fix: validate for empty group ID/namespace

src/providers/base_java.js

@@ -91,8 +91,7 @@ export default class Base_Java {
 	 * @returns {PackageURL} The parsed packageURL
 	 */
 	parseDep(line) {
-
-		let match = line.match(this.DEP_REGEX);
+		let match = line.split(':').map(part => part ? part.match(this.DEP_REGEX)[0] : '');
 		if (!match) {
 			throw new Error(`Unable generate SBOM from dependency tree. Line: ${line} cannot be parsed into a PackageURL`);
 		}
@@ -106,6 +105,9 @@ export default class Base_Java {
 		if (override) {
 			version = override[1];
 		}
+		if (match[0].trim() === '') {
+			throw new Error(`Artifact coordinates should have a non-empty group ID: ${line}`);
+		}
 		return this.toPurl(match[0], match[1], version);
 	}
 

src/providers/java_gradle.js

@@ -231,7 +231,7 @@ export default class Java_gradle extends Base_java {
 	#extractProperties(manifestPath, opts) {
 		let properties = {}
 		let propertiesContent = this.#getProperties(manifestPath, opts)
-		let regExpMatchArray = propertiesContent.match(/([^:]+):\s+(.+)/g);
+		let regExpMatchArray = propertiesContent.match(/([^\n:]+):[\t ]*(.*)/g);
 		for (let i = 0; i < regExpMatchArray.length - 1; i++) {
 			let parts = regExpMatchArray[i].split(":");
 			properties[parts[0].trim()] = parts[1].trim()

test/providers/java_gradle_groovy.test.js

@@ -1,3 +1,4 @@
+import { throws } from 'assert';
 import fs from 'fs'
 
 import { expect } from 'chai'
@@ -28,8 +29,8 @@ function getStubbedResponse(args, dependencyTreeTextContent, gradleProperties) {
 suite('testing the java-gradle-groovy data provider', () => {
 
 	[
-		{name: 'build.gradle', expected: true},
-		{name: 'some_other.file', expected: false}
+		{ name: 'build.gradle', expected: true },
+		{ name: 'some_other.file', expected: false }
 	].forEach(testCase => {
 		test(`verify isSupported returns ${testCase.expected} for ${testCase.name}`, () => {
 			let javaGradleProvider = new Java_gradle_groovy()
@@ -41,7 +42,7 @@ suite('testing the java-gradle-groovy data provider', () => {
 		"deps_with_no_ignore_common_paths",
 		"deps_with_ignore_full_specification",
 		"deps_with_ignore_named_params",
-		"deps_with_ignore_notations"
+		"deps_with_ignore_notations",
 	].forEach(testCase => {
 		let scenario = testCase.replaceAll('_', ' ')
 
@@ -50,7 +51,7 @@ suite('testing the java-gradle-groovy data provider', () => {
 			let expectedSbom = fs.readFileSync(`test/providers/tst_manifests/gradle/${testCase}/expected_stack_sbom.json`,).toString().trim()
 			let dependencyTreeTextContent = fs.readFileSync(`test/providers/tst_manifests/gradle/${testCase}/depTree.txt`,).toString()
 			let gradleProperties = fs.readFileSync(`test/providers/tst_manifests/gradle/${testCase}/gradle.properties`,).toString()
-			let mockedExecFunction = function(bin, args){
+			let mockedExecFunction = function (bin, args) {
 				return getStubbedResponse(args, dependencyTreeTextContent, gradleProperties);
 			}
 			let provider = new Java_gradle_groovy()
@@ -60,25 +61,44 @@ suite('testing the java-gradle-groovy data provider', () => {
 			// verify returned data matches expectation
 			compareSboms(providedDataForStack.content, expectedSbom);
 
-		// these test cases takes ~2500-2700 ms each pr >10000 in CI (for the first test-case)
+			// these test cases takes ~2500-2700 ms each pr >10000 in CI (for the first test-case)
 		}).timeout(process.env.GITHUB_ACTIONS ? 40000 : 10000)
 
 		test(`verify gradle data provided for component analysis with scenario ${scenario}`, async () => {
 			// load the expected list for the scenario
 			let expectedSbom = fs.readFileSync(`test/providers/tst_manifests/gradle/${testCase}/expected_component_sbom.json`,).toString().trim()
 			let dependencyTreeTextContent = fs.readFileSync(`test/providers/tst_manifests/gradle/${testCase}/depTree.txt`,).toString()
 			let gradleProperties = fs.readFileSync(`test/providers/tst_manifests/gradle/${testCase}/gradle.properties`,).toString()
-			let mockedExecFunction = function(bin, args){
+			let mockedExecFunction = function (bin, args) {
 				return getStubbedResponse(args, dependencyTreeTextContent, gradleProperties);
 			}
 			let provider = new Java_gradle_groovy()
 			Object.getPrototypeOf(Object.getPrototypeOf(provider))._invokeCommand = mockedExecFunction
-			// invoke sut component analysis for scenario manifest
+			// invoke component analysis for scenario manifest
 			let providedForComponent = provider.provideComponent(`test/providers/tst_manifests/gradle/${testCase}/build.gradle`, {})
 			// verify returned data matches expectation
 			compareSboms(providedForComponent.content, expectedSbom);
 			// these test cases takes ~1400-2000 ms each pr >10000 in CI (for the first test-case)
 		}).timeout(process.env.GITHUB_ACTIONS ? 15000 : 5000)
+	});
+
+	[
+		"deps_with_empty_project_group"
+	].forEach(testCase => {
+		let scenario = testCase.replaceAll('_', ' ')
+
+		test(`verify gradle provider throws with scenario ${scenario}`, async () => {
+			// load the expected list for the scenario
+			let dependencyTreeTextContent = fs.readFileSync(`test/providers/tst_manifests/gradle/${testCase}/depTree.txt`,).toString()
+			let gradleProperties = fs.readFileSync(`test/providers/tst_manifests/gradle/${testCase}/gradle.properties`,).toString()
+			let mockedExecFunction = function (bin, args) {
+				return getStubbedResponse(args, dependencyTreeTextContent, gradleProperties);
+			}
+			let provider = new Java_gradle_groovy()
+			Object.getPrototypeOf(Object.getPrototypeOf(provider))._invokeCommand = mockedExecFunction
+			// invoke component analysis for scenario manifest
+			throws(() => provider.provideComponent(`test/providers/tst_manifests/gradle/${testCase}/build.gradle`, {}))
+		})
 	})
-}).beforeAll(() => clock = useFakeTimers(new Date('2023-08-07T00:00:00.000Z'))).afterAll(()=> {clock.restore()});
+}).beforeAll(() => clock = useFakeTimers(new Date('2023-08-07T00:00:00.000Z'))).afterAll(() => { clock.restore() });
 

test/providers/java_gradle_kotlin.test.js

@@ -1,3 +1,4 @@
+import { throws } from 'assert';
 import fs from 'fs'
 
 import { expect } from 'chai'
@@ -28,8 +29,8 @@ function getStubbedResponse(args, dependencyTreeTextContent, gradleProperties) {
 suite('testing the java-gradle-kotlin data provider', () => {
 
 	[
-		{name: 'build.gradle.kts', expected: true},
-		{name: 'some_other.file', expected: false}
+		{ name: 'build.gradle.kts', expected: true },
+		{ name: 'some_other.file', expected: false }
 	].forEach(testCase => {
 		test(`verify isSupported returns ${testCase.expected} for ${testCase.name}`, () => {
 			let javaGradleProvider = new Java_gradle_kotlin()
@@ -50,7 +51,7 @@ suite('testing the java-gradle-kotlin data provider', () => {
 			let expectedSbom = fs.readFileSync(`test/providers/tst_manifests/gradle/${testCase}/expected_stack_sbom.json`,).toString().trim()
 			let dependencyTreeTextContent = fs.readFileSync(`test/providers/tst_manifests/gradle/${testCase}/depTree.txt`,).toString()
 			let gradleProperties = fs.readFileSync(`test/providers/tst_manifests/gradle/${testCase}/gradle.properties`,).toString()
-			let mockedExecFunction = function(bin, args){
+			let mockedExecFunction = function (bin, args) {
 				return getStubbedResponse(args, dependencyTreeTextContent, gradleProperties);
 			}
 			let javGradleProvider = new Java_gradle_kotlin()
@@ -60,25 +61,44 @@ suite('testing the java-gradle-kotlin data provider', () => {
 			// verify returned data matches expectation
 			compareSboms(providedDataForStack.content, expectedSbom);
 
-		// these test cases takes ~2500-2700 ms each pr >10000 in CI (for the first test-case)
+			// these test cases takes ~2500-2700 ms each pr >10000 in CI (for the first test-case)
 		}).timeout(process.env.GITHUB_ACTIONS ? 40000 : 10000)
 
 		test(`verify gradle data provided for component analysis with scenario ${scenario}`, async () => {
 			// load the expected list for the scenario
 			let expectedSbom = fs.readFileSync(`test/providers/tst_manifests/gradle/${testCase}/expected_component_sbom.json`,).toString().trim()
 			let dependencyTreeTextContent = fs.readFileSync(`test/providers/tst_manifests/gradle/${testCase}/depTree.txt`,).toString()
 			let gradleProperties = fs.readFileSync(`test/providers/tst_manifests/gradle/${testCase}/gradle.properties`,).toString()
-			let mockedExecFunction = function(bin, args){
+			let mockedExecFunction = function (bin, args) {
 				return getStubbedResponse(args, dependencyTreeTextContent, gradleProperties);
 			}
 			let javaGradleProvider = new Java_gradle_kotlin()
 			Object.getPrototypeOf(Object.getPrototypeOf(javaGradleProvider))._invokeCommand = mockedExecFunction
-			// invoke sut component analysis for scenario manifest
+			// invoke component analysis for scenario manifest
 			let providedForComponent = javaGradleProvider.provideComponent(`test/providers/tst_manifests/gradle/${testCase}/build.gradle.kts`, {})
 			// verify returned data matches expectation
 			compareSboms(providedForComponent.content, expectedSbom);
 			// these test cases takes ~1400-2000 ms each pr >10000 in CI (for the first test-case)
 		}).timeout(process.env.GITHUB_ACTIONS ? 15000 : 5000)
+	});
+
+	[
+		"deps_with_empty_project_group"
+	].forEach(testCase => {
+		let scenario = testCase.replaceAll('_', ' ')
+
+		test(`verify gradle provider throws with scenario ${scenario}`, async () => {
+			// load the expected list for the scenario
+			let dependencyTreeTextContent = fs.readFileSync(`test/providers/tst_manifests/gradle/${testCase}/depTree.txt`,).toString()
+			let gradleProperties = fs.readFileSync(`test/providers/tst_manifests/gradle/${testCase}/gradle.properties`,).toString()
+			let mockedExecFunction = function (bin, args) {
+				return getStubbedResponse(args, dependencyTreeTextContent, gradleProperties);
+			}
+			let provider = new Java_gradle_kotlin()
+			Object.getPrototypeOf(Object.getPrototypeOf(provider))._invokeCommand = mockedExecFunction
+			// invoke component analysis for scenario manifest
+			throws(() => provider.provideComponent(`test/providers/tst_manifests/gradle/${testCase}/build.gradle`, {}))
+		})
 	})
-}).beforeAll(() => clock = useFakeTimers(new Date('2023-08-07T00:00:00.000Z'))).afterAll(()=> {clock.restore()});
+}).beforeAll(() => clock = useFakeTimers(new Date('2023-08-07T00:00:00.000Z'))).afterAll(() => { clock.restore() });
 

test/providers/tst_manifests/gradle/deps_with_empty_project_group/build.gradle

@@ -0,0 +1,28 @@
+plugins {
+    id 'java'
+}
+
+group = ''
+version = '1.0.0-SNAPSHOT'
+
+repositories {
+    mavenCentral()
+}
+
+dependencies {
+    implementation "io.quarkus:quarkus-hibernate-orm:2.13.5.Final"
+    implementation "io.quarkus:quarkus-agroal:2.13.5.Final"
+    implementation "io.quarkus:quarkus-resteasy:2.13.5.Final"
+    implementation "io.quarkus:quarkus-resteasy-jackson:2.13.5.Final"
+    implementation "io.quarkus:quarkus-jdbc-postgresql:2.13.5.Final"
+    implementation "io.quarkus:quarkus-vertx-http:2.13.5.Final"
+    implementation "io.quarkus:quarkus-kubernetes-service-binding:2.13.5.Final"
+    implementation "io.quarkus:quarkus-container-image-docker:2.13.5.Final"
+    implementation "jakarta.validation:jakarta.validation-api:2.0.2"
+    implementation "io.quarkus:quarkus-resteasy-multipart:2.13.7.Final"
+    implementation "io.quarkus:quarkus-hibernate-orm-deployment:2.0.2.Final"
+    implementation "log4j:log4j:1.2.17" // exhortignore
+}
+test {
+    useJUnitPlatform()
+}

test/providers/tst_manifests/gradle/deps_with_empty_project_group/build.gradle.kts

@@ -0,0 +1,28 @@
+plugins {
+    id("java")
+}
+
+version = "1.0.0-SNAPSHOT"
+
+repositories {
+    mavenCentral()
+}
+
+dependencies {
+    implementation("io.quarkus:quarkus-hibernate-orm:2.13.5.Final")
+    implementation("io.quarkus:quarkus-agroal:2.13.5.Final")
+    implementation("io.quarkus:quarkus-resteasy:2.13.5.Final")
+    implementation("io.quarkus:quarkus-resteasy-jackson:2.13.5.Final")
+    implementation("io.quarkus:quarkus-jdbc-postgresql:2.13.5.Final")
+    implementation("io.quarkus:quarkus-vertx-http:2.13.5.Final")
+    implementation("io.quarkus:quarkus-kubernetes-service-binding:2.13.5.Final")
+    implementation("io.quarkus:quarkus-container-image-docker:2.13.5.Final")
+    implementation("jakarta.validation:jakarta.validation-api:2.0.2")
+    implementation("io.quarkus:quarkus-resteasy-multipart:2.13.7.Final")
+    implementation("io.quarkus:quarkus-hibernate-orm-deployment:2.0.2.Final")
+    implementation("log4j:log4j:1.2.17")  // exhortignore
+}
+
+test {
+    useJUnitPlatform()
+}