tests: emulate execution of pdfbox-tools with cyclonedx-maven-plugin …

…and depscan (#69)

watchdog-agent/src/main/java/io/github/algomaster99/Options.java

@@ -111,6 +111,10 @@ public Path getOutput() {
 
     private void processRootComponent(Bom14Schema sbom) throws IOException, InterruptedException {
         Component rootComponent = sbom.getMetadata().getComponent();
+        if (rootComponent == null) {
+            LOGGER.warn("Root component is not present.");
+            return;
+        }
         File jarFile = JarDownloader.getMavenJarFile(
                 rootComponent.getGroup(), rootComponent.getName(), rootComponent.getVersion());
         goInsideJarAndUpdateFingerprints(

watchdog-agent/src/test/java/AgentTest.java

@@ -21,6 +21,7 @@
 import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
 
 public class AgentTest {
     @Disabled("Should be worked upon after we know what java version is used by the application")
@@ -98,7 +99,7 @@ void sorald_0_8_5_shouldExitWith_1() throws IOException, InterruptedException {
 
     // level 1: fat jar
     @Nested
-    class Level1FatJar {
+    class Level1_FatJar {
         private final Path project = Paths.get("src/test/resources/spoon-10.4.0");
 
         @Test
@@ -139,6 +140,55 @@ private int runSpoonWithSbom(Path sbom) throws IOException, InterruptedException
         }
     }
 
+    @Nested
+    class Level2_CompositeJar {
+        private final Path project = Path.of("src/test/resources/pdfbox-3.0.0");
+
+        @Test
+        void pdfbox_3_0_0_cyclonedx_2_7_4(@TempDir Path dir) throws IOException, InterruptedException {
+            // contract: pdfbox-tools 3.0.0 should not execute as the SBOM has no dependencies
+            Path output = dir.resolve("output.txt");
+            assertThat(runPDFBoxWithSbom(project.resolve("bom.json"), output)).isEqualTo(1);
+        }
+
+        @Test
+        void pdfbox_3_0_0_depscan_4_2_2(@TempDir Path dir) throws IOException, InterruptedException {
+            // contract: pdfbox-tools 3.0.0 should not execute as the SBOM has no root component
+            Path output = dir.resolve("output.txt");
+            assertThat(runPDFBoxWithSbom(project.resolve("sbom-universal.json"), output))
+                    .isEqualTo(1);
+        }
+
+        private int runPDFBoxWithSbom(Path sbom, Path output) throws IOException, InterruptedException {
+            Path appWhichContainsExecutable = project.resolve("pdfbox-tools-3.0.0.jar");
+            String mainClass = "org.apache.pdfbox.tools.PDFBox";
+            Path workload = project.resolve("2303.11102.pdf").toAbsolutePath();
+
+            Path dependency = project.resolve("dependency");
+            String agentArgs = "sbom=" + sbom;
+            String[] cmd = {
+                "java",
+                "-javaagent:" + getAgentPath(agentArgs),
+                "-cp",
+                appWhichContainsExecutable + ":" + dependency + "/*",
+                // convert PDFs to text file
+                mainClass,
+                "export:text",
+                "--input",
+                workload.toString(),
+                "--output",
+                output.toString()
+            };
+            ProcessBuilder pb = new ProcessBuilder(cmd);
+            pb.redirectInput(ProcessBuilder.Redirect.INHERIT);
+            pb.redirectOutput(ProcessBuilder.Redirect.INHERIT);
+            pb.redirectError(ProcessBuilder.Redirect.INHERIT);
+
+            Process p = pb.start();
+            return p.waitFor();
+        }
+    }
+
     private static void deleteContentsOfFile(String file) throws InterruptedException, IOException {
         String[] deleteFile = {"rm", "-f", file};
         Runtime.getRuntime().exec(deleteFile).waitFor();

watchdog-agent/src/test/resources/pdfbox-3.0.0/bom.json

@@ -0,0 +1,90 @@
+{
+  "bomFormat" : "CycloneDX",
+  "specVersion" : "1.4",
+  "serialNumber" : "urn:uuid:b7fa278b-0491-45f6-9988-4f96cbcb9453",
+  "version" : 1,
+  "metadata" : {
+    "timestamp" : "2023-08-28T15:17:43Z",
+    "tools" : [
+      {
+        "vendor" : "OWASP Foundation",
+        "name" : "CycloneDX Maven plugin",
+        "version" : "2.7.4",
+        "hashes" : [
+          {
+            "alg" : "MD5",
+            "content" : "1c0045824ba8b7c3459faf37fadb5ca4"
+          },
+          {
+            "alg" : "SHA-1",
+            "content" : "c0259ad78634a65918e328d793d2ea0b8a9c2220"
+          },
+          {
+            "alg" : "SHA-256",
+            "content" : "47bd0e0176ba679b66739820bc52880a9e667c57c8b7301de698c0ce7e271bb1"
+          },
+          {
+            "alg" : "SHA-512",
+            "content" : "e8b72acd176d5d3e13646c2422d6fac1e47d369162cbde8796afa567d36bd182a5f8f4cbdc46185f3607a71e92c410ab0eacd87ab8c17b38e352eb3077a46ecb"
+          },
+          {
+            "alg" : "SHA-384",
+            "content" : "8759a5908a1dbd6797ce597bba7d67a073d63129e1affd9b827482581ee85815b118fb4e950991b9d6793a5d70e8b901"
+          },
+          {
+            "alg" : "SHA3-384",
+            "content" : "7721f8119070762eed34e1d7fbe0eb2f590130a62f9ebcf15dbb9d3321ef25ba2b0709eb6f3e922b59f7203554db555c"
+          },
+          {
+            "alg" : "SHA3-256",
+            "content" : "3fc2ede35393130c22e8ea1985092c498f51f88c67925701906c910829aaac1e"
+          },
+          {
+            "alg" : "SHA3-512",
+            "content" : "7f54ea340410b97d5ccf4b417928359ea30be0d71d4aaa859389f308407e9d94fa3617d395f7e81e00881da67143aa8910fdae2dd01a8fc9c9a07b8bc03fb3b1"
+          }
+        ]
+      }
+    ],
+    "component" : {
+      "publisher" : "The Apache Software Foundation",
+      "group" : "org.apache.pdfbox",
+      "name" : "pdfbox-tools",
+      "version" : "3.0.0",
+      "description" : "The Apache PDFBox library is an open source Java tool for working with PDF documents. This artefact contains commandline tools using Apache PDFBox.",
+      "licenses" : [
+        {
+          "license" : {
+            "id" : "Apache-2.0",
+            "url" : "https://www.apache.org/licenses/LICENSE-2.0"
+          }
+        }
+      ],
+      "purl" : "pkg:maven/org.apache.pdfbox/[email protected]?type=jar",
+      "externalReferences" : [
+        {
+          "type" : "website",
+          "url" : "https://www.apache.org/pdfbox-parent/pdfbox-tools/"
+        },
+        {
+          "type" : "distribution",
+          "url" : "https://repository.apache.org/service/local/staging/deploy/maven2"
+        },
+        {
+          "type" : "issue-tracker",
+          "url" : "https://issues.apache.org/jira/browse/PDFBOX"
+        },
+        {
+          "type" : "mailing-list",
+          "url" : "https://mail-archives.apache.org/mod_mbox/www-announce/"
+        },
+        {
+          "type" : "vcs",
+          "url" : "https://github.com/apache/maven-apache-parent/tree/apache-29/pdfbox-parent/tags/3.0.0/pdfbox-parent/pdfbox-tools"
+        }
+      ],
+      "type" : "library",
+      "bom-ref" : "pkg:maven/org.apache.pdfbox/[email protected]?type=jar"
+    }
+  }
+}