diff --git a/README.md b/README.md
index 2c84c32d..db8b3ab7 100644
--- a/README.md
+++ b/README.md
@@ -35,10 +35,11 @@ java -jar classfile-fingerprint-0.8.1-SNAPSHOT.jar
#### Optional parameters
-| Parameter | Type | Description |
-|:---------------------:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `-a` or `--algorithm` | `String` | Algorithm used to generate the hash sum. Default: `SHA256`.
All options are [written here](https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html#messagedigest-algorithms). |
-| `-o` or `--output` | `File` | Path to the output file. Default: `classfile.sha256.jsonl` |
+| Parameter | Type | Description |
+|:-------------------------:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `-a` or `--algorithm` | `String` | Algorithm used to generate the hash sum. Default: `SHA256`.
All options are [written here](https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html#messagedigest-algorithms). |
+| `-o` or `--output` | `Path` | Path to the output file. Default: `classfile.sha256.jsonl` |
+| `-e` or `--external-jars` | `Path` | Configuration file to specify external jars. Default: `null`. |
### Maven plugin
diff --git a/classfile-fingerprint/src/main/java/io/github/algomaster99/FromSbom.java b/classfile-fingerprint/src/main/java/io/github/algomaster99/FromSbom.java
index d06978b6..5cdc5278 100644
--- a/classfile-fingerprint/src/main/java/io/github/algomaster99/FromSbom.java
+++ b/classfile-fingerprint/src/main/java/io/github/algomaster99/FromSbom.java
@@ -1,6 +1,7 @@
package io.github.algomaster99;
import static io.github.algomaster99.terminator.commons.jar.JarScanner.goInsideJarAndUpdateFingerprints;
+import static io.github.algomaster99.terminator.commons.jar.JarScanner.processExternalJars;
import io.github.algomaster99.options.FromSbomOptions;
import io.github.algomaster99.terminator.commons.cyclonedx.Bom14Schema;
@@ -48,6 +49,12 @@ public class FromSbom implements Runnable {
description = "The output file.")
private Path output = Path.of(String.format("classfile.%s.json", algorithm.toLowerCase()));
+ @CommandLine.Option(
+ names = {"-e", "--external-jars"},
+ required = false,
+ description = "Path to known external jars.")
+ private Path externalJars;
+
public static void main(String[] args) {
int exitCode = new CommandLine(new FromSbom()).execute(args);
System.exit(exitCode);
@@ -56,7 +63,7 @@ public static void main(String[] args) {
@Override
public void run() {
try {
- FromSbomOptions options = new FromSbomOptions(input, algorithm, output);
+ FromSbomOptions options = new FromSbomOptions(input, algorithm, output, externalJars);
Map> fingerprints = getFingerprints(options);
ParsingHelper.serialiseFingerprints(fingerprints, options.getOutput());
} catch (IOException e) {
@@ -67,6 +74,10 @@ public void run() {
public static Map> getFingerprints(FromSbomOptions options) {
Bom14Schema sbom = options.getInput();
Map> fingerprints = new HashMap<>();
+ if (options.getExternalJars() != null) {
+ processExternalJars(options.getExternalJars().toFile(), fingerprints, options.getAlgorithm());
+ }
+
for (Component component : sbom.getComponents()) {
try {
File jarFile = JarDownloader.getMavenJarFile(
diff --git a/classfile-fingerprint/src/main/java/io/github/algomaster99/GenerateMojo.java b/classfile-fingerprint/src/main/java/io/github/algomaster99/GenerateMojo.java
index 55322e1d..f85f70d9 100644
--- a/classfile-fingerprint/src/main/java/io/github/algomaster99/GenerateMojo.java
+++ b/classfile-fingerprint/src/main/java/io/github/algomaster99/GenerateMojo.java
@@ -2,11 +2,8 @@
import static io.github.algomaster99.terminator.commons.fingerprint.classfile.HashComputer.computeHash;
import static io.github.algomaster99.terminator.commons.jar.JarScanner.goInsideJarAndUpdateFingerprints;
+import static io.github.algomaster99.terminator.commons.jar.JarScanner.processExternalJars;
-import com.fasterxml.jackson.core.type.TypeReference;
-import com.fasterxml.jackson.databind.InjectableValues;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import io.github.algomaster99.terminator.commons.data.ExternalJar;
import io.github.algomaster99.terminator.commons.fingerprint.ParsingHelper;
import io.github.algomaster99.terminator.commons.fingerprint.classfile.ClassFileAttributes;
import io.github.algomaster99.terminator.commons.fingerprint.classfile.ClassfileVersion;
@@ -59,7 +56,7 @@ public class GenerateMojo extends AbstractMojo {
public void execute() throws MojoExecutionException, MojoFailureException {
processProjectItself();
processDependencies();
- processExternalJars();
+ processExternalJars(externalJars, fingerprints, algorithm);
Path fingerprintFile = getFingerprintFile(project, algorithm);
ParsingHelper.serialiseFingerprints(fingerprints, fingerprintFile);
@@ -161,33 +158,6 @@ private void walkOverClassDirectory(File artifactFileOnSystem, String groupId, S
}
}
- private void processExternalJars() {
- if (externalJars == null) {
- getLog().info("No external jars are known.");
- return;
- }
-
- ObjectMapper mapper = new ObjectMapper();
- List externalJarList;
- try {
- InjectableValues inject = new InjectableValues.Std().addValue("configFile", externalJars.getAbsolutePath());
- externalJarList = mapper.setInjectableValues(inject)
- .readerFor(new TypeReference>() {})
- .readValue(externalJars);
- } catch (IOException e) {
- throw new RuntimeException("Could not open external jar file: " + e);
- }
-
- for (ExternalJar jar : externalJarList) {
- getLog().info("Processing external jar" + jar.path().getAbsolutePath());
- goInsideJarAndUpdateFingerprints(
- jar.path().getAbsoluteFile(),
- fingerprints,
- algorithm,
- jar.path().getAbsolutePath());
- }
- }
-
private static Path getFingerprintFile(MavenProject project, String algorithm) {
try {
Files.createDirectories(Path.of(project.getBuild().getDirectory()));
diff --git a/classfile-fingerprint/src/main/java/io/github/algomaster99/options/FromSbomOptions.java b/classfile-fingerprint/src/main/java/io/github/algomaster99/options/FromSbomOptions.java
index aa9e24a3..42e7352c 100644
--- a/classfile-fingerprint/src/main/java/io/github/algomaster99/options/FromSbomOptions.java
+++ b/classfile-fingerprint/src/main/java/io/github/algomaster99/options/FromSbomOptions.java
@@ -10,11 +10,13 @@ public class FromSbomOptions {
private final Bom14Schema input;
private final String algorithm;
private final Path output;
+ private final Path externalJars;
- public FromSbomOptions(Path input, String algorithm, Path output) throws IOException {
+ public FromSbomOptions(Path input, String algorithm, Path output, Path externalJars) throws IOException {
this.algorithm = algorithm;
this.input = CycloneDX.getPOJO(Files.readString(input));
this.output = output;
+ this.externalJars = externalJars;
}
public Bom14Schema getInput() {
@@ -28,4 +30,8 @@ public String getAlgorithm() {
public Path getOutput() {
return output;
}
+
+ public Path getExternalJars() {
+ return externalJars;
+ }
}
diff --git a/classfile-fingerprint/src/test/java/io/github/algomaster99/FromSbomTest.java b/classfile-fingerprint/src/test/java/io/github/algomaster99/FromSbomTest.java
index eadc753b..5bad1646 100644
--- a/classfile-fingerprint/src/test/java/io/github/algomaster99/FromSbomTest.java
+++ b/classfile-fingerprint/src/test/java/io/github/algomaster99/FromSbomTest.java
@@ -36,6 +36,6 @@ void guava(@TempDir Path junitTempDir) throws IOException {
}
private static FromSbomOptions getDefaultOptions(Path sbomFile) throws IOException {
- return new FromSbomOptions(sbomFile, "SHA256", null);
+ return new FromSbomOptions(sbomFile, "SHA256", null, null);
}
}
diff --git a/terminator-commons/src/main/java/io/github/algomaster99/terminator/commons/jar/JarScanner.java b/terminator-commons/src/main/java/io/github/algomaster99/terminator/commons/jar/JarScanner.java
index 391c8352..ce5a86bd 100644
--- a/terminator-commons/src/main/java/io/github/algomaster99/terminator/commons/jar/JarScanner.java
+++ b/terminator-commons/src/main/java/io/github/algomaster99/terminator/commons/jar/JarScanner.java
@@ -2,6 +2,10 @@
import static io.github.algomaster99.terminator.commons.fingerprint.classfile.HashComputer.computeHash;
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.InjectableValues;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import io.github.algomaster99.terminator.commons.data.ExternalJar;
import io.github.algomaster99.terminator.commons.fingerprint.classfile.ClassFileAttributes;
import io.github.algomaster99.terminator.commons.fingerprint.classfile.ClassfileVersion;
import io.github.algomaster99.terminator.commons.fingerprint.provenance.Jar;
@@ -63,6 +67,34 @@ public static void goInsideJarAndUpdateFingerprints(
}
}
+ public static void processExternalJars(
+ File externalJars, Map> fingerprints, String algorithm) {
+ if (externalJars == null) {
+ LOGGER.info("No external jars are known.");
+ return;
+ }
+
+ ObjectMapper mapper = new ObjectMapper();
+ List externalJarList;
+ try {
+ InjectableValues inject = new InjectableValues.Std().addValue("configFile", externalJars.getAbsolutePath());
+ externalJarList = mapper.setInjectableValues(inject)
+ .readerFor(new TypeReference>() {})
+ .readValue(externalJars);
+ } catch (IOException e) {
+ throw new RuntimeException("Could not open external jar file: " + e);
+ }
+
+ for (ExternalJar jar : externalJarList) {
+ LOGGER.info("Processing external jar" + jar.path().getAbsolutePath());
+ goInsideJarAndUpdateFingerprints(
+ jar.path().getAbsoluteFile(),
+ fingerprints,
+ algorithm,
+ jar.path().getAbsolutePath());
+ }
+ }
+
private static void updateProvenanceList(
List provenances, ClassFileAttributes classFileAttributes, String... provenanceInformation) {
if (provenanceInformation.length == 3) {