fix(gradle): add a new flag --gradle-project-name

iseki0 · iseki0 · commit 575cd8d85c5a · 2025-01-22T11:14:59.000+08:00
diff --git a/cmd/murphy/internal/scan/cmd.go b/cmd/murphy/internal/scan/cmd.go
@@ -14,6 +14,7 @@ import (
 	"github.com/murphysecurity/murphysec/infra/ui"
 	"github.com/murphysecurity/murphysec/inspector"
 	"github.com/murphysecurity/murphysec/model"
+	"github.com/murphysecurity/murphysec/module/gradle"
 	"github.com/murphysecurity/murphysec/module/maven"
 	"github.com/murphysecurity/murphysec/scanerr"
 	"github.com/murphysecurity/murphysec/utils"
@@ -40,6 +41,7 @@ var webhookAddr string
 var webhookMode common.WebhookModeFlag
 var extraData string
 var scanCodeHash bool
+var gradleProjectFilter gradle.ProjectFilter
 
 func Cmd() *cobra.Command {
 	var c cobra.Command
@@ -82,6 +84,7 @@ func DfCmd() *cobra.Command {
 	c.Flags().Var(&webhookMode, "webhook-mode", "specify the webhook mode, currently supports: simple, full(default)")
 	c.Flags().StringVar(&extraData, "extra-data", "", "specify the extra data")
 	c.Flags().BoolVar(&scanCodeHash, "scan-snippets", false, "Enable scanning of code snippets to detect SBOM and  vulnerabilities. Disabled by default")
+	c.Flags().StringArrayVar(&gradleProjectFilter.ProjectNames, "gradle-project-name", make([]string, 0), "specify the name of the Gradle project")
 	return &c
 }
 
@@ -270,6 +273,7 @@ func dfScanRun(cmd *cobra.Command, args []string) {
 		return
 	}
 	logger := logctx.Use(ctx).Sugar()
+	ctx = context.WithValue(ctx, gradle.ProjectFilterCtxKey, gradleProjectFilter)
 	r, e := scan(ctx, scanDir, model.AccessTypeCli, model.ScanModeSource)
 	if errors.Is(e, inspector.ErrNoWait) {
 		return
diff --git a/module/gradle/gradle.go b/module/gradle/gradle.go
@@ -11,6 +11,7 @@ import (
 	"github.com/murphysecurity/murphysec/model"
 	"github.com/murphysecurity/murphysec/utils"
 	"github.com/repeale/fp-go"
+	"golang.org/x/exp/slices"
 	"golang.org/x/sync/errgroup"
 	"gopkg.in/yaml.v3"
 	"io"
@@ -304,7 +305,7 @@ func parseGradleScriptOutputAsyncBuilder(ctx context.Context) (handler func(path
 			}
 			defer func() { _ = f.Close() }()
 			var _modules []model.Module
-			_modules, e = decodeGradleScriptOutput(f, path)
+			_modules, e = decodeGradleScriptOutput(ctx, f, path)
 			if e != nil {
 				return
 			}
@@ -320,13 +321,19 @@ func parseGradleScriptOutputAsyncBuilder(ctx context.Context) (handler func(path
 	}
 }
 
-func decodeGradleScriptOutput(reader io.Reader, dir string) (modules []model.Module, e error) {
+func decodeGradleScriptOutput(ctx context.Context, reader io.Reader, dir string) (modules []model.Module, e error) {
+	var logger = logctx.Use(ctx).Sugar()
 	var decoder = yaml.NewDecoder(reader)
 	var data dtoProjectData
 	e = decoder.Decode(&data)
 	if e != nil {
 		return
 	}
+	pf, ok := ctx.Value(ProjectFilterCtxKey).(ProjectFilter)
+	if ok && len(pf.ProjectNames) > 0 && !slices.Contains(pf.ProjectNames, data.Project) {
+		logger.Infof("project %s not in filter list, skip", data.Project)
+		return
+	}
 	for _, configuration := range data.Configurations {
 		var online = model.IsOnlineFalse()
 		if !strings.Contains(strings.ToLower(configuration.Configuration), "test") {
diff --git a/module/gradle/gradle_project_filter.go b/module/gradle/gradle_project_filter.go
@@ -0,0 +1,13 @@
+package gradle
+
+type ProjectFilter struct {
+	ProjectNames []string
+}
+
+type _ProjectFilterKey struct{}
+
+func (_ProjectFilterKey) String() string {
+	return "GradleProjectFilter"
+}
+
+var ProjectFilterCtxKey = &_ProjectFilterKey{}
