Skip to content

Commit

Permalink
Check maven central as well for licenses in parents poms for nested jars
Browse files Browse the repository at this point in the history
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
  • Loading branch information
coheigea committed Nov 8, 2023
1 parent 9eac737 commit 30e29b3
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 3 deletions.
7 changes: 5 additions & 2 deletions syft/pkg/cataloger/java/archive_parser.go
Original file line number Diff line number Diff line change
Expand Up @@ -444,7 +444,7 @@ func (j *archiveParser) discoverPkgsFromAllMavenFiles(parentPkg *pkg.Package) ([
pomProject = proj
}

pkgFromPom := newPackageFromMavenData(propertiesObj, pomProject, parentPkg, j.location)
pkgFromPom := newPackageFromMavenData(propertiesObj, pomProject, parentPkg, j.location, j.cfg)
if pkgFromPom != nil {
pkgs = append(pkgs, *pkgFromPom)
}
Expand Down Expand Up @@ -635,7 +635,7 @@ func pomProjectByParentPath(archivePath string, location file.Location, extractP

// newPackageFromMavenData processes a single Maven POM properties for a given parent package, returning all listed Java packages found and
// associating each discovered package to the given parent package. Note the pom.xml is optional, the pom.properties is not.
func newPackageFromMavenData(pomProperties pkg.JavaPomProperties, parsedPomProject *parsedPomProject, parentPkg *pkg.Package, location file.Location) *pkg.Package {
func newPackageFromMavenData(pomProperties pkg.JavaPomProperties, parsedPomProject *parsedPomProject, parentPkg *pkg.Package, location file.Location, cfg Config) *pkg.Package {
// keep the artifact name within the virtual path if this package does not match the parent package
vPathSuffix := ""
groupID := ""
Expand All @@ -660,6 +660,9 @@ func newPackageFromMavenData(pomProperties pkg.JavaPomProperties, parsedPomProje
var pkgPomProject *pkg.JavaPomProject
licenses := make([]pkg.License, 0)
if parsedPomProject != nil {
if cfg.UseNetwork {
findPomLicenses(parsedPomProject, cfg)
}
pkgPomProject = parsedPomProject.JavaPomProject
licenses = append(licenses, parsedPomProject.Licenses...)
}
Expand Down
2 changes: 1 addition & 1 deletion syft/pkg/cataloger/java/archive_parser_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1089,7 +1089,7 @@ func Test_newPackageFromMavenData(t *testing.T) {
}
test.expectedParent.Locations = locations

actualPackage := newPackageFromMavenData(test.props, test.project, test.parent, file.NewLocation(virtualPath))
actualPackage := newPackageFromMavenData(test.props, test.project, test.parent, file.NewLocation(virtualPath), Config{})
if test.expectedPackage == nil {
require.Nil(t, actualPackage)
} else {
Expand Down

0 comments on commit 30e29b3

Please sign in to comment.