Skip to content

Commit cbcbbdd

Browse files
prabhuprabhu
authored
Shaded namespace detection (#2311)
Signed-off-by: Prabhu Subramanian <[email protected]>
1 parent 2c3f355 commit cbcbbdd

File tree

2 files changed

+78
-35
lines changed

2 files changed

+78
-35
lines changed

lib/helpers/utils.js

Lines changed: 77 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -5138,7 +5138,12 @@ export async function getMvnMetadata(
51385138
p.publisher = bodyJson?.organization?.name
51395139
? bodyJson?.organization.name._
51405140
: "";
5141-
p.description = bodyJson?.description ? bodyJson.description._ : "";
5141+
p.description = bodyJson?.description
5142+
? bodyJson.description._.replace(/[ \t]+/g, " ")
5143+
.replace(/^[ \t]+|[ \t]+$/gm, "")
5144+
.replace(/\n\s*\n/g, "\n")
5145+
.trim()
5146+
: "";
51425147
if (bodyJson?.scm?.url) {
51435148
p.repository = { url: bodyJson.scm.url._ };
51445149
}
@@ -12961,7 +12966,7 @@ export async function extractJarArchive(jarFile, tempDir, jarNSMapping = {}) {
1296112966
let group = pomProperties["groupId"];
1296212967
let name = pomProperties["artifactId"];
1296312968
let version = pomProperties["version"];
12964-
let confidence = 1;
12969+
let confidence = 0.5;
1296512970
let technique = "manifest-analysis";
1296612971
if (
1296712972
(!group || !name || !version) &&
@@ -12970,7 +12975,7 @@ export async function extractJarArchive(jarFile, tempDir, jarNSMapping = {}) {
1297012975
) {
1297112976
try {
1297212977
const sha = await checksumFile("sha1", jf);
12973-
const searchurl = `https://search.maven.org/solrsearch/select?q=1:%22${sha}%22&rows=20&wt=json`;
12978+
const searchurl = `https://central.sonatype.com/solrsearch/select?q=1:%22${sha}%22&rows=20&wt=json`;
1297412979
const res = await cdxgenAgent.get(searchurl, {
1297512980
responseType: "json",
1297612981
timeout: {
@@ -12992,12 +12997,13 @@ export async function extractJarArchive(jarFile, tempDir, jarNSMapping = {}) {
1299212997
}
1299312998
} catch (err) {
1299412999
if (err?.message && !err.message.includes("404")) {
12995-
if (err.message.includes("Timeout")) {
13000+
if (
13001+
err.message.includes("Timeout") ||
13002+
err.message.includes("429")
13003+
) {
1299613004
console.log(
1299713005
"Maven search appears to be unavailable. Search will be skipped for all remaining packages.",
1299813006
);
12999-
} else if (DEBUG_MODE) {
13000-
console.log(err);
1300113007
}
1300213008
search_maven_org_errors++;
1300313009
}
@@ -13083,18 +13089,74 @@ export async function extractJarArchive(jarFile, tempDir, jarNSMapping = {}) {
1308313089
if (!version) {
1308413090
confidence = 0;
1308513091
}
13092+
const properties = [
13093+
{
13094+
name: "SrcFile",
13095+
value: jf,
13096+
},
13097+
];
13098+
const purl = new PackageURL(
13099+
"maven",
13100+
group,
13101+
name,
13102+
version,
13103+
{ type: "jar" },
13104+
null,
13105+
).toString();
13106+
let namespaceValues;
13107+
let namespaceList;
13108+
if (jarNSMapping?.[purl]?.namespaces) {
13109+
namespaceList = jarNSMapping[purl].namespaces;
13110+
namespaceValues = namespaceList.join("\n");
13111+
properties.push({
13112+
name: "Namespaces",
13113+
value: namespaceValues,
13114+
});
13115+
} else {
13116+
const tmpJarNSMapping = await collectJarNS(jf);
13117+
if (tmpJarNSMapping?.[jf]?.namespaces?.length) {
13118+
namespaceList = tmpJarNSMapping[jf].namespaces;
13119+
namespaceValues = namespaceList.join("\n");
13120+
properties.push({
13121+
name: "Namespaces",
13122+
value: namespaceValues,
13123+
});
13124+
}
13125+
}
13126+
// Are there any shaded classes
13127+
if (
13128+
namespaceValues?.includes(".shaded.") ||
13129+
namespaceValues?.includes(".thirdparty.com.")
13130+
) {
13131+
properties.push({
13132+
name: "cdx:maven:shaded",
13133+
value: "true",
13134+
});
13135+
confidence = 0;
13136+
const unshadedNS = new Set();
13137+
for (const ans of namespaceList) {
13138+
let tmpns;
13139+
if (ans.includes(".shaded.")) {
13140+
tmpns = ans.split(".shaded.").pop();
13141+
} else if (ans.includes(".thirdparty.")) {
13142+
tmpns = ans.split(".thirdparty.").pop();
13143+
}
13144+
if (tmpns?.search("[.]") > 3) {
13145+
unshadedNS.add(tmpns.split("$")[0]);
13146+
}
13147+
}
13148+
if (unshadedNS.size) {
13149+
properties.push({
13150+
name: "cdx:maven:unshadedNamespaces",
13151+
value: Array.from(unshadedNS).join("\n"),
13152+
});
13153+
}
13154+
}
1308613155
const apkg = {
1308713156
group: group ? encodeForPurl(group) : "",
1308813157
name: name ? encodeForPurl(name) : "",
1308913158
version,
13090-
purl: new PackageURL(
13091-
"maven",
13092-
group,
13093-
name,
13094-
version,
13095-
{ type: "jar" },
13096-
null,
13097-
).toString(),
13159+
purl,
1309813160
evidence: {
1309913161
identity: {
1310013162
field: "purl",
@@ -13108,27 +13170,8 @@ export async function extractJarArchive(jarFile, tempDir, jarNSMapping = {}) {
1310813170
],
1310913171
},
1311013172
},
13111-
properties: [
13112-
{
13113-
name: "SrcFile",
13114-
value: jf,
13115-
},
13116-
],
13173+
properties,
1311713174
};
13118-
if (jarNSMapping?.[apkg.purl] && jarNSMapping[apkg.purl].namespaces) {
13119-
apkg.properties.push({
13120-
name: "Namespaces",
13121-
value: jarNSMapping[apkg.purl].namespaces.join("\n"),
13122-
});
13123-
} else {
13124-
const tmpJarNSMapping = await collectJarNS(jf);
13125-
if (tmpJarNSMapping?.[jf]?.namespaces?.length) {
13126-
apkg.properties.push({
13127-
name: "Namespaces",
13128-
value: tmpJarNSMapping[jf].namespaces.join("\n"),
13129-
});
13130-
}
13131-
}
1313213175
pkgList.push(apkg);
1313313176
} else {
1313413177
if (DEBUG_MODE) {

types/helpers/utils.d.ts.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)