SBOMER-79: Check MANIFEST.MF and license text files for licenses (#1050)

project-ncl · Jun 14, 2024 · feb4ae4 · feb4ae4
1 parent 470b2cd
commit feb4ae4
Show file tree

Hide file tree

Showing 25 changed files with 1,125 additions and 378 deletions.
diff --git a/checkstyle.xml b/checkstyle.xml
@@ -64,7 +64,7 @@
     <!--<module name="ParameterNumber"/>-->
 
     <module name="EmptyForIteratorPad"/>
-    <module name="GenericWhitespace"/>
+    <!--<module name="GenericWhitespace"/>-->
     <module name="MethodParamPad"/>
     <!--<module name="NoWhitespaceAfter"/>-->
     <module name="NoWhitespaceBefore"/>

diff --git a/cli/src/main/java/org/jboss/pnc/build/finder/cli/Main.java b/cli/src/main/java/org/jboss/pnc/build/finder/cli/Main.java
@@ -19,6 +19,7 @@
 import static org.jboss.pnc.build.finder.core.AnsiUtils.boldYellow;
 import static org.jboss.pnc.build.finder.core.AnsiUtils.green;
 import static org.jboss.pnc.build.finder.core.AnsiUtils.red;
+import static org.jboss.pnc.build.finder.core.Utils.getAllErrorMessages;
 
 import java.io.File;
 import java.io.IOException;
@@ -444,7 +445,6 @@ private void initCaches(BuildConfig config) {
                 .segmented(true)
                 .shared(false)
                 .preload(true)
-                .fetchPersistentState(true)
                 .purgeOnStartup(false)
                 .dataLocation(cacheLocation)
                 .indexLocation(cacheLocation)
@@ -462,6 +462,8 @@ private void initCaches(BuildConfig config) {
         cacheManager.defineConfiguration("builds", configuration);
         cacheManager.defineConfiguration("builds-pnc", configuration);
         cacheManager.defineConfiguration("artifact-pnc", configuration);
+
+        cacheManager.startCaches();
     }
 
     private void closeCaches() {
@@ -540,9 +542,16 @@ public Void call() {
 
         LOGGER.debug("mkdirs returned {}", ret);
 
-        LOGGER.info(
-                "Checksum type: {}",
-                green(String.join(", ", checksumTypes.stream().map(String::valueOf).collect(Collectors.toSet()))));
+        if (LOGGER.isInfoEnabled()) {
+            LOGGER.info(
+                    "Checksum type: {}",
+                    green(
+                            String.join(
+                                    ", ",
+                                    checksumTypes.stream()
+                                            .map(String::valueOf)
+                                            .collect(Collectors.toUnmodifiableSet()))));
+        }
 
         Map<ChecksumType, MultiValuedMap<String, LocalFile>> checksumsFromFile = new EnumMap<>(ChecksumType.class);
 
@@ -595,7 +604,7 @@ public Void call() {
                 try {
                     checksums = futureChecksum.get();
                 } catch (ExecutionException e) {
-                    LOGGER.error("Error getting checksums: {}", boldRed(e.getMessage()));
+                    LOGGER.error("Error getting checksums: {}", boldRed(getAllErrorMessages(e)));
                     LOGGER.debug("Error", e);
                     System.exit(1);
                 } catch (InterruptedException e) {
@@ -710,7 +719,7 @@ public Void call() {
                                         entry.getValue()
                                                 .stream()
                                                 .map(LocalFile::getFilename)
-                                                .collect(Collectors.toList()));
+                                                .collect(Collectors.toUnmodifiableList()));
                             }
                         }
                     }
@@ -766,7 +775,7 @@ public Void call() {
                     try {
                         checksums = futureChecksum.get();
                     } catch (ExecutionException e) {
-                        LOGGER.error("Error getting checksums: {}", boldRed(e.getMessage()));
+                        LOGGER.error("Error getting checksums: {}", boldRed(getAllErrorMessages(e)));
                         LOGGER.debug("Error", e);
                         System.exit(1);
                     } catch (InterruptedException e) {

diff --git a/core/src/main/java/org/jboss/pnc/build/finder/core/BuildFinder.java b/core/src/main/java/org/jboss/pnc/build/finder/core/BuildFinder.java
diff --git a/core/src/main/java/org/jboss/pnc/build/finder/core/BuildFinderUtils.java b/core/src/main/java/org/jboss/pnc/build/finder/core/BuildFinderUtils.java
@@ -351,7 +351,7 @@ private static List<String> getArchiveExtensionsFromKoji(BuildConfig config, Cli
         List<String> allArchiveTypes = allArchiveTypesMap.values()
                 .stream()
                 .map(KojiArchiveType::getName)
-                .collect(Collectors.toList());
+                .collect(Collectors.toUnmodifiableList());
         List<String> archiveTypes = config.getArchiveTypes();
         List<String> archiveTypesToCheck;
 
@@ -367,7 +367,7 @@ private static List<String> getArchiveExtensionsFromKoji(BuildConfig config, Cli
 
             archiveTypesToCheck = archiveTypes.stream()
                     .filter(allArchiveTypesMap::containsKey)
-                    .collect(Collectors.toList());
+                    .collect(Collectors.toUnmodifiableList());
 
             if (LOGGER.isDebugEnabled()) {
                 LOGGER.debug(
@@ -387,7 +387,7 @@ private static List<String> getArchiveExtensionsFromKoji(BuildConfig config, Cli
                 .stream()
                 .map(KojiArchiveType::getExtensions)
                 .flatMap(List::stream)
-                .collect(Collectors.toList());
+                .collect(Collectors.toUnmodifiableList());
         List<String> extensions = config.getArchiveExtensions();
         List<String> extensionsToCheck;
 
@@ -399,7 +399,9 @@ private static List<String> getArchiveExtensionsFromKoji(BuildConfig config, Cli
                         String.join(", ", extensions));
             }
 
-            extensionsToCheck = extensions.stream().filter(allArchiveExtensions::contains).collect(Collectors.toList());
+            extensionsToCheck = extensions.stream()
+                    .filter(allArchiveExtensions::contains)
+                    .collect(Collectors.toUnmodifiableList());
 
             if (LOGGER.isDebugEnabled()) {
                 LOGGER.debug(
@@ -419,7 +421,7 @@ private static List<String> getArchiveExtensionsFromKoji(BuildConfig config, Cli
             extensionsToCheck = allArchiveExtensions;
         }
 
-        return Collections.unmodifiableList(extensionsToCheck);
+        return extensionsToCheck;
     }
 
     public static Map<Checksum, Collection<String>> swapEntriesWithPreferredChecksum(
@@ -440,7 +442,9 @@ public static Map<Checksum, Collection<String>> swapEntriesWithPreferredChecksum
             }
 
             Collection<Checksum> fileChecksums = fileInverseMap.get(files.iterator().next());
-            Optional<Checksum> preferredChecksum = Checksum.findByType(fileChecksums, preferredChecksumType);
+            Optional<Checksum> preferredChecksum = fileChecksums != null
+                    ? Checksum.findByType(fileChecksums, preferredChecksumType)
+                    : Optional.empty();
 
             if (preferredChecksum.isPresent()) {
                 // The preferred checksum was found, use it

diff --git a/core/src/main/java/org/jboss/pnc/build/finder/core/BundleLicense.java b/core/src/main/java/org/jboss/pnc/build/finder/core/BundleLicense.java
@@ -0,0 +1,170 @@
+/*
+ * Copyright (C) 2017 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jboss.pnc.build.finder.core;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Objects;
+import java.util.regex.Pattern;
+
+import org.apache.commons.lang3.StringUtils;
+
+public class BundleLicense {
+    private static final String EXTERNAL = "<<EXTERNAL>>";
+
+    private static final String LINK = "link";
+
+    private static final String DESCRIPTION = "description";
+
+    private static final Pattern LICENSE_LIST_PATTERN = Pattern.compile("\\s*,\\s*(?=(?:[^\"]*\"[^\"]*\")*[^\"]*$)");
+
+    private static final Pattern LICENSE_PATTERN = Pattern.compile("\\s*;\\s*");
+
+    private static final Pattern LICENSE_ATTRIBUTE_PATTERN = Pattern.compile("\\s*=\\s*");
+
+    private String licenseIdentifier;
+
+    private String link;
+
+    private String description;
+
+    public BundleLicense() {
+
+    }
+
+    public String getLicenseIdentifier() {
+        return licenseIdentifier;
+    }
+
+    public void setLicenseIdentifier(String licenseIdentifier) {
+        this.licenseIdentifier = licenseIdentifier;
+    }
+
+    public String getLink() {
+        return link;
+    }
+
+    public void setLink(String link) {
+        this.link = link;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+
+        BundleLicense that = (BundleLicense) o;
+        return Objects.equals(licenseIdentifier, that.licenseIdentifier) && Objects.equals(link, that.link)
+                && Objects.equals(description, that.description);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(licenseIdentifier, link, description);
+    }
+
+    @Override
+    public String toString() {
+        return "BundleLicense: " + "licenseIdentifier: '" + licenseIdentifier + '\'' + ", link: '" + link + '\''
+                + ", description: '" + description + '\'';
+    }
+
+    public static List<BundleLicense> parse(String s) throws IOException {
+        if (StringUtils.isEmpty(s) || EXTERNAL.equals(s)) {
+            return List.of();
+        }
+
+        List<BundleLicense> list = new ArrayList<>(3);
+        String[] split = LICENSE_LIST_PATTERN.split(s);
+
+        for (String string : split) {
+            BundleLicense bundleLicense = newBundleLicense(string);
+            list.add(bundleLicense);
+        }
+
+        return Collections.unmodifiableList(list);
+    }
+
+    private static BundleLicense newBundleLicense(String value) throws IOException {
+        BundleLicense bundleLicense = new BundleLicense();
+        String[] licenseTokens = LICENSE_PATTERN.split(value, 2);
+        String licenseIdentifier = removeQuotes(licenseTokens[0]);
+
+        if (!LicenseUtils.isUrl(licenseIdentifier)) {
+            bundleLicense.setLicenseIdentifier(licenseIdentifier);
+        } else {
+            bundleLicense.setLink(licenseIdentifier);
+        }
+
+        if (licenseTokens.length == 2) {
+            String[] attributes = LICENSE_PATTERN.split(removeQuotes(licenseTokens[1]));
+
+            for (String attribute : attributes) {
+                String[] kv = LICENSE_ATTRIBUTE_PATTERN.split(attribute, 2);
+
+                if (kv.length != 2) {
+                    throw new IOException("Expected key=value pair, but got " + attribute);
+                }
+
+                String k = removeQuotes(kv[0]);
+                String v = removeQuotes(kv[1]);
+
+                switch (k) {
+                    case LINK:
+                        if (!LicenseUtils.isUrl(v)) {
+                            throw new IOException("Expected URL, but got " + v);
+                        }
+
+                        bundleLicense.setLink(v);
+                        break;
+                    case DESCRIPTION:
+                        bundleLicense.setDescription(v);
+                        break;
+                    default:
+                        throw new IOException("Unknown key " + k);
+                }
+            }
+        }
+
+        return bundleLicense;
+    }
+
+    private static String removeQuotes(String s) {
+        int length = s.length();
+
+        if (length < 2) {
+            return s;
+        }
+
+        int endIndex = length - 1;
+        return s.charAt(0) == '"' && s.charAt(endIndex) == '"' ? s.substring(1, endIndex) : s;
+    }
+}
diff --git a/core/src/main/java/org/jboss/pnc/build/finder/core/Checksum.java b/core/src/main/java/org/jboss/pnc/build/finder/core/Checksum.java
@@ -255,7 +255,7 @@ public static Set<Checksum> checksum(FileObject fo, Collection<ChecksumType> che
     static Optional<Checksum> findByType(Collection<Checksum> checksums, ChecksumType type) {
         List<Checksum> list = checksums.stream()
                 .filter(checksum -> checksum.getType() == type)
-                .collect(Collectors.toList());
+                .collect(Collectors.toUnmodifiableList());
         Checksum checksum = null;
 
         if (!list.isEmpty()) {