From dfec78e5b9b23064b38588ee5c901913be85d808 Mon Sep 17 00:00:00 2001
From: Jeff Williams <planetlevel@gmail.com>
Date: Tue, 28 Dec 2021 18:05:43 -0500
Subject: [PATCH] tweak shading

---
 .gitignore                                    |  1 +
 pom.xml                                       |  7 ++----
 .../com/contrastsecurity/CycloneDXModel.java  |  1 +
 src/main/java/com/contrastsecurity/Jbom.java  | 24 +++++++++++--------
 .../java/com/contrastsecurity/Libraries.java  | 12 ++++++----
 5 files changed, 25 insertions(+), 20 deletions(-)

diff --git a/.gitignore b/.gitignore
index 46324b1..b4ecf0d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
 .DS_Store
 .vscode/
 dependency-reduced-pom.xml
+sbom.json
diff --git a/pom.xml b/pom.xml
index d2383f1..46b01b5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -73,8 +73,8 @@
 						<configuration>
 							<relocations>
 								<relocation>
-									<pattern>com.contrastsecurity</pattern>
-									<shadedPattern>com.contrastsecurity</shadedPattern>
+									<pattern>com.fasterxml</pattern>
+									<shadedPattern>com.contrastsecurity.shaded.com.fasterxml</shadedPattern>
 								</relocation>
 								<relocation>
 									<pattern>net</pattern>
@@ -83,9 +83,6 @@
 								<relocation>
 									<pattern>org</pattern>
 									<shadedPattern>com.contrastsecurity.shaded.org</shadedPattern>
-									<excludes>
-										<exclude>org.apache.logging.**.*</exclude>
-									</excludes>
 								</relocation>
 							</relocations>
 							<transformers>
diff --git a/src/main/java/com/contrastsecurity/CycloneDXModel.java b/src/main/java/com/contrastsecurity/CycloneDXModel.java
index eef9f9a..5c2033b 100644
--- a/src/main/java/com/contrastsecurity/CycloneDXModel.java
+++ b/src/main/java/com/contrastsecurity/CycloneDXModel.java
@@ -32,6 +32,7 @@ public static Metadata makeMetadata() {
 		Tool jbom = new Tool();
 		jbom.setName("jbom - https://github.com/Contrast-Security-OSS/jbom");
 		jbom.setVendor("Contrast Security - https://contrastsecurity.com");
+		jbom.setVersion("1.0.0");
 		meta.setTools( new ArrayList<>(Arrays.asList(jbom)) );
 		
 		String description = "Java";
diff --git a/src/main/java/com/contrastsecurity/Jbom.java b/src/main/java/com/contrastsecurity/Jbom.java
index 0cd3a41..e49fae3 100644
--- a/src/main/java/com/contrastsecurity/Jbom.java
+++ b/src/main/java/com/contrastsecurity/Jbom.java
@@ -36,16 +36,16 @@ public static void transform(String args, Instrumentation inst) {
 		}
 		agentRunning = true;
 
-		Logger.log( "                         _ __" );
-		Logger.log( "                        (_) /_  ____  ____ ___" );
-		Logger.log( "                       / / __ \\/ __ \\/ __ `__ \\" );
-		Logger.log( "                      / / /_/ / /_/ / / / / / /" );
-		Logger.log( "                   __/ /_.___/\\____/_/ /_/ /_/" );
-		Logger.log( "                  /___/" );
-		Logger.log( "        by Contrast Security - https://contrastsecurity.com" );
+		Logger.log( "                           _ __" );
+		Logger.log( "                          (_) /_  ____  ____ ___" );
+		Logger.log( "                         / / __ \\/ __ \\/ __ `__ \\" );
+		Logger.log( "                        / / /_/ / /_/ / / / / / /" );
+		Logger.log( "                     __/ /_.___/\\____/_/ /_/ /_/" );
+		Logger.log( "                    /___/" );
+		Logger.log( "          by Contrast Security - https://contrastsecurity.com" );
 		Logger.log( "" );
-		Logger.log( "jbom generates a Software Bill of Materials (SBOM) from a running JVM" );
-		Logger.log( "           https://github.com/Contrast-Security-OSS/jbom" );
+		Logger.log( " jbom generates a Software Bill of Materials (SBOM) for apps on a running JVM" );
+		Logger.log( "              https://github.com/Contrast-Security-OSS/jbom" );
 		Logger.log( "" );
 
 		new AgentBuilder.Default()
@@ -71,6 +71,7 @@ public Builder<?> transform(Builder<?> builder, TypeDescription typeDescription,
 		.installOn(inst);
 
 		reportResults( filename );
+
 	}
 
 
@@ -89,7 +90,10 @@ public void run() {
 				Logger.log("Writing SBOM with " + Libraries.getLibraries().size() + " libraries");
 				CycloneDXModel sbom = new CycloneDXModel();
 				sbom.setComponents( Libraries.getLibraries() );	
-				sbom.save( filename );	
+				sbom.save( filename );
+
+				agentRunning = false;
+
 			}        
 		};
 		new Thread(thread).start();
diff --git a/src/main/java/com/contrastsecurity/Libraries.java b/src/main/java/com/contrastsecurity/Libraries.java
index 21b7a34..5b94b7e 100644
--- a/src/main/java/com/contrastsecurity/Libraries.java
+++ b/src/main/java/com/contrastsecurity/Libraries.java
@@ -30,8 +30,8 @@
 public class Libraries {
 
     private static Set<Component> invoked = new HashSet<Component>();
-    private static Set<String> addedAll = new HashSet<String>();
-    private static Set<Component> libraries = new TreeSet<Component>();
+    private static Set<String> codesourceExamined = new HashSet<String>();
+    private static Set<Component> libraries = new HashSet<Component>();
 
     public static void main( String[] args ) throws Exception {
         String url1 = "jar:file:/Users/jeffwilliams/Downloads/log4j%20demo/myproject-0.0.1-SNAPSHOT.jar!/BOOT-INF/lib/log4j-api-2.14.1.jar!/";
@@ -49,14 +49,17 @@ public static void main( String[] args ) throws Exception {
     // find containing jar file and include ALL libraries
     public static void addAllLibraries( String codesource ) {
 
-        if ( addedAll.contains( codesource ) ) {
+        if ( codesourceExamined.contains( codesource ) ) {
             return;
         }
-        
+        codesourceExamined.add( codesource );
+
         if ( !isArchive( codesource ) ) {
             return;
         }
 
+        System.out.println( "SCANNING: " + codesource );
+
         try {
             // save this lib
             String decoded = URLDecoder.decode( codesource, "UTF-8" );
@@ -99,7 +102,6 @@ public static void addAllLibraries( String codesource ) {
             Logger.log( "  CodeSource: " + codesource );
             e.printStackTrace();
         }
-        addedAll.add( codesource );
     }
 
     public static void scan( JarFile jarFile, JarInputStream jis, String codesource ) throws Exception {