home)sjssrc2cpg%(bin_ext)s -J-Xmx%(memory)s -o %(cpg_out)s %(src)s",
     "ts": "%(joern_home)sjssrc2cpg%(bin_ext)s -J-Xmx%(memory)s -o %(cpg_out)s %(src)s",
@@ -426,6 +427,7 @@ def exec_tool(
         task = None
         lang_build_crashes = {}
         app_manifest_list = []
+        tool_lang_simple = tool_lang.split("-")[0]
         if cwd:
             if os.path.isfile(cwd):
                 cwd = os.path.dirname(cwd)
@@ -515,7 +517,7 @@ def exec_tool(
                         else os.path.abspath(
                             os.path.join(
                                 cpg_out_dir,
-                                f"{os.path.basename(amodule)}-{tool_lang}-cpg.bin.zip",
+                                f"{os.path.basename(amodule)}-{tool_lang_simple}-cpg.bin.zip",
                             )
                         )
                     )
@@ -545,7 +547,7 @@ def exec_tool(
                     bin_ext=bin_ext,
                     **extra_args,
                 )
-                sbom_lang = tool_lang.split("-")[0]
+                sbom_lang = tool_lang_simple
                 if (
                     tool_lang in ("jar", "scala")
                     or tool_lang.startswith("jar")
@@ -729,7 +731,7 @@ def exec_tool(
                             cpg_out = cpg_out.replace("/github/workspace/", "")
                             sbom_out = sbom_out.replace("/github/workspace/", "")
                             amodule = amodule.replace("/github/workspace/", "")
-                        language = tool_lang.split("-")[0]
+                        language = tool_lang_simple
                         # Override the language for jvm
                         if qwiet_lang_map.get(language):
                             language = qwiet_lang_map.get(language)

diff --git a/cpggen/utils.py b/cpggen/utils.py
@@ -347,7 +347,14 @@ def detect_project_type(src_dir):
         if os.getenv("SHIFTLEFT_ACCESS_TOKEN"):
             project_types.append("jar")
         else:
-            project_types.append("java")
+            if os.path.exists(str(Path.home() / ".m2")):
+                project_types.append("java-with-deps")
+            elif os.path.exists(
+                str(Path.home() / ".gradle" / "caches" / "modules-2" / "files-2.1")
+            ):
+                project_types.append("java-with-gradle-deps")
+            else:
+                project_types.append("java")
     if find_files(src_dir, ".bzl", False, True) or find_files(
         src_dir, "BUILD", False, True
     ):

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "cpggen"
-version = "1.0.2"
+version = "1.0.3"
 description = "Generate CPG for multiple languages for use with joern"
 authors = ["Team AppThreat <[email protected]>"]
 license = "Apache-2.0"