feat: acquit classes that are part of the project itself

README.md

@@ -114,6 +114,9 @@ java -javaagent:<path/to/agent>=fingerprints=<path/to/fingerprints> -jar <path/t
 
 **Optional Parameters**
 
-|   Parameter    |   Type    | Description                                                                             |
-|:--------------:|:---------:|-----------------------------------------------------------------------------------------|
-| `skipShutdown` | `boolean` | If `true`, the JVM will not shutdown if a prohibited class is loaded. Default: `false`. |
+|   Parameter    |   Type    | Description                                                                                      |
+|:--------------:|:---------:|--------------------------------------------------------------------------------------------------|
+| `skipShutdown` | `boolean` | If `true`, the JVM will not shutdown if a prohibited class is loaded. Default: `false`.          |
+|     `sbom`     |  `File`   | Path to an SBOM file. It is used for including the classes of the root project. Default: `null`. |
+
+> `sbom` is a CycloneDX 1.4 JSON file.

watchdog-agent/src/main/java/io/github/algomaster99/Options.java

@@ -1,8 +1,16 @@
 package io.github.algomaster99;
 
 import static io.github.algomaster99.terminator.commons.fingerprint.ParsingHelper.deserializeFingerprints;
+import static io.github.algomaster99.terminator.commons.jar.JarScanner.goInsideJarAndUpdateFingerprints;
 
+import io.github.algomaster99.terminator.commons.cyclonedx.Bom14Schema;
+import io.github.algomaster99.terminator.commons.cyclonedx.Component;
+import io.github.algomaster99.terminator.commons.cyclonedx.CycloneDX;
 import io.github.algomaster99.terminator.commons.fingerprint.provenance.Provenance;
+import io.github.algomaster99.terminator.commons.jar.JarDownloader;
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.List;
 import java.util.Map;
@@ -29,6 +37,29 @@ public Options(String agentArgs) {
                 case "skipShutdown":
                     skipShutdown = Boolean.parseBoolean(value);
                     break;
+                case "sbom":
+                    // If an SBOM is passed included the root component in the fingerprints
+                    Path sbomPath = Path.of(value);
+                    try {
+                        Bom14Schema sbom = CycloneDX.getPOJO(Files.readString(sbomPath));
+                        Component rootComponent = sbom.getMetadata().getComponent();
+                        File jarFile = JarDownloader.getMavenJarFile(
+                                rootComponent.getGroup(), rootComponent.getName(), rootComponent.getVersion());
+                        goInsideJarAndUpdateFingerprints(
+                                jarFile,
+                                fingerprints,
+                                // TODO: Make this configurable
+                                "SHA256",
+                                rootComponent.getGroup(),
+                                rootComponent.getName(),
+                                rootComponent.getVersion());
+                    } catch (InterruptedException e) {
+                        System.err.println("Downloading was interrupted: " + e.getMessage());
+                        System.exit(1);
+                    } catch (IOException e) {
+                        throw new IllegalArgumentException("Failed to read sbom file: " + value);
+                    }
+                    break;
                 default:
                     throw new IllegalArgumentException("Unknown argument: " + key);
             }

watchdog-agent/src/test/java/AgentTest.java

@@ -22,7 +22,7 @@
 import org.junit.jupiter.api.Test;
 
 public class AgentTest {
-    @Disabled("Should be worked upon after the input is from an SBOM and not maven project")
+    @Disabled("Should be worked upon after we know what java version is used by the application")
     @Test
     void shouldDisallowLoadingCustomJDKClass() throws MavenInvocationException, IOException, InterruptedException {
         // contract: watchdog-agent should detect if the class masquerading as an internal class