Refactor package-dependencies tool to support customizable library counting

- Modified the PackageDependencyExtractor class to allow dynamic specification of libraries to count, enhancing flexibility.
- Updated the logic for counting library occurrences to utilize a more generic approach, accommodating any specified libraries.
- Enhanced the Markdown output and console logging to reflect the new customizable library counts.
- Revised README.md to document the new `--libraries` option for users.
- Added a sample JSONL file for testing and updated tests to validate the new functionality.

Author: fortran01

README.md

@@ -16,7 +16,7 @@ The input JSONL files are typically generated from Jarviz-lib static analysis of
 - Generate statistics about dependencies
 - View the most depended-upon classes
 - Extract and analyze package dependencies
-- Count instances of specific libraries (struts, commons, log4j, cryptix) in dependencies
+- Count instances of specific libraries (struts, commons, log4j, cryptix) in dependencies, customizable via `--libraries` option
 
 ## Installation
 
@@ -58,15 +58,16 @@ The package dependencies extractor tool generates a Markdown report of all base
 
 ```bash
 # When installed locally
-npx ts-node package-dependencies.ts <jsonl-file-path> [--output <output-file-path>]
+npx ts-node package-dependencies.ts <jsonl-file-path> [--output <output-file-path>] [--libraries <libraries>]
 
 # When installed globally
-java-dependency-mapper <jsonl-file-path> [--output <output-file-path>]
+java-dependency-mapper <jsonl-file-path> [--output <output-file-path>] [--libraries <libraries>]
 ```
 
 Where:
 - `<jsonl-file-path>` is the path to the JSONL file containing dependency data (required)
 - `--output` or `-o` followed by path where the Markdown output will be written (optional, defaults to `package-dependencies.md`)
+- `--libraries` or `-l` followed by a comma-separated list of libraries to count in dependencies (optional, defaults to `struts,commons,log4j,cryptix`)
 
 Example usage:
 ```bash
@@ -81,6 +82,12 @@ java-dependency-mapper sample-dependencies.jsonl --output reports/packages.md
 
 # Using shorthand parameter
 java-dependency-mapper sample-dependencies.jsonl -o custom-output.md
+
+# Specify custom libraries to count
+java-dependency-mapper sample-dependencies.jsonl --libraries "spring,hibernate,jetty"
+
+# Using shorthand parameter for libraries
+java-dependency-mapper sample-dependencies.jsonl -l "log4j,slf4j,logback"
 ```
 
 ## Development
@@ -166,10 +173,9 @@ No cycles found.
 The package dependencies extractor generates a Markdown file with the following sections:
 
 1. **Specific Library Counts**: Tracks the number of dependencies where the targetClass contains specific libraries:
-   - Struts
-   - Commons
-   - Log4j
-   - Cryptix
+   - By default: Struts, Commons, Log4j, Cryptix
+   - Customizable via the `--libraries` option
+   
    This helps identify and quantify vulnerability exposure if any of these libraries have security issues.
 
 2. **Base Packages**: A list of all base packages used by the project, grouped by:

package-dependencies.ts

@@ -26,10 +26,7 @@ interface PackageInfo {
 
 // Interface for tracking specific library counts
 interface LibraryCounts {
-    struts: number;
-    commons: number;
-    log4j: number;
-    cryptix: number;
+    [key: string]: number;
 }
 
 class PackageDependencyExtractor {
@@ -38,12 +35,20 @@ class PackageDependencyExtractor {
     private artifactMap: Map<string, Set<string>> = new Map();
     private basePackageDependencyMap: Map<string, Set<string>> = new Map();
     // Add property to track library counts
-    private libraryCounts: LibraryCounts = {
-        struts: 0,
-        commons: 0,
-        log4j: 0,
-        cryptix: 0
-    };
+    private libraryCounts: LibraryCounts = {};
+    private librariesToCount: string[] = ['struts', 'commons', 'log4j', 'cryptix']; // Default libraries
+
+    // Constructor that allows setting libraries to count
+    constructor(librariesToCount?: string) {
+        if (librariesToCount) {
+            this.librariesToCount = librariesToCount.split(',').map(lib => lib.trim().toLowerCase());
+        }
+        
+        // Initialize counter for each library
+        this.librariesToCount.forEach(lib => {
+            this.libraryCounts[lib] = 0;
+        });
+    }
 
     async parseJsonlFile(filePath: string): Promise<void> {
         const fileStream = fs.createReadStream(filePath);
@@ -105,19 +110,14 @@ class PackageDependencyExtractor {
 
     // Method to count instances of specific libraries
     private countSpecificLibraries(targetClass: string): void {
-        // Check for each specific library in the targetClass
-        if (targetClass.toLowerCase().includes('struts')) {
-            this.libraryCounts.struts++;
-        }
-        if (targetClass.toLowerCase().includes('commons')) {
-            this.libraryCounts.commons++;
-        }
-        if (targetClass.toLowerCase().includes('log4j')) {
-            this.libraryCounts.log4j++;
-        }
-        if (targetClass.toLowerCase().includes('cryptix')) {
-            this.libraryCounts.cryptix++;
-        }
+        const lcTargetClass = targetClass.toLowerCase();
+        
+        // Check for each library in the target class
+        this.librariesToCount.forEach(library => {
+            if (lcTargetClass.includes(library)) {
+                this.libraryCounts[library]++;
+            }
+        });
     }
 
     private getPackageName(className: string): string {
@@ -226,10 +226,12 @@ class PackageDependencyExtractor {
         markdownContent += 'These counts represent the number of dependencies where the `targetClass` field in the JSONL data contains each specific library name. This helps quantify how many times your application code depends on classes from these libraries, which is useful for identifying vulnerability exposure.\n\n';
         markdownContent += '| Library | Count |\n';
         markdownContent += '|---------|-------|\n';
-        markdownContent += `| Struts | ${this.libraryCounts.struts} |\n`;
-        markdownContent += `| Commons | ${this.libraryCounts.commons} |\n`;
-        markdownContent += `| Log4j | ${this.libraryCounts.log4j} |\n`;
-        markdownContent += `| Cryptix | ${this.libraryCounts.cryptix} |\n\n`;
+        
+        // Display counts for each library dynamically
+        Object.keys(this.libraryCounts).forEach(library => {
+            markdownContent += `| ${library.charAt(0).toUpperCase() + library.slice(1)} | ${this.libraryCounts[library]} |\n`;
+        });
+        markdownContent += '\n';
 
         // List all base packages
         markdownContent += '## Base Packages\n\n';
@@ -326,16 +328,20 @@ class PackageDependencyExtractor {
 
         // Log the library counts to console
         console.log('\nSpecific Library Counts:');
-        console.log(`- Struts: ${this.libraryCounts.struts}`);
-        console.log(`- Commons: ${this.libraryCounts.commons}`);
-        console.log(`- Log4j: ${this.libraryCounts.log4j}`);
-        console.log(`- Cryptix: ${this.libraryCounts.cryptix}`);
+        Object.keys(this.libraryCounts).forEach(library => {
+            console.log(`- ${library.charAt(0).toUpperCase() + library.slice(1)}: ${this.libraryCounts[library]}`);
+        });
     }
 
     // Getter for library counts (useful for testing)
     getLibraryCounts(): LibraryCounts {
         return this.libraryCounts;
     }
+
+    // Getter for libraries being counted
+    getLibrariesToCount(): string[] {
+        return [...this.librariesToCount];
+    }
 }
 
 async function main() {
@@ -344,6 +350,7 @@ async function main() {
 
 Options:
   --output, -o <file>  Specify output file path (default: package-dependencies.md)
+  --libraries, -l <libs>  Comma-separated list of libraries to count (default: struts,commons,log4j,cryptix)
   --help, -h           Display this help information
 `;
 
@@ -366,6 +373,7 @@ Options:
     // Parse command line arguments
     let jsonlFilePath = '';
     let outputFilePath = 'package-dependencies.md'; // Default output path
+    let librariesToCount = ''; // Default is undefined, will use defaults in the constructor
 
     for (let i = 0; i < args.length; i++) {
         if (args[i] === '--output' || args[i] === '-o') {
@@ -377,6 +385,15 @@ Options:
                 console.error(usage);
                 process.exit(1);
             }
+        } else if (args[i] === '--libraries' || args[i] === '-l') {
+            if (i + 1 < args.length) {
+                librariesToCount = args[i + 1];
+                i++; // Skip the next argument as we've already processed it
+            } else {
+                console.error('Error: Missing value for --libraries parameter');
+                console.error(usage);
+                process.exit(1);
+            }
         } else if (!jsonlFilePath) {
             // The first non-flag argument is the input file
             jsonlFilePath = args[i];
@@ -411,13 +428,24 @@ Options:
         }
     }
 
-    const extractor = new PackageDependencyExtractor();
+    // Create extractor with libraries to count (if specified)
+    const extractor = new PackageDependencyExtractor(librariesToCount);
 
     console.log(`Parsing dependencies from ${jsonlFilePath}...`);
     await extractor.parseJsonlFile(jsonlFilePath);
 
     console.log(`Generating Markdown output to ${outputFilePath}...`);
     extractor.generateMarkdownOutput(outputFilePath);
+    
+    // Log which libraries were counted
+    console.log(`\nCounted the following libraries: ${extractor.getLibrariesToCount().join(', ')}`);
+    
+    // Log the library counts to console
+    console.log('\nSpecific Library Counts:');
+    const libraryCounts = extractor.getLibraryCounts();
+    Object.keys(libraryCounts).forEach(library => {
+        console.log(`- ${library.charAt(0).toUpperCase() + library.slice(1)}: ${libraryCounts[library]}`);
+    });
 }
 
 main().catch(error => console.error('Error:', error)); 

sample-test.jsonl

@@ -0,0 +1,6 @@
+{"appSetName":"SampleApp","applicationName":"SampleApp","artifactFileName":"sampleEJB-1.0.0.jar","artifactId":"sampleEJB","artifactGroup":"com.example.sample","artifactVersion":"1.0.0","sourceClass":"com.example.sample.component.servicelocator.ejb.ServiceLocator","sourceMethod":"<init>","targetClass":"org.apache.struts.actions.Action","targetMethod":"<init>"}
+{"appSetName":"SampleApp","applicationName":"SampleApp","artifactFileName":"sampleEJB-1.0.0.jar","artifactId":"sampleEJB","artifactGroup":"com.example.sample","artifactVersion":"1.0.0","sourceClass":"com.example.sample.component.servicelocator.ejb.ServiceLocator","sourceMethod":"<init>","targetClass":"org.apache.commons.lang.StringUtils","targetMethod":"<init>"}
+{"appSetName":"SampleApp","applicationName":"SampleApp","artifactFileName":"sampleEJB-1.0.0.jar","artifactId":"sampleEJB","artifactGroup":"com.example.sample","artifactVersion":"1.0.0","sourceClass":"com.example.sample.component.servicelocator.ejb.ServiceLocator","sourceMethod":"getBoolean","targetClass":"org.apache.log4j.Logger","targetMethod":"<init>"}
+{"appSetName":"SampleApp","applicationName":"SampleApp","artifactFileName":"sampleEJB-1.0.0.jar","artifactId":"sampleEJB","artifactGroup":"com.example.sample","artifactVersion":"1.0.0","sourceClass":"com.example.sample.component.servicelocator.ejb.ServiceLocator","sourceMethod":"getBoolean","targetClass":"cryptix.provider.Cipher","targetMethod":"booleanValue"}
+{"appSetName":"SampleApp","applicationName":"SampleApp","artifactFileName":"sampleEJB-1.0.0.jar","artifactId":"sampleEJB","artifactGroup":"com.example.sample","artifactVersion":"1.0.0","sourceClass":"com.example.sample.component.servicelocator.ejb.ServiceLocator","sourceMethod":"getDataSource","targetClass":"org.springframework.context.ApplicationContext","targetMethod":"<init>"}
+{"appSetName":"SampleApp","applicationName":"SampleApp","artifactFileName":"sampleEJB-1.0.0.jar","artifactId":"sampleEJB","artifactGroup":"com.example.sample","artifactVersion":"1.0.0","sourceClass":"com.example.sample.component.servicelocator.ejb.ServiceLocator","sourceMethod":"getLocalHome","targetClass":"org.hibernate.Session","targetMethod":"<init>"} 

test-output.md

@@ -2,11 +2,24 @@
 
 This document lists all base packages that the project depends on.
 
+## Specific Library Counts
+
+These counts represent the number of dependencies where the `targetClass` field in the JSONL data contains each specific library name. This helps quantify how many times your application code depends on classes from these libraries, which is useful for identifying vulnerability exposure.
+
+| Library | Count |
+|---------|-------|
+| Spring | 1 |
+| Hibernate | 1 |
+| Jetty | 0 |
+
 ## Base Packages
 
 ### External Dependencies
 
-- `java.lang`
+- `cryptix.provider`
+- `org.apache`
+- `org.hibernate`
+- `org.springframework`
 
 ### Internal Packages
 
@@ -15,30 +28,67 @@ This document lists all base packages that the project depends on.
 ## Dependency Relationships
 
 - `com.example` depends on:
-  - `java.lang`
+  - `cryptix.provider`
+  - `org.apache`
+  - `org.hibernate`
+  - `org.springframework`
 
 ## Package Details
 
 ### `com.example`
 
 - **Type**: Internal Package
-- **Sub-packages**: 2
-- **Classes**: 2
-- **Dependencies**: `java.lang`
+- **Sub-packages**: 1
+- **Classes**: 1
+- **Dependencies**: `org.apache`, `cryptix.provider`, `org.springframework`, `org.hibernate`
 
 Includes these sub-packages:
 
-- `com.example.sample.component.servicelocator`
 - `com.example.sample.component.servicelocator.ejb`
 
-### `java.lang`
+### `cryptix.provider`
+
+- **Type**: External Dependency
+- **Sub-packages**: 1
+- **Classes**: 1
+- **Dependencies**: None
+
+Includes these sub-packages:
+
+- `cryptix.provider`
+
+### `org.apache`
+
+- **Type**: External Dependency
+- **Sub-packages**: 3
+- **Classes**: 3
+- **Dependencies**: None
+
+Includes these sub-packages:
+
+- `org.apache.commons.lang`
+- `org.apache.log4j`
+- `org.apache.struts.actions`
+
+### `org.hibernate`
+
+- **Type**: External Dependency
+- **Sub-packages**: 1
+- **Classes**: 1
+- **Dependencies**: None
+
+Includes these sub-packages:
+
+- `org.hibernate`
+
+### `org.springframework`
 
 - **Type**: External Dependency
 - **Sub-packages**: 1
-- **Classes**: 2
+- **Classes**: 1
 - **Dependencies**: None
 
 Includes these sub-packages:
 
-- `java.lang`
+- `org.springframework.context`