maven依赖查找小工具

0.背景

对于项目中引入的依赖,我们可以使用依赖树去分析,查找某个依赖是哪里引入的,但是若是给一份依赖的名单,如何能快速查找那些依赖不在名单呢?一个一个去搜索肯定效率低下。
尤其产品安全较为严格的项目,每个引入的依赖都是严格限制的,开源软件使用需要申请并分析安全漏洞,版本升级需要重新申请,那么发布的时候如何知道我所使用的就是申请的那些呢?

1.解决办法

首先使用命令将依赖打印到文件中

mvn dependency:tree > /tmp/tree.txt

例如一个这样的依赖树

[INFO] Scanning for projects...
[INFO] 
[INFO] --------------------< org.advance.pratice:datamask >--------------------
[INFO] Building datamask 1.0-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ datamask ---
[INFO] org.advance.pratice:datamask:jar:1.0-SNAPSHOT
[INFO] +- org.springframework.boot:spring-boot-starter-web:jar:2.2.5.RELEASE:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter:jar:2.2.5.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot:jar:2.2.5.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot-autoconfigure:jar:2.2.5.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot-starter-logging:jar:2.2.5.RELEASE:compile
[INFO] |  |  |  +- ch.qos.logback:logback-classic:jar:1.2.3:compile
[INFO] |  |  |  |  +- ch.qos.logback:logback-core:jar:1.2.3:compile
[INFO] |  |  |  |  \- org.slf4j:slf4j-api:jar:1.7.30:compile
[INFO] |  |  |  +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.12.1:compile
[INFO] |  |  |  |  \- org.apache.logging.log4j:log4j-api:jar:2.12.1:compile
[INFO] |  |  |  \- org.slf4j:jul-to-slf4j:jar:1.7.30:compile
[INFO] |  |  +- jakarta.annotation:jakarta.annotation-api:jar:1.3.5:compile
[INFO] |  |  +- org.springframework:spring-core:jar:5.2.4.RELEASE:compile
[INFO] |  |  |  \- org.springframework:spring-jcl:jar:5.2.4.RELEASE:compile
[INFO] |  |  \- org.yaml:snakeyaml:jar:1.25:runtime
[INFO] |  +- org.springframework.boot:spring-boot-starter-json:jar:2.2.5.RELEASE:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.10.2:compile
[INFO] |  |  |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.10.2:compile
[INFO] |  |  |  \- com.fasterxml.jackson.core:jackson-core:jar:2.10.2:compile
[INFO] |  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.10.2:compile
[INFO] |  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.10.2:compile
[INFO] |  |  \- com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.10.2:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter-tomcat:jar:2.2.5.RELEASE:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-core:jar:9.0.31:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-el:jar:9.0.31:compile
[INFO] |  |  \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:9.0.31:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter-validation:jar:2.2.5.RELEASE:compile
[INFO] |  |  +- jakarta.validation:jakarta.validation-api:jar:2.0.2:compile
[INFO] |  |  \- org.hibernate.validator:hibernate-validator:jar:6.0.18.Final:compile
[INFO] |  |     +- org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile
[INFO] |  |     \- com.fasterxml:classmate:jar:1.5.1:compile
[INFO] |  +- org.springframework:spring-web:jar:5.2.4.RELEASE:compile
[INFO] |  |  \- org.springframework:spring-beans:jar:5.2.4.RELEASE:compile
[INFO] |  \- org.springframework:spring-webmvc:jar:5.2.4.RELEASE:compile
[INFO] |     +- org.springframework:spring-aop:jar:5.2.4.RELEASE:compile
[INFO] |     +- org.springframework:spring-context:jar:5.2.4.RELEASE:compile
[INFO] |     \- org.springframework:spring-expression:jar:5.2.4.RELEASE:compile
[INFO] +- com.github.f-sunrise-q:advance-tool-datamask:jar:1.0.1-RELEASE:compile
[INFO] |  \- org.apache.commons:commons-lang3:jar:3.9:compile
[INFO] \- org.projectlombok:lombok:jar:1.18.12:provided
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3.519 s
[INFO] Finished at: 2020-10-31T21:48:33+08:00
[INFO] ------------------------------------------------------------------------

我的匹配名单为

spring-boot-starter-2.2.5.RELEASE.jar
spring-boot-starter-json-2.2.5.RELEASE.jar
spring-boot-starter-web-2.2.5.RELEASE.jar
spring-boot-2.2.5.RELEASE.jar
spring-boot-autoconfigure-2.2.5.RELEASE.jar
spring-boot-starter-logging-2.2.5.RELEASE.jar
logback-core-1.2.4.jar

凡是不在名单中的或者版本号不正确的都打印引入完整路径
定义树节点

import lombok.Data;

@Data
public class TreeNode {
    private String groupId;
    private String artifactId;
    private String version;
    private String scope;
    private TreeNode parent;
    private int length;
}

依赖树扫描工具:

import java.io.*;
import java.util.HashMap;
import java.util.Map;

public class TreeUtil {

    private static Map<String, String> dependencyMap = new HashMap<>();

    public static void main(String[] args) {

        String treePath = TreeUtil.class.getResource("/").getPath() + "dependency.txt";
        String targetPath = TreeUtil.class.getResource("/").getPath() + "tree.txt";
        BufferedReader br = null;
        BufferedReader target = null;
        try {
            br = new BufferedReader(new FileReader(treePath));
            String line = null;
            while ((line = br.readLine()) != null) {
                int index = line.lastIndexOf("-");
                String denpencyName = line.substring(0, index);
                String version = line.substring(index + 1);
                version = version.substring(0, version.indexOf(".jar"));
                dependencyMap.put(denpencyName, version);
            }

            target = new BufferedReader(new FileReader(targetPath));
            boolean isStart = false;
            boolean isFirst = false;
            TreeNode root = null;
            Map<Integer, TreeNode> map = new HashMap<>();
            while ((line = target.readLine()) != null) {
                if (line.contains("maven-dependency-plugin")) {
                    isFirst = true;
                    continue;
                }
                if (!line.startsWith("[INFO] ")) {
                    continue;
                }
                String temp = line.substring(line.indexOf("[INFO] ") + "[INFO] ".length());
                if (isFirst) {
                    root = parse2TreeNode(temp.trim());
                    root.setLength(0);
                    map.put(0, root);
                    isStart = true;
                    isFirst = false;
                    continue;
                }
                if (isStart) {
                    int length = 1;
                    while (temp.startsWith("|  ") || temp.startsWith("   ")) {
                        length++;
                        temp = temp.substring(3);
                    }
                    if (temp.startsWith("+-") || temp.startsWith("\\-")) {
                        temp = temp.substring(2);
                        TreeNode node = parse2TreeNode(temp.trim());
                        if (node == null) {
                            continue;
                        }
                        TreeNode parent = map.get(length - 1);
                        if (parent != null) {
                            node.setParent(parent);
                        }
                        map.put(length, node);

                        if (dependencyMap.containsKey(node.getArtifactId())) {
                            String version = dependencyMap.get(node.getArtifactId());
                            if (!version.equals(node.getVersion())) {
                                printNode(node);
                            }
                        } else {
                            printNode(node);
                        }
                    }
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            if (br != null) {
                try {
                    br.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
            if (target != null) {
                try {
                    target.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
        }
    }

    private static TreeNode parse2TreeNode(String line) {
        String[] temps = line.split(":");
        TreeNode node = new TreeNode();
        if (temps.length >= 4) {
            node.setGroupId(temps[0]);
            node.setArtifactId(temps[1]);
            node.setVersion(temps[3]);
            if (temps.length >= 5) {
                node.setScope(temps[4]);
            }
        } else {
            return null;
        }
        return node;
    }

    private static void printNode(TreeNode node) {
        String sb = node.getGroupId() + ":" + node.getArtifactId() + ":" + node.getVersion();
        while (node.getParent() != null) {
            node = node.getParent();
            sb = node.getGroupId() + ":" + node.getArtifactId() + ":" + node.getVersion() + "-->" + sb;
        }
        System.out.println(sb);
    }

}

中间使用一个map保存父节点,每次按照长度作为key put到map中,则同等长度会覆盖,按照length-1去找找到的一定是直接父级。
最终结果:

org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-logging:2.2.5.RELEASE-->ch.qos.logback:logback-classic:1.2.3
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-logging:2.2.5.RELEASE-->ch.qos.logback:logback-classic:1.2.3-->ch.qos.logback:logback-core:1.2.3
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-logging:2.2.5.RELEASE-->ch.qos.logback:logback-classic:1.2.3-->org.slf4j:slf4j-api:1.7.30
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-logging:2.2.5.RELEASE-->org.apache.logging.log4j:log4j-to-slf4j:2.12.1
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-logging:2.2.5.RELEASE-->org.apache.logging.log4j:log4j-to-slf4j:2.12.1-->org.apache.logging.log4j:log4j-api:2.12.1
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-logging:2.2.5.RELEASE-->org.slf4j:jul-to-slf4j:1.7.30
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->jakarta.annotation:jakarta.annotation-api:1.3.5
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->org.springframework:spring-core:5.2.4.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->org.springframework:spring-core:5.2.4.RELEASE-->org.springframework:spring-jcl:5.2.4.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->org.yaml:snakeyaml:1.25
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-json:2.2.5.RELEASE-->com.fasterxml.jackson.core:jackson-databind:2.10.2
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-json:2.2.5.RELEASE-->com.fasterxml.jackson.core:jackson-databind:2.10.2-->com.fasterxml.jackson.core:jackson-annotations:2.10.2
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-json:2.2.5.RELEASE-->com.fasterxml.jackson.core:jackson-databind:2.10.2-->com.fasterxml.jackson.core:jackson-core:2.10.2
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-json:2.2.5.RELEASE-->com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.10.2
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-json:2.2.5.RELEASE-->com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.10.2
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-json:2.2.5.RELEASE-->com.fasterxml.jackson.module:jackson-module-parameter-names:2.10.2
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-tomcat:2.2.5.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-tomcat:2.2.5.RELEASE-->org.apache.tomcat.embed:tomcat-embed-core:9.0.31
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-tomcat:2.2.5.RELEASE-->org.apache.tomcat.embed:tomcat-embed-el:9.0.31
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-tomcat:2.2.5.RELEASE-->org.apache.tomcat.embed:tomcat-embed-websocket:9.0.31
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-validation:2.2.5.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-validation:2.2.5.RELEASE-->jakarta.validation:jakarta.validation-api:2.0.2
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-validation:2.2.5.RELEASE-->org.hibernate.validator:hibernate-validator:6.0.18.Final
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-validation:2.2.5.RELEASE-->org.hibernate.validator:hibernate-validator:6.0.18.Final-->org.jboss.logging:jboss-logging:3.4.1.Final
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-validation:2.2.5.RELEASE-->org.hibernate.validator:hibernate-validator:6.0.18.Final-->com.fasterxml:classmate:1.5.1
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework:spring-web:5.2.4.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework:spring-web:5.2.4.RELEASE-->org.springframework:spring-beans:5.2.4.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework:spring-webmvc:5.2.4.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework:spring-webmvc:5.2.4.RELEASE-->org.springframework:spring-aop:5.2.4.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework:spring-webmvc:5.2.4.RELEASE-->org.springframework:spring-context:5.2.4.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework:spring-webmvc:5.2.4.RELEASE-->org.springframework:spring-expression:5.2.4.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->com.github.f-sunrise-q:advance-tool-datamask:1.0.1-RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->com.github.f-sunrise-q:advance-tool-datamask:1.0.1-RELEASE-->org.apache.commons:commons-lang3:3.9
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.projectlombok:lombok:1.18.12

你可能感兴趣的:(工具使用)