From bfb096026ab379de13b7e28f7930a336fd00d6b3 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Wed, 3 May 2023 23:53:15 +0000 Subject: [PATCH] Better java with deps detection Signed-off-by: Prabhu Subramanian --- Dockerfile | 2 +- Dockerfile-alma8 | 2 +- README.md | 4 ++-- cpggen/executor.py | 8 +++++--- cpggen/utils.py | 9 ++++++++- pyproject.toml | 2 +- 6 files changed, 18 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index a2c60a2..992052c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="appthreat" \ org.opencontainers.image.authors="Team AppThreat " \ org.opencontainers.image.source="https://github.com/appthreat/cpggen" \ org.opencontainers.image.url="https://github.com/appthreat/cpggen" \ - org.opencontainers.image.version="1.0.2" \ + org.opencontainers.image.version="1.0.3" \ org.opencontainers.image.vendor="AppThreat" \ org.opencontainers.image.licenses="Apache-2.0" \ org.opencontainers.image.title="cpggen" \ diff --git a/Dockerfile-alma8 b/Dockerfile-alma8 index 044ee4f..a78fd8d 100644 --- a/Dockerfile-alma8 +++ b/Dockerfile-alma8 @@ -4,7 +4,7 @@ LABEL maintainer="appthreat" \ org.opencontainers.image.authors="Team AppThreat " \ org.opencontainers.image.source="https://github.com/appthreat/cpggen" \ org.opencontainers.image.url="https://github.com/appthreat/cpggen" \ - org.opencontainers.image.version="1.0.2" \ + org.opencontainers.image.version="1.0.3" \ org.opencontainers.image.vendor="AppThreat" \ org.opencontainers.image.licenses="Apache-2.0" \ org.opencontainers.image.title="cpggen" \ diff --git a/README.md b/README.md index 8392956..ba39085 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ Download the executable binary for your operating system from the [releases page - cdxgen with Node.js 18 - Generates SBoM ```bash -curl -LO https://github.com/AppThreat/cpggen/releases/download/v1.0.2/cpggen-linux-amd64 +curl -LO https://github.com/AppThreat/cpggen/releases/download/v1.0.3/cpggen-linux-amd64 chmod +x cpggen-linux-amd64 ./cpggen-linux-amd64 --help ``` @@ -39,7 +39,7 @@ chmod +x cpggen-linux-amd64 On Windows, ```powershell -curl -LO https://github.com/appthreat/cpggen/releases/download/v1.0.2/cpggen.exe +curl -LO https://github.com/appthreat/cpggen/releases/download/v1.0.3/cpggen.exe .\cpggen.exe --help ``` diff --git a/cpggen/executor.py b/cpggen/executor.py index efd7500..797dc47 100644 --- a/cpggen/executor.py +++ b/cpggen/executor.py @@ -131,6 +131,7 @@ def get(configName, default_value=None): "cpp-with-deps": "%(joern_home)sc2cpg%(bin_ext)s -J-Xmx%(memory)s -o %(cpg_out)s %(src)s --with-include-auto-discovery", "java": "%(joern_home)sjavasrc2cpg -J-Xmx%(memory)s -o %(cpg_out)s %(src)s", "java-with-deps": "%(joern_home)sjavasrc2cpg -J-Xmx%(memory)s -o %(cpg_out)s %(src)s --fetch-dependencies --inference-jar-paths %(home_dir)s/.m2", + "java-with-gradle-deps": "%(joern_home)sjavasrc2cpg -J-Xmx%(memory)s -o %(cpg_out)s %(src)s --fetch-dependencies --inference-jar-paths %(home_dir)s/.gradle/caches/modules-2/files-2.1", "binary": "%(joern_home)sghidra2cpg -J-Xmx%(memory)s -o %(cpg_out)s %(src)s", "js": "%(joern_home)sjssrc2cpg%(bin_ext)s -J-Xmx%(memory)s -o %(cpg_out)s %(src)s", "ts": "%(joern_home)sjssrc2cpg%(bin_ext)s -J-Xmx%(memory)s -o %(cpg_out)s %(src)s", @@ -426,6 +427,7 @@ def exec_tool( task = None lang_build_crashes = {} app_manifest_list = [] + tool_lang_simple = tool_lang.split("-")[0] if cwd: if os.path.isfile(cwd): cwd = os.path.dirname(cwd) @@ -515,7 +517,7 @@ def exec_tool( else os.path.abspath( os.path.join( cpg_out_dir, - f"{os.path.basename(amodule)}-{tool_lang}-cpg.bin.zip", + f"{os.path.basename(amodule)}-{tool_lang_simple}-cpg.bin.zip", ) ) ) @@ -545,7 +547,7 @@ def exec_tool( bin_ext=bin_ext, **extra_args, ) - sbom_lang = tool_lang.split("-")[0] + sbom_lang = tool_lang_simple if ( tool_lang in ("jar", "scala") or tool_lang.startswith("jar") @@ -729,7 +731,7 @@ def exec_tool( cpg_out = cpg_out.replace("/github/workspace/", "") sbom_out = sbom_out.replace("/github/workspace/", "") amodule = amodule.replace("/github/workspace/", "") - language = tool_lang.split("-")[0] + language = tool_lang_simple # Override the language for jvm if qwiet_lang_map.get(language): language = qwiet_lang_map.get(language) diff --git a/cpggen/utils.py b/cpggen/utils.py index d87f8aa..cf48610 100644 --- a/cpggen/utils.py +++ b/cpggen/utils.py @@ -347,7 +347,14 @@ def detect_project_type(src_dir): if os.getenv("SHIFTLEFT_ACCESS_TOKEN"): project_types.append("jar") else: - project_types.append("java") + if os.path.exists(str(Path.home() / ".m2")): + project_types.append("java-with-deps") + elif os.path.exists( + str(Path.home() / ".gradle" / "caches" / "modules-2" / "files-2.1") + ): + project_types.append("java-with-gradle-deps") + else: + project_types.append("java") if find_files(src_dir, ".bzl", False, True) or find_files( src_dir, "BUILD", False, True ): diff --git a/pyproject.toml b/pyproject.toml index acd4fb8..36f2ece 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "cpggen" -version = "1.0.2" +version = "1.0.3" description = "Generate CPG for multiple languages for use with joern" authors = ["Team AppThreat "] license = "Apache-2.0"