maven依赖查找小工具
0.背景
对于项目中引入的依赖,我们可以使用依赖树去分析,查找某个依赖是哪里引入的,但是若是给一份依赖的名单,如何能快速查找那些依赖不在名单呢?一个一个去搜索肯定效率低下。
尤其产品安全较为严格的项目,每个引入的依赖都是严格限制的,开源软件使用需要申请并分析安全漏洞,版本升级需要重新申请,那么发布的时候如何知道我所使用的就是申请的那些呢?
1.解决办法
首先使用命令将依赖打印到文件中
mvn dependency:tree > /tmp/tree.txt
例如一个这样的依赖树
[INFO] Scanning for projects...
[INFO]
[INFO] --------------------< org.advance.pratice:datamask >--------------------
[INFO] Building datamask 1.0-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ datamask ---
[INFO] org.advance.pratice:datamask:jar:1.0-SNAPSHOT
[INFO] +- org.springframework.boot:spring-boot-starter-web:jar:2.2.5.RELEASE:compile
[INFO] | +- org.springframework.boot:spring-boot-starter:jar:2.2.5.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot:jar:2.2.5.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot-autoconfigure:jar:2.2.5.RELEASE:compile
[INFO] | | +- org.springframework.boot:spring-boot-starter-logging:jar:2.2.5.RELEASE:compile
[INFO] | | | +- ch.qos.logback:logback-classic:jar:1.2.3:compile
[INFO] | | | | +- ch.qos.logback:logback-core:jar:1.2.3:compile
[INFO] | | | | \- org.slf4j:slf4j-api:jar:1.7.30:compile
[INFO] | | | +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.12.1:compile
[INFO] | | | | \- org.apache.logging.log4j:log4j-api:jar:2.12.1:compile
[INFO] | | | \- org.slf4j:jul-to-slf4j:jar:1.7.30:compile
[INFO] | | +- jakarta.annotation:jakarta.annotation-api:jar:1.3.5:compile
[INFO] | | +- org.springframework:spring-core:jar:5.2.4.RELEASE:compile
[INFO] | | | \- org.springframework:spring-jcl:jar:5.2.4.RELEASE:compile
[INFO] | | \- org.yaml:snakeyaml:jar:1.25:runtime
[INFO] | +- org.springframework.boot:spring-boot-starter-json:jar:2.2.5.RELEASE:compile
[INFO] | | +- com.fasterxml.jackson.core:jackson-databind:jar:2.10.2:compile
[INFO] | | | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.10.2:compile
[INFO] | | | \- com.fasterxml.jackson.core:jackson-core:jar:2.10.2:compile
[INFO] | | +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.10.2:compile
[INFO] | | +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.10.2:compile
[INFO] | | \- com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.10.2:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-tomcat:jar:2.2.5.RELEASE:compile
[INFO] | | +- org.apache.tomcat.embed:tomcat-embed-core:jar:9.0.31:compile
[INFO] | | +- org.apache.tomcat.embed:tomcat-embed-el:jar:9.0.31:compile
[INFO] | | \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:9.0.31:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-validation:jar:2.2.5.RELEASE:compile
[INFO] | | +- jakarta.validation:jakarta.validation-api:jar:2.0.2:compile
[INFO] | | \- org.hibernate.validator:hibernate-validator:jar:6.0.18.Final:compile
[INFO] | | +- org.jboss.logging:jboss-logging:jar:3.4.1.Final:compile
[INFO] | | \- com.fasterxml:classmate:jar:1.5.1:compile
[INFO] | +- org.springframework:spring-web:jar:5.2.4.RELEASE:compile
[INFO] | | \- org.springframework:spring-beans:jar:5.2.4.RELEASE:compile
[INFO] | \- org.springframework:spring-webmvc:jar:5.2.4.RELEASE:compile
[INFO] | +- org.springframework:spring-aop:jar:5.2.4.RELEASE:compile
[INFO] | +- org.springframework:spring-context:jar:5.2.4.RELEASE:compile
[INFO] | \- org.springframework:spring-expression:jar:5.2.4.RELEASE:compile
[INFO] +- com.github.f-sunrise-q:advance-tool-datamask:jar:1.0.1-RELEASE:compile
[INFO] | \- org.apache.commons:commons-lang3:jar:3.9:compile
[INFO] \- org.projectlombok:lombok:jar:1.18.12:provided
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3.519 s
[INFO] Finished at: 2020-10-31T21:48:33+08:00
[INFO] ------------------------------------------------------------------------
我的匹配名单为
spring-boot-starter-2.2.5.RELEASE.jar
spring-boot-starter-json-2.2.5.RELEASE.jar
spring-boot-starter-web-2.2.5.RELEASE.jar
spring-boot-2.2.5.RELEASE.jar
spring-boot-autoconfigure-2.2.5.RELEASE.jar
spring-boot-starter-logging-2.2.5.RELEASE.jar
logback-core-1.2.4.jar
凡是不在名单中的或者版本号不正确的都打印引入完整路径
定义树节点
import lombok.Data;
@Data
public class TreeNode {
private String groupId;
private String artifactId;
private String version;
private String scope;
private TreeNode parent;
private int length;
}
依赖树扫描工具:
import java.io.*;
import java.util.HashMap;
import java.util.Map;
public class TreeUtil {
private static Map<String, String> dependencyMap = new HashMap<>();
public static void main(String[] args) {
String treePath = TreeUtil.class.getResource("/").getPath() + "dependency.txt";
String targetPath = TreeUtil.class.getResource("/").getPath() + "tree.txt";
BufferedReader br = null;
BufferedReader target = null;
try {
br = new BufferedReader(new FileReader(treePath));
String line = null;
while ((line = br.readLine()) != null) {
int index = line.lastIndexOf("-");
String denpencyName = line.substring(0, index);
String version = line.substring(index + 1);
version = version.substring(0, version.indexOf(".jar"));
dependencyMap.put(denpencyName, version);
}
target = new BufferedReader(new FileReader(targetPath));
boolean isStart = false;
boolean isFirst = false;
TreeNode root = null;
Map<Integer, TreeNode> map = new HashMap<>();
while ((line = target.readLine()) != null) {
if (line.contains("maven-dependency-plugin")) {
isFirst = true;
continue;
}
if (!line.startsWith("[INFO] ")) {
continue;
}
String temp = line.substring(line.indexOf("[INFO] ") + "[INFO] ".length());
if (isFirst) {
root = parse2TreeNode(temp.trim());
root.setLength(0);
map.put(0, root);
isStart = true;
isFirst = false;
continue;
}
if (isStart) {
int length = 1;
while (temp.startsWith("| ") || temp.startsWith(" ")) {
length++;
temp = temp.substring(3);
}
if (temp.startsWith("+-") || temp.startsWith("\\-")) {
temp = temp.substring(2);
TreeNode node = parse2TreeNode(temp.trim());
if (node == null) {
continue;
}
TreeNode parent = map.get(length - 1);
if (parent != null) {
node.setParent(parent);
}
map.put(length, node);
if (dependencyMap.containsKey(node.getArtifactId())) {
String version = dependencyMap.get(node.getArtifactId());
if (!version.equals(node.getVersion())) {
printNode(node);
}
} else {
printNode(node);
}
}
}
}
} catch (Exception e) {
e.printStackTrace();
} finally {
if (br != null) {
try {
br.close();
} catch (IOException e) {
e.printStackTrace();
}
}
if (target != null) {
try {
target.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
private static TreeNode parse2TreeNode(String line) {
String[] temps = line.split(":");
TreeNode node = new TreeNode();
if (temps.length >= 4) {
node.setGroupId(temps[0]);
node.setArtifactId(temps[1]);
node.setVersion(temps[3]);
if (temps.length >= 5) {
node.setScope(temps[4]);
}
} else {
return null;
}
return node;
}
private static void printNode(TreeNode node) {
String sb = node.getGroupId() + ":" + node.getArtifactId() + ":" + node.getVersion();
while (node.getParent() != null) {
node = node.getParent();
sb = node.getGroupId() + ":" + node.getArtifactId() + ":" + node.getVersion() + "-->" + sb;
}
System.out.println(sb);
}
}
中间使用一个map保存父节点,每次按照长度作为key put到map中,则同等长度会覆盖,按照length-1去找找到的一定是直接父级。
最终结果:
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-logging:2.2.5.RELEASE-->ch.qos.logback:logback-classic:1.2.3
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-logging:2.2.5.RELEASE-->ch.qos.logback:logback-classic:1.2.3-->ch.qos.logback:logback-core:1.2.3
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-logging:2.2.5.RELEASE-->ch.qos.logback:logback-classic:1.2.3-->org.slf4j:slf4j-api:1.7.30
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-logging:2.2.5.RELEASE-->org.apache.logging.log4j:log4j-to-slf4j:2.12.1
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-logging:2.2.5.RELEASE-->org.apache.logging.log4j:log4j-to-slf4j:2.12.1-->org.apache.logging.log4j:log4j-api:2.12.1
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-logging:2.2.5.RELEASE-->org.slf4j:jul-to-slf4j:1.7.30
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->jakarta.annotation:jakarta.annotation-api:1.3.5
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->org.springframework:spring-core:5.2.4.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->org.springframework:spring-core:5.2.4.RELEASE-->org.springframework:spring-jcl:5.2.4.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter:2.2.5.RELEASE-->org.yaml:snakeyaml:1.25
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-json:2.2.5.RELEASE-->com.fasterxml.jackson.core:jackson-databind:2.10.2
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-json:2.2.5.RELEASE-->com.fasterxml.jackson.core:jackson-databind:2.10.2-->com.fasterxml.jackson.core:jackson-annotations:2.10.2
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-json:2.2.5.RELEASE-->com.fasterxml.jackson.core:jackson-databind:2.10.2-->com.fasterxml.jackson.core:jackson-core:2.10.2
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-json:2.2.5.RELEASE-->com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.10.2
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-json:2.2.5.RELEASE-->com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.10.2
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-json:2.2.5.RELEASE-->com.fasterxml.jackson.module:jackson-module-parameter-names:2.10.2
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-tomcat:2.2.5.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-tomcat:2.2.5.RELEASE-->org.apache.tomcat.embed:tomcat-embed-core:9.0.31
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-tomcat:2.2.5.RELEASE-->org.apache.tomcat.embed:tomcat-embed-el:9.0.31
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-tomcat:2.2.5.RELEASE-->org.apache.tomcat.embed:tomcat-embed-websocket:9.0.31
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-validation:2.2.5.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-validation:2.2.5.RELEASE-->jakarta.validation:jakarta.validation-api:2.0.2
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-validation:2.2.5.RELEASE-->org.hibernate.validator:hibernate-validator:6.0.18.Final
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-validation:2.2.5.RELEASE-->org.hibernate.validator:hibernate-validator:6.0.18.Final-->org.jboss.logging:jboss-logging:3.4.1.Final
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework.boot:spring-boot-starter-validation:2.2.5.RELEASE-->org.hibernate.validator:hibernate-validator:6.0.18.Final-->com.fasterxml:classmate:1.5.1
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework:spring-web:5.2.4.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework:spring-web:5.2.4.RELEASE-->org.springframework:spring-beans:5.2.4.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework:spring-webmvc:5.2.4.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework:spring-webmvc:5.2.4.RELEASE-->org.springframework:spring-aop:5.2.4.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework:spring-webmvc:5.2.4.RELEASE-->org.springframework:spring-context:5.2.4.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.springframework.boot:spring-boot-starter-web:2.2.5.RELEASE-->org.springframework:spring-webmvc:5.2.4.RELEASE-->org.springframework:spring-expression:5.2.4.RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->com.github.f-sunrise-q:advance-tool-datamask:1.0.1-RELEASE
org.advance.pratice:datamask:1.0-SNAPSHOT-->com.github.f-sunrise-q:advance-tool-datamask:1.0.1-RELEASE-->org.apache.commons:commons-lang3:3.9
org.advance.pratice:datamask:1.0-SNAPSHOT-->org.projectlombok:lombok:1.18.12