Trustification pr

src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java

@@ -271,6 +271,7 @@ private void generateBom(Set<Component> components, Set<Dependency> dependencies
             bom.setComponents(new ArrayList<>(components));
             if (schemaVersion().getVersion() >= 1.2 && dependencies != null && !dependencies.isEmpty()) {
                 bom.setDependencies(new ArrayList<>(dependencies));
+                validateBomDependencies(bom);
             }
             if (schemaVersion().getVersion() >= 1.3) {
                 //if (excludeArtifactId != null && excludeTypes.length > 0) { // TODO
@@ -299,7 +300,6 @@ private void generateBom(Set<Component> components, Set<Dependency> dependencies
 
     private void saveBom(Bom bom) throws ParserConfigurationException, IOException, GeneratorException,
             MojoExecutionException {
-        validateBom(bom);
         if (outputFormat.trim().equalsIgnoreCase("all") || outputFormat.trim().equalsIgnoreCase("xml")) {
             final BomXmlGenerator bomGenerator = BomGeneratorFactory.createXml(schemaVersion(), bom);
             bomGenerator.generate();
@@ -330,7 +330,7 @@ private void saveBomToFile(String bomString, String extension, Parser bomParser)
         }
     }
 
-    private void validateBom(final Bom bom) {
+    private void validateBomDependencies(final Bom bom) {
         final Map<String, Component> components = new HashMap<>();
         components.put(bom.getMetadata().getComponent().getBomRef(), bom.getMetadata().getComponent());
         for (Component component: bom.getComponents()) {
@@ -385,15 +385,14 @@ protected CycloneDxSchema.Version schemaVersion() {
 
     private Set<String> getExcludeTypesSet() {
         if (excludeTypesSet == null) {
-            excludeTypesSet = Collections.emptySet();
-        } else {
             excludeTypesSet = new HashSet<>(Arrays.asList(excludeTypes));
         }
         return excludeTypesSet;
     }
 
     protected Set<Dependency> buildDependencyGraph(MavenProject mavenProject) throws MojoExecutionException {
         final Map<Dependency, Dependency> dependencies = new LinkedHashMap<>();
+
         final Collection<String> scope = new HashSet<>();
         if (includeCompileScope) scope.add("compile");
         if (includeProvidedScope) scope.add("provided");
@@ -407,10 +406,12 @@ protected Set<Dependency> buildDependencyGraph(MavenProject mavenProject) throws
         }
         final ProjectBuildingRequest buildingRequest = getProjectBuildingRequest(mavenProject);
 
+        // version-less PUrl to version-resolved PUrl
+        final Map<String, String> resolvedPUrls = generateResolvedPUrls(mavenProject);
+
         try {
             final DependencyNode rootNode = dependencyCollectorBuilder.collectDependencyGraph(buildingRequest, artifactFilter);
             final Map<String, DependencyNode> excludedNodes = new HashMap<>();
-            final Map<String, String> resolvedPUrls = generateResolvedPUrls(mavenProject);
             final Set<String> loggedReplacementPUrls = new HashSet<>();
             buildDependencyGraphNode(dependencies, rootNode, null, excludedNodes, resolvedPUrls, loggedReplacementPUrls);
             final CollectingDependencyNodeVisitor visitor = new CollectingDependencyNodeVisitor() {

src/test/java/org/cyclonedx/maven/IssueTrustification1Test.java → src/test/java/org/cyclonedx/maven/BomDependenciesTest.java

@@ -30,7 +30,7 @@
 
 @RunWith(MavenJUnitTestRunner.class)
 @MavenVersions({"3.6.3"})
-public class IssueTrustification1Test {
+public class BomDependenciesTest {
 
     private static final String SHARED_DEPENDENCY1 = "pkg:maven/com.example/shared_dependency1@1.0.0?type=jar";
     private static final String SHARED_DEPENDENCY2 = "pkg:maven/com.example/shared_dependency2@1.0.0?type=jar";
@@ -57,19 +57,26 @@ public class IssueTrustification1Test {
 
     public final MavenRuntime verifier;
 
-    public IssueTrustification1Test(MavenRuntimeBuilder runtimeBuilder)
+    public BomDependenciesTest(MavenRuntimeBuilder runtimeBuilder)
             throws Exception {
         this.verifier = runtimeBuilder.build(); //.withCliOptions(opts) // //
     }
 
+    @Test
+    public void testBomDependencies() throws Exception {
+        final File projDir = cleanAndBuild(null);
+        checkHiddenTestArtifacts(projDir);
+        checkHiddenRuntimeArtifacts(projDir);
+        checkExtraneousComponents(projDir);
+        checkTopLevelTestComponentsAsCompile(projDir);
+        testHiddenVersionedTransitiveDependencies(projDir);
+    }
+
     /**
      * This test ensures that any dependencies hidden by <i>test</i> dependencies are discovered and present in the dependency graph
      * @throws Exception
      */
-    @Test
-    public void testHiddenTestArtifacts() throws Exception {
-        final File projDir = cleanAndBuild(null);
-
+    private void checkHiddenTestArtifacts(final File projDir) throws Exception {
         final Document bom = readXML(new File(projDir, "trustification/target/bom.xml"));
 
         /* BOM should contain dependency elements for
@@ -133,10 +140,7 @@ public void testHiddenTestArtifacts() throws Exception {
      * This test ensures that any dependencies hidden by <i>runtime</i> dependencies are discovered and present in the dependency graph
      * @throws Exception
      */
-    @Test
-    public void testHiddenRuntimeArtifacts() throws Exception {
-        final File projDir = cleanAndBuild(null);
-
+    private void checkHiddenRuntimeArtifacts(final File projDir) throws Exception {
         final Document bom = readXML(new File(projDir, "trustification/target/bom.xml"));
 
         /* BOM should contain dependency elements for
@@ -173,10 +177,7 @@ public void testHiddenRuntimeArtifacts() throws Exception {
      * This test ensures that the Components and Dependencies are consistent, and that all sub-dependencies exist at the top level.
      * @throws Exception
      */
-    @Test
-    public void testExtraneousComponents() throws Exception {
-        final File projDir = cleanAndBuild(null);
-
+    private void checkExtraneousComponents(final File projDir) throws Exception {
         final Document bom = readXML(new File(projDir, "trustification/target/bom.xml"));
 
         final NodeList metadataList = bom.getElementsByTagName("metadata");
@@ -210,10 +211,7 @@ public void testExtraneousComponents() throws Exception {
      * This test ensures that any <i>compile</i> dependencies matching top level <i>test</i> dependencies are discovered and present in the dependency graph
      * @throws Exception
      */
-    @Test
-    public void testTopLevelTestComponentsAsCompile() throws Exception {
-        final File projDir = cleanAndBuild(null);
-
+    private void checkTopLevelTestComponentsAsCompile(final File projDir) throws Exception {
         final Document bom = readXML(new File(projDir, "trustification/target/bom.xml"));
 
         // BOM should contain a component element for pkg:maven/com.example/test_compile_dependency@1.0.0?type=jar
@@ -288,11 +286,8 @@ public void testTypeExcludes() throws Exception {
      * This test ensures that transitive dependencies hidden under versioned components are included in the BOM.
      * @throws Exception
      */
-    @Test
-    public void testHiddenVersionedTransitiveDependencies() throws Exception {
-        // Note: testExtraneousComponents will also catch missing versioned dependencies but doesn't check for transitive dependencies
-        final File projDir = cleanAndBuild(null);
-
+    private void testHiddenVersionedTransitiveDependencies(final File projDir) throws Exception {
+        // Note: checkExtraneousComponents will also catch missing versioned dependencies but doesn't check for transitive dependencies
         final Document bom = readXML(new File(projDir, "trustification/target/bom.xml"));
 
         final NodeList componentsList = bom.getElementsByTagName("components");
@@ -338,18 +333,18 @@ public void testHiddenVersionedTransitiveDependencies() throws Exception {
 
     private File cleanAndBuild(final String[] excludeTypes) throws Exception {
         File projectDirTransformed = new File(
-                "target/test-classes/transformed-projects/issue-trustification1"
+                "target/test-classes/transformed-projects/bom-dependencies"
         );
         if (projectDirTransformed.exists()) {
             FileUtils.cleanDirectory(projectDirTransformed);
             projectDirTransformed.delete();
         }
 
-        File projDir = resources.getBasedir("issue-trustification1");
+        File projDir = resources.getBasedir("bom-dependencies");
 
         Properties props = new Properties();
 
-        props.load(IssueTrustification1Test.class.getClassLoader().getResourceAsStream("test.properties"));
+        props.load(BomDependenciesTest.class.getClassLoader().getResourceAsStream("test.properties"));
         String projectVersion = (String) props.get("project.version");
         final MavenExecution initExecution = verifier
                 .forProject(projDir) //

src/test/resources/issue-trustification1/dependency1/pom.xml → src/test/resources/bom-dependencies/dependency1/pom.xml

@@ -7,15 +7,11 @@
 
     <parent>
         <groupId>com.example</groupId>
-        <artifactId>trustification-parent</artifactId>
+        <artifactId>bom-dependencies-parent</artifactId>
         <version>1.0.0</version>
-        <relativePath>..</relativePath>
     </parent>
 
-    <groupId>com.example</groupId>
     <artifactId>dependency1</artifactId>
-    <packaging>jar</packaging>
-    <version>1.0.0</version>
 
     <name>Dependency 1</name>
 

src/test/resources/issue-trustification1/dependency2/pom.xml → src/test/resources/bom-dependencies/dependency2/pom.xml

@@ -7,15 +7,11 @@
 
     <parent>
         <groupId>com.example</groupId>
-        <artifactId>trustification-parent</artifactId>
+        <artifactId>bom-dependencies-parent</artifactId>
         <version>1.0.0</version>
-        <relativePath>..</relativePath>
     </parent>
 
-    <groupId>com.example</groupId>
     <artifactId>dependency2</artifactId>
-    <packaging>jar</packaging>
-    <version>1.0.0</version>
 
     <name>Dependency 2</name>
 

src/test/resources/issue-trustification1/pom.xml → src/test/resources/bom-dependencies/pom.xml

@@ -6,11 +6,11 @@
     <modelVersion>4.0.0</modelVersion>
 
     <groupId>com.example</groupId>
-    <artifactId>trustification-parent</artifactId>
+    <artifactId>bom-dependencies-parent</artifactId>
     <packaging>pom</packaging>
     <version>1.0.0</version>
 
-    <name>Trustification Parent</name>
+    <name>BOM Dependencies tests Parent</name>
 
     <modules>
         <module>trustification</module>

src/test/resources/issue-trustification1/provided_dependency/pom.xml → src/test/resources/bom-dependencies/provided_dependency/pom.xml

@@ -7,15 +7,11 @@
 
     <parent>
         <groupId>com.example</groupId>
-        <artifactId>trustification-parent</artifactId>
+        <artifactId>bom-dependencies-parent</artifactId>
         <version>1.0.0</version>
-        <relativePath>..</relativePath>
     </parent>
 
-    <groupId>com.example</groupId>
     <artifactId>provided_dependency</artifactId>
-    <packaging>jar</packaging>
-    <version>1.0.0</version>
 
     <name>Provided Dependency</name>
 

src/test/resources/issue-trustification1/runtime_dependency/pom.xml → src/test/resources/bom-dependencies/runtime_dependency/pom.xml

@@ -7,15 +7,11 @@
 
     <parent>
         <groupId>com.example</groupId>
-        <artifactId>trustification-parent</artifactId>
+        <artifactId>bom-dependencies-parent</artifactId>
         <version>1.0.0</version>
-        <relativePath>..</relativePath>
     </parent>
 
-    <groupId>com.example</groupId>
     <artifactId>runtime_dependency</artifactId>
-    <packaging>jar</packaging>
-    <version>1.0.0</version>
 
     <name>Runtime Dependency</name>
 

src/test/resources/issue-trustification1/shared_dependency1/pom.xml → src/test/resources/bom-dependencies/shared_dependency1/pom.xml

@@ -7,15 +7,11 @@
 
     <parent>
         <groupId>com.example</groupId>
-        <artifactId>trustification-parent</artifactId>
+        <artifactId>bom-dependencies-parent</artifactId>
         <version>1.0.0</version>
-        <relativePath>..</relativePath>
     </parent>
 
-    <groupId>com.example</groupId>
     <artifactId>shared_dependency1</artifactId>
-    <packaging>jar</packaging>
-    <version>1.0.0</version>
 
     <name>Shared Dependency 1</name>
 

src/test/resources/issue-trustification1/shared_dependency2/pom.xml → src/test/resources/bom-dependencies/shared_dependency2/pom.xml

@@ -7,15 +7,11 @@
 
     <parent>
         <groupId>com.example</groupId>
-        <artifactId>trustification-parent</artifactId>
+        <artifactId>bom-dependencies-parent</artifactId>
         <version>1.0.0</version>
-        <relativePath>..</relativePath>
     </parent>
 
-    <groupId>com.example</groupId>
     <artifactId>shared_dependency2</artifactId>
-    <packaging>jar</packaging>
-    <version>1.0.0</version>
 
     <name>Shared Dependency 2</name>
 </project>

src/test/resources/issue-trustification1/shared_runtime_dependency/pom.xml → src/test/resources/bom-dependencies/shared_runtime_dependency/pom.xml

@@ -7,15 +7,11 @@
 
     <parent>
         <groupId>com.example</groupId>
-        <artifactId>trustification-parent</artifactId>
+        <artifactId>bom-dependencies-parent</artifactId>
         <version>1.0.0</version>
-        <relativePath>..</relativePath>
     </parent>
 
-    <groupId>com.example</groupId>
     <artifactId>shared_runtime_dependency</artifactId>
-    <packaging>jar</packaging>
-    <version>1.0.0</version>
 
     <name>Shared Runtime Dependency</name>
 </project>

src/test/resources/issue-trustification1/shared_runtime_dependency1/pom.xml → src/test/resources/bom-dependencies/shared_runtime_dependency1/pom.xml

@@ -7,15 +7,11 @@
 
     <parent>
         <groupId>com.example</groupId>
-        <artifactId>trustification-parent</artifactId>
+        <artifactId>bom-dependencies-parent</artifactId>
         <version>1.0.0</version>
-        <relativePath>..</relativePath>
     </parent>
 
-    <groupId>com.example</groupId>
     <artifactId>shared_runtime_dependency1</artifactId>
-    <packaging>jar</packaging>
-    <version>1.0.0</version>
 
     <name>Shared Runtime Dependency 1</name>
 

src/test/resources/issue-trustification1/shared_runtime_dependency2/pom.xml → src/test/resources/bom-dependencies/shared_runtime_dependency2/pom.xml

@@ -7,15 +7,11 @@
 
     <parent>
         <groupId>com.example</groupId>
-        <artifactId>trustification-parent</artifactId>
+        <artifactId>bom-dependencies-parent</artifactId>
         <version>1.0.0</version>
-        <relativePath>..</relativePath>
     </parent>
 
-    <groupId>com.example</groupId>
     <artifactId>shared_runtime_dependency2</artifactId>
-    <packaging>jar</packaging>
-    <version>1.0.0</version>
 
     <name>Shared Runtime Dependency 2</name>
 </project>

src/test/resources/issue-trustification1/shared_type_dependency1/pom.xml → src/test/resources/bom-dependencies/shared_type_dependency1/pom.xml

@@ -7,15 +7,11 @@
 
     <parent>
         <groupId>com.example</groupId>
-        <artifactId>trustification-parent</artifactId>
+        <artifactId>bom-dependencies-parent</artifactId>
         <version>1.0.0</version>
-        <relativePath>..</relativePath>
     </parent>
 
-    <groupId>com.example</groupId>
     <artifactId>shared_type_dependency1</artifactId>
-    <packaging>jar</packaging>
-    <version>1.0.0</version>
 
     <name>Shared Type Dependency 1</name>
 

src/test/resources/issue-trustification1/shared_type_dependency2/pom.xml → src/test/resources/bom-dependencies/shared_type_dependency2/pom.xml

@@ -7,15 +7,11 @@
 
     <parent>
         <groupId>com.example</groupId>
-        <artifactId>trustification-parent</artifactId>
+        <artifactId>bom-dependencies-parent</artifactId>
         <version>1.0.0</version>
-        <relativePath>..</relativePath>
     </parent>
 
-    <groupId>com.example</groupId>
     <artifactId>shared_type_dependency2</artifactId>
-    <packaging>jar</packaging>
-    <version>1.0.0</version>
 
     <name>Shared Type Dependency 2</name>
 </project>

src/test/resources/issue-trustification1/shared_type_dependency3/pom.xml → src/test/resources/bom-dependencies/shared_type_dependency3/pom.xml

@@ -7,15 +7,11 @@
 
     <parent>
         <groupId>com.example</groupId>
-        <artifactId>trustification-parent</artifactId>
+        <artifactId>bom-dependencies-parent</artifactId>
         <version>1.0.0</version>
-        <relativePath>..</relativePath>
     </parent>
 
-    <groupId>com.example</groupId>
     <artifactId>shared_type_dependency3</artifactId>
-    <packaging>jar</packaging>
-    <version>1.0.0</version>
 
     <name>Shared Type Dependency 3</name>