From 52b8ca7bea7f9c210a168a5be8ef39e54afcafc2 Mon Sep 17 00:00:00 2001
From: Aman Sharma <mannu.poski10@gmail.com>
Date: Tue, 22 Aug 2023 14:28:16 +0200
Subject: [PATCH] feat: acquit classes that are part of the project itself
 (#58)

---
 README.md                                     |  9 ++++--
 .../java/io/github/algomaster99/Options.java  | 31 +++++++++++++++++++
 watchdog-agent/src/test/java/AgentTest.java   |  2 +-
 3 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index e7eb7707..2c84c32d 100644
--- a/README.md
+++ b/README.md
@@ -114,6 +114,9 @@ java -javaagent:<path/to/agent>=fingerprints=<path/to/fingerprints> -jar <path/t
 
 **Optional Parameters**
 
-|   Parameter    |   Type    | Description                                                                             |
-|:--------------:|:---------:|-----------------------------------------------------------------------------------------|
-| `skipShutdown` | `boolean` | If `true`, the JVM will not shutdown if a prohibited class is loaded. Default: `false`. |
+|   Parameter    |   Type    | Description                                                                                      |
+|:--------------:|:---------:|--------------------------------------------------------------------------------------------------|
+| `skipShutdown` | `boolean` | If `true`, the JVM will not shutdown if a prohibited class is loaded. Default: `false`.          |
+|     `sbom`     |  `File`   | Path to an SBOM file. It is used for including the classes of the root project. Default: `null`. |
+
+> `sbom` is a CycloneDX 1.4 JSON file.
diff --git a/watchdog-agent/src/main/java/io/github/algomaster99/Options.java b/watchdog-agent/src/main/java/io/github/algomaster99/Options.java
index 7ef485a3..36abe60c 100644
--- a/watchdog-agent/src/main/java/io/github/algomaster99/Options.java
+++ b/watchdog-agent/src/main/java/io/github/algomaster99/Options.java
@@ -1,8 +1,16 @@
 package io.github.algomaster99;
 
 import static io.github.algomaster99.terminator.commons.fingerprint.ParsingHelper.deserializeFingerprints;
+import static io.github.algomaster99.terminator.commons.jar.JarScanner.goInsideJarAndUpdateFingerprints;
 
+import io.github.algomaster99.terminator.commons.cyclonedx.Bom14Schema;
+import io.github.algomaster99.terminator.commons.cyclonedx.Component;
+import io.github.algomaster99.terminator.commons.cyclonedx.CycloneDX;
 import io.github.algomaster99.terminator.commons.fingerprint.provenance.Provenance;
+import io.github.algomaster99.terminator.commons.jar.JarDownloader;
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.List;
 import java.util.Map;
@@ -29,6 +37,29 @@ public Options(String agentArgs) {
                 case "skipShutdown":
                     skipShutdown = Boolean.parseBoolean(value);
                     break;
+                case "sbom":
+                    // If an SBOM is passed included the root component in the fingerprints
+                    Path sbomPath = Path.of(value);
+                    try {
+                        Bom14Schema sbom = CycloneDX.getPOJO(Files.readString(sbomPath));
+                        Component rootComponent = sbom.getMetadata().getComponent();
+                        File jarFile = JarDownloader.getMavenJarFile(
+                                rootComponent.getGroup(), rootComponent.getName(), rootComponent.getVersion());
+                        goInsideJarAndUpdateFingerprints(
+                                jarFile,
+                                fingerprints,
+                                // TODO: Make this configurable
+                                "SHA256",
+                                rootComponent.getGroup(),
+                                rootComponent.getName(),
+                                rootComponent.getVersion());
+                    } catch (InterruptedException e) {
+                        System.err.println("Downloading was interrupted: " + e.getMessage());
+                        System.exit(1);
+                    } catch (IOException e) {
+                        throw new IllegalArgumentException("Failed to read sbom file: " + value);
+                    }
+                    break;
                 default:
                     throw new IllegalArgumentException("Unknown argument: " + key);
             }
diff --git a/watchdog-agent/src/test/java/AgentTest.java b/watchdog-agent/src/test/java/AgentTest.java
index d22a012d..152edd7c 100644
--- a/watchdog-agent/src/test/java/AgentTest.java
+++ b/watchdog-agent/src/test/java/AgentTest.java
@@ -22,7 +22,7 @@
 import org.junit.jupiter.api.Test;
 
 public class AgentTest {
-    @Disabled("Should be worked upon after the input is from an SBOM and not maven project")
+    @Disabled("Should be worked upon after we know what java version is used by the application")
     @Test
     void shouldDisallowLoadingCustomJDKClass() throws MavenInvocationException, IOException, InterruptedException {
         // contract: watchdog-agent should detect if the class masquerading as an internal class