fix: throw error on gradle command failure instead of returning empty… (#362)

… sbom

## Description

GradleProvider used Operations.runProcessGetOutput() which never checked
the process exit code. When Gradle evaluation failed (e.g., unresolvable
version catalogs), the error was silently ignored and an empty SBOM was
returned to the user.
Switched getDependencies() and getProperties() to use
runProcessGetFullOutput() which properly captures stdout, stderr, and
exit code. Non-zero exit codes now throw a RuntimeException with the
Gradle error message.
Also added null-safety defaults in getRoot() for edge cases with
partial properties output.

**Related issue (if any):** fixes #361 

## Checklist

- [x] I have followed this repository's contributing guidelines.
- [x] I will adhere to the project's code of conduct.

## Additional information

Author: a-oren

src/main/java/io/github/guacsec/trustifyda/providers/GradleProvider.java

@@ -59,6 +59,9 @@ public final class GradleProvider extends BaseJavaProvider {
 
   private static final Logger log = LoggersFactory.getLogger(GradleProvider.class.getName());
 
+  private static final long TIMEOUT =
+      Long.parseLong(System.getProperty("trustify.gradle.timeout.seconds", "120"));
+
   private final String gradleExecutable = Operations.getExecutable("gradle", "--version");
 
   public GradleProvider(Path manifest) {
@@ -73,20 +76,24 @@ public String readLicenseFromManifest() {
   @Override
   public Content provideStack() throws IOException {
     Path tempFile = getDependencies(manifest);
-    if (debugLoggingIsNeeded()) {
-      String stackAnalysisDependencyTree = Files.readString(tempFile);
-      log.info(
-          String.format(
-              "Package Manager Gradle Stack Analysis Dependency Tree Output: %s %s",
-              System.lineSeparator(), stackAnalysisDependencyTree));
-    }
-    Map<String, String> propertiesMap = extractProperties(manifest);
+    try {
+      if (debugLoggingIsNeeded()) {
+        String stackAnalysisDependencyTree = Files.readString(tempFile);
+        log.info(
+            String.format(
+                "Package Manager Gradle Stack Analysis Dependency Tree Output: %s %s",
+                System.lineSeparator(), stackAnalysisDependencyTree));
+      }
+      Map<String, String> propertiesMap = extractProperties(manifest);
 
-    var sbom = buildSbomFromTextFormat(tempFile, propertiesMap, AnalysisType.STACK);
-    var ignored = getIgnoredDeps(manifest);
+      var sbom = buildSbomFromTextFormat(tempFile, propertiesMap, AnalysisType.STACK);
+      var ignored = getIgnoredDeps(manifest);
 
-    return new Content(
-        sbom.filterIgnoredDeps(ignored).getAsJsonString().getBytes(), Api.CYCLONEDX_MEDIA_TYPE);
+      return new Content(
+          sbom.filterIgnoredDeps(ignored).getAsJsonString().getBytes(), Api.CYCLONEDX_MEDIA_TYPE);
+    } finally {
+      Files.deleteIfExists(tempFile);
+    }
   }
 
   private List<String> getIgnoredDeps(Path manifestPath) throws IOException {
@@ -228,28 +235,42 @@ private String extractPackageName(String line) {
   }
 
   private Path getDependencies(Path manifestPath) throws IOException {
-    // create a temp file for storing the dependency tree in
-    var tempFile = Files.createTempFile("TRUSTIFY_DA_graph_", null);
-    // the command will create the dependency tree in the temp file
     String gradleCommand = gradleExecutable + " dependencies";
-
     String[] cmdList = gradleCommand.split("\\s+");
-    String gradleOutput =
-        Operations.runProcessGetOutput(Path.of(manifestPath.getParent().toString()), cmdList);
-    Files.writeString(tempFile, gradleOutput);
 
+    var result =
+        Operations.runProcessGetFullOutput(
+            Path.of(manifestPath.getParent().toString()), cmdList, null, TIMEOUT);
+
+    if (result.getExitCode() != 0) {
+      throw new RuntimeException(
+          String.format(
+              "gradle dependencies command failed with exit code %d for manifest '%s': %s",
+              result.getExitCode(), manifestPath, result.getError()));
+    }
+
+    var tempFile = Files.createTempFile("TRUSTIFY_DA_graph_", null);
+    Files.writeString(tempFile, result.getOutput());
     return tempFile;
   }
 
   private Path getProperties(Path manifestPath) throws IOException {
-    Path propsTempFile = Files.createTempFile("propsfile", ".txt");
     String propCmd = gradleExecutable + " properties";
     String[] propCmdList = propCmd.split("\\s+");
-    String properties =
-        Operations.runProcessGetOutput(Path.of(manifestPath.getParent().toString()), propCmdList);
-    // Create a temporary file
-    Files.writeString(propsTempFile, properties);
 
+    var result =
+        Operations.runProcessGetFullOutput(
+            Path.of(manifestPath.getParent().toString()), propCmdList, null, TIMEOUT);
+
+    if (result.getExitCode() != 0) {
+      throw new RuntimeException(
+          String.format(
+              "gradle properties command failed with exit code %d for manifest '%s': %s",
+              result.getExitCode(), manifestPath, result.getError()));
+    }
+
+    Path propsTempFile = Files.createTempFile("propsfile", ".txt");
+    Files.writeString(propsTempFile, result.getOutput());
     return propsTempFile;
   }
 
@@ -509,9 +530,12 @@ private boolean containsVersion(String line) {
 
   private String getRoot(Path textFormatFile, Map<String, String> propertiesMap)
       throws IOException {
-    String group = propertiesMap.get("group");
-    String version = propertiesMap.get("version");
+    String group = propertiesMap.getOrDefault("group", "unknown");
+    String version = propertiesMap.getOrDefault("version", "0.0.0");
     String rootName = extractRootProjectValue(textFormatFile);
+    if (rootName == null || rootName.isEmpty()) {
+      rootName = "unknown";
+    }
     return group + ':' + rootName + ':' + "jar" + ':' + version;
   }
 
@@ -531,24 +555,28 @@ private String extractRootProjectValue(Path inputFilePath) throws IOException {
 
   private Map<String, String> extractProperties(Path manifestPath) throws IOException {
     Path propsTempFile = getProperties(manifestPath);
-    String content = Files.readString(propsTempFile);
-    // Define the regular expression pattern for key-value pairs
-    Pattern pattern = Pattern.compile("([^:]+):\\s+(.+)");
-    Matcher matcher = pattern.matcher(content);
-    // Create a Map to store key-value pairs
-    Map<String, String> keyValueMap = new HashMap<>();
-
-    // Iterate through matches and add them to the map
-    while (matcher.find()) {
-      String key = matcher.group(1).trim();
-      String value = matcher.group(2).trim();
-      keyValueMap.put(key, value);
-    }
-    // Check if any key-value pairs were found
-    if (!keyValueMap.isEmpty()) {
-      return keyValueMap;
-    } else {
-      return Collections.emptyMap();
+    try {
+      String content = Files.readString(propsTempFile);
+      // Define the regular expression pattern for key-value pairs
+      Pattern pattern = Pattern.compile("([^:]+):\\s+(.+)");
+      Matcher matcher = pattern.matcher(content);
+      // Create a Map to store key-value pairs
+      Map<String, String> keyValueMap = new HashMap<>();
+
+      // Iterate through matches and add them to the map
+      while (matcher.find()) {
+        String key = matcher.group(1).trim();
+        String value = matcher.group(2).trim();
+        keyValueMap.put(key, value);
+      }
+      // Check if any key-value pairs were found
+      if (!keyValueMap.isEmpty()) {
+        return keyValueMap;
+      } else {
+        return Collections.emptyMap();
+      }
+    } finally {
+      Files.deleteIfExists(propsTempFile);
     }
   }
 
@@ -577,14 +605,17 @@ private List<String> extractLines(Path inputFilePath, String startMarker) throws
 
   @Override
   public Content provideComponent() throws IOException {
-
     Path tempFile = getDependencies(manifest);
-    Map<String, String> propertiesMap = extractProperties(manifest);
+    try {
+      Map<String, String> propertiesMap = extractProperties(manifest);
 
-    Sbom sbom = buildSbomFromTextFormat(tempFile, propertiesMap, AnalysisType.COMPONENT);
-    var ignored = getIgnoredDeps(manifest);
+      Sbom sbom = buildSbomFromTextFormat(tempFile, propertiesMap, AnalysisType.COMPONENT);
+      var ignored = getIgnoredDeps(manifest);
 
-    return new Content(
-        sbom.filterIgnoredDeps(ignored).getAsJsonString().getBytes(), Api.CYCLONEDX_MEDIA_TYPE);
+      return new Content(
+          sbom.filterIgnoredDeps(ignored).getAsJsonString().getBytes(), Api.CYCLONEDX_MEDIA_TYPE);
+    } finally {
+      Files.deleteIfExists(tempFile);
+    }
   }
 }

src/main/java/io/github/guacsec/trustifyda/tools/Operations.java

@@ -29,6 +29,8 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
 import java.util.logging.Logger;
 import java.util.stream.Collectors;
@@ -192,8 +194,15 @@ public static String runProcessGetOutput(Path dir, final String[] cmdList, Strin
     }
   }
 
+  private static final long DEFAULT_PROCESS_TIMEOUT_SECONDS = 120L;
+
   public static ProcessExecOutput runProcessGetFullOutput(
       Path dir, final String[] cmdList, String[] envList) {
+    return runProcessGetFullOutput(dir, cmdList, envList, DEFAULT_PROCESS_TIMEOUT_SECONDS);
+  }
+
+  public static ProcessExecOutput runProcessGetFullOutput(
+      Path dir, final String[] cmdList, String[] envList, long timeoutSeconds) {
     try {
       Process process;
       if (dir == null) {
@@ -210,34 +219,46 @@ public static ProcessExecOutput runProcessGetFullOutput(
         }
       }
 
-      BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
-      StringBuilder output = new StringBuilder();
-      String line;
-      while ((line = reader.readLine()) != null) {
-        output.append(line);
-        if (!line.endsWith(System.lineSeparator())) {
-          output.append("\n");
-        }
-      }
+      CompletableFuture<String> stdoutFuture =
+          CompletableFuture.supplyAsync(() -> drainStream(process.getInputStream()));
+      CompletableFuture<String> stderrFuture =
+          CompletableFuture.supplyAsync(() -> drainStream(process.getErrorStream()));
 
-      reader = new BufferedReader(new InputStreamReader(process.getErrorStream()));
-      StringBuilder error = new StringBuilder();
-      while ((line = reader.readLine()) != null) {
-        error.append(line);
-        if (!line.endsWith(System.lineSeparator())) {
-          error.append("\n");
-        }
+      boolean finished = process.waitFor(timeoutSeconds, TimeUnit.SECONDS);
+      if (!finished) {
+        process.destroyForcibly();
+        throw new RuntimeException(
+            String.format(
+                "Command '%s' timed out after %d seconds", join(" ", cmdList), timeoutSeconds));
       }
 
-      process.waitFor(30L, TimeUnit.SECONDS);
-
-      return new ProcessExecOutput(output.toString(), error.toString(), process.exitValue());
-    } catch (IOException | InterruptedException e) {
+      return new ProcessExecOutput(stdoutFuture.get(), stderrFuture.get(), process.exitValue());
+    } catch (InterruptedException e) {
+      Thread.currentThread().interrupt();
+      throw new RuntimeException(
+          String.format("Command '%s' was interrupted", join(" ", cmdList)), e);
+    } catch (ExecutionException e) {
+      throw new RuntimeException(
+          String.format("Failed reading output of command '%s'", join(" ", cmdList)), e);
+    } catch (IOException e) {
       throw new RuntimeException(
           String.format("Failed to execute command '%s' ", join(" ", cmdList)), e);
     }
   }
 
+  private static String drainStream(java.io.InputStream inputStream) {
+    try (BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream))) {
+      StringBuilder sb = new StringBuilder();
+      String line;
+      while ((line = reader.readLine()) != null) {
+        sb.append(line).append("\n");
+      }
+      return sb.toString();
+    } catch (IOException e) {
+      throw new RuntimeException("Failed to read process stream", e);
+    }
+  }
+
   public static class ProcessExecOutput {
     private final String output;
     private final String error;