Skip to content

Commit

Permalink
feat: acquit classes that are part of the project itself (#58)
Browse files Browse the repository at this point in the history
  • Loading branch information
@algomaster99
algomaster99 authored Aug 22, 2023
1 parent 1d0299b commit 52b8ca7
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 4 deletions.
9 changes: 6 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,9 @@ java -javaagent:<path/to/agent>=fingerprints=<path/to/fingerprints> -jar <path/t

**Optional Parameters**

| Parameter | Type | Description |
|:--------------:|:---------:|-----------------------------------------------------------------------------------------|
| `skipShutdown` | `boolean` | If `true`, the JVM will not shutdown if a prohibited class is loaded. Default: `false`. |
| Parameter | Type | Description |
|:--------------:|:---------:|--------------------------------------------------------------------------------------------------|
| `skipShutdown` | `boolean` | If `true`, the JVM will not shutdown if a prohibited class is loaded. Default: `false`. |
| `sbom` | `File` | Path to an SBOM file. It is used for including the classes of the root project. Default: `null`. |

> `sbom` is a CycloneDX 1.4 JSON file.
31 changes: 31 additions & 0 deletions watchdog-agent/src/main/java/io/github/algomaster99/Options.java
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,16 @@
package io.github.algomaster99;

import static io.github.algomaster99.terminator.commons.fingerprint.ParsingHelper.deserializeFingerprints;
import static io.github.algomaster99.terminator.commons.jar.JarScanner.goInsideJarAndUpdateFingerprints;

import io.github.algomaster99.terminator.commons.cyclonedx.Bom14Schema;
import io.github.algomaster99.terminator.commons.cyclonedx.Component;
import io.github.algomaster99.terminator.commons.cyclonedx.CycloneDX;
import io.github.algomaster99.terminator.commons.fingerprint.provenance.Provenance;
import io.github.algomaster99.terminator.commons.jar.JarDownloader;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.List;
import java.util.Map;
Expand All @@ -29,6 +37,29 @@ public Options(String agentArgs) {
case "skipShutdown":
skipShutdown = Boolean.parseBoolean(value);
break;
case "sbom":
// If an SBOM is passed included the root component in the fingerprints
Path sbomPath = Path.of(value);
try {
Bom14Schema sbom = CycloneDX.getPOJO(Files.readString(sbomPath));
Component rootComponent = sbom.getMetadata().getComponent();
File jarFile = JarDownloader.getMavenJarFile(
rootComponent.getGroup(), rootComponent.getName(), rootComponent.getVersion());
goInsideJarAndUpdateFingerprints(
jarFile,
fingerprints,
// TODO: Make this configurable
"SHA256",
rootComponent.getGroup(),
rootComponent.getName(),
rootComponent.getVersion());
} catch (InterruptedException e) {
System.err.println("Downloading was interrupted: " + e.getMessage());
System.exit(1);
} catch (IOException e) {
throw new IllegalArgumentException("Failed to read sbom file: " + value);
}
break;
default:
throw new IllegalArgumentException("Unknown argument: " + key);
}
Expand Down
2 changes: 1 addition & 1 deletion watchdog-agent/src/test/java/AgentTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
import org.junit.jupiter.api.Test;

public class AgentTest {
@Disabled("Should be worked upon after the input is from an SBOM and not maven project")
@Disabled("Should be worked upon after we know what java version is used by the application")
@Test
void shouldDisallowLoadingCustomJDKClass() throws MavenInvocationException, IOException, InterruptedException {
// contract: watchdog-agent should detect if the class masquerading as an internal class
Expand Down

0 comments on commit 52b8ca7

Please sign in to comment.