Skip to content

Commit

Permalink
Fall back to searching maven central using groupIDFromJavaMetadata (#…
Browse files Browse the repository at this point in the history
…2295)

Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
  • Loading branch information
coheigea committed Nov 11, 2023
1 parent 3f13d20 commit 7ccbadf
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions syft/pkg/cataloger/java/archive_parser.go
Original file line number Diff line number Diff line change
Expand Up @@ -250,9 +250,33 @@ func (j *archiveParser) parseLicenses(manifest *pkg.JavaManifest) ([]pkg.License
}
}

// If we didn't find any licenses in the archive so far, we'll try again in Maven Central using groupIDFromJavaMetadata
if len(licenses) == 0 && j.cfg.UseNetwork {
licenses = findLicenseFromJavaMetadata(name, manifest, version, j, licenses)
}

return licenses, name, version, nil
}

func findLicenseFromJavaMetadata(name string, manifest *pkg.JavaManifest, version string, j *archiveParser, licenses []pkg.License) []pkg.License {
var groupID = name
if gID := groupIDFromJavaMetadata(name, pkg.JavaArchive{Manifest: manifest}); gID != "" {
groupID = gID
}
pomLicenses, err := recursivelyFindLicensesFromParentPom(groupID, name, version, j.cfg)
if err != nil {
log.Tracef("unable to get parent pom from Maven central: %v", err)
}

if len(pomLicenses) > 0 {
pkgLicenses := pkg.NewLicensesFromLocation(j.location, pomLicenses...)
if pkgLicenses != nil {
licenses = append(licenses, pkgLicenses...)
}
}
return licenses
}

type parsedPomProject struct {
*pkg.JavaPomProject
Licenses []pkg.License
Expand Down

0 comments on commit 7ccbadf

Please sign in to comment.