Merge branch 'develop'

.pre-commit-config.yaml

@@ -3,8 +3,7 @@
 exclude: 'approved.txt$|.svg$|gradlew'  # approved excluded to prevent tests from failing, SVGs are auto-generated by the pipeline
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.1.0
-    exclude: ^*.approved.txt$
+    rev: v4.5.0
     hooks:
       - id: trailing-whitespace
       - id: end-of-file-fixer
@@ -13,12 +12,12 @@ repos:
       - id: check-added-large-files
 
   - repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks
-    rev: v2.2.0
+    rev: v2.12.0
     hooks:
       - id: pretty-format-java
         args: [--autofix, --aosp]
 
   - repo: https://github.com/jumanjihouse/pre-commit-hooks
-    rev: 2.1.5  # or specific git tag
+    rev: 3.0.0  # or specific git tag
     hooks:
       - id: shellcheck

build.gradle

@@ -1,7 +1,7 @@
 import org.apache.tools.ant.filters.ReplaceTokens
 
 plugins {
-    id 'org.sonatype.gradle.plugins.scan' version '1.2.0'
+    id 'org.sonatype.gradle.plugins.scan' version '2.7.0'
     id "base"
     id "jacoco"
     id "java"
@@ -40,9 +40,9 @@ subprojects{
 
 
   jacocoTestReport {
-    reports{
-      xml.enabled true
-          csv.enabled true
+    reports {
+      xml.required = true
+      csv.required = true
     }
       dependsOn test // tests are required to run before generating the report
   }
@@ -94,8 +94,8 @@ task packageGetMetricsConfig (type: Copy) {
 task release (type: Zip) {
   dependsOn ':packageViewFiles', ':packageViewMetricsConfig', ':packageGetFiles', ':packageGetMetricsConfig'
 	from "${applicationname}"
-	archiveName "${applicationname}.zip"
-	destinationDir(file(projectDir))
+	archiveFileName = "${applicationname}.zip"
+	destinationDirectory = (file(projectDir))
 }
 
 clean.doFirst {
@@ -125,8 +125,8 @@ task codeCoverageReport (type: JacocoReport) {
 
     // enable the different report types (html, xml, csv)
     reports {
-        xml.enabled true
-        html.enabled true
-        csv.enabled true
+        xml.required = true
+        html.required = true
+        csv.required = true
     }
 }

get-metrics/build.gradle

@@ -1,32 +1,27 @@
 import org.apache.tools.ant.filters.ReplaceTokens
 
 plugins {
-	id 'org.springframework.boot' version '2.6.12'
-	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
+	id 'org.springframework.boot' version '2.7.18'
+	id 'io.spring.dependency-management' version '1.1.4'
 }
 
 group = 'org.sonatype.cs'
-sourceCompatibility = '1.8'
+java {
+	sourceCompatibility = '1.8'
+}
 
 dependencies {
-	implementation 'org.springframework.boot:spring-boot-starter'
-	testImplementation 'org.springframework.boot:spring-boot-starter-test'
-
+	implementation 'com.opencsv:opencsv:5.7.1'
+	implementation 'commons-io:commons-io:2.11.0'
 	implementation 'javax.json:javax.json-api:1.0'
-	implementation 'org.apache.tomcat:tomcat-util:9.0.16'
-	implementation 'org.glassfish:javax.json:1.1'
-
-	implementation 'org.apache.tomcat:tomcat-coyote:9.0.67'
-
-	implementation 'org.apache.commons:commons-csv:1.5'
-	implementation 'com.opencsv:opencsv:5.2'
 	implementation 'org.apache.httpcomponents:httpclient:4.5.13'
-	implementation 'commons-codec:commons-codec:1.14'
-	implementation 'commons-io:commons-io:2.11.0'
-	implementation 'org.json:json:20210307'
-	implementation 'com.googlecode.json-simple:json-simple:1.1.1'
-
+	implementation 'org.apache.tomcat:tomcat-coyote:9.0.83'
+	implementation 'org.apache.tomcat:tomcat-util:9.0.82'
+	implementation 'org.glassfish:javax.json:1.1'
+	implementation 'org.json:json:20231013'
+	implementation 'org.springframework.boot:spring-boot-starter'
 	testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.2'
+	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testImplementation "org.mockito:mockito-core:4.3.1"
     testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.8.2'
 }

get-metrics/src/main/java/org/sonatype/cs/getmetrics/util/ParseReasons.java

@@ -52,13 +52,15 @@ private static String getCVE(JsonArray reasons) {
         return cveList;
     }
 
-    private static String getLicense(JsonArray reasons) {
+    public static String getLicense(JsonArray reasons) {
         String licenseList = "";
         List<String> licenses = new ArrayList<>();
 
         for (JsonObject reason : reasons.getValuesAs(JsonObject.class)) {
             String licenseFound = reason.getString("reason");
-
+            if (licenseFound.isEmpty()) {
+                continue;
+            }
             String license =
                     licenseFound.substring(
                             licenseFound.indexOf("(") + 1, licenseFound.indexOf(")"));
@@ -69,11 +71,17 @@ private static String getLicense(JsonArray reasons) {
             }
         }
 
-        for (String l : licenses) {
-            licenseList = l + ":" + licenseList;
+        if (licenses.size() == 0) {
+            return "";
         }
 
-        licenseList = UtilService.removeLastChar(licenseList);
+        for (String l : licenses) {
+            if (licenseList.isEmpty()) {
+                licenseList = l;
+            } else {
+                licenseList = licenseList + ":" + l;
+            }
+        }
 
         return licenseList;
     }

get-metrics/src/test/java/org/sonatype/cs/getmetrics/util/ParseReasonsTest.java

@@ -0,0 +1,41 @@
+package org.sonatype.cs.getmetrics.util;
+
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+import javax.json.Json;
+import javax.json.JsonArray;
+
+public class ParseReasonsTest {
+    @Test
+    void testEmptyLicenseString() {
+        JsonArray reasons =
+                Json.createArrayBuilder().add(Json.createObjectBuilder().add("reason", "")).build();
+
+        String actualReason = ParseReasons.getLicense(reasons);
+        Assertions.assertEquals("", actualReason);
+    }
+
+    @Test
+    void testSingleLicenseString() {
+        JsonArray reasons =
+                Json.createArrayBuilder()
+                        .add(Json.createObjectBuilder().add("reason", "(license)"))
+                        .build();
+
+        String actualReason = ParseReasons.getLicense(reasons);
+        Assertions.assertEquals("license", actualReason);
+    }
+
+    @Test
+    void testMultipltLicenseString() {
+        JsonArray reasons =
+                Json.createArrayBuilder()
+                        .add(Json.createObjectBuilder().add("reason", "(license)"))
+                        .add(Json.createObjectBuilder().add("reason", "(license2)"))
+                        .build();
+
+        String actualReason = ParseReasons.getLicense(reasons);
+        Assertions.assertEquals("license:license2", actualReason);
+    }
+}

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.6-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

gradlew

@@ -55,7 +55,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -80,13 +80,11 @@ do
     esac
 done
 
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
-
-APP_NAME="Gradle"
+# This is normally unused
+# shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
-
-# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -133,22 +131,29 @@ location of your Java installation."
     fi
 else
     JAVACMD=java
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
+    fi
 fi
 
 # Increase the maximum file descriptors if we can.
 if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
+        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
     case $MAX_FD in  #(
       '' | soft) :;; #(
       *)
+        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -193,18 +198,28 @@ if "$cygwin" || "$msys" ; then
     done
 fi
 
-# Collect all arguments for the java command;
-#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-#     shell script including quotes and variable substitutions, so put them in
-#     double quotes to make sure that they get re-expanded; and
-#   * put everything else in single quotes, so that it's not re-expanded.
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \
         -classpath "$CLASSPATH" \
         org.gradle.wrapper.GradleWrapperMain \
         "$@"
 
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+    die "xargs is not available"
+fi
+
 # Use "xargs" to parse quoted args.
 #
 # With -n1 it outputs one arg per line, with the quotes and backslashes removed.

gradlew.bat

@@ -14,7 +14,7 @@
 @rem limitations under the License.
 @rem
 
-@if "%DEBUG%" == "" @echo off
+@if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
 @rem
 @rem  Gradle startup script for Windows
@@ -25,7 +25,8 @@
 if "%OS%"=="Windows_NT" setlocal
 
 set DIRNAME=%~dp0
-if "%DIRNAME%" == "" set DIRNAME=.
+if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
 set APP_BASE_NAME=%~n0
 set APP_HOME=%DIRNAME%
 
@@ -40,13 +41,13 @@ if defined JAVA_HOME goto findJavaFromJavaHome
 
 set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto execute
+if %ERRORLEVEL% equ 0 goto execute
 
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -56,11 +57,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
 if exist "%JAVA_EXE%" goto execute
 
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -75,13 +76,15 @@ set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
 :end
 @rem End local scope for the variables with windows NT shell
-if "%ERRORLEVEL%"=="0" goto mainEnd
+if %ERRORLEVEL% equ 0 goto mainEnd
 
 :fail
 rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
 rem the _cmd.exe /c_ return code!
-if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
-exit /b 1
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
 
 :mainEnd
 if "%OS%"=="Windows_NT" endlocal