Derive package folder from purl

frontend/src/components/results/ResultTitle.vue

@@ -11,11 +11,6 @@
           <cv-tag v-if="showBranch" :label="branchLabel" />
           <cv-tag v-if="showCommitID" :label="commitIDLabel" />
           <cv-tag v-if="showSubfolder" :label="subfolderLabel" />
-          <cv-tag
-            v-for="purl in model.codeOrigin.purls"
-            :key="purl"
-            :label="purl"
-          ></cv-tag>
         </div>
       </div>
       <div v-if="getDetections().length > 0 || model.scanning.isScanning">

frontend/src/components/results/modal/GitInfoPrompt.vue

@@ -80,7 +80,7 @@ export default {
       }
     },
     resetModal: function () {
-      this.gitLink = model.codeOrigin.scanUrl;
+      this.gitLink = model.codeOrigin.gitUrl;
       this.gitBranch = model.codeOrigin.revision;
       this.commitID = model.codeOrigin.commitID;
 

frontend/src/helpers/cbom.js

@@ -262,7 +262,6 @@ export function setCbom(cbom) {
 
   if (Object.hasOwn(cbom, "metadata")) {
     if (Object.hasOwn(cbom.metadata, "properties") && Array.isArray(cbom.metadata.properties)) {
-      model.codeOrigin.purls = []
       cbom.metadata.properties.forEach(function (prop) {
         if (Object.hasOwn(prop, "name") && Object.hasOwn(prop, "value")) {
           switch (prop.name) {
@@ -275,9 +274,6 @@ export function setCbom(cbom) {
             case "subfolder":
               model.codeOrigin.subfolder = prop.value
               break;
-            case "purl":
-              model.codeOrigin.purls.push(prop.value)
-              break;
             case "commit":
               model.codeOrigin.commitID = prop.value
           }

frontend/src/helpers/general.js

@@ -51,7 +51,7 @@ export function openGitRepo(gitUrl) {
 }
 
 export function canOpenOnline() {
-  let gitUrl = model.codeOrigin.scanUrl;
+  let gitUrl = model.codeOrigin.gitUrl;
   let branch = model.codeOrigin.revision;
   let commitID = model.codeOrigin.commitID;
 

frontend/src/helpers/scan.js

@@ -146,8 +146,12 @@ function handleMessage(messageJson) {
     let cbomString = obj["message"];
     setCbom(JSON.parse(cbomString));
     console.log("Received CBOM from scanning:", model.cbom);
+  } else if (obj["type"] === "GITURL") {
+    model.codeOrigin.gitUrl = obj["message"];
   } else if (obj["type"] === "BRANCH") {
     model.codeOrigin.revision = obj["message"];
+  } else if (obj["type"] === "FOLDER") {
+    model.codeOrigin.subfolder = obj["message"];
   } else if (obj["type"] === "SCANNED_FILE_COUNT") {
     model.scanning.numberOfFiles = obj["message"];
   } else if (obj["type"] === "SCANNED_NUMBER_OF_LINES") {

frontend/src/model.js

@@ -27,7 +27,6 @@ export const model = reactive({
     revision: null,
     subfolder: null,
     commitID: null,
-    purls: [],
     uploadedFileName: null,
   },
   credentials: {
@@ -69,7 +68,6 @@ export const model = reactive({
     model.codeOrigin.revision = null;
     model.codeOrigin.subfolder = null;
     model.codeOrigin.commitID = null;
-    model.codeOrigin.purls = [];
     model.codeOrigin.uploadedFileName = null;
   },
   resetCredentials() {

pom.xml

@@ -151,6 +151,17 @@
       <artifactId>google-java-format</artifactId>
       <version>${google-java-format.version}</version>
     </dependency>
+
+    <dependency>
+      <groupId>org.apache.maven</groupId>
+      <artifactId>maven-model</artifactId>
+      <version>3.9.9</version>
+    </dependency>
+    <dependency>
+      <groupId>org.tomlj</groupId>
+      <artifactId>tomlj</artifactId>
+      <version>1.1.1</version>
+    </dependency>
   </dependencies>
 
   <build>

src/main/java/com/ibm/domain/scanning/ScanAggregate.java

@@ -26,15 +26,18 @@
 import com.ibm.domain.scanning.errors.CommitHashAlreadyExists;
 import com.ibm.domain.scanning.errors.GitUrlAlreadyResolved;
 import com.ibm.domain.scanning.errors.InvalidScanUrl;
+import com.ibm.domain.scanning.errors.PackageFolderAlreadyExists;
 import com.ibm.domain.scanning.errors.ScanResultForLanguageAlreadyExists;
 import com.ibm.domain.scanning.events.CommitHashIdentifiedEvent;
 import com.ibm.domain.scanning.events.GitUrlResolvedEvent;
 import com.ibm.domain.scanning.events.LanguageScanDoneEvent;
+import com.ibm.domain.scanning.events.PackageFolderResolvedEvent;
 import com.ibm.domain.scanning.events.PurlScanRequestedEvent;
 import com.ibm.domain.scanning.events.ScanFinishedEvent;
 import com.ibm.domain.scanning.events.ScanRequestedEvent;
 import jakarta.annotation.Nonnull;
 import jakarta.annotation.Nullable;
+import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.EnumMap;
 import java.util.List;
@@ -46,6 +49,7 @@ public final class ScanAggregate extends AggregateRoot<ScanId> {
     @Nullable private GitUrl gitUrl;
     @Nullable private PackageURL purl;
     @Nonnull private Revision revision;
+    @Nullable private Path packageFolder;
     @Nullable private Commit commit;
     @Nullable private Map<Language, LanguageScan> languageScans;
 
@@ -66,11 +70,13 @@ private ScanAggregate(
             @Nonnull ScanRequest scanRequest,
             @Nullable GitUrl gitUrl,
             @Nullable PackageURL purl,
+            @Nullable Path packageFolder,
             @Nullable Commit commit,
             @Nullable Map<Language, LanguageScan> languageScans) {
         this(id, scanRequest);
         this.gitUrl = gitUrl;
         this.purl = purl;
+        this.packageFolder = packageFolder;
         this.commit = commit;
         this.languageScans = languageScans;
     }
@@ -111,6 +117,14 @@ public void setCommitHash(@Nonnull Commit commit) throws CommitHashAlreadyExists
         this.apply(new CommitHashIdentifiedEvent(this.getId()));
     }
 
+    public void setPackageFolder(@Nonnull Path packageFolder) throws PackageFolderAlreadyExists {
+        if (this.packageFolder != null) {
+            throw new PackageFolderAlreadyExists(this.getId());
+        }
+        this.packageFolder = packageFolder;
+        this.apply(new PackageFolderResolvedEvent(this.getId()));
+    }
+
     public void reportScanResults(@Nonnull LanguageScan scan)
             throws ScanResultForLanguageAlreadyExists {
         if (languageScans == null) {
@@ -153,6 +167,10 @@ public Revision getRevision() {
         return revision;
     }
 
+    @Nullable public Path getPackageFolder() {
+        return packageFolder;
+    }
+
     @Nonnull
     public Optional<List<LanguageScan>> getLanguageScans() {
         return Optional.ofNullable(languageScans).map(Map::values).map(ArrayList::new);
@@ -194,8 +212,10 @@ public static ScanAggregate reconstruct(
             @Nonnull ScanRequest scanRequest,
             @Nullable GitUrl gitUrl,
             @Nullable PackageURL purl,
+            @Nullable Path packageFolder,
             @Nullable Commit commit,
             @Nullable Map<Language, LanguageScan> languageScans) {
-        return new ScanAggregate(id, scanRequest, gitUrl, purl, commit, languageScans);
+        return new ScanAggregate(
+                id, scanRequest, gitUrl, purl, packageFolder, commit, languageScans);
     }
 }

src/main/java/com/ibm/domain/scanning/errors/PackageFolderAlreadyExists.java

@@ -0,0 +1,30 @@
+/*
+ * CBOMkit
+ * Copyright (C) 2024 IBM
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.ibm.domain.scanning.errors;
+
+import app.bootstrap.core.ddd.DomainException;
+import com.ibm.domain.scanning.ScanId;
+import jakarta.annotation.Nonnull;
+
+public class PackageFolderAlreadyExists extends DomainException {
+    public PackageFolderAlreadyExists(@Nonnull ScanId scanId) {
+        super("Subfolder already exists in scan " + scanId);
+    }
+}

src/main/java/com/ibm/domain/scanning/events/PackageFolderResolvedEvent.java

@@ -0,0 +1,43 @@
+/*
+ * CBOMkit
+ * Copyright (C) 2024 IBM
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.ibm.domain.scanning.events;
+
+import app.bootstrap.core.ddd.DomainEvent;
+import com.ibm.domain.scanning.ScanId;
+import jakarta.annotation.Nonnull;
+
+public final class PackageFolderResolvedEvent extends DomainEvent {
+    @Nonnull private final ScanId scanId;
+
+    public PackageFolderResolvedEvent(@Nonnull ScanId scanId) {
+        this.scanId = scanId;
+    }
+
+    @Nonnull
+    public ScanId getScanId() {
+        return scanId;
+    }
+
+    @Nonnull
+    @Override
+    public String toString() {
+        return this.getClass().getSimpleName() + "[id=" + scanId + "]";
+    }
+}

src/main/java/com/ibm/infrastructure/database/readmodels/CBOMReadModel.java

@@ -39,7 +39,15 @@
 @Entity
 @Cacheable
 @JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonPropertyOrder({"projectIdentifier", "gitUrl", "branch", "commit", "createdAt", "bom"})
+@JsonPropertyOrder({
+    "projectIdentifier",
+    "gitUrl",
+    "branch",
+    "folder",
+    "commit",
+    "createdAt",
+    "bom"
+})
 public class CBOMReadModel extends PanacheEntityBase implements IReadModel<UUID> {
     @JsonIgnore @Id @Nonnull public UUID id;
 
@@ -52,6 +60,9 @@ public class CBOMReadModel extends PanacheEntityBase implements IReadModel<UUID>
     @JsonProperty("branch")
     @Nullable protected String revision;
 
+    @JsonProperty("folder")
+    @Nullable protected String packageFolder;
+
     @Nullable protected String commit;
     @Nonnull protected Timestamp createdAt;
 
@@ -64,13 +75,15 @@ public CBOMReadModel(
             @Nonnull String projectIdentifier,
             @Nonnull String repository,
             @Nullable String revision,
+            @Nullable String packageFolder,
             @Nullable String commit,
             @Nonnull Timestamp createdAt,
             @Nonnull JsonNode bom) {
         this.id = id;
         this.projectIdentifier = projectIdentifier;
         this.repository = repository;
         this.revision = revision;
+        this.packageFolder = packageFolder;
         this.commit = commit;
         this.createdAt = createdAt;
         this.bom = bom;
@@ -97,6 +110,10 @@ public String getRepository() {
         return revision;
     }
 
+    @Nullable public String getPackageFolder() {
+        return packageFolder;
+    }
+
     @Nullable public String getCommit() {
         return commit;
     }

src/main/java/com/ibm/infrastructure/database/readmodels/CBOMReadRepository.java

@@ -32,6 +32,7 @@
 import jakarta.inject.Singleton;
 import jakarta.persistence.EntityManager;
 import jakarta.persistence.TypedQuery;
+import java.nio.file.Path;
 import java.util.Collection;
 import java.util.List;
 import java.util.Optional;
@@ -49,26 +50,17 @@ public CBOMReadRepository(@Nonnull IDomainEventBus domainEventBus) {
     }
 
     @Override
-    public @Nonnull Optional<CBOMReadModel> findBy(@Nonnull GitUrl gitUrl, @Nonnull Commit commit) {
-        return findByRepository(gitUrl.value(), commit);
-    }
-
-    @Override
-    public @Nonnull Optional<CBOMReadModel> findBy(@Nonnull GitUrl gitUrl) {
-        return findByRepository(gitUrl.value(), null);
+    public @Nonnull Optional<CBOMReadModel> findBy(
+            @Nonnull GitUrl gitUrl, @Nullable Commit commit, @Nullable Path packageFolder) {
+        return findByRepository(gitUrl.value(), commit, packageFolder);
     }
 
     @Override
     public @Nonnull Optional<CBOMReadModel> findBy(
-            @Nonnull PackageURL purl, @Nonnull Commit commit) {
+            @Nonnull PackageURL purl, @Nullable Commit commit) {
         return findByProjectIdentifier(purl.canonicalize(), commit);
     }
 
-    @Override
-    public @Nonnull Optional<CBOMReadModel> findBy(@Nonnull PackageURL purl) {
-        return findByProjectIdentifier(purl.canonicalize(), null);
-    }
-
     @Override
     public @Nonnull Optional<CBOMReadModel> findBy(@Nonnull String projectIdentifier) {
         return findByProjectIdentifier(projectIdentifier, null);
@@ -170,16 +162,21 @@ public void delete(@Nonnull UUID uuid) {
     }
 
     private @Nonnull Optional<CBOMReadModel> findByRepository(
-            @Nonnull String repository, @Nullable Commit commit) {
+            @Nonnull String repository, @Nullable Commit commit, @Nullable Path packageFolder) {
         final EntityManager entityManager = CBOMReadModel.getEntityManager();
         final ArcContainer container = Arc.container();
         container.requestContext().activate();
         try {
             QuarkusTransaction.begin();
             String qString =
-                    commit != null
-                            ? "SELECT read FROM CBOMReadModel read WHERE read.commit = :commit AND read.repository = :repository"
-                            : "SELECT read FROM CBOMReadModel read WHERE read.repository = :repository";
+                    "SELECT read FROM CBOMReadModel read WHERE read.repository = :repository";
+
+            if (commit != null) {
+                qString += " AND read.commit = :commit";
+            }
+            if (packageFolder != null) {
+                qString += " AND read.packageFolder = :packageFolder";
+            }
             qString += " ORDER BY createdAt desc";
 
             TypedQuery<CBOMReadModel> query =
@@ -190,6 +187,9 @@ public void delete(@Nonnull UUID uuid) {
             if (commit != null) {
                 query.setParameter("commit", commit.hash());
             }
+            if (packageFolder != null) {
+                query.setParameter("packageFolder", packageFolder.toString());
+            }
             Optional<CBOMReadModel> match = query.getResultStream().findFirst();
             QuarkusTransaction.commit();
             return match;