Merge pull request #143 from fossas/feat/compute-dependency-hashes

xizhao · web-flow · commit c86fa51fcf55 · 2018-06-06T17:14:58.000-07:00
Feat/compute dependency hashes
diff --git a/builders/ant/ant.go b/builders/ant/ant.go
@@ -14,6 +14,7 @@ import (
 	"github.com/bmatcuk/doublestar"
 	"github.com/gnewton/jargo"
 
+	"github.com/fossas/fossa-cli/builders/builderutil"
 	"github.com/fossas/fossa-cli/builders/maven"
 	"github.com/fossas/fossa-cli/exec"
 	"github.com/fossas/fossa-cli/files"
@@ -94,8 +95,10 @@ func (builder *AntBuilder) Analyze(m module.Module, allowUnresolved bool) ([]mod
 	for _, jarFilePath := range jarFilePaths {
 		locator, err := locatorFromJar(jarFilePath)
 		if err == nil {
+			hashes, _ := builderutil.GetHashes(jarFilePath)
 			dependencies = append(dependencies, module.Dependency{
 				Locator: locator,
+				Hashes:  hashes,
 			})
 		} else {
 			log.Logger.Warningf("unable to resolve Jar: %s", jarFilePath)
diff --git a/builders/builderutil/hashes.go b/builders/builderutil/hashes.go
@@ -0,0 +1,43 @@
+package builderutil
+
+import (
+	"crypto/md5" // nolint: gas
+	"crypto/sha1"
+	"crypto/sha256"
+	"encoding/hex"
+	"io"
+	"os"
+
+	"github.com/fossas/fossa-cli/module"
+)
+
+// GetHashes computes hexadecimal checksums of a variety of types for a given file path
+func GetHashes(path string) (module.Hashes, error) {
+	hashes := module.Hashes{}
+
+	f, err := os.Open(path)
+	if err != nil {
+		return hashes, err
+	}
+	defer f.Close()
+
+	sha1Hash := sha1.New()
+	if _, err := io.Copy(sha1Hash, f); err != nil {
+		return hashes, err
+	}
+	hashes.SHA1 = hex.EncodeToString(sha1Hash.Sum(nil))
+
+	md5Hash := md5.New() // nolint: gas
+	if _, err := io.Copy(md5Hash, f); err != nil {
+		return hashes, err
+	}
+	hashes.MD5 = hex.EncodeToString(md5Hash.Sum(nil))
+
+	sha256Hash := sha256.New()
+	if _, err := io.Copy(sha256Hash, f); err != nil {
+		return hashes, err
+	}
+	hashes.SHA256 = hex.EncodeToString(sha256Hash.Sum(nil))
+
+	return hashes, err
+}
diff --git a/module/dependency.go b/module/dependency.go
@@ -3,6 +3,6 @@ package module
 // Dependency represents a code library brought in by running a Build
 type Dependency struct {
 	Locator
-
+	Hashes
 	Via []ImportPath
 }
diff --git a/module/hashes.go b/module/hashes.go
@@ -0,0 +1,8 @@
+package module
+
+// Hashes contains hexadecimal checksums of code libraries brought in by running a Build
+type Hashes struct {
+	SHA1   string
+	SHA256 string
+	MD5    string
+}

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,6 @@ package module`
`3`	`3`	`// Dependency represents a code library brought in by running a Build`
`4`	`4`	`type Dependency struct {`
`5`	`5`	`Locator`
`6`		`-`
	`6`	`+ Hashes`
`7`	`7`	`Via []ImportPath`
`8`	`8`	`}`