java maven global setting file support (#250)

README.md

@@ -64,6 +64,7 @@ Flags:
   -p, --path string            the path to package file or the path to a directory which will be recursively analyzed for the package files (default '.') (default ".")
   -s, --schema string          <version> Target schema version (default: '2.2') (default "2.2")
   -f, --format string          output file format (default: 'spdx')
+  -g, --global-settings string    Alternate path for the global settings file for Java Maven
 ```
 
 ### Output Options
@@ -167,7 +168,7 @@ type IPlugin interface {
   GetMetadata() PluginMetadata
   GetRootModule(path string) (*Module, error)
   ListUsedModules(path string) ([]Module, error)
-  ListModulesWithDeps(path string) ([]Module, error)
+  ListModulesWithDeps(path string, globalSettingFile string) ([]Module, error)
   IsValid(path string) bool
 
 ```
@@ -486,7 +487,7 @@ To register for a new plugin, perform the following steps:
    }
 
    // ListModulesWithDeps ...
-   func (m *npm) ListModulesWithDeps(path string) ([]models.Module, error) {
+   func (m *npm) ListModulesWithDeps(path string, globalSettingFile string) ([]models.Module, error) {
      return nil, nil
    }
 

cmd/generator/generator.go

@@ -46,6 +46,7 @@ func init() {
 	rootCmd.Flags().StringP("schema", "s", "2.2", "<version> Target schema version (default: '2.2')")
 	rootCmd.Flags().StringP("output-dir", "o", ".", "<output> directory to Write SPDX to file (default: current directory)")
 	rootCmd.Flags().StringP("format", "f", "spdx", "output file format (default: spdx)")
+	rootCmd.Flags().StringP("global-settings", "g", "", "Alternate path for the global settings file for Java Maven (default 'mvn settings.xml')")
 
 	//rootCmd.MarkFlagRequired("path")
 	cobra.OnInitialize(setupLogger)
@@ -102,14 +103,16 @@ func generate(cmd *cobra.Command, args []string) {
 	if err != nil {
 		log.Fatalf("Failed to read command option: %v", err)
 	}
+	globalSettingFile := checkOpt("global-settings")
 
 	handler, err := handler.NewSPDX(handler.SPDXSettings{
-		Version:   version,
-		Path:      path,
-		License:   license,
-		OutputDir: outputDir,
-		Schema:    schema,
-		Format:    format,
+		Version:           version,
+		Path:              path,
+		License:           license,
+		OutputDir:         outputDir,
+		Schema:            schema,
+		Format:            format,
+		GlobalSettingFile: globalSettingFile,
 	})
 	if err != nil {
 		log.Fatalf("Failed to initialize command: %v", err)

pkg/format/format.go

@@ -28,10 +28,11 @@ type Format struct {
 
 // Config ...
 type Config struct {
-	ToolVersion  string
-	Filename     string
-	OutputFormat models.OutputFormat
-	GetSource    func() []models.Module
+	ToolVersion       string
+	Filename          string
+	OutputFormat      models.OutputFormat
+	GetSource         func() []models.Module
+	GlobalSettingFile string
 }
 
 func init() {

pkg/handler/spdx.go

@@ -20,13 +20,14 @@ var errOutputDirDoesNotExist = errors.New("Output Directory does not exist")
 
 // SPDXSettings ...
 type SPDXSettings struct {
-	Version   string
-	Path      string
-	License   bool
-	Depth     string
-	OutputDir string
-	Schema    string
-	Format    models.OutputFormat
+	Version           string
+	Path              string
+	License           bool
+	Depth             string
+	OutputDir         string
+	Schema            string
+	Format            models.OutputFormat
+	GlobalSettingFile string
 }
 
 type spdxHandler struct {
@@ -56,7 +57,8 @@ func NewSPDX(settings SPDXSettings) (Handler, error) {
 	}
 
 	mm, err := modules.New(modules.Config{
-		Path: settings.Path,
+		Path:              settings.Path,
+		GlobalSettingFile: settings.GlobalSettingFile,
 	})
 	if err != nil {
 		return nil, err
@@ -80,6 +82,7 @@ func (sh *spdxHandler) Run() error {
 		plugin := mm.Plugin.GetMetadata()
 		filename := fmt.Sprintf("bom-%s.%s", plugin.Slug, getFiletypeForOutputFormat(sh.config.Format))
 		outputFile := filepath.Join(sh.config.OutputDir, filename)
+		globalSettingFile := sh.config.GlobalSettingFile
 
 		log.Infof("Running generator for Module Manager: `%s` with output `%s`", plugin.Slug, outputFile)
 		if err := mm.Run(); err != nil {
@@ -94,6 +97,7 @@ func (sh *spdxHandler) Run() error {
 			GetSource: func() []models.Module {
 				return mm.GetSource()
 			},
+			GlobalSettingFile: globalSettingFile,
 		})
 		if err != nil {
 			sh.errors[plugin.Slug] = err

pkg/models/models.go

@@ -19,7 +19,7 @@ type IPlugin interface {
 	GetMetadata() PluginMetadata
 	GetRootModule(path string) (*Module, error)
 	ListUsedModules(path string) ([]Module, error)
-	ListModulesWithDeps(path string) ([]Module, error)
+	ListModulesWithDeps(path string, globalSettingFile string) ([]Module, error)
 	IsValid(path string) bool
 	HasModulesInstalled(path string) error
 }

pkg/modules/cargo/handler.go

@@ -79,7 +79,7 @@ func (m *mod) ListUsedModules(path string) ([]models.Module, error) {
 	return collection, nil
 }
 
-func (m *mod) ListModulesWithDeps(path string) ([]models.Module, error) {
+func (m *mod) ListModulesWithDeps(path string, globalSettingFile string) ([]models.Module, error) {
 	modules, err := m.ListUsedModules(path)
 	if err != nil {
 		return nil, err

pkg/modules/composer/handler.go

@@ -71,7 +71,7 @@ func (m *composer) GetRootModule(path string) (*models.Module, error) {
 }
 
 // ListModulesWithDeps ...
-func (m *composer) ListModulesWithDeps(path string) ([]models.Module, error) {
+func (m *composer) ListModulesWithDeps(path string, globalSettingFile string) ([]models.Module, error) {
 	return m.ListUsedModules(path)
 }
 

pkg/modules/gem/handler.go

@@ -20,11 +20,11 @@ type gem struct {
 }
 
 var errDependenciesNotFound, errInvalidProjectType = errors.New(
-    `* Please install dependencies by running the following command :
+	`* Please install dependencies by running the following command :
     1) bundle config set --local path 'vendor/bundle' && bundle install && bundle exec rake install
     2) run the spdx-sbom-generator tool command
 `), errors.New(
-    `* Tool only supports ruby gems projects with valid .gemspec manifest in project root directory`)
+	`* Tool only supports ruby gems projects with valid .gemspec manifest in project root directory`)
 
 // New ...
 func New() *gem {
@@ -57,20 +57,20 @@ func (g *gem) IsValid(path string) bool {
 // HasModulesInstalled ...
 func (g *gem) HasModulesInstalled(path string) error {
 
-    if !validateProjectType(path) {
-        return errInvalidProjectType
-    }
-
-    hasRake, _, hasModule := hasRakefile(path), ensurePlatform(path), false
-    for i := range g.metadata.ModulePath {
-        if helper.Exists(filepath.Join(path, g.metadata.ModulePath[i])) {
-            hasModule = true
-        }
-    }
-    if hasRake && hasModule {
-        return nil
-    }
-    return errDependenciesNotFound
+	if !validateProjectType(path) {
+		return errInvalidProjectType
+	}
+
+	hasRake, _, hasModule := hasRakefile(path), ensurePlatform(path), false
+	for i := range g.metadata.ModulePath {
+		if helper.Exists(filepath.Join(path, g.metadata.ModulePath[i])) {
+			hasModule = true
+		}
+	}
+	if hasRake && hasModule {
+		return nil
+	}
+	return errDependenciesNotFound
 }
 
 // GetVersion ...
@@ -121,11 +121,12 @@ func (g *gem) GetModule(path string) ([]models.Module, error) {
 
 // ListUsedModules ...
 func (g *gem) ListUsedModules(path string) ([]models.Module, error) {
-	return g.ListModulesWithDeps(path)
+	var globalSettingFile string
+	return g.ListModulesWithDeps(path, globalSettingFile)
 }
 
 // ListModulesWithDeps ...
-func (g *gem) ListModulesWithDeps(path string) ([]models.Module, error) {
+func (g *gem) ListModulesWithDeps(path string, globalSettingFile string) ([]models.Module, error) {
 	if err := g.HasModulesInstalled(path); err != nil {
 		return []models.Module{}, err
 	}

pkg/modules/gomod/handler.go

@@ -103,7 +103,7 @@ func (m *mod) ListUsedModules(path string) ([]models.Module, error) {
 }
 
 // ListModulesWithDeps ...
-func (m *mod) ListModulesWithDeps(path string) ([]models.Module, error) {
+func (m *mod) ListModulesWithDeps(path string, globalSettingFile string) ([]models.Module, error) {
 	modules, err := m.ListUsedModules(path)
 	if err != nil {
 		return nil, err

pkg/modules/javagradle/handler.go

@@ -68,7 +68,7 @@ func (m *gradle) ListUsedModules(path string) ([]models.Module, error) {
 	return nil, fmt.Errorf("ListUsedModules not implemented for java-gradle")
 }
 
-func (m *gradle) ListModulesWithDeps(path string) ([]models.Module, error) {
+func (m *gradle) ListModulesWithDeps(path string, globalSettingFile string) ([]models.Module, error) {
 	pi, err := getProjectInfo(path)
 	if err != nil {
 		return nil, err

pkg/modules/javamaven/decoder.go

@@ -424,20 +424,29 @@ func convertPOMReaderToModules(fpath string, lookForDepenent bool) ([]models.Mod
 	return modules, nil
 }
 
-func getTransitiveDependencyList(workingDir string) (map[string][]string, error) {
+func getTransitiveDependencyList(workingDir string, globalSettingFile string) (map[string][]string, error) {
 	path := filepath.Join(os.TempDir(), "JavaMavenTDTreeOutput.txt")
 	os.Remove(path)
 
-	command := exec.Command("mvn", "dependency:tree", "-DoutputType=dot", "-DappendOutput=true", "-DoutputFile="+path)
+	var command *exec.Cmd
+	if len(globalSettingFile) > 0 {
+		globalSettingOption := "-gs=" + globalSettingFile
+		command = exec.Command("mvn", "dependency:tree", globalSettingOption, "-DoutputType=dot", "-DappendOutput=true", "-DoutputFile="+path)
+	} else {
+		command = exec.Command("mvn", "dependency:tree", "-DoutputType=dot", "-DappendOutput=true", "-DoutputFile="+path)
+	}
 	command.Dir = workingDir
 	out, err := command.CombinedOutput()
 	if err != nil {
+		log.Println(" dependency tree execution failure:", err)
 		log.Print(string(out))
 		return nil, err
 	}
+	log.Println(" dependency tree executed successfully:")
 
 	tdList, err := readAndgetTransitiveDependencyList(path)
 	if err != nil {
+		log.Println(" readAndgetTransitiveDependencyList() failure:", err)
 		return nil, err
 	}
 	return tdList, nil

pkg/modules/javamaven/handler.go

@@ -117,13 +117,13 @@ func (m *javamaven) ListUsedModules(path string) ([]models.Module, error) {
 }
 
 // ListModulesWithDeps ...
-func (m *javamaven) ListModulesWithDeps(path string) ([]models.Module, error) {
+func (m *javamaven) ListModulesWithDeps(path string, globalSettingFile string) ([]models.Module, error) {
 	modules, err := m.ListUsedModules(path)
 	if err != nil {
 		return nil, err
 	}
 
-	tdList, err := getTransitiveDependencyList(path)
+	tdList, err := getTransitiveDependencyList(path, globalSettingFile)
 	if err != nil {
 		fmt.Println("error in getting mvn transitive dependency tree and parsing it")
 		return nil, err

pkg/modules/modules.go

@@ -55,7 +55,8 @@ type Manager struct {
 
 // Config ...
 type Config struct {
-	Path string
+	Path              string
+	GlobalSettingFile string
 }
 
 // New ...
@@ -86,17 +87,19 @@ func New(cfg Config) ([]*Manager, error) {
 // Run ...
 func (m *Manager) Run() error {
 	modulePath := m.Config.Path
+	globalSettingFile := m.Config.GlobalSettingFile
 	version, err := m.Plugin.GetVersion()
 	if err != nil {
 		return err
 	}
 
 	log.Infof("Current Language Version %s", version)
+	log.Infof("Global Setting File %s", globalSettingFile)
 	if err := m.Plugin.HasModulesInstalled(modulePath); err != nil {
 		return err
 	}
 
-	modules, err := m.Plugin.ListModulesWithDeps(modulePath)
+	modules, err := m.Plugin.ListModulesWithDeps(modulePath, globalSettingFile)
 	if err != nil {
 		log.Error(err)
 		return errFailedToReadModules

pkg/modules/npm/handler.go

@@ -23,7 +23,7 @@ var (
 	shrink      = "npm-shrinkwrap.json"
 	npmRegistry = "https://registry.npmjs.org"
 	lockFile    = "package-lock.json"
-	rg = regexp.MustCompile(`^(((git|hg|svn|bzr)\+)?(http:\/\/www\.|https:\/\/www\.|http:\/\/|https:\/\/|ssh:\/\/|git:\/\/|svn:\/\/|sftp:\/\/|ftp:\/\/)?[a-z0-9]+([\-\.]{1}[a-z0-9]+){0,100}\.[a-z]{2,5}(:[0-9]{1,5})?(\/.*))|(git\+git@[a-zA-Z0-9\.]+:[a-zA-Z0-9/\\.@]+)|(bzr\+lp:[a-zA-Z0-9\.]+)$`)
+	rg          = regexp.MustCompile(`^(((git|hg|svn|bzr)\+)?(http:\/\/www\.|https:\/\/www\.|http:\/\/|https:\/\/|ssh:\/\/|git:\/\/|svn:\/\/|sftp:\/\/|ftp:\/\/)?[a-z0-9]+([\-\.]{1}[a-z0-9]+){0,100}\.[a-z]{2,5}(:[0-9]{1,5})?(\/.*))|(git\+git@[a-zA-Z0-9\.]+:[a-zA-Z0-9/\\.@]+)|(bzr\+lp:[a-zA-Z0-9\.]+)$`)
 )
 
 // New creates a new npm manager instance
@@ -112,7 +112,7 @@ func (m *npm) GetRootModule(path string) (*models.Module, error) {
 	}
 	repository := pkResult["repository"]
 	if repository != nil {
-		if rep, ok := repository.(string); ok{
+		if rep, ok := repository.(string); ok {
 			mod.PackageDownloadLocation = rep
 		}
 		if _, ok := repository.(map[string]interface{}); ok && repository.(map[string]interface{})["url"] != nil {
@@ -165,7 +165,7 @@ func (m *npm) ListUsedModules(path string) ([]models.Module, error) {
 }
 
 // ListModulesWithDeps return all info of installed modules
-func (m *npm) ListModulesWithDeps(path string) ([]models.Module, error) {
+func (m *npm) ListModulesWithDeps(path string, globalSettingFile string) ([]models.Module, error) {
 	pk := lockFile
 	if helper.Exists(filepath.Join(path, shrink)) {
 		pk = shrink

pkg/modules/npm/handler_test.go

@@ -100,7 +100,8 @@ func TestListModules(t *testing.T) {
 func TestListAllModules(t *testing.T) {
 	n := New()
 	path := fmt.Sprintf("%s/test", getPath())
-	mods, err := n.ListModulesWithDeps(path)
+	var globalSettingFile string
+	mods, err := n.ListModulesWithDeps(path, globalSettingFile)
 
 	assert.NoError(t, err)
 

pkg/modules/nuget/handler.go

@@ -172,7 +172,7 @@ func (m *nuget) GetRootModule(path string) (*models.Module, error) {
 }
 
 // ListModulesWithDeps ...
-func (m *nuget) ListModulesWithDeps(path string) ([]models.Module, error) {
+func (m *nuget) ListModulesWithDeps(path string, globalSettingFile string) ([]models.Module, error) {
 	var modules []models.Module
 	projectPath := m.GetProjectManifestPath(path)
 	projectPaths, err := getProjectPaths(projectPath)
@@ -214,7 +214,8 @@ func (m *nuget) ListModulesWithDeps(path string) ([]models.Module, error) {
 
 // ListUsedModules ...
 func (m *nuget) ListUsedModules(path string) ([]models.Module, error) {
-	return m.ListModulesWithDeps(path)
+	var globalSettingFile string
+	return m.ListModulesWithDeps(path, globalSettingFile)
 }
 
 func (m *nuget) buildCmd(cmd command, path string) error {

pkg/modules/pip/handler.go

@@ -71,6 +71,6 @@ func (m *pip) ListUsedModules(path string) ([]models.Module, error) {
 }
 
 // List Modules With Deps ...
-func (m *pip) ListModulesWithDeps(path string) ([]models.Module, error) {
-	return m.plugin.ListModulesWithDeps(path)
+func (m *pip) ListModulesWithDeps(path string, globalSettingFile string) ([]models.Module, error) {
+	return m.plugin.ListModulesWithDeps(path, globalSettingFile)
 }

pkg/modules/pip/pipenv/handler.go

@@ -120,7 +120,7 @@ func (m *pipenv) ListUsedModules(path string) ([]models.Module, error) {
 }
 
 // List Modules With Deps ...
-func (m *pipenv) ListModulesWithDeps(path string) ([]models.Module, error) {
+func (m *pipenv) ListModulesWithDeps(path string, globalSettingFile string) ([]models.Module, error) {
 	modules, err := m.ListUsedModules(path)
 	if err != nil {
 		return nil, err

pkg/modules/pip/poetry/handler.go

@@ -118,7 +118,7 @@ func (m *poetry) ListUsedModules(path string) ([]models.Module, error) {
 }
 
 // List Modules With Deps ...
-func (m *poetry) ListModulesWithDeps(path string) ([]models.Module, error) {
+func (m *poetry) ListModulesWithDeps(path string, globalSettingFile string) ([]models.Module, error) {
 	modules, err := m.ListUsedModules(path)
 	if err != nil {
 		return nil, err