This is an automated email from the ASF dual-hosted git repository.
asf-gitbox-commits pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/ant-antlibs-cyclonedx.git
The following commit(s) were added to refs/heads/main by this push:
new 4eed0d4 calculate hashes for metadata tool
4eed0d4 is described below
commit 4eed0d4379f99168ae65fbb565b53a5c56891bf7
Author: Stefan Bodewig <[email protected]>
AuthorDate: Sun Apr 26 20:18:02 2026 +0200
calculate hashes for metadata tool
---
.../org/apache/ant/cyclonedx/ComponentBomTask.java | 14 +++++++--
src/main/org/apache/ant/cyclonedx/ToolData.java | 33 +++++++++++++++++++++-
src/tests/antunit/componentbom-test.xml | 11 +++++++-
src/tests/antunit/shared.xml | 3 +-
4 files changed, 55 insertions(+), 6 deletions(-)
diff --git a/src/main/org/apache/ant/cyclonedx/ComponentBomTask.java
b/src/main/org/apache/ant/cyclonedx/ComponentBomTask.java
index 7b94fcd..3fc9840 100644
--- a/src/main/org/apache/ant/cyclonedx/ComponentBomTask.java
+++ b/src/main/org/apache/ant/cyclonedx/ComponentBomTask.java
@@ -33,6 +33,15 @@ public class ComponentBomTask extends Task {
}
public void execute() {
+ try {
+ Bom bom = createBom();
+ writeBom(bom, bomFile);
+ } catch (IOException | GeneratorException ex) {
+ throw new BuildException("failed to write BOM", ex);
+ }
+ }
+
+ private Bom createBom() throws IOException {
Bom bom = new Bom();
bom.setSerialNumber("urn:uuid:" + UUID.randomUUID());
@@ -47,13 +56,14 @@ public class ComponentBomTask extends Task {
meta.setLifecycles(l);
bom.setMetadata(meta);
+ return bom;
+ }
+ private void writeBom(Bom bom, File bomFile) throws IOException,
GeneratorException {
BomJsonGenerator generator =
BomGeneratorFactory.createJson(Version.VERSION_16, bom);
try (FileOutputStream fos = new FileOutputStream(bomFile);
OutputStreamWriter writer = new OutputStreamWriter(fos,
StandardCharsets.UTF_8)) {
writer.write(generator.toJsonString(true));
- } catch (IOException | GeneratorException ex) {
- throw new BuildException("failed to write BOM", ex);
}
}
}
diff --git a/src/main/org/apache/ant/cyclonedx/ToolData.java
b/src/main/org/apache/ant/cyclonedx/ToolData.java
index 37b6794..6cdcd7e 100644
--- a/src/main/org/apache/ant/cyclonedx/ToolData.java
+++ b/src/main/org/apache/ant/cyclonedx/ToolData.java
@@ -1,23 +1,36 @@
package org.apache.ant.cyclonedx;
+import java.io.File;
+import java.io.IOException;
import java.io.InputStream;
+import java.net.URL;
+import java.security.CodeSource;
import java.util.Collections;
import java.util.Properties;
+import org.cyclonedx.Version;
import org.cyclonedx.model.Component;
import org.cyclonedx.model.License;
import org.cyclonedx.model.LicenseChoice;
import org.cyclonedx.model.OrganizationalEntity;
import org.cyclonedx.model.metadata.ToolInformation;
+import org.cyclonedx.util.BomUtils;
/**
* Provides tool information for BOM's metadata section.
*/
public class ToolData {
+ private static ToolInformation cachedToolInformation;
+
/**
* Tool Information needed for BOM's metadata section.
*/
- public static ToolInformation getToolInformation() {
+ public static ToolInformation getToolInformation() throws IOException {
+ return cachedToolInformation != null ? cachedToolInformation
+ : (cachedToolInformation = cacheToolInformation());
+ }
+
+ private static ToolInformation cacheToolInformation() throws IOException {
ToolInformation tool = new ToolInformation();
Component antlibComponent = new Component();
@@ -38,6 +51,11 @@ public class ToolData {
lc.setLicenses(Collections.singletonList(license));
antlibComponent.setLicenses(lc);
+ File antlib = findAntlib();
+ if (antlib != null) {
+ antlibComponent.setHashes(BomUtils.calculateHashes(antlib,
Version.VERSION_16));
+ }
+
tool.setComponents(Collections.singletonList(antlibComponent));
return tool;
}
@@ -54,4 +72,17 @@ public class ToolData {
}
return version == null ? "unknown" : version;
}
+
+ private static File findAntlib() {
+ CodeSource antlibSource =
ToolData.class.getProtectionDomain().getCodeSource();
+ if (antlibSource == null) {
+ return null;
+ }
+ URL location = antlibSource.getLocation();
+ if (location.getProtocol() == "file") {
+ return new File(location.getPath());
+ }
+ return null;
+ }
+
}
diff --git a/src/tests/antunit/componentbom-test.xml
b/src/tests/antunit/componentbom-test.xml
index 8affe9d..648e91c 100644
--- a/src/tests/antunit/componentbom-test.xml
+++ b/src/tests/antunit/componentbom-test.xml
@@ -20,6 +20,7 @@
<import file="shared.xml" />
<target name="testToolMetadata">
+ <checksum property="sha256hash" file="${antlib.location}"
algorithm="SHA-256"/>
<mkdir dir="${output}"/>
<cdx:componentbom bomfile="${output}/bom.json"
xmlns:cdx="antlib:org.apache.ant.cyclonedx"/>
@@ -30,11 +31,19 @@
<au:assertResourceContains
xmlns:au="antlib:org.apache.ant.antunit"
resource="${output}/bom.json"
- value='"version" : "0.1alpha"'/>
+ value='"version" : "${artifact.version}"'/>
<au:assertResourceContains
xmlns:au="antlib:org.apache.ant.antunit"
resource="${output}/bom.json"
value='"description" : "Apache CycloneDX Antlib"'/>
+ <au:assertResourceContains
+ xmlns:au="antlib:org.apache.ant.antunit"
+ resource="${output}/bom.json"
+ value='"alg" : "SHA-256"'/>
+ <au:assertResourceContains
+ xmlns:au="antlib:org.apache.ant.antunit"
+ resource="${output}/bom.json"
+ value='"content" : "${sha256hash}"'/>
</target>
</project>
diff --git a/src/tests/antunit/shared.xml b/src/tests/antunit/shared.xml
index 270d84e..44ba1cd 100644
--- a/src/tests/antunit/shared.xml
+++ b/src/tests/antunit/shared.xml
@@ -19,13 +19,12 @@
<property name="antunit.tmpdir" location="${java.io.tmpdir}"/>
<property name="input" location="${antunit.tmpdir}/testinput"/>
<property name="output" location="${antunit.tmpdir}/testoutput"/>
+ <property file="../../../version.properties"/>
<target name="setUp">
- <echo>${toString:classpath.test}</echo>
<typedef uri="antlib:org.apache.ant.antunit"
resource="org/apache/ant/antunit/antlib.xml"
classpathref="classpath.test"/>
- <echo>${antlib.location}</echo>
<typedef uri="antlib:org.apache.ant.cyclonedx"
resource="org/apache/ant/cyclonedx/antlib.xml">
<classpath>
