Merge branch 'notices_report' of

https://github.com/blackducksoftware/hub-detect.git into notices_report

Conflicts:
	build.gradle

build.gradle

@@ -63,7 +63,7 @@ repositories {
 }
 
 dependencies {
-    compile 'com.blackducksoftware.integration:hub-detect-model:0.0.2'
+    compile 'com.blackducksoftware.integration:hub-detect-model:0.0.3'
     compile 'com.blackducksoftware.integration:hub-common:14.1.1'
     compile 'org.springframework.boot:spring-boot-starter'
     compile 'org.apache.maven.shared:maven-invoker:3.0.0'

src/main/groovy/com/blackducksoftware/integration/hub/detect/DetectConfiguration.groovy

@@ -406,8 +406,11 @@ class DetectConfiguration {
     public String getCondaEnvironmentName() {
         return detectProperties.condaEnvironmentName?.trim()
     }
-    public Boolean getRiskreportPDF() {
-        return detectProperties.riskreportPDF
+    public Boolean getRiskreportPdf() {
+        return detectProperties.riskreportPdf
+    }
+    public String getRiskreportPdfOutputDirectory() {
+        return detectProperties.riskreportPdfOutputDirectory
     }
     public Boolean getNoticeReport() {
         return detectProperties.noticeReport

src/main/groovy/com/blackducksoftware/integration/hub/detect/DetectProperties.groovy

@@ -343,9 +343,13 @@ class DetectProperties {
     @Value('${detect.bom.aggregate.name}')
     String aggregateBomName
 
-    @ValueDescription (description="When set to true, a Black Duck risk report in PDF form will be created in your source directory", defaultValue='false', group=DetectProperties.GROUP_PROJECT_INFO)
+    @ValueDescription (description="When set to true, a Black Duck risk report in PDF form will be created", defaultValue='false', group=DetectProperties.GROUP_PROJECT_INFO)
     @Value('${detect.risk.report.pdf}')
-    Boolean riskreportPDF
+    Boolean riskreportPdf
+
+    @ValueDescription (description="The output directory for risk report in PDF. Default is the source directory", defaultValue='.', group=DetectProperties.GROUP_PROJECT_INFO)
+    @Value('${detect.risk.report.pdf.path}')
+    String riskreportPdfOutputDirectory
 
     @ValueDescription (description="When set to true, a Black Duck notice report in text form will be created in your source directory", defaultValue='false', group=DetectProperties.GROUP_PROJECT_INFO)
     @Value('${detect.notice.report}')

src/main/groovy/com/blackducksoftware/integration/hub/detect/bomtool/SbtBomTool.groovy

@@ -175,7 +175,7 @@ class SbtBomTool extends BomTool {
     }
 
     Boolean isNotChildOfScanned(File folder, List<File> scanned) {
-        for(def scan : scanned){
+        for (def scan : scanned){
             if (folder.getCanonicalPath().startsWith(scan.getCanonicalPath())) {
                 return false
             }

src/main/groovy/com/blackducksoftware/integration/hub/detect/bomtool/YarnBomTool.groovy

@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2017 Black Duck Software, Inc.
+ * http://www.blackducksoftware.com/
+ *
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.blackducksoftware.integration.hub.detect.bomtool
+
+import java.nio.charset.StandardCharsets
+
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.stereotype.Component
+
+import com.blackducksoftware.integration.hub.bdio.simple.model.DependencyNode
+import com.blackducksoftware.integration.hub.bdio.simple.model.Forge
+import com.blackducksoftware.integration.hub.bdio.simple.model.externalid.ExternalId
+import com.blackducksoftware.integration.hub.bdio.simple.model.externalid.PathExternalId
+import com.blackducksoftware.integration.hub.detect.bomtool.yarn.YarnPackager
+import com.blackducksoftware.integration.hub.detect.model.BomToolType
+import com.blackducksoftware.integration.hub.detect.model.DetectCodeLocation
+
+@Component
+class YarnBomTool extends BomTool {
+    @Autowired
+    YarnPackager yarnPackager
+
+    @Override
+    public BomToolType getBomToolType() {
+        BomToolType.YARN
+    }
+
+    @Override
+    public boolean isBomToolApplicable() {
+        detectFileManager.containsAllFiles(sourcePath, 'yarn.lock')
+    }
+
+    List<DetectCodeLocation> extractDetectCodeLocations() {
+        final String yarnLockText = detectFileManager.findFile(sourceDirectory, 'yarn.lock').getText(StandardCharsets.UTF_8.toString())
+        final Set<DependencyNode> dependencyNodes = yarnPackager.parse(yarnLockText)
+        final ExternalId externalId = new PathExternalId(Forge.NPM, sourcePath)
+        final def detectCodeLocation = new DetectCodeLocation(getBomToolType(), sourcePath, externalId, dependencyNodes)
+
+        return [detectCodeLocation]
+    }
+}

src/main/groovy/com/blackducksoftware/integration/hub/detect/bomtool/cpan/CpanListParser.groovy

@@ -41,7 +41,7 @@ class CpanListParser {
                 continue
             }
 
-            if(line.count('\t') != 1 || line.trim().contains(' ')) {
+            if (line.count('\t') != 1 || line.trim().contains(' ')) {
                 continue
             }
 

src/main/groovy/com/blackducksoftware/integration/hub/detect/bomtool/docker/DockerProperties.groovy

@@ -48,16 +48,16 @@ class DockerProperties {
 
     public String dockerProxyEnvironmentVariable(){
         String proxyEnvironmentVariable = null
-        if(detectConfiguration.getHubProxyHost()){
+        if (detectConfiguration.getHubProxyHost()){
             proxyEnvironmentVariable = "-Dhttp.proxy.host=${detectConfiguration.getHubProxyHost()}"
         }
-        if(detectConfiguration.getHubProxyPort()){
+        if (detectConfiguration.getHubProxyPort()){
             proxyEnvironmentVariable = "${proxyEnvironmentVariable} -Dhttp.proxy.port=${detectConfiguration.getHubProxyPort()}"
         }
-        if(detectConfiguration.getHubProxyUsername()){
+        if (detectConfiguration.getHubProxyUsername()){
             proxyEnvironmentVariable = "${proxyEnvironmentVariable} -Dhttp.proxy.username=${detectConfiguration.getHubProxyUsername()}"
         }
-        if(detectConfiguration.getHubProxyPassword()){
+        if (detectConfiguration.getHubProxyPassword()){
             proxyEnvironmentVariable = "${proxyEnvironmentVariable} -Dhttp.proxy.password=${detectConfiguration.getHubProxyPassword()}"
         }
         proxyEnvironmentVariable

src/main/groovy/com/blackducksoftware/integration/hub/detect/bomtool/pip/PipInspectorTreeParser.groovy

@@ -121,7 +121,7 @@ class PipInspectorTreeParser {
 
     int getCurrentIndentation(String line) {
         int currentIndentation = 0
-        while(line.startsWith(INDENTATION)) {
+        while (line.startsWith(INDENTATION)) {
             currentIndentation++
             line = line.replaceFirst(INDENTATION, '')
         }

src/main/groovy/com/blackducksoftware/integration/hub/detect/bomtool/yarn/YarnPackager.groovy

@@ -0,0 +1,131 @@
+/*
+ * Copyright (C) 2017 Black Duck Software, Inc.
+ * http://www.blackducksoftware.com/
+ *
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.blackducksoftware.integration.hub.detect.bomtool.yarn
+
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.stereotype.Component
+
+import com.blackducksoftware.integration.hub.bdio.simple.model.DependencyNode
+import com.blackducksoftware.integration.hub.bdio.simple.model.Forge
+import com.blackducksoftware.integration.hub.detect.nameversion.NameVersionLinkNode
+import com.blackducksoftware.integration.hub.detect.nameversion.NameVersionLinkNodeBuilder
+import com.blackducksoftware.integration.hub.detect.nameversion.NameVersionNode
+import com.blackducksoftware.integration.hub.detect.nameversion.NameVersionNodeTransformer
+
+@Component
+class YarnPackager {
+    @Autowired
+    NameVersionNodeTransformer nameVersionNodeTransformer
+
+    public Set<DependencyNode> parse(String yarnLockText) {
+        def rootNode = new NameVersionLinkNode()
+        rootNode.name = ''
+        rootNode.version = ''
+        def nameVersionLinkNodeBuilder = new NameVersionLinkNodeBuilder(rootNode)
+
+        NameVersionNode currentNode = null
+        boolean dependenciesStarted = false
+        for (String line : yarnLockText.split(System.lineSeparator())) {
+            if (!line.trim()) {
+                continue
+            }
+
+            if (line.trim().startsWith('#')) {
+                continue
+            }
+
+            int level = getLineLevel(line)
+            if (level == 0) {
+                currentNode = lineToNameVersionLinkNode(nameVersionLinkNodeBuilder, rootNode, line)
+                dependenciesStarted = false
+                continue
+            }
+
+            if (level == 1 && line.trim().startsWith('version')) {
+                String fieldName = line.trim().split(' ')[0]
+                currentNode.version = line.trim().substring(fieldName.length()).replaceAll('"','').trim()
+                continue
+            }
+
+            if (level == 1 && line.trim() == 'dependencies:') {
+                dependenciesStarted = true
+                continue
+            }
+
+            if (level == 2 && dependenciesStarted) {
+                NameVersionLinkNode dependency = dependencyLineToNameVersionLinkNode(line)
+                nameVersionLinkNodeBuilder.addChildNodeToParent(dependency, currentNode)
+                continue
+            }
+        }
+
+        nameVersionLinkNodeBuilder.build().children.collect { nameVersionNodeTransformer.createDependencyNode(Forge.NPM, it) } as Set
+    }
+
+    private int getLineLevel(String line) {
+        int level = 0
+        while (line.startsWith('  ')) {
+            line = line.replaceFirst('  ', '')
+            level++
+        }
+
+        level
+    }
+
+    // Example: "mime-types@^2.1.12" becomes "mime-types"
+    private String cleanFuzzyName(String fuzzyName) {
+        String cleanName = fuzzyName.replace('"', '')
+        String version = cleanName.split('@')[-1]
+        String name = cleanName[0..cleanName.indexOf(version) - 2].trim()
+
+        name
+    }
+
+    private NameVersionLinkNode dependencyLineToNameVersionLinkNode(String line) {
+        final NameVersionLinkNode nameVersionNode = new NameVersionLinkNode()
+        nameVersionNode.name = line.trim().replaceFirst(' ', '@').replace('"', '')
+
+        nameVersionNode
+    }
+
+    private NameVersionLinkNode lineToNameVersionLinkNode(NameVersionLinkNodeBuilder nameVersionLinkNodeBuilder, NameVersionLinkNode root, String line) {
+        String cleanLine = line.replace('"', '').replace(':', '')
+        List<String> fuzzyNames = cleanLine.split(',').collect { it.trim() }
+
+        if (fuzzyNames.isEmpty()) {
+            return null
+        }
+
+        NameVersionLinkNode linkedNameVersionNode = new NameVersionLinkNode()
+        linkedNameVersionNode.name = cleanFuzzyName(fuzzyNames[0])
+
+        fuzzyNames.each {
+            def nameVersionLinkNode = new NameVersionLinkNode()
+            nameVersionLinkNode.name = it
+            nameVersionLinkNode.link = linkedNameVersionNode
+            nameVersionLinkNodeBuilder.addChildNodeToParent(nameVersionLinkNode, root)
+        }
+
+        linkedNameVersionNode
+    }
+}

src/main/groovy/com/blackducksoftware/integration/hub/detect/hub/BdioUploader.groovy

@@ -36,7 +36,6 @@ import com.blackducksoftware.integration.hub.global.HubServerConfig
 import com.blackducksoftware.integration.hub.service.HubServicesFactory
 import com.blackducksoftware.integration.log.Slf4jIntLogger
 import com.blackducksoftware.integration.phonehome.PhoneHomeRequestBody
-import com.blackducksoftware.integration.phonehome.PhoneHomeRequestBodyBuilder
 
 @Component
 class BdioUploader {
@@ -62,16 +61,7 @@ class BdioUploader {
         }
 
         String hubDetectVersion = Application.VERSION
-        PhoneHomeRequestBodyBuilder phoneHomeRequestBodyBuilder = phoneHomeDataService.createInitialPhoneHomeRequestBodyBuilder()
-        phoneHomeRequestBodyBuilder.setThirdPartyName('Hub-Detect')
-        phoneHomeRequestBodyBuilder.setThirdPartyVersion(hubDetectVersion)
-        phoneHomeRequestBodyBuilder.setPluginVersion(hubDetectVersion)
-        PhoneHomeRequestBody phoneHomeRequestBody = PhoneHomeRequestBody.DO_NOT_PHONE_HOME
-        try {
-            phoneHomeRequestBody = phoneHomeRequestBodyBuilder.build()
-        } catch(Exception e) {
-            logger.debug(e.getMessage())
-        }
+        PhoneHomeRequestBody phoneHomeRequestBody = phoneHomeDataService.buildPhoneHomeRequestBody('Hub-Detect', hubDetectVersion, hubDetectVersion)
         phoneHomeDataService.phoneHome(phoneHomeRequestBody)
     }
 }

src/main/groovy/com/blackducksoftware/integration/hub/detect/hub/HubManager.groovy

@@ -110,7 +110,7 @@ class HubManager {
                     projectVersionView = scanProject
                 }
             }
-            if (detectConfiguration.getPolicyCheck() || detectConfiguration.getRiskreportPDF() || detectConfiguration.getNoticeReport()) {
+            if (detectConfiguration.getPolicyCheck() || detectConfiguration.getRiskreportPdf() || detectConfiguration.getNoticesReport()) {
                 waitForBomUpdate(hubServicesFactory.createProjectDataService(slf4jIntLogger), hubServicesFactory.createCodeLocationRequestService(slf4jIntLogger), hubServicesFactory.createMetaService(slf4jIntLogger),
                         hubServicesFactory.createScanSummaryRequestService(), hubServicesFactory.createScanStatusDataService(slf4jIntLogger, detectConfiguration.getPolicyCheckTimeout()), projectVersionView)
             }
@@ -121,10 +121,10 @@ class HubManager {
                     postActionResult = 1
                 }
             }
-            if (detectConfiguration.getRiskreportPDF()) {
+            if (detectConfiguration.getRiskreportPdf()) {
                 RiskReportDataService riskReportDataService = hubServicesFactory.createRiskReportDataService(slf4jIntLogger, 30000)
                 logger.info("Creating risk report pdf")
-                File pdfFile = riskReportDataService.createReportPdfFile(new File("."), detectProject.projectName, detectProject.projectVersionName)
+                File pdfFile = riskReportDataService.createReportPdfFile(new File(detectConfiguration.getRiskreportPdfOutputDirectory()), detectProject.projectName, detectProject.projectVersionName)
                 logger.info("Created risk report pdf : ${pdfFile.getCanonicalPath()}")
             }
             if (detectConfiguration.getNoticeReport()) {

src/main/groovy/com/blackducksoftware/integration/hub/detect/nameversion/NameVersionLinkNode.groovy

@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2017 Black Duck Software, Inc.
+ * http://www.blackducksoftware.com/
+ *
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.blackducksoftware.integration.hub.detect.nameversion
+
+import org.apache.commons.lang3.builder.RecursiveToStringStyle
+import org.apache.commons.lang3.builder.ReflectionToStringBuilder
+
+class NameVersionLinkNode implements NameVersionNode {
+    String name
+    String version
+    List<NameVersionLinkNode> children = []
+    NameVersionNode link
+
+    @Override
+    String toString() {
+        return ReflectionToStringBuilder.toString(this, RecursiveToStringStyle.JSON_STYLE)
+    }
+}