pierre-ernst/Odc2mvn.java

## Odc2mvn.java
package com.github.pierre_ernst;

import org.w3c.dom.Document;
import org.w3c.dom.NodeList;

import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathFactory;
import java.io.File;

/**
 * $ dependency-check.sh Core --format XML -s .
 * $ java -cp . com.github.pierre_ernst.Odc2mvn dependency-check-report.xml > pom.xml
 * $ mvn dependency:unpack-dependencies -Dclassifier=sources -DexcludeTransitive=true -DmarkersDirectory=/tmp  -DoutputDirectory=./src
 *
 * Converts an OWASP DependencyCheck XML output to a Maven pom.xml
 */
public class Odc2mvn {

    public static void main(String... args) {
        try {
            if (args.length != 1) {
                System.err.println("Usage: java " + Odc2mvn.class.getName() + " <OWASP-DependencyCheck-output.xml>");
            } else {
                DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
                dbf.setAttribute("http://apache.org/xml/features/disallow-doctype-decl", true);
                Document odp = dbf.newDocumentBuilder().parse(new File(args[0]));

                XPathExpression xp = XPathFactory.newInstance().newXPath().compile("/analysis/dependencies/dependency/identifiers/package[@confidence='HIGH']/id/text()");
                NodeList nl = (NodeList) xp.evaluate(odp, XPathConstants.NODESET);

                System.out.println("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
                        "<project xmlns=\"http://maven.apache.org/POM/4.0.0\"\n" +
                        "         xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n" +
                        "         xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\">\n" +
                        "\t<modelVersion>4.0.0</modelVersion>\n" +
                        "\t<groupId>com.github.pierre_ernst</groupId>\n" +
                        "\t<version>1</version>\n" +
                        "\t<artifactId>odc2mvn</artifactId>\n\t<dependencies>\n");

                for (int i = 0; i < nl.getLength(); i++) {
                    String purl = nl.item(i).getTextContent();
                    if (purl.startsWith("pkg:maven/")) {
                        String mavenId = purl.substring(10);
                        String v = mavenId.split("@")[1];
                        String g = mavenId.split("@")[0].split("/")[0];
                        String a = mavenId.split("@")[0].split("/")[1];
                        System.out.println("\t\t<dependency>\n\t\t\t<groupId>" + g + "</groupId>\n\t\t\t<artifactId>" + a + "</artifactId>\n\t\t\t<version>" + v + "</version>\n\t\t</dependency>\n");
                    }
                }

                System.out.println("\t</dependencies>\n</project>");
            }
        } catch (Exception ex) {
            ex.printStackTrace(System.err);
        }
    }
}
	package com.github.pierre_ernst;

	import org.w3c.dom.Document;
	import org.w3c.dom.NodeList;

	import javax.xml.parsers.DocumentBuilderFactory;
	import javax.xml.xpath.XPathConstants;
	import javax.xml.xpath.XPathExpression;
	import javax.xml.xpath.XPathFactory;
	import java.io.File;

	/**
	* $ dependency-check.sh Core --format XML -s .
	* $ java -cp . com.github.pierre_ernst.Odc2mvn dependency-check-report.xml > pom.xml
	* $ mvn dependency:unpack-dependencies -Dclassifier=sources -DexcludeTransitive=true -DmarkersDirectory=/tmp -DoutputDirectory=./src
	*
	* Converts an OWASP DependencyCheck XML output to a Maven pom.xml
	*/
	public class Odc2mvn {

	public static void main(String... args) {
	try {
	if (args.length != 1) {
	System.err.println("Usage: java " + Odc2mvn.class.getName() + " <OWASP-DependencyCheck-output.xml>");
	} else {
	DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
	dbf.setAttribute("http://apache.org/xml/features/disallow-doctype-decl", true);
	Document odp = dbf.newDocumentBuilder().parse(new File(args[0]));

	XPathExpression xp = XPathFactory.newInstance().newXPath().compile("/analysis/dependencies/dependency/identifiers/package[@confidence='HIGH']/id/text()");
	NodeList nl = (NodeList) xp.evaluate(odp, XPathConstants.NODESET);

	System.out.println("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
	"<project xmlns=\"http://maven.apache.org/POM/4.0.0\"\n" +
	" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n" +
	" xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\">\n" +
	"\t<modelVersion>4.0.0</modelVersion>\n" +
	"\t<groupId>com.github.pierre_ernst</groupId>\n" +
	"\t<version>1</version>\n" +
	"\t<artifactId>odc2mvn</artifactId>\n\t<dependencies>\n");

	for (int i = 0; i < nl.getLength(); i++) {
	String purl = nl.item(i).getTextContent();
	if (purl.startsWith("pkg:maven/")) {
	String mavenId = purl.substring(10);
	String v = mavenId.split("@")[1];
	String g = mavenId.split("@")[0].split("/")[0];
	String a = mavenId.split("@")[0].split("/")[1];
	System.out.println("\t\t<dependency>\n\t\t\t<groupId>" + g + "</groupId>\n\t\t\t<artifactId>" + a + "</artifactId>\n\t\t\t<version>" + v + "</version>\n\t\t</dependency>\n");
	}
	}

	System.out.println("\t</dependencies>\n</project>");
	}
	} catch (Exception ex) {
	ex.printStackTrace(System.err);
	}
	}
	}