-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathparse.py
More file actions
114 lines (96 loc) · 3.55 KB
/
parse.py
File metadata and controls
114 lines (96 loc) · 3.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
import sys
import xml.etree.ElementTree as ET
import json
from dataclasses import dataclass
import base64
@dataclass
class Component:
group: str
name: str
version: str
@dataclass
class Artifact:
name: str
hash: object
component: object
module: object
@dataclass
class Module:
name: str
hash: object
@dataclass
class Hash:
algo: str
value: str
def main():
if len(sys.argv) <= 1:
print("Missing verification.xml file")
sys.exit(1)
artifacts = parse(sys.argv[1])
maven_repos = [repository.rstrip("/") for repository in sys.argv[2:]]
outputs = []
for artifact in artifacts:
path = f"{artifact.component.group.replace('.', '/')}/{artifact.component.name}/{artifact.component.version}"
output = {
"url_prefixes": [f"{maven_repo}/{path}" for maven_repo in maven_repos],
"path": path,
"name": artifact.name,
"module": {
"name": artifact.module.name,
"hash": toSri(artifact.module.hash.algo, artifact.module.hash.value),
"hash_algo": artifact.module.hash.algo,
"hash_value": artifact.module.hash.value,
} if artifact.module is not None else None,
"component": {
"group": artifact.component.group,
"name": artifact.component.name,
"version": artifact.component.version,
},
"hash": toSri(artifact.hash.algo, artifact.hash.value),
"hash_algo": artifact.hash.algo,
"hash_value": artifact.hash.value,
}
outputs.append(output)
print(json.dumps(outputs))
def toSri(algo, hash):
hash_bytes = bytes.fromhex(hash)
encoded_hash = base64.b64encode(hash_bytes)
decoded_hash = encoded_hash.decode()
return f"{algo}-{decoded_hash}"
def parse(xml_file):
namespaces = {
"default": "https://schema.gradle.org/dependency-verification"
}
root = ET.parse(xml_file).getroot()
artifacts = []
for component_elem in root.findall(".//default:component", namespaces):
group = component_elem.get("group")
name = component_elem.get("name")
version = component_elem.get("version")
component_obj = Component(group=group, name=name, version=version)
component_artifacts = []
for artifact_elem in component_elem.findall("default:artifact", namespaces):
artifact_name = artifact_elem.get("name")
hash_obj=None
for algo in ["pgp", "md5", "sha1", "sha256", "sha512"]:
elem = artifact_elem.find(f"default:{algo}", namespaces)
if elem is not None:
value = elem.get("value")
hash_obj = Hash(algo=algo, value=value)
artifact_obj = Artifact(name=artifact_name, hash=hash_obj, component=component_obj, module=None)
component_artifacts.append(artifact_obj)
# keep reference to Gradle module metadata if it exist
module_name = f"{name}-{version}.module"
module_artifact = next(
(artifact for artifact in component_artifacts if artifact.name == module_name),
None,
)
if module_artifact is not None:
module = Module(name=module_artifact.name, hash=module_artifact.hash)
for artifact in component_artifacts:
if artifact is not module_artifact:
artifact.module = module
artifacts.extend(component_artifacts)
return artifacts
if __name__ == "__main__":
main()