From 44956bbe80eb3d84b49023a429a167cd160fff24 Mon Sep 17 00:00:00 2001
From: Andrew Leonard <anleonar@redhat.com>
Date: Mon, 2 Dec 2024 15:27:55 +0000
Subject: [PATCH] Initial CDXA support

Signed-off-by: Andrew Leonard <anleonar@redhat.com>
---
 .github/linters/.gitleaks.toml                |  5 ++++
 cyclonedx-lib/build.xml                       |  7 ++++-
 .../dependency_data.properties                | 26 +++++++++----------
 3 files changed, 24 insertions(+), 14 deletions(-)
 create mode 100644 .github/linters/.gitleaks.toml

diff --git a/.github/linters/.gitleaks.toml b/.github/linters/.gitleaks.toml
new file mode 100644
index 000000000..6012aaeb6
--- /dev/null
+++ b/.github/linters/.gitleaks.toml
@@ -0,0 +1,5 @@
+title = "gitleaks config"
+[allowlist]
+files = [
+    "cyclonedx-lib/dependency_data/dependency_data.properties"
+]
diff --git a/cyclonedx-lib/build.xml b/cyclonedx-lib/build.xml
index f4e11f65c..11d2a937b 100644
--- a/cyclonedx-lib/build.xml
+++ b/cyclonedx-lib/build.xml
@@ -855,8 +855,13 @@
 
                         <!-- Use local cache if available, otherwise download -->
                         <copy verbose="true" file="${local.deps.cache.dir}/${@{component}.jar}" tofile="build/jar/@{component}.jar" if:true="${@{component}_cache_available}"/>
+                        <propertyregex property="@{component}_sha256"
+                            input="${@{component}.sha256}"
+                            regexp="([a-zA-Z0-9]+)\s.*"
+                            select="\1"
+                            casesensitive="false"/>
                         <download-file unless:true="${@{component}_cache_available}"
-				checksum="${@{component}.sha256}"
+				checksum="${@{component}_sha256}"
                                 destdir="build/jar"
 				destfile="@{component}.jar"
 				srcurl="${@{component}.url}"/>
diff --git a/cyclonedx-lib/dependency_data/dependency_data.properties b/cyclonedx-lib/dependency_data/dependency_data.properties
index 97635ff49..cb2d15487 100644
--- a/cyclonedx-lib/dependency_data/dependency_data.properties
+++ b/cyclonedx-lib/dependency_data/dependency_data.properties
@@ -16,43 +16,43 @@ maven.central.repo=https://repo1.maven.org/maven2
 
 # Component versions, SHAs and jar names
 commons-codec.version=1.17.1
-commons-codec.sha256=f9f6cb103f2ddc3c99a9d80ada2ae7bf0685111fd6bffccb72033d1da4e6ff23 #gitleaks:allow
+commons-codec.sha256=f9f6cb103f2ddc3c99a9d80ada2ae7bf0685111fd6bffccb72033d1da4e6ff23
 commons-codec.jar=commons-codec-${commons-codec.version}.jar
 commons-collections4.version=4.4
-commons-collections4.sha256=1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1 #gitleaks:allow
+commons-collections4.sha256=1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
 commons-collections4.jar=commons-collections4-${commons-collections4.version}.jar
 commons-lang3.version=3.17.0
-commons-lang3.sha256=6ee731df5c8e5a2976a1ca023b6bb320ea8d3539fbe64c8a1d5cb765127c33b4 #gitleaks:allow
+commons-lang3.sha256=6ee731df5c8e5a2976a1ca023b6bb320ea8d3539fbe64c8a1d5cb765127c33b4
 commons-lang3.jar=commons-lang3-${commons-lang3.version}.jar
 commons-io.version=2.16.1
-commons-io.sha256=f41f7baacd716896447ace9758621f62c1c6b0a91d89acee488da26fc477c84f #gitleaks:allow
+commons-io.sha256=f41f7baacd716896447ace9758621f62c1c6b0a91d89acee488da26fc477c84f
 commons-io.jar=commons-io-${commons-io.version}.jar
 cyclonedx-core-java.version=9.1.0
-cyclonedx-core-java.sha256=a911ee5e5ebdabc2b2c08d08f9c92c673c21965ee1b982f40fc166d80f1eb088 #gitleaks:allow
+cyclonedx-core-java.sha256=a911ee5e5ebdabc2b2c08d08f9c92c673c21965ee1b982f40fc166d80f1eb088
 cyclonedx-core-java.jar=cyclonedx-core-java-${cyclonedx-core-java.version}.jar
 github-package-url.version=1.5.0
-github-package-url.sha256=e45551727707acc0c56ac62d56964332ea0f138d6cc3656d988b9369150f5247 #gitleaks:allow
+github-package-url.sha256=e45551727707acc0c56ac62d56964332ea0f138d6cc3656d988b9369150f5247
 github-package-url.jar=packageurl-java-${github-package-url.version}.jar
 jackson-annotations.version=2.17.2
-jackson-annotations.sha256=873a606e23507969f9bbbea939d5e19274a88775ea5a169ba7e2d795aa5156e1 #gitleaks:allow
+jackson-annotations.sha256=873a606e23507969f9bbbea939d5e19274a88775ea5a169ba7e2d795aa5156e1
 jackson-annotations.jar=jackson-annotations-${jackson-annotations.version}.jar
 jackson-core.version=2.17.2
-jackson-core.sha256=721a189241dab0525d9e858e5cb604d3ecc0ede081e2de77d6f34fa5779a5b46 #gitleaks:allow
+jackson-core.sha256=721a189241dab0525d9e858e5cb604d3ecc0ede081e2de77d6f34fa5779a5b46
 jackson-core.jar=jackson-core-${jackson-core.version}.jar
 jackson-databind.version=2.17.2
-jackson-databind.sha256=c04993f33c0f845342653784f14f38373d005280e6359db5f808701cfae73c0c #gitleaks:allow
+jackson-databind.sha256=c04993f33c0f845342653784f14f38373d005280e6359db5f808701cfae73c0c
 jackson-databind.jar=jackson-databind-${jackson-databind.version}.jar
 jackson-dataformat-xml.version=2.17.2
-jackson-dataformat-xml.sha256=517add5f3848517894b319a93a7ebfc1c21737b2c17c9acccd38fea97d6adc6f #gitleaks:allow
+jackson-dataformat-xml.sha256=517add5f3848517894b319a93a7ebfc1c21737b2c17c9acccd38fea97d6adc6f
 jackson-dataformat-xml.jar=jackson-dataformat-xml-${jackson-dataformat-xml.version}.jar
 json-schema-validator.version=1.5.1
-json-schema-validator.sha256=de015f79d4a63d22c002bad76bb30c039cafa205465eef8770e2c6b85880ded7 #gitleaks:allow
+json-schema-validator.sha256=de015f79d4a63d22c002bad76bb30c039cafa205465eef8770e2c6b85880ded7
 json-schema-validator.jar=json-schema-validator-${json-schema-validator.version}.jar
 stax2-api.version=4.2.2
-stax2-api.sha256=a61c48d553efad78bc01fffc4ac528bebbae64cbaec170b2a5e39cf61eb51abe #gitleaks:allow
+stax2-api.sha256=a61c48d553efad78bc01fffc4ac528bebbae64cbaec170b2a5e39cf61eb51abe
 stax2-api.jar=stax2-api-${stax2-api.version}.jar
 woodstox-core.version=7.1.0
-woodstox-core.sha256=81266920a1cdc47306a8a2b4726c99ec89b3fbf31c2470e4f5e477d9d857ca9f #gitleaks:allow
+woodstox-core.sha256=81266920a1cdc47306a8a2b4726c99ec89b3fbf31c2470e4f5e477d9d857ca9f
 woodstox-core.jar=woodstox-core-${woodstox-core.version}.jar
 
 # Download URLs