From 69857f4633e6b17023472fd5d2e6cbf7d9b693e2 Mon Sep 17 00:00:00 2001 From: Kevin Conner Date: Wed, 15 Mar 2023 11:15:50 -0700 Subject: [PATCH] Remove code generating resolved PURLs, fixes #311 Signed-off-by: Kevin Conner --- .../cyclonedx/maven/BaseCycloneDxMojo.java | 10 +- .../maven/CycloneDxAggregateMojo.java | 6 +- .../org/cyclonedx/maven/CycloneDxMojo.java | 6 +- .../cyclonedx/maven/CycloneDxPackageMojo.java | 6 +- .../DefaultProjectDependenciesConverter.java | 80 ++++++------- .../maven/DelegatingRepositorySystem.java | 24 ++++ .../maven/ProjectDependenciesConverter.java | 31 +++--- .../org/cyclonedx/maven/Issue311Test.java | 105 ++++++++++++++++++ .../resources/issue-311/dependency/pom.xml | 17 +++ src/test/resources/issue-311/latest/pom.xml | 26 +++++ src/test/resources/issue-311/pom.xml | 54 +++++++++ src/test/resources/issue-311/release/pom.xml | 26 +++++ 12 files changed, 320 insertions(+), 71 deletions(-) create mode 100644 src/test/java/org/cyclonedx/maven/Issue311Test.java create mode 100644 src/test/resources/issue-311/dependency/pom.xml create mode 100644 src/test/resources/issue-311/latest/pom.xml create mode 100644 src/test/resources/issue-311/pom.xml create mode 100644 src/test/resources/issue-311/release/pom.xml diff --git a/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java b/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java index 70a68f85..4d8db94b 100644 --- a/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java +++ b/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java @@ -32,6 +32,7 @@ import org.cyclonedx.exception.GeneratorException; import org.cyclonedx.generators.json.BomJsonGenerator; import org.cyclonedx.generators.xml.BomXmlGenerator; +import org.cyclonedx.maven.ProjectDependenciesConverter.BomDependencies; import org.cyclonedx.model.Bom; import org.cyclonedx.model.Component; import org.cyclonedx.model.Dependency; @@ -356,7 +357,7 @@ private void saveBomToFile(String bomString, String extension, Parser bomParser) } } - protected Map extractBOMDependencies(MavenProject mavenProject) throws MojoExecutionException { + protected BomDependencies extractBOMDependencies(MavenProject mavenProject) throws MojoExecutionException { ProjectDependenciesConverter.MavenDependencyScopes include = new ProjectDependenciesConverter.MavenDependencyScopes(includeCompileScope, includeProvidedScope, includeRuntimeScope, includeTestScope, includeSystemScope); return projectDependenciesConverter.extractBOMDependencies(mavenProject, include, excludeTypes); } @@ -402,9 +403,10 @@ protected void logParameters() { } } - protected void populateComponents(final Set topLevelComponents, final Map components, final Set artifacts, final ProjectDependencyAnalysis dependencyAnalysis) { - for (Artifact artifact: artifacts) { - final String purl = generatePackageUrl(artifact); + protected void populateComponents(final Set topLevelComponents, final Map components, final Map artifacts, final ProjectDependencyAnalysis dependencyAnalysis) { + for (Map.Entry entry: artifacts.entrySet()) { + final String purl = entry.getKey(); + final Artifact artifact = entry.getValue(); final Component.Scope artifactScope = (dependencyAnalysis != null ? inferComponentScope(artifact, dependencyAnalysis) : null); final Component component = components.get(purl); if (component == null) { diff --git a/src/main/java/org/cyclonedx/maven/CycloneDxAggregateMojo.java b/src/main/java/org/cyclonedx/maven/CycloneDxAggregateMojo.java index 769c15b1..447ffefb 100644 --- a/src/main/java/org/cyclonedx/maven/CycloneDxAggregateMojo.java +++ b/src/main/java/org/cyclonedx/maven/CycloneDxAggregateMojo.java @@ -24,6 +24,7 @@ import org.apache.maven.plugins.annotations.Parameter; import org.apache.maven.plugins.annotations.ResolutionScope; import org.apache.maven.project.MavenProject; +import org.cyclonedx.maven.ProjectDependenciesConverter.BomDependencies; import org.cyclonedx.model.Component; import org.cyclonedx.model.Dependency; @@ -121,13 +122,14 @@ protected String extractComponentsAndDependencies(final Set topLevelComp continue; } - final Map projectDependencies = extractBOMDependencies(mavenProject); + final BomDependencies bomDependencies = extractBOMDependencies(mavenProject); + final Map projectDependencies = bomDependencies.getDependencies(); final Component projectBomComponent = convert(mavenProject.getArtifact()); components.put(projectBomComponent.getPurl(), projectBomComponent); topLevelComponents.add(projectBomComponent.getPurl()); - populateComponents(topLevelComponents, components, mavenProject.getArtifacts(), doProjectDependencyAnalysis(mavenProject)); + populateComponents(topLevelComponents, components, bomDependencies.getArtifacts(), doProjectDependencyAnalysis(mavenProject)); projectDependencies.forEach(dependencies::putIfAbsent); } diff --git a/src/main/java/org/cyclonedx/maven/CycloneDxMojo.java b/src/main/java/org/cyclonedx/maven/CycloneDxMojo.java index 84351ccf..463a0687 100644 --- a/src/main/java/org/cyclonedx/maven/CycloneDxMojo.java +++ b/src/main/java/org/cyclonedx/maven/CycloneDxMojo.java @@ -29,6 +29,7 @@ import org.apache.maven.shared.dependency.analyzer.ProjectDependencyAnalyzerException; import org.codehaus.plexus.PlexusContainer; import org.codehaus.plexus.component.repository.exception.ComponentLookupException; +import org.cyclonedx.maven.ProjectDependenciesConverter.BomDependencies; import org.cyclonedx.model.Component; import org.cyclonedx.model.Dependency; @@ -93,13 +94,14 @@ protected ProjectDependencyAnalysis doProjectDependencyAnalysis(MavenProject mav protected String extractComponentsAndDependencies(final Set topLevelComponents, final Map components, final Map dependencies) throws MojoExecutionException { getLog().info(MESSAGE_RESOLVING_DEPS); - final Map projectDependencies = extractBOMDependencies(getProject()); + final BomDependencies bomDependencies = extractBOMDependencies(getProject()); + final Map projectDependencies = bomDependencies.getDependencies(); final Component projectBomComponent = convert(getProject().getArtifact()); components.put(projectBomComponent.getPurl(), projectBomComponent); topLevelComponents.add(projectBomComponent.getPurl()); - populateComponents(topLevelComponents, components, getProject().getArtifacts(), doProjectDependencyAnalysis(getProject())); + populateComponents(topLevelComponents, components, bomDependencies.getArtifacts(), doProjectDependencyAnalysis(getProject())); projectDependencies.forEach(dependencies::putIfAbsent); diff --git a/src/main/java/org/cyclonedx/maven/CycloneDxPackageMojo.java b/src/main/java/org/cyclonedx/maven/CycloneDxPackageMojo.java index 075ae151..3dbb3182 100644 --- a/src/main/java/org/cyclonedx/maven/CycloneDxPackageMojo.java +++ b/src/main/java/org/cyclonedx/maven/CycloneDxPackageMojo.java @@ -24,6 +24,7 @@ import org.apache.maven.plugins.annotations.Parameter; import org.apache.maven.plugins.annotations.ResolutionScope; import org.apache.maven.project.MavenProject; +import org.cyclonedx.maven.ProjectDependenciesConverter.BomDependencies; import org.cyclonedx.model.Component; import org.cyclonedx.model.Dependency; @@ -64,13 +65,14 @@ protected String extractComponentsAndDependencies(Set topLevelComponents } getLog().info("Analyzing " + mavenProject.getArtifactId()); - final Map projectDependencies = extractBOMDependencies(mavenProject); + final BomDependencies bomDependencies = extractBOMDependencies(mavenProject); + final Map projectDependencies = bomDependencies.getDependencies(); final Component projectBomComponent = convert(mavenProject.getArtifact()); components.put(projectBomComponent.getPurl(), projectBomComponent); topLevelComponents.add(projectBomComponent.getPurl()); - populateComponents(topLevelComponents, components, mavenProject.getArtifacts(), null); + populateComponents(topLevelComponents, components, bomDependencies.getArtifacts(), null); projectDependencies.forEach(dependencies::putIfAbsent); } diff --git a/src/main/java/org/cyclonedx/maven/DefaultProjectDependenciesConverter.java b/src/main/java/org/cyclonedx/maven/DefaultProjectDependenciesConverter.java index c452bde0..d2db0e12 100644 --- a/src/main/java/org/cyclonedx/maven/DefaultProjectDependenciesConverter.java +++ b/src/main/java/org/cyclonedx/maven/DefaultProjectDependenciesConverter.java @@ -39,7 +39,6 @@ import org.slf4j.LoggerFactory; import java.util.Arrays; -import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.LinkedHashMap; @@ -66,19 +65,21 @@ public class DefaultProjectDependenciesConverter implements ProjectDependenciesC private MavenDependencyScopes include; @Override - public Map extractBOMDependencies(MavenProject mavenProject, MavenDependencyScopes include, String[] excludeTypes) throws MojoExecutionException { + public BomDependencies extractBOMDependencies(MavenProject mavenProject, MavenDependencyScopes include, String[] excludeTypes) throws MojoExecutionException { this.include = include; excludeTypesSet = new HashSet<>(Arrays.asList(excludeTypes)); final ProjectBuildingRequest buildingRequest = getProjectBuildingRequest(mavenProject); - final Map resolvedPUrls = generateResolvedPUrls(mavenProject); - final Map dependencies = new LinkedHashMap<>(); + final Map mavenArtifacts = new LinkedHashMap<>(); try { final DelegatingRepositorySystem delegateRepositorySystem = new DelegatingRepositorySystem(aetherRepositorySystem); final DependencyCollectorBuilder dependencyCollectorBuilder = new DefaultDependencyCollectorBuilder(delegateRepositorySystem); - dependencyCollectorBuilder.collectDependencyGraph(buildingRequest, null); + + final org.apache.maven.shared.dependency.graph.DependencyNode mavenRoot = dependencyCollectorBuilder.collectDependencyGraph(buildingRequest, null); + populateArtifactMap(mavenArtifacts, mavenRoot, false); + final CollectResult collectResult = delegateRepositorySystem.getCollectResult(); if (collectResult == null) { throw new MojoExecutionException("Failed to generate aether dependency graph"); @@ -86,16 +87,25 @@ public Map extractBOMDependencies(MavenProject mavenProject, final DependencyNode root = collectResult.getRoot(); // Generate the tree, removing excluded and filtered nodes - final Set loggedReplacementPUrls = new HashSet<>(); final Set loggedFilteredArtifacts = new HashSet<>(); - buildDependencyGraphNode(dependencies, root, null, null, resolvedPUrls, loggedReplacementPUrls, loggedFilteredArtifacts); + buildDependencyGraphNode(dependencies, root, null, null, loggedFilteredArtifacts); } catch (DependencyCollectorBuilderException e) { // When executing makeAggregateBom, some projects may not yet be built. Workaround is to warn on this // rather than throwing an exception https://github.com/CycloneDX/cyclonedx-maven-plugin/issues/55 logger.warn("An error occurred building dependency graph: " + e.getMessage()); } - return dependencies; + return new BomDependencies(dependencies, mavenArtifacts); + } + + private void populateArtifactMap(final Map artifactMap, final org.apache.maven.shared.dependency.graph.DependencyNode node, final boolean resolve) { + final Artifact artifact = node.getArtifact(); + final String purl = modelConverter.generatePackageUrl(artifact); + artifactMap.putIfAbsent(purl, artifact); + + for (org.apache.maven.shared.dependency.graph.DependencyNode child: node.getChildren()) { + populateArtifactMap(artifactMap, child, true); + } } private boolean isFilteredNode(final DependencyNode node, final Set loggedFilteredArtifacts) { @@ -129,10 +139,10 @@ private boolean isFilteredNode(final DependencyNode node, final Set logg scoped = Boolean.FALSE; } final boolean result = Boolean.FALSE.equals(scoped); - if (result) { + if (result && logger.isDebugEnabled()) { final String purl = modelConverter.generatePackageUrl(node.getArtifact()); final String key = purl + ":" + originalScope + ":" + node.getDependency().getScope(); - if (loggedFilteredArtifacts.add(key) && logger.isDebugEnabled()) { + if (loggedFilteredArtifacts.add(key)) { logger.debug("Filtering " + purl + " with original scope " + originalScope + " and scope " + node.getDependency().getScope()); } } @@ -145,9 +155,7 @@ private boolean isExcludedNode(final DependencyNode node) { } private void buildDependencyGraphNode(final Map dependencies, DependencyNode node, - final Dependency parent, final String parentClassifierlessPUrl, final Map resolvedPUrls, - final Set loggedReplacementPUrls, final Set loggedFilteredArtifacts) { - String purl = modelConverter.generatePackageUrl(node.getArtifact()); + final Dependency parent, final String parentClassifierlessPUrl, final Set loggedFilteredArtifacts) { if (isExcludedNode(node) || (parent != null && isFilteredNode(node, loggedFilteredArtifacts))) { return; @@ -157,50 +165,26 @@ private void buildDependencyGraphNode(final Map dependencies if (node.getChildren().isEmpty()) { final Map nodeData = node.getData(); final DependencyNode winner = (DependencyNode) nodeData.get(ConflictResolver.NODE_DATA_WINNER); - final String resolvedPurl = resolvedPUrls.get(modelConverter.generateVersionlessPackageUrl(node.getArtifact())); - if (!purl.equals(resolvedPurl)) { - if (!loggedReplacementPUrls.contains(purl)) { - if (logger.isDebugEnabled()) { - logger.debug("Replacing reference to " + purl + " with resolved package url " + resolvedPurl); - } - loggedReplacementPUrls.add(purl); - } - purl = resolvedPurl; - } if (winner != null) { node = winner; } } - Dependency topDependency = new Dependency(purl); - final Dependency origDependency = dependencies.putIfAbsent(purl, topDependency); - if (origDependency != null) { - topDependency = origDependency; - } - if (parent != null) { - parent.addDependency(new Dependency(purl)); - } - - final String nodeClassifierlessPUrl = modelConverter.generateClassifierlessPackageUrl(node.getArtifact()); - if (!nodeClassifierlessPUrl.equals(parentClassifierlessPUrl)) { - for (final DependencyNode childrenNode : node.getChildren()) { - buildDependencyGraphNode(dependencies, childrenNode, topDependency, nodeClassifierlessPUrl, resolvedPUrls, loggedReplacementPUrls, loggedFilteredArtifacts); + String purl = modelConverter.generatePackageUrl(node.getArtifact()); + if (!dependencies.containsKey(purl)) { + Dependency topDependency = new Dependency(purl); + dependencies.put(purl, topDependency); + final String nodeClassifierlessPUrl = modelConverter.generateClassifierlessPackageUrl(node.getArtifact()); + if (!nodeClassifierlessPUrl.equals(parentClassifierlessPUrl)) { + for (final DependencyNode childrenNode : node.getChildren()) { + buildDependencyGraphNode(dependencies, childrenNode, topDependency, nodeClassifierlessPUrl, loggedFilteredArtifacts); + } } } - } - /** - * Generate a map of versionless purls to their resolved versioned purl - * @return the map of versionless purls to resolved versioned purls - */ - private Map generateResolvedPUrls(final MavenProject mavenProject) { - final Map resolvedPUrls = new HashMap<>(); - final Artifact projectArtifact = mavenProject.getArtifact(); - resolvedPUrls.put(modelConverter.generateVersionlessPackageUrl(projectArtifact), modelConverter.generatePackageUrl(projectArtifact)); - for (Artifact artifact: mavenProject.getArtifacts()) { - resolvedPUrls.put(modelConverter.generateVersionlessPackageUrl(artifact), modelConverter.generatePackageUrl(artifact)); + if (parent != null) { + parent.addDependency(new Dependency(purl)); } - return resolvedPUrls; } /** diff --git a/src/main/java/org/cyclonedx/maven/DelegatingRepositorySystem.java b/src/main/java/org/cyclonedx/maven/DelegatingRepositorySystem.java index 3df550e7..ab2f1f47 100644 --- a/src/main/java/org/cyclonedx/maven/DelegatingRepositorySystem.java +++ b/src/main/java/org/cyclonedx/maven/DelegatingRepositorySystem.java @@ -12,6 +12,8 @@ import org.eclipse.aether.deployment.DeployRequest; import org.eclipse.aether.deployment.DeployResult; import org.eclipse.aether.deployment.DeploymentException; +import org.eclipse.aether.graph.DependencyNode; +import org.eclipse.aether.graph.DependencyVisitor; import org.eclipse.aether.installation.InstallRequest; import org.eclipse.aether.installation.InstallResult; import org.eclipse.aether.installation.InstallationException; @@ -35,6 +37,7 @@ import org.eclipse.aether.resolution.VersionRequest; import org.eclipse.aether.resolution.VersionResolutionException; import org.eclipse.aether.resolution.VersionResult; +import org.eclipse.aether.util.graph.visitor.TreeDependencyVisitor; /** * Maven Resolver (Aether) repository system that delegates to provided system, but keep tracks of @@ -58,6 +61,27 @@ public CollectResult getCollectResult() { public CollectResult collectDependencies(final RepositorySystemSession session, final CollectRequest request) throws DependencyCollectionException { collectResult = delegate.collectDependencies(session, request); + final DependencyNode root = collectResult.getRoot(); + root.accept(new TreeDependencyVisitor( new DependencyVisitor() + { + @Override + public boolean visitEnter(final DependencyNode node) + { + if (root != node) + try { + final ArtifactResult resolveArtifact = resolveArtifact(session, new ArtifactRequest(node)); + node.setArtifact(resolveArtifact.getArtifact()); + } catch (ArtifactResolutionException e) {} + return true; + } + + @Override + public boolean visitLeave(final DependencyNode dependencyNode) + { + return true; + } + } ) ); + return collectResult; } diff --git a/src/main/java/org/cyclonedx/maven/ProjectDependenciesConverter.java b/src/main/java/org/cyclonedx/maven/ProjectDependenciesConverter.java index 10568769..1fa0f53d 100644 --- a/src/main/java/org/cyclonedx/maven/ProjectDependenciesConverter.java +++ b/src/main/java/org/cyclonedx/maven/ProjectDependenciesConverter.java @@ -18,16 +18,13 @@ */ package org.cyclonedx.maven; -import org.apache.maven.artifact.resolver.filter.ArtifactFilter; -import org.apache.maven.artifact.resolver.filter.CumulativeScopeArtifactFilter; +import org.apache.maven.artifact.Artifact; import org.apache.maven.plugin.MojoExecutionException; import org.apache.maven.project.MavenProject; import org.cyclonedx.model.Component; import org.cyclonedx.model.Dependency; import org.cyclonedx.model.Metadata; -import java.util.Collection; -import java.util.HashSet; import java.util.Map; /** @@ -36,7 +33,7 @@ */ public interface ProjectDependenciesConverter { - Map extractBOMDependencies(MavenProject mavenProject, MavenDependencyScopes include, String[] excludes) throws MojoExecutionException; + BomDependencies extractBOMDependencies(MavenProject mavenProject, MavenDependencyScopes include, String[] excludes) throws MojoExecutionException; /** * Check consistency between BOM components and BOM dependencies, and cleanup: drop components found while walking the @@ -58,15 +55,23 @@ public MavenDependencyScopes(boolean compile, boolean provided, boolean runtime, this.test = test; this.system = system; } + } + + public static class BomDependencies { + private final Map dependencies; + private final Map artifacts; + + public BomDependencies(final Map dependencies, final Map artifacts) { + this.dependencies = dependencies; + this.artifacts = artifacts; + } + + public final Map getDependencies() { + return dependencies; + } - public ArtifactFilter getArtifactFilter() { - final Collection scope = new HashSet<>(); - if (compile) scope.add("compile"); - if (provided) scope.add("provided"); - if (runtime) scope.add("runtime"); - if (system) scope.add("system"); - if (test) scope.add("test"); - return new CumulativeScopeArtifactFilter(scope); + public final Map getArtifacts() { + return artifacts; } } } diff --git a/src/test/java/org/cyclonedx/maven/Issue311Test.java b/src/test/java/org/cyclonedx/maven/Issue311Test.java new file mode 100644 index 00000000..d72e9ff7 --- /dev/null +++ b/src/test/java/org/cyclonedx/maven/Issue311Test.java @@ -0,0 +1,105 @@ +package org.cyclonedx.maven; + +import java.io.File; +import java.util.Set; + +import static org.cyclonedx.maven.TestUtils.getComponentNode; +import static org.cyclonedx.maven.TestUtils.getDependencyNode; +import static org.cyclonedx.maven.TestUtils.getDependencyReferences; +import static org.cyclonedx.maven.TestUtils.readXML; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.w3c.dom.Document; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import io.takari.maven.testing.executor.MavenRuntime.MavenRuntimeBuilder; +import io.takari.maven.testing.executor.MavenVersions; +import io.takari.maven.testing.executor.junit.MavenJUnitTestRunner; + +/** + * test for https://github.com/CycloneDX/cyclonedx-maven-plugin/issues/311 + */ +@RunWith(MavenJUnitTestRunner.class) +@MavenVersions({"3.6.3"}) +public class Issue311Test extends BaseMavenVerifier { + + private static final String ISSUE311_LATEST = "pkg:maven/com.example/issue311_latest@1.0.0?type=jar"; + private static final String ISSUE311_RELEASE = "pkg:maven/com.example/issue311_release@1.0.0?type=jar"; + private static final String ISSUE311_DEPENDENCY = "pkg:maven/com.example/issue311_dependency@1.0.0?type=jar"; + + public Issue311Test(MavenRuntimeBuilder runtimeBuilder) throws Exception { + super(runtimeBuilder); + } + + @Test + public void testLatestAndRelease() throws Exception { + final File projDir = mvnBuild("issue-311", new String[]{"clean", "install"}, null, null); + + checkLatest(projDir); + checkRelease(projDir); + } + + private void checkLatest(final File projDir) throws Exception { + final Document bom = readXML(new File(projDir, "latest/target/bom.xml")); + + final NodeList componentsList = bom.getElementsByTagName("components"); + assertEquals("Expected a single components element", 1, componentsList.getLength()); + final Node components = componentsList.item(0); + + final NodeList dependenciesList = bom.getElementsByTagName("dependencies"); + assertEquals("Expected a single dependencies element", 1, dependenciesList.getLength()); + final Node dependencies = dependenciesList.item(0); + + // BOM should contain a component for pkg:maven/com.example/issue311_dependency@1.0.0?type=jar + final Node dependencyNode = getComponentNode(components, ISSUE311_DEPENDENCY); + assertNotNull("Missing issue311_dependency component", dependencyNode); + + /* + + + + + */ + final Node latestDependencyNode = getDependencyNode(dependencies, ISSUE311_LATEST); + assertNotNull("Missing issue311_latest dependency", latestDependencyNode); + + Set latestDependencies = getDependencyReferences(latestDependencyNode); + assertEquals("Invalid dependency count for shared_type_dependency1", 1, latestDependencies.size()); + assertTrue("Missing shared_type_dependency2 dependency for shared_type_dependency1", latestDependencies.contains(ISSUE311_DEPENDENCY)); + } + + private void checkRelease(final File projDir) throws Exception { + final Document bom = readXML(new File(projDir, "release/target/bom.xml")); + + final NodeList componentsList = bom.getElementsByTagName("components"); + assertEquals("Expected a single components element", 1, componentsList.getLength()); + final Node components = componentsList.item(0); + + final NodeList dependenciesList = bom.getElementsByTagName("dependencies"); + assertEquals("Expected a single dependencies element", 1, dependenciesList.getLength()); + final Node dependencies = dependenciesList.item(0); + + // BOM should contain a component for pkg:maven/com.example/issue311_dependency@1.0.0?type=jar + final Node dependencyNode = getComponentNode(components, ISSUE311_DEPENDENCY); + assertNotNull("Missing issue311_dependency component", dependencyNode); + + /* + + + + + */ + final Node releaseDependencyNode = getDependencyNode(dependencies, ISSUE311_RELEASE); + assertNotNull("Missing issue311_release dependency", releaseDependencyNode); + + Set releaseDependencies = getDependencyReferences(releaseDependencyNode); + assertEquals("Invalid dependency count for shared_type_dependency1", 1, releaseDependencies.size()); + assertTrue("Missing shared_type_dependency2 dependency for shared_type_dependency1", releaseDependencies.contains(ISSUE311_DEPENDENCY)); + } +} diff --git a/src/test/resources/issue-311/dependency/pom.xml b/src/test/resources/issue-311/dependency/pom.xml new file mode 100644 index 00000000..9630a614 --- /dev/null +++ b/src/test/resources/issue-311/dependency/pom.xml @@ -0,0 +1,17 @@ + + + + 4.0.0 + + + com.example + issue311_parent + 1.0.0 + + + issue311_dependency + + Dependency + diff --git a/src/test/resources/issue-311/latest/pom.xml b/src/test/resources/issue-311/latest/pom.xml new file mode 100644 index 00000000..67dbefdc --- /dev/null +++ b/src/test/resources/issue-311/latest/pom.xml @@ -0,0 +1,26 @@ + + + + 4.0.0 + + + com.example + issue311_parent + 1.0.0 + + + issue311_latest + + Issue311 Latest + + + + com.example + issue311_dependency + LATEST + compile + + + diff --git a/src/test/resources/issue-311/pom.xml b/src/test/resources/issue-311/pom.xml new file mode 100644 index 00000000..c5be9267 --- /dev/null +++ b/src/test/resources/issue-311/pom.xml @@ -0,0 +1,54 @@ + + + + 4.0.0 + + com.example + issue311_parent + pom + 1.0.0 + + BOM Dependencies tests Parent + + + dependency + latest + release + + + + + + org.cyclonedx + cyclonedx-maven-plugin + ${current.version} + + + package + + makeBom + + + + + library + 1.3 + true + true + false + false + false + false + false + xml + + + + + + + UTF-8 + + diff --git a/src/test/resources/issue-311/release/pom.xml b/src/test/resources/issue-311/release/pom.xml new file mode 100644 index 00000000..773561c7 --- /dev/null +++ b/src/test/resources/issue-311/release/pom.xml @@ -0,0 +1,26 @@ + + + + 4.0.0 + + + com.example + issue311_parent + 1.0.0 + + + issue311_release + + Issue311 Release + + + + com.example + issue311_dependency + RELEASE + compile + + +