diff --git a/integration/client_server_test.go b/integration/client_server_test.go
index 0df09c6ae051..4cda4f5b9d04 100644
--- a/integration/client_server_test.go
+++ b/integration/client_server_test.go
@@ -249,7 +249,7 @@ func TestClientServer(t *testing.T) {
golden: "testdata/busybox-with-lockfile.json.golden",
},
{
- name: "scan pox.xml with repo command in client/server mode",
+ name: "scan pom.xml with repo command in client/server mode",
args: csArgs{
Command: "repo",
RemoteAddrOption: "--server",
@@ -302,6 +302,7 @@ func TestClientServer(t *testing.T) {
}
runTest(t, osArgs, tt.golden, "", types.FormatJSON, runOptions{
+ fakeUUID: "3ff14136-e09f-4df9-80ea-%012d",
override: overrideFuncs(overrideUID, tt.override),
})
})
diff --git a/integration/testdata/pom-cyclonedx.json.golden b/integration/testdata/pom-cyclonedx.json.golden
index 42650c62b54e..adad8c3dea13 100644
--- a/integration/testdata/pom-cyclonedx.json.golden
+++ b/integration/testdata/pom-cyclonedx.json.golden
@@ -2,7 +2,7 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000005",
+ "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000007",
"version": 1,
"metadata": {
"timestamp": "2021-08-25T12:20:30+00:00",
@@ -17,7 +17,7 @@
]
},
"component": {
- "bom-ref": "3ff14136-e09f-4df9-80ea-000000000001",
+ "bom-ref": "3ff14136-e09f-4df9-80ea-000000000003",
"type": "application",
"name": "testdata/fixtures/repo/pom",
"properties": [
@@ -30,7 +30,7 @@
},
"components": [
{
- "bom-ref": "3ff14136-e09f-4df9-80ea-000000000002",
+ "bom-ref": "3ff14136-e09f-4df9-80ea-000000000004",
"type": "application",
"name": "pom.xml",
"properties": [
@@ -54,7 +54,7 @@
"properties": [
{
"name": "aquasecurity:trivy:PkgID",
- "value": "com.example:log4shell:1.0-SNAPSHOT"
+ "value": "3ff14136-e09f-4df9-80ea-000000000001"
},
{
"name": "aquasecurity:trivy:PkgType",
@@ -72,7 +72,7 @@
"properties": [
{
"name": "aquasecurity:trivy:PkgID",
- "value": "com.fasterxml.jackson.core:jackson-databind:2.9.1"
+ "value": "3ff14136-e09f-4df9-80ea-000000000002"
},
{
"name": "aquasecurity:trivy:PkgType",
@@ -83,13 +83,13 @@
],
"dependencies": [
{
- "ref": "3ff14136-e09f-4df9-80ea-000000000001",
+ "ref": "3ff14136-e09f-4df9-80ea-000000000003",
"dependsOn": [
- "3ff14136-e09f-4df9-80ea-000000000002"
+ "3ff14136-e09f-4df9-80ea-000000000004"
]
},
{
- "ref": "3ff14136-e09f-4df9-80ea-000000000002",
+ "ref": "3ff14136-e09f-4df9-80ea-000000000004",
"dependsOn": [
"pkg:maven/com.example/log4shell@1.0-SNAPSHOT"
]
diff --git a/integration/testdata/pom.json.golden b/integration/testdata/pom.json.golden
index 12bfa057e429..7622a5e7d3d6 100644
--- a/integration/testdata/pom.json.golden
+++ b/integration/testdata/pom.json.golden
@@ -23,11 +23,11 @@
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2020-9548",
- "PkgID": "com.fasterxml.jackson.core:jackson-databind:2.9.1",
+ "PkgID": "3ff14136-e09f-4df9-80ea-000000000002",
"PkgName": "com.fasterxml.jackson.core:jackson-databind",
"PkgIdentifier": {
"PURL": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1",
- "UID": "9c69fdeffb7ee6d4"
+ "UID": "fd7dbd1e62564ea0"
},
"InstalledVersion": "2.9.1",
"FixedVersion": "2.9.10.4",
@@ -89,11 +89,11 @@
},
{
"VulnerabilityID": "CVE-2021-20190",
- "PkgID": "com.fasterxml.jackson.core:jackson-databind:2.9.1",
+ "PkgID": "3ff14136-e09f-4df9-80ea-000000000002",
"PkgName": "com.fasterxml.jackson.core:jackson-databind",
"PkgIdentifier": {
"PURL": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1",
- "UID": "9c69fdeffb7ee6d4"
+ "UID": "fd7dbd1e62564ea0"
},
"InstalledVersion": "2.9.1",
"FixedVersion": "2.9.10.7",
diff --git a/pkg/dependency/parser/java/pom/artifact.go b/pkg/dependency/parser/java/pom/artifact.go
index 8fc20b236b51..9511e7dce7d4 100644
--- a/pkg/dependency/parser/java/pom/artifact.go
+++ b/pkg/dependency/parser/java/pom/artifact.go
@@ -12,6 +12,7 @@ import (
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/log"
+ "github.com/aquasecurity/trivy/pkg/uuid"
"github.com/aquasecurity/trivy/pkg/version/doc"
)
@@ -25,6 +26,7 @@ var (
)
type artifact struct {
+ ID uuid.UUID // UUID is required to build correctly dep tree when multiple modules contain dependencies with same GAV
GroupID string
ArtifactID string
Version version
diff --git a/pkg/dependency/parser/java/pom/parse.go b/pkg/dependency/parser/java/pom/parse.go
index 9f9afc35d99a..64995cc706d0 100644
--- a/pkg/dependency/parser/java/pom/parse.go
+++ b/pkg/dependency/parser/java/pom/parse.go
@@ -18,10 +18,10 @@ import (
"golang.org/x/net/html/charset"
"golang.org/x/xerrors"
- "github.com/aquasecurity/trivy/pkg/dependency"
"github.com/aquasecurity/trivy/pkg/dependency/parser/utils"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/log"
+ "github.com/aquasecurity/trivy/pkg/uuid"
xio "github.com/aquasecurity/trivy/pkg/x/io"
)
@@ -118,11 +118,11 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependenc
rootArt := root.artifact()
rootArt.Relationship = ftypes.RelationshipRoot
- return p.parseRoot(rootArt, make(map[string]struct{}))
+ return p.parseRoot(rootArt, make(map[string]uuid.UUID))
}
// nolint: gocyclo
-func (p *Parser) parseRoot(root artifact, uniqModules map[string]struct{}) ([]ftypes.Package, []ftypes.Dependency, error) {
+func (p *Parser) parseRoot(root artifact, uniqModules map[string]uuid.UUID) ([]ftypes.Package, []ftypes.Dependency, error) {
// Prepare a queue for dependencies
queue := newArtifactQueue()
@@ -135,7 +135,7 @@ func (p *Parser) parseRoot(root artifact, uniqModules map[string]struct{}) ([]ft
deps ftypes.Dependencies
rootDepManagement []pomDependency
uniqArtifacts = make(map[string]artifact)
- uniqDeps = make(map[string][]string)
+ uniqDeps = make(map[uuid.UUID][]string)
)
// Iterate direct and transitive dependencies
@@ -148,7 +148,8 @@ func (p *Parser) parseRoot(root artifact, uniqModules map[string]struct{}) ([]ft
if _, ok := uniqModules[art.String()]; ok {
continue
}
- uniqModules[art.String()] = struct{}{}
+ art.ID = uuid.New()
+ uniqModules[art.String()] = art.ID
modulePkgs, moduleDeps, err := p.parseRoot(art, uniqModules)
if err != nil {
@@ -213,27 +214,33 @@ func (p *Parser) parseRoot(root artifact, uniqModules map[string]struct{}) ([]ft
// Offline mode may be missing some fields.
if !art.IsEmpty() {
+ // Modules already have uuid
+ if art.ID == uuid.Nil {
+ art.ID = uuid.New()
+ }
// Override the version
- uniqArtifacts[art.Name()] = artifact{
+ newArt := artifact{
+ ID: art.ID,
Version: art.Version,
Licenses: result.artifact.Licenses,
Relationship: art.Relationship,
Locations: art.Locations,
}
+ uniqArtifacts[art.Name()] = newArt
// save only dependency names
// version will be determined later
dependsOn := lo.Map(result.dependencies, func(a artifact, _ int) string {
return a.Name()
})
- uniqDeps[packageID(art.Name(), art.Version.String())] = dependsOn
+ uniqDeps[newArt.ID] = dependsOn
}
}
// Convert to []ftypes.Package and []ftypes.Dependency
for name, art := range uniqArtifacts {
pkg := ftypes.Package{
- ID: packageID(name, art.Version.String()),
+ ID: art.ID.String(),
Name: name,
Version: art.Version.String(),
Licenses: art.Licenses,
@@ -243,15 +250,18 @@ func (p *Parser) parseRoot(root artifact, uniqModules map[string]struct{}) ([]ft
pkgs = append(pkgs, pkg)
// Convert dependency names into dependency IDs
- dependsOn := lo.FilterMap(uniqDeps[pkg.ID], func(dependOnName string, _ int) (string, bool) {
- ver := depVersion(dependOnName, uniqArtifacts)
- return packageID(dependOnName, ver), ver != ""
+ dependsOn := lo.FilterMap(uniqDeps[art.ID], func(dependOnName string, _ int) (string, bool) {
+ id := depID(dependOnName, uniqArtifacts)
+ return id, id != ""
})
// `mvn` shows modules separately from the root package and does not show module nesting.
// So we can add all modules as dependencies of root package.
if art.Relationship == ftypes.RelationshipRoot {
- dependsOn = append(dependsOn, lo.Keys(uniqModules)...)
+ uuids := lo.Map(lo.Values(uniqModules), func(id uuid.UUID, _ int) string {
+ return id.String()
+ })
+ dependsOn = append(dependsOn, uuids...)
}
sort.Strings(dependsOn)
@@ -269,10 +279,10 @@ func (p *Parser) parseRoot(root artifact, uniqModules map[string]struct{}) ([]ft
return pkgs, deps, nil
}
-// depVersion finds dependency in uniqArtifacts and return its version
-func depVersion(depName string, uniqArtifacts map[string]artifact) string {
+// depID finds dependency in uniqArtifacts and return its ID
+func depID(depName string, uniqArtifacts map[string]artifact) string {
if art, ok := uniqArtifacts[depName]; ok {
- return art.Version.String()
+ return art.ID.String()
}
return ""
}
@@ -821,10 +831,6 @@ func parseMavenMetadata(r io.Reader) (*Metadata, error) {
return parsed, nil
}
-func packageID(name, version string) string {
- return dependency.ID(ftypes.Pom, name, version)
-}
-
// cf. https://github.com/apache/maven/blob/259404701402230299fe05ee889ecdf1c9dae816/maven-artifact/src/main/java/org/apache/maven/artifact/DefaultArtifact.java#L482-L486
func isSnapshot(ver string) bool {
return strings.HasSuffix(ver, "SNAPSHOT") || ver == "LATEST"
diff --git a/pkg/dependency/parser/java/pom/parse_test.go b/pkg/dependency/parser/java/pom/parse_test.go
index eb1a7b6b9bb7..ed06554cd72c 100644
--- a/pkg/dependency/parser/java/pom/parse_test.go
+++ b/pkg/dependency/parser/java/pom/parse_test.go
@@ -12,10 +12,11 @@ import (
"github.com/aquasecurity/trivy/pkg/dependency/parser/java/pom"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
+ "github.com/aquasecurity/trivy/pkg/uuid"
)
var (
- exampleNestedScopeCompile = func(start, end int) ftypes.Package {
+ exampleNestedScopeCompile = func(id string, start, end int) ftypes.Package {
var location ftypes.Locations
if start != 0 && end != 0 {
location = append(location, ftypes.Location{
@@ -24,7 +25,7 @@ var (
})
}
return ftypes.Package{
- ID: "org.example:example-nested-scope-compile:1.0.0",
+ ID: id,
Name: "org.example:example-nested-scope-compile",
Version: "1.0.0",
Relationship: ftypes.RelationshipDirect,
@@ -32,7 +33,7 @@ var (
}
}
- exampleNestedScopeEmpty = func(start, end int) ftypes.Package {
+ exampleNestedScopeEmpty = func(id string, start, end int) ftypes.Package {
var location ftypes.Locations
if start != 0 && end != 0 {
location = append(location, ftypes.Location{
@@ -41,7 +42,7 @@ var (
})
}
return ftypes.Package{
- ID: "org.example:example-nested-scope-empty:1.0.0",
+ ID: id,
Name: "org.example:example-nested-scope-empty",
Version: "1.0.0",
Relationship: ftypes.RelationshipDirect,
@@ -49,7 +50,7 @@ var (
}
}
- exampleNestedScopeRuntime = func(start, end int) ftypes.Package {
+ exampleNestedScopeRuntime = func(id string, start, end int) ftypes.Package {
var location ftypes.Locations
if start != 0 && end != 0 {
location = append(location, ftypes.Location{
@@ -58,7 +59,7 @@ var (
})
}
return ftypes.Package{
- ID: "org.example:example-nested-scope-runtime:1.0.0",
+ ID: id,
Name: "org.example:example-nested-scope-runtime",
Version: "1.0.0",
Relationship: ftypes.RelationshipDirect,
@@ -66,45 +67,57 @@ var (
}
}
- exampleScopeCompile = ftypes.Package{
- ID: "org.example:example-scope-compile:2.0.0",
- Name: "org.example:example-scope-compile",
- Version: "2.0.0",
- Relationship: ftypes.RelationshipIndirect,
+ exampleScopeCompile = func(id string) ftypes.Package {
+ return ftypes.Package{
+ ID: id,
+ Name: "org.example:example-scope-compile",
+ Version: "2.0.0",
+ Relationship: ftypes.RelationshipIndirect,
+ }
}
- exampleScopeEmpty = ftypes.Package{
- ID: "org.example:example-scope-empty:2.0.0",
- Name: "org.example:example-scope-empty",
- Version: "2.0.0",
- Relationship: ftypes.RelationshipIndirect,
+ exampleScopeEmpty = func(id string) ftypes.Package {
+ return ftypes.Package{
+ ID: id,
+ Name: "org.example:example-scope-empty",
+ Version: "2.0.0",
+ Relationship: ftypes.RelationshipIndirect,
+ }
}
- exampleScopeRuntime = ftypes.Package{
- ID: "org.example:example-scope-runtime:2.0.0",
- Name: "org.example:example-scope-runtime",
- Version: "2.0.0",
- Relationship: ftypes.RelationshipIndirect,
+ exampleScopeRuntime = func(id string) ftypes.Package {
+ return ftypes.Package{
+ ID: id,
+ Name: "org.example:example-scope-runtime",
+ Version: "2.0.0",
+ Relationship: ftypes.RelationshipIndirect,
+ }
}
- exampleApiCompile = ftypes.Package{
- ID: "org.example:example-api-compile:3.0.0",
- Name: "org.example:example-api-compile",
- Version: "3.0.0",
- Relationship: ftypes.RelationshipIndirect,
+ exampleApiCompile = func(id string) ftypes.Package {
+ return ftypes.Package{
+ ID: id,
+ Name: "org.example:example-api-compile",
+ Version: "3.0.0",
+ Relationship: ftypes.RelationshipIndirect,
+ }
}
- exampleApiEmpty = ftypes.Package{
- ID: "org.example:example-api-empty:3.0.0",
- Name: "org.example:example-api-empty",
- Version: "3.0.0",
- Relationship: ftypes.RelationshipIndirect,
+ exampleApiEmpty = func(id string) ftypes.Package {
+ return ftypes.Package{
+ ID: id,
+ Name: "org.example:example-api-empty",
+ Version: "3.0.0",
+ Relationship: ftypes.RelationshipIndirect,
+ }
}
- exampleApiRuntime = ftypes.Package{
- ID: "org.example:example-api-runtime:3.0.0",
- Name: "org.example:example-api-runtime",
- Version: "3.0.0",
- Relationship: ftypes.RelationshipIndirect,
+ exampleApiRuntime = func(id string) ftypes.Package {
+ return ftypes.Package{
+ ID: id,
+ Name: "org.example:example-api-runtime",
+ Version: "3.0.0",
+ Relationship: ftypes.RelationshipIndirect,
+ }
}
)
@@ -124,14 +137,14 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:happy:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:happy",
Version: "1.0.0",
Licenses: []string{"BSD-3-Clause"},
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-api:1.7.30",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-api",
Version: "1.7.30",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -144,7 +157,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-runtime:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-runtime",
Version: "1.0.0",
Relationship: ftypes.RelationshipDirect,
@@ -158,10 +171,10 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:happy:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-api:1.7.30",
- "org.example:example-runtime:1.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000002",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
},
@@ -172,14 +185,14 @@ func TestPom_Parse(t *testing.T) {
local: false,
want: []ftypes.Package{
{
- ID: "com.example:happy:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:happy",
Version: "1.0.0",
Licenses: []string{"BSD-3-Clause"},
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-api:1.7.30",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-api",
Version: "1.7.30",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -192,7 +205,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-runtime:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-runtime",
Version: "1.0.0",
Relationship: ftypes.RelationshipDirect,
@@ -206,10 +219,10 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:happy:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-api:1.7.30",
- "org.example:example-runtime:1.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000002",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
},
@@ -220,13 +233,13 @@ func TestPom_Parse(t *testing.T) {
local: false,
want: []ftypes.Package{
{
- ID: "com.example:happy:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:happy",
Version: "1.0.0",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-dependency:1.2.3-SNAPSHOT",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-dependency",
Version: "1.2.3-SNAPSHOT",
Relationship: ftypes.RelationshipDirect,
@@ -238,7 +251,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-api:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-api",
Version: "2.0.0",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -247,15 +260,15 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:happy:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-dependency:1.2.3-SNAPSHOT",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
{
- ID: "org.example:example-dependency:1.2.3-SNAPSHOT",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-api:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
},
@@ -266,13 +279,13 @@ func TestPom_Parse(t *testing.T) {
local: false,
want: []ftypes.Package{
{
- ID: "com.example:happy:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:happy",
Version: "1.0.0",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-dependency:2.17.0-SNAPSHOT",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-dependency",
Version: "2.17.0-SNAPSHOT",
Relationship: ftypes.RelationshipDirect,
@@ -284,7 +297,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-api:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-api",
Version: "2.0.0",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -293,15 +306,15 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:happy:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-dependency:2.17.0-SNAPSHOT",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
{
- ID: "org.example:example-dependency:2.17.0-SNAPSHOT",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-api:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
},
@@ -313,7 +326,7 @@ func TestPom_Parse(t *testing.T) {
offline: true,
want: []ftypes.Package{
{
- ID: "org.example:example-offline:2.3.4",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "org.example:example-offline",
Version: "2.3.4",
Relationship: ftypes.RelationshipDirect,
@@ -332,14 +345,14 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:child:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:child",
Version: "1.0.0",
Licenses: []string{"Apache 2.0"},
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-api:1.7.30",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-api",
Version: "1.7.30",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -354,9 +367,9 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:child:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-api:1.7.30",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
},
@@ -367,13 +380,13 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:child:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:child",
Version: "2.0.0",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-api:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-api",
Version: "2.0.0",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -388,9 +401,9 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:child:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-api:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
},
@@ -401,13 +414,13 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:test:0.0.1-SNAPSHOT",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:test",
Version: "0.0.1-SNAPSHOT",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-api:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-api",
Version: "2.0.0",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -422,9 +435,9 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:test:0.0.1-SNAPSHOT",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-api:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
},
@@ -435,13 +448,13 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:child:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:child",
Version: "1.0.0",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-dependency:1.2.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-dependency",
Version: "1.2.3",
Relationship: ftypes.RelationshipDirect,
@@ -453,7 +466,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-api:4.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-api",
Version: "4.0.0",
Relationship: ftypes.RelationshipIndirect,
@@ -461,15 +474,15 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:child:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-dependency:1.2.3",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
{
- ID: "org.example:example-dependency:1.2.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-api:4.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
},
@@ -480,14 +493,14 @@ func TestPom_Parse(t *testing.T) {
local: false,
want: []ftypes.Package{
{
- ID: "com.example:child:1.0.0-SNAPSHOT",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:child",
Version: "1.0.0-SNAPSHOT",
Licenses: []string{"Apache 2.0"},
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-api:1.7.30",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-api",
Version: "1.7.30",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -496,9 +509,9 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:child:1.0.0-SNAPSHOT",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-api:1.7.30",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
},
@@ -509,14 +522,14 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:child:3.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:child",
Version: "3.0.0",
Licenses: []string{"Apache 2.0"},
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-api:1.7.30",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-api",
Version: "1.7.30",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -531,9 +544,9 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:child:3.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-api:1.7.30",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
},
@@ -544,14 +557,14 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:base:4.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:base",
Version: "4.0.0",
Licenses: []string{"Apache 2.0"},
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-child:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-child",
Version: "2.0.0",
Licenses: []string{"Apache 2.0"},
@@ -564,7 +577,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-api:1.7.30",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-api",
Version: "1.7.30",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -573,15 +586,15 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:base:4.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-child:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
{
- ID: "org.example:example-child:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-api:1.7.30",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
},
@@ -592,14 +605,14 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:child:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:child",
Version: "1.0.0",
Licenses: []string{"Apache 2.0"},
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-api:1.7.30",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-api",
Version: "1.7.30",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -614,9 +627,9 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:child:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-api:1.7.30",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
},
@@ -627,13 +640,13 @@ func TestPom_Parse(t *testing.T) {
local: false,
want: []ftypes.Package{
{
- ID: "com.example:child:1.0.0-SNAPSHOT",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:child",
Version: "1.0.0-SNAPSHOT",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-api:1.1.1",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-api",
Version: "1.1.1",
Relationship: ftypes.RelationshipDirect,
@@ -647,9 +660,9 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:child:1.0.0-SNAPSHOT",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-api:1.1.1",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
},
@@ -660,14 +673,14 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "org.example:child:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "org.example:child",
Version: "1.0.0",
Licenses: []string{"Apache 2.0"},
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-api:1.7.30",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-api",
Version: "1.7.30",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -682,9 +695,9 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "org.example:child:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-api:1.7.30",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
},
@@ -700,14 +713,14 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:soft:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:soft",
Version: "1.0.0",
Licenses: []string{"Apache 2.0"},
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-api:1.7.30",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-api",
Version: "1.7.30",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -720,7 +733,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-dependency:1.2.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-dependency",
Version: "1.2.3",
Relationship: ftypes.RelationshipDirect,
@@ -734,16 +747,16 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:soft:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-api:1.7.30",
- "org.example:example-dependency:1.2.3",
+ "3ff14136-e09f-4df9-80ea-000000000002",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
{
- ID: "org.example:example-dependency:1.2.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
DependsOn: []string{
- "org.example:example-api:1.7.30",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
},
@@ -760,13 +773,13 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:soft-transitive:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:soft-transitive",
Version: "1.0.0",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-dependency:1.2.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-dependency",
Version: "1.2.3",
Relationship: ftypes.RelationshipDirect,
@@ -778,7 +791,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-dependency2:2.3.4",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-dependency2",
Version: "2.3.4",
Relationship: ftypes.RelationshipDirect,
@@ -790,7 +803,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-api:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
Name: "org.example:example-api",
Version: "2.0.0",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -799,22 +812,22 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:soft-transitive:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-dependency2:2.3.4",
- "org.example:example-dependency:1.2.3",
+ "3ff14136-e09f-4df9-80ea-000000000002",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
{
- ID: "org.example:example-dependency2:2.3.4",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-api:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000004",
},
},
{
- ID: "org.example:example-dependency:1.2.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
DependsOn: []string{
- "org.example:example-api:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000004",
},
},
},
@@ -831,14 +844,14 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:hard:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:hard",
Version: "1.0.0",
Licenses: []string{"Apache 2.0"},
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-dependency:1.2.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
Name: "org.example:example-dependency",
Version: "1.2.3",
Relationship: ftypes.RelationshipDirect,
@@ -850,7 +863,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-nested:3.3.4",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-nested",
Version: "3.3.4",
Relationship: ftypes.RelationshipDirect,
@@ -862,7 +875,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-api:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000005",
Name: "org.example:example-api",
Version: "2.0.0",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -871,22 +884,22 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:hard:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-dependency:1.2.3",
- "org.example:example-nested:3.3.4",
+ "3ff14136-e09f-4df9-80ea-000000000002",
+ "3ff14136-e09f-4df9-80ea-000000000004",
},
},
{
- ID: "org.example:example-dependency:1.2.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-api:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000004",
},
},
{
- ID: "org.example:example-nested:3.3.4",
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
DependsOn: []string{
- "org.example:example-dependency:1.2.3",
+ "3ff14136-e09f-4df9-80ea-000000000005",
},
},
},
@@ -897,14 +910,14 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:hard:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:hard",
Version: "1.0.0",
Licenses: []string{"Apache 2.0"},
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-api",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-api",
Relationship: ftypes.RelationshipDirect,
Locations: []ftypes.Location{
@@ -915,6 +928,14 @@ func TestPom_Parse(t *testing.T) {
},
},
},
+ wantDeps: []ftypes.Dependency{
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
+ DependsOn: []string{
+ "3ff14136-e09f-4df9-80ea-000000000002",
+ },
+ },
+ },
},
{
name: "import dependencyManagement",
@@ -922,14 +943,14 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:import:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:import",
Version: "2.0.0",
Licenses: []string{"Apache 2.0"},
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-api:1.7.30",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-api",
Version: "1.7.30",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -944,9 +965,9 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:import:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-api:1.7.30",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
},
@@ -957,14 +978,14 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:import:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:import",
Version: "2.0.0",
Licenses: []string{"Apache 2.0"},
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-api:1.7.30",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-api",
Version: "1.7.30",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -979,9 +1000,9 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:import:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-api:1.7.30",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
},
@@ -992,13 +1013,13 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:exclusions:3.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:exclusions",
Version: "3.0.0",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-nested:3.3.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-nested",
Version: "3.3.3",
Relationship: ftypes.RelationshipDirect,
@@ -1010,7 +1031,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-dependency:1.2.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-dependency",
Version: "1.2.3",
Relationship: ftypes.RelationshipIndirect,
@@ -1018,15 +1039,15 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:exclusions:3.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-nested:3.3.3",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
{
- ID: "org.example:example-nested:3.3.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-dependency:1.2.3",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
},
@@ -1037,13 +1058,13 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:example:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:example",
Version: "1.0.0",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-exclusions:4.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-exclusions",
Version: "4.0.0",
Relationship: ftypes.RelationshipDirect,
@@ -1055,14 +1076,14 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-api:1.7.30",
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
Name: "org.example:example-api",
Version: "1.7.30",
Licenses: []string{"The Apache Software License, Version 2.0"},
Relationship: ftypes.RelationshipIndirect,
},
{
- ID: "org.example:example-dependency:1.2.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-dependency",
Version: "1.2.3",
Relationship: ftypes.RelationshipIndirect,
@@ -1070,16 +1091,16 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:example:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-exclusions:4.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
{
- ID: "org.example:example-exclusions:4.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-api:1.7.30",
- "org.example:example-dependency:1.2.3",
+ "3ff14136-e09f-4df9-80ea-000000000003",
+ "3ff14136-e09f-4df9-80ea-000000000004",
},
},
},
@@ -1098,14 +1119,14 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:child:3.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:child",
Version: "3.0.0",
Licenses: []string{"Apache 2.0"},
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-exclusions:3.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-exclusions",
Version: "3.0.0",
Relationship: ftypes.RelationshipDirect,
@@ -1117,7 +1138,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-nested:3.3.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-nested",
Version: "3.3.3",
Relationship: ftypes.RelationshipIndirect,
@@ -1125,15 +1146,15 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:child:3.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-exclusions:3.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
{
- ID: "org.example:example-exclusions:3.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-nested:3.3.3",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
},
@@ -1144,13 +1165,13 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:wildcard-exclusions:4.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:wildcard-exclusions",
Version: "4.0.0",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-dependency:1.2.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-dependency",
Version: "1.2.3",
Relationship: ftypes.RelationshipDirect,
@@ -1162,7 +1183,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-dependency2:2.3.4",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-dependency2",
Version: "2.3.4",
Relationship: ftypes.RelationshipDirect,
@@ -1174,7 +1195,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-nested:3.3.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
Name: "org.example:example-nested",
Version: "3.3.3",
Relationship: ftypes.RelationshipDirect,
@@ -1188,11 +1209,11 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:wildcard-exclusions:4.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-dependency2:2.3.4",
- "org.example:example-dependency:1.2.3",
- "org.example:example-nested:3.3.3",
+ "3ff14136-e09f-4df9-80ea-000000000002",
+ "3ff14136-e09f-4df9-80ea-000000000003",
+ "3ff14136-e09f-4df9-80ea-000000000004",
},
},
},
@@ -1203,27 +1224,27 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:aggregation:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:aggregation",
Version: "1.0.0",
Licenses: []string{"Apache 2.0"},
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "com.example:module:1.1.1",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "com.example:module",
Version: "1.1.1",
Licenses: []string{"Apache 2.0"},
Relationship: ftypes.RelationshipWorkspace,
},
{
- ID: "org.example:example-dependency:1.2.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-dependency",
Version: "1.2.3",
Relationship: ftypes.RelationshipDirect,
},
{
- ID: "org.example:example-api:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
Name: "org.example:example-api",
Version: "2.0.0",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -1234,21 +1255,97 @@ func TestPom_Parse(t *testing.T) {
// But we have `root` and `workspace` relationships, so we can merge these graphs.
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:aggregation:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "com.example:module:1.1.1",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
{
- ID: "com.example:module:1.1.1",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-dependency:1.2.3",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
{
- ID: "org.example:example-dependency:1.2.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
DependsOn: []string{
- "org.example:example-api:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000004",
+ },
+ },
+ },
+ },
+ {
+ name: "multi module with deps with same GAV",
+ inputFile: filepath.Join("testdata", "multiple-modules-with-deps-with-same-gav", "pom.xml"),
+ local: true,
+ want: []ftypes.Package{
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
+ Name: "com.example:root",
+ Version: "1.0.0",
+ Relationship: ftypes.RelationshipRoot,
+ },
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
+ Name: "com.example:module1",
+ Version: "1.0.0",
+ Relationship: ftypes.RelationshipWorkspace,
+ },
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
+ Name: "com.example:module2",
+ Version: "2.0.0",
+ Relationship: ftypes.RelationshipWorkspace,
+ },
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
+ Name: "org.example:example-api",
+ Version: "1.7.30",
+ Licenses: []string{"The Apache Software License, Version 2.0"},
+ Relationship: ftypes.RelationshipDirect,
+ },
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000005",
+ Name: "org.example:example-api",
+ Version: "1.7.30",
+ Licenses: []string{"The Apache Software License, Version 2.0"},
+ Relationship: ftypes.RelationshipDirect,
+ },
+ },
+ //[INFO] --------------------------------[ pom ]---------------------------------
+ //[INFO]
+ //[INFO] --- dependency:3.7.0:tree (default-cli) @ module1 ---
+ //[INFO] com.example:module1:pom:1.0.0
+ //[INFO] \- org.example:example-api:jar:1.7.30:compile
+ //[INFO] --------------------------------[ pom ]---------------------------------
+ //[INFO]
+ //[INFO] --- dependency:3.7.0:tree (default-cli) @ module2 ---
+ //[INFO] com.example:module2:pom:2.0.0
+ //[INFO] \- org.example:example-api:jar:1.7.30:compile
+ //[INFO]
+ //[INFO] --------------------------------[ pom ]---------------------------------
+ //[INFO]
+ //[INFO] --- dependency:3.7.0:tree (default-cli) @ root ---
+ //[INFO] com.example:root:pom:1.0.0
+ //[INFO] ------------------------------------------------------------------------
+ wantDeps: []ftypes.Dependency{
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
+ DependsOn: []string{
+ "3ff14136-e09f-4df9-80ea-000000000002",
+ "3ff14136-e09f-4df9-80ea-000000000004",
+ },
+ },
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
+ DependsOn: []string{
+ "3ff14136-e09f-4df9-80ea-000000000003",
+ },
+ },
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
+ DependsOn: []string{
+ "3ff14136-e09f-4df9-80ea-000000000005",
},
},
},
@@ -1259,25 +1356,25 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:root:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:root",
Version: "1.0.0",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "com.example:module1:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "com.example:module1",
Version: "1.0.0",
Relationship: ftypes.RelationshipWorkspace,
},
{
- ID: "com.example:module2:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "com.example:module2",
Version: "2.0.0",
Relationship: ftypes.RelationshipWorkspace,
},
{
- ID: "org.example:example-api:1.7.30",
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
Name: "org.example:example-api",
Version: "1.7.30",
Licenses: []string{
@@ -1288,16 +1385,16 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:module2:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-api:1.7.30",
+ "3ff14136-e09f-4df9-80ea-000000000002",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
{
- ID: "com.example:root:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
DependsOn: []string{
- "com.example:module1:1.0.0",
- "com.example:module2:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000004",
},
},
},
@@ -1308,27 +1405,27 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "org.example:root:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "org.example:root",
Version: "1.0.0",
Relationship: ftypes.RelationshipRoot,
},
// as module
{
- ID: "org.example:module-1:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:module-1",
Version: "2.0.0",
Relationship: ftypes.RelationshipWorkspace,
},
{
- ID: "org.example:module-2:3.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:module-2",
Version: "3.0.0",
Relationship: ftypes.RelationshipWorkspace,
},
// as dependency
{
- ID: "org.example:module-1:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
Name: "org.example:module-1",
Version: "2.0.0",
Relationship: ftypes.RelationshipDirect,
@@ -1336,16 +1433,16 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "org.example:module-2:3.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:module-1:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000002",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
{
- ID: "org.example:root:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
DependsOn: []string{
- "org.example:module-1:2.0.0",
- "org.example:module-2:3.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000004",
},
},
},
@@ -1356,32 +1453,32 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:aggregation:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:aggregation",
Version: "1.0.0",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "com.example:module1:1.1.1",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "com.example:module1",
Version: "1.1.1",
Relationship: ftypes.RelationshipWorkspace,
},
{
- ID: "com.example:module2:1.1.1",
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
Name: "com.example:module2",
Version: "1.1.1",
Relationship: ftypes.RelationshipWorkspace,
},
{
- ID: "org.example:example-api:1.7.30",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-api",
Version: "1.7.30",
Licenses: []string{"The Apache Software License, Version 2.0"},
Relationship: ftypes.RelationshipDirect,
},
{
- ID: "org.example:example-api:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000005",
Name: "org.example:example-api",
Version: "2.0.0",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -1390,22 +1487,22 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:aggregation:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "com.example:module1:1.1.1",
- "com.example:module2:1.1.1",
+ "3ff14136-e09f-4df9-80ea-000000000002",
+ "3ff14136-e09f-4df9-80ea-000000000004",
},
},
{
- ID: "com.example:module1:1.1.1",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-api:1.7.30",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
{
- ID: "com.example:module2:1.1.1",
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
DependsOn: []string{
- "org.example:example-api:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000005",
},
},
},
@@ -1416,13 +1513,13 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:root-pom-dep-management:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:root-pom-dep-management",
Version: "1.0.0",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-nested:3.3.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-nested",
Version: "3.3.3",
Relationship: ftypes.RelationshipDirect,
@@ -1434,7 +1531,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-api:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
Name: "org.example:example-api",
Version: "2.0.0",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -1443,7 +1540,7 @@ func TestPom_Parse(t *testing.T) {
// dependency version is taken from `com.example:root-pom-dep-management` from dependencyManagement
// not from `com.example:example-nested` from `com.example:example-nested`
{
- ID: "org.example:example-dependency:1.2.4",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-dependency",
Version: "1.2.4",
Relationship: ftypes.RelationshipIndirect,
@@ -1451,21 +1548,21 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:root-pom-dep-management:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-nested:3.3.3",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
{
- ID: "org.example:example-dependency:1.2.4",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-api:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
{
- ID: "org.example:example-nested:3.3.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
DependsOn: []string{
- "org.example:example-dependency:1.2.4",
+ "3ff14136-e09f-4df9-80ea-000000000004",
},
},
},
@@ -1476,13 +1573,13 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "org.example:transitive-dependency-management:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "org.example:transitive-dependency-management",
Version: "2.0.0",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-dependency-management3:1.1.1",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-dependency-management3",
Version: "1.1.1",
Relationship: ftypes.RelationshipDirect,
@@ -1496,14 +1593,14 @@ func TestPom_Parse(t *testing.T) {
// Managed dependencies (org.example:example-api:1.7.30) in org.example:example-dependency-management3
// should not affect dependencies of example-dependency (org.example:example-api:2.0.0)
{
- ID: "org.example:example-api:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
Name: "org.example:example-api",
Version: "2.0.0",
Licenses: []string{"The Apache Software License, Version 2.0"},
Relationship: ftypes.RelationshipIndirect,
},
{
- ID: "org.example:example-dependency:1.2.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-dependency",
Version: "1.2.3",
Relationship: ftypes.RelationshipIndirect,
@@ -1511,21 +1608,21 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "org.example:example-dependency-management3:1.1.1",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-dependency:1.2.3",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
{
- ID: "org.example:example-dependency:1.2.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-api:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
{
- ID: "org.example:transitive-dependency-management:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
DependsOn: []string{
- "org.example:example-dependency-management3:1.1.1",
+ "3ff14136-e09f-4df9-80ea-000000000004",
},
},
},
@@ -1536,14 +1633,14 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:no-parent:1.0-SNAPSHOT",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:no-parent",
Version: "1.0-SNAPSHOT",
Licenses: []string{"Apache 2.0"},
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-api:1.7.30",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-api",
Version: "1.7.30",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -1558,9 +1655,9 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:no-parent:1.0-SNAPSHOT",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-api:1.7.30",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
},
@@ -1571,14 +1668,14 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:not-found-dependency:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:not-found-dependency",
Version: "1.0.0",
Licenses: []string{"Apache 2.0"},
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-not-found:999",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-not-found",
Version: "999",
Relationship: ftypes.RelationshipDirect,
@@ -1592,9 +1689,9 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:not-found-dependency:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-not-found:999",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
},
@@ -1605,7 +1702,7 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:aggregation:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:aggregation",
Version: "1.0.0",
Licenses: []string{"Apache 2.0"},
@@ -1619,7 +1716,7 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:multiply-licenses:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:multiply-licenses",
Version: "1.0.0",
Licenses: []string{
@@ -1636,7 +1733,7 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example.app:submodule:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example.app:submodule",
Version: "1.0.0",
Licenses: []string{"Apache-2.0"},
@@ -1650,7 +1747,7 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:child:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:child",
Version: "1.0.0",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -1664,13 +1761,13 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:dep-without-version:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:dep-without-version",
Version: "1.0.0",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-api",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-api",
Relationship: ftypes.RelationshipDirect,
Locations: ftypes.Locations{
@@ -1681,6 +1778,14 @@ func TestPom_Parse(t *testing.T) {
},
},
},
+ wantDeps: []ftypes.Dependency{
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
+ DependsOn: []string{
+ "3ff14136-e09f-4df9-80ea-000000000002",
+ },
+ },
+ },
},
// [INFO] com.example:root-depManagement-in-parent:jar:1.0.0
// [INFO] \- org.example:example-dependency:jar:2.0.0:compile
@@ -1691,13 +1796,13 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:root-depManagement-in-parent:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:root-depManagement-in-parent",
Version: "1.0.0",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-dependency:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-dependency",
Version: "2.0.0",
Relationship: ftypes.RelationshipDirect,
@@ -1709,7 +1814,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-api:1.0.1",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-api",
Version: "1.0.1",
Relationship: ftypes.RelationshipIndirect,
@@ -1717,15 +1822,15 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:root-depManagement-in-parent:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-dependency:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
{
- ID: "org.example:example-dependency:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-api:1.0.1",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
},
@@ -1739,13 +1844,13 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:root-depManagement-in-parent:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:root-depManagement-in-parent",
Version: "1.0.0",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-dependency:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-dependency",
Version: "2.0.0",
Relationship: ftypes.RelationshipDirect,
@@ -1757,7 +1862,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-api:2.0.1",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-api",
Version: "2.0.1",
Relationship: ftypes.RelationshipIndirect,
@@ -1765,15 +1870,15 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:root-depManagement-in-parent:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-dependency:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
{
- ID: "org.example:example-dependency:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-api:2.0.1",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
},
@@ -1788,25 +1893,25 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:child-depManagement-in-parent:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:child-depManagement-in-parent",
Version: "1.0.0",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-api:1.0.1",
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
Name: "org.example:example-api",
Version: "1.0.1",
Relationship: ftypes.RelationshipDirect,
},
{
- ID: "org.example:example-api2:1.0.2",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-api2",
Version: "1.0.2",
Relationship: ftypes.RelationshipDirect,
},
{
- ID: "org.example:example-api3:4.0.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-api3",
Version: "4.0.3",
Relationship: ftypes.RelationshipDirect,
@@ -1814,11 +1919,11 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:child-depManagement-in-parent:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-api2:1.0.2",
- "org.example:example-api3:4.0.3",
- "org.example:example-api:1.0.1",
+ "3ff14136-e09f-4df9-80ea-000000000002",
+ "3ff14136-e09f-4df9-80ea-000000000003",
+ "3ff14136-e09f-4df9-80ea-000000000004",
},
},
},
@@ -1841,64 +1946,64 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:inherit-scopes-from-child-deps-and-their-parents:0.0.1",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:inherit-scopes-from-child-deps-and-their-parents",
Version: "0.0.1",
Relationship: ftypes.RelationshipRoot,
},
- exampleNestedScopeCompile(16, 21),
- exampleNestedScopeEmpty(22, 26),
- exampleNestedScopeRuntime(10, 15),
- exampleApiCompile,
- exampleApiEmpty,
- exampleApiRuntime,
- exampleScopeCompile,
- exampleScopeEmpty,
- exampleScopeRuntime,
+ exampleNestedScopeCompile("3ff14136-e09f-4df9-80ea-000000000003", 16, 21),
+ exampleNestedScopeEmpty("3ff14136-e09f-4df9-80ea-000000000004", 22, 26),
+ exampleNestedScopeRuntime("3ff14136-e09f-4df9-80ea-000000000002", 10, 15),
+ exampleApiCompile("3ff14136-e09f-4df9-80ea-000000000009"),
+ exampleApiEmpty("3ff14136-e09f-4df9-80ea-000000000010"),
+ exampleApiRuntime("3ff14136-e09f-4df9-80ea-000000000008"),
+ exampleScopeCompile("3ff14136-e09f-4df9-80ea-000000000006"),
+ exampleScopeEmpty("3ff14136-e09f-4df9-80ea-000000000007"),
+ exampleScopeRuntime("3ff14136-e09f-4df9-80ea-000000000005"),
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:inherit-scopes-from-child-deps-and-their-parents:0.0.1",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-nested-scope-compile:1.0.0",
- "org.example:example-nested-scope-empty:1.0.0",
- "org.example:example-nested-scope-runtime:1.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000002",
+ "3ff14136-e09f-4df9-80ea-000000000003",
+ "3ff14136-e09f-4df9-80ea-000000000004",
},
},
{
- ID: "org.example:example-nested-scope-compile:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-scope-compile:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000005",
},
},
{
- ID: "org.example:example-nested-scope-empty:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
DependsOn: []string{
- "org.example:example-scope-empty:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000006",
},
},
{
- ID: "org.example:example-nested-scope-runtime:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
DependsOn: []string{
- "org.example:example-scope-runtime:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000007",
},
},
{
- ID: "org.example:example-scope-compile:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000005",
DependsOn: []string{
- "org.example:example-api-compile:3.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000008",
},
},
{
- ID: "org.example:example-scope-empty:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000006",
DependsOn: []string{
- "org.example:example-api-empty:3.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000009",
},
},
{
- ID: "org.example:example-scope-runtime:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000007",
DependsOn: []string{
- "org.example:example-api-runtime:3.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000010",
},
},
},
@@ -1922,50 +2027,50 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:inherit-scopes-in-children-from-root:0.0.1",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:inherit-scopes-in-children-from-root",
Version: "0.0.1",
Relationship: ftypes.RelationshipRoot,
},
- exampleNestedScopeCompile(51, 56),
- exampleNestedScopeEmpty(57, 61),
- exampleNestedScopeRuntime(45, 50),
- exampleApiRuntime,
- exampleScopeCompile,
- exampleScopeEmpty,
- exampleScopeRuntime,
+ exampleNestedScopeCompile("3ff14136-e09f-4df9-80ea-000000000003", 51, 56),
+ exampleNestedScopeEmpty("3ff14136-e09f-4df9-80ea-000000000004", 57, 61),
+ exampleNestedScopeRuntime("3ff14136-e09f-4df9-80ea-000000000002", 45, 50),
+ exampleApiRuntime("3ff14136-e09f-4df9-80ea-000000000008"),
+ exampleScopeCompile("3ff14136-e09f-4df9-80ea-000000000006"),
+ exampleScopeEmpty("3ff14136-e09f-4df9-80ea-000000000007"),
+ exampleScopeRuntime("3ff14136-e09f-4df9-80ea-000000000005"),
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:inherit-scopes-in-children-from-root:0.0.1",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-nested-scope-compile:1.0.0",
- "org.example:example-nested-scope-empty:1.0.0",
- "org.example:example-nested-scope-runtime:1.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000002",
+ "3ff14136-e09f-4df9-80ea-000000000003",
+ "3ff14136-e09f-4df9-80ea-000000000004",
},
},
{
- ID: "org.example:example-nested-scope-compile:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-scope-compile:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000005",
},
},
{
- ID: "org.example:example-nested-scope-empty:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
DependsOn: []string{
- "org.example:example-scope-empty:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000006",
},
},
{
- ID: "org.example:example-nested-scope-runtime:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
DependsOn: []string{
- "org.example:example-scope-runtime:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000007",
},
},
{
- ID: "org.example:example-scope-runtime:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000005",
DependsOn: []string{
- "org.example:example-api-runtime:3.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000008",
},
},
},
@@ -1989,41 +2094,41 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:inherit-scopes-in-parents-from-root:0.1.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:inherit-scopes-in-parents-from-root",
Version: "0.1.0",
Relationship: ftypes.RelationshipRoot,
},
- exampleNestedScopeCompile(0, 0),
- exampleNestedScopeRuntime(0, 0),
- exampleApiRuntime,
- exampleScopeCompile,
- exampleScopeRuntime,
+ exampleNestedScopeCompile("3ff14136-e09f-4df9-80ea-000000000003", 0, 0),
+ exampleNestedScopeRuntime("3ff14136-e09f-4df9-80ea-000000000002", 0, 0),
+ exampleApiRuntime("3ff14136-e09f-4df9-80ea-000000000006"),
+ exampleScopeCompile("3ff14136-e09f-4df9-80ea-000000000005"),
+ exampleScopeRuntime("3ff14136-e09f-4df9-80ea-000000000004"),
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:inherit-scopes-in-parents-from-root:0.1.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-nested-scope-compile:1.0.0",
- "org.example:example-nested-scope-runtime:1.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000002",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
{
- ID: "org.example:example-nested-scope-compile:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-scope-compile:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000004",
},
},
{
- ID: "org.example:example-nested-scope-runtime:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
DependsOn: []string{
- "org.example:example-scope-runtime:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000005",
},
},
{
- ID: "org.example:example-scope-runtime:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
DependsOn: []string{
- "org.example:example-api-runtime:3.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000006",
},
},
},
@@ -2038,13 +2143,13 @@ func TestPom_Parse(t *testing.T) {
local: true,
want: []ftypes.Package{
{
- ID: "com.example:root-pom-with-spaces:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:root-pom-with-spaces",
Version: "1.0.0",
Relationship: ftypes.RelationshipRoot,
},
{
- ID: "org.example:example-nested:3.3.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-nested",
Version: "3.3.3",
Relationship: ftypes.RelationshipDirect,
@@ -2056,7 +2161,7 @@ func TestPom_Parse(t *testing.T) {
},
},
{
- ID: "org.example:example-api:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
Name: "org.example:example-api",
Version: "2.0.0",
Licenses: []string{"The Apache Software License, Version 2.0"},
@@ -2065,7 +2170,7 @@ func TestPom_Parse(t *testing.T) {
// dependency version is taken from `com.example:root-pom-with-spaces` from dependencyManagement
// not from `com.example:example-nested` from `com.example:example-nested`
{
- ID: "org.example:example-dependency:1.2.4",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-dependency",
Version: "1.2.4",
Relationship: ftypes.RelationshipIndirect,
@@ -2073,21 +2178,21 @@ func TestPom_Parse(t *testing.T) {
},
wantDeps: []ftypes.Dependency{
{
- ID: "com.example:root-pom-with-spaces:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
DependsOn: []string{
- "org.example:example-nested:3.3.3",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
{
- ID: "org.example:example-dependency:1.2.4",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
DependsOn: []string{
- "org.example:example-api:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000003",
},
},
{
- ID: "org.example:example-nested:3.3.3",
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
DependsOn: []string{
- "org.example:example-dependency:1.2.4",
+ "3ff14136-e09f-4df9-80ea-000000000004",
},
},
},
@@ -2095,6 +2200,8 @@ func TestPom_Parse(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
+ uuid.SetFakeUUID(t, "3ff14136-e09f-4df9-80ea-%012d")
+
f, err := os.Open(tt.inputFile)
require.NoError(t, err)
defer f.Close()
diff --git a/pkg/dependency/parser/java/pom/testdata/multiple-modules-with-deps-with-same-gav/module1/pom.xml b/pkg/dependency/parser/java/pom/testdata/multiple-modules-with-deps-with-same-gav/module1/pom.xml
new file mode 100644
index 000000000000..9c0302e65a3e
--- /dev/null
+++ b/pkg/dependency/parser/java/pom/testdata/multiple-modules-with-deps-with-same-gav/module1/pom.xml
@@ -0,0 +1,16 @@
+
+ 4.0.0
+
+ com.example
+ module1
+ 1.0.0
+
+
+
+ org.example
+ example-api
+ 1.7.30
+
+
+
diff --git a/pkg/dependency/parser/java/pom/testdata/multiple-modules-with-deps-with-same-gav/module2/pom.xml b/pkg/dependency/parser/java/pom/testdata/multiple-modules-with-deps-with-same-gav/module2/pom.xml
new file mode 100644
index 000000000000..fad3196cc7fe
--- /dev/null
+++ b/pkg/dependency/parser/java/pom/testdata/multiple-modules-with-deps-with-same-gav/module2/pom.xml
@@ -0,0 +1,16 @@
+
+ 4.0.0
+
+ com.example
+ module2
+ 2.0.0
+
+
+
+ org.example
+ example-api
+ 1.7.30
+
+
+
diff --git a/pkg/dependency/parser/java/pom/testdata/multiple-modules-with-deps-with-same-gav/pom.xml b/pkg/dependency/parser/java/pom/testdata/multiple-modules-with-deps-with-same-gav/pom.xml
new file mode 100644
index 000000000000..a378df7182ee
--- /dev/null
+++ b/pkg/dependency/parser/java/pom/testdata/multiple-modules-with-deps-with-same-gav/pom.xml
@@ -0,0 +1,16 @@
+
+ 4.0.0
+
+ com.example
+ root
+ 1.0.0
+ pom
+
+
+ module1
+ module2
+
+
+
+
diff --git a/pkg/fanal/analyzer/language/java/pom/pom_test.go b/pkg/fanal/analyzer/language/java/pom/pom_test.go
index ea147a4d1141..a33d45a680e1 100644
--- a/pkg/fanal/analyzer/language/java/pom/pom_test.go
+++ b/pkg/fanal/analyzer/language/java/pom/pom_test.go
@@ -10,6 +10,7 @@ import (
"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
"github.com/aquasecurity/trivy/pkg/fanal/types"
+ "github.com/aquasecurity/trivy/pkg/uuid"
)
func Test_pomAnalyzer_Analyze(t *testing.T) {
@@ -30,17 +31,17 @@ func Test_pomAnalyzer_Analyze(t *testing.T) {
FilePath: "testdata/happy/pom.xml",
Packages: types.Packages{
{
- ID: "com.example:example:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:example",
Version: "1.0.0",
Licenses: []string{"Apache-2.0"},
Relationship: types.RelationshipRoot,
DependsOn: []string{
- "com.example:example-api:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
{
- ID: "com.example:example-api:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "com.example:example-api",
Version: "2.0.0",
Relationship: types.RelationshipDirect,
@@ -67,17 +68,17 @@ func Test_pomAnalyzer_Analyze(t *testing.T) {
FilePath: "pom.xml",
Packages: types.Packages{
{
- ID: "com.example:example:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:example",
Version: "1.0.0",
Relationship: types.RelationshipRoot,
Licenses: []string{"Apache-2.0"},
DependsOn: []string{
- "com.example:example-api:2.0.0",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
},
{
- ID: "com.example:example-api:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "com.example:example-api",
Version: "2.0.0",
Relationship: types.RelationshipDirect,
@@ -103,18 +104,18 @@ func Test_pomAnalyzer_Analyze(t *testing.T) {
FilePath: "testdata/mark-as-dev/src/it/example/pom.xml",
Packages: types.Packages{
{
- ID: "com.example:example:1.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:example",
Version: "1.0.0",
Licenses: []string{"Apache-2.0"},
Relationship: types.RelationshipRoot,
DependsOn: []string{
- "com.example:example-api:@example.version@",
+ "3ff14136-e09f-4df9-80ea-000000000002",
},
Dev: true,
},
{
- ID: "com.example:example-api:@example.version@",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "com.example:example-api",
Version: "@example.version@",
Relationship: types.RelationshipDirect,
@@ -141,14 +142,17 @@ func Test_pomAnalyzer_Analyze(t *testing.T) {
FilePath: "testdata/requirements/pom.xml",
Packages: types.Packages{
{
- ID: "com.example:example:2.0.0",
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:example",
Version: "2.0.0",
Licenses: []string{"Apache-2.0"},
Relationship: types.RelationshipRoot,
+ DependsOn: []string{
+ "3ff14136-e09f-4df9-80ea-000000000002",
+ },
},
{
- ID: "org.example:example-api",
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
Name: "org.example:example-api",
Relationship: types.RelationshipDirect,
Locations: []types.Location{
@@ -177,6 +181,8 @@ func Test_pomAnalyzer_Analyze(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
+ uuid.SetFakeUUID(t, "3ff14136-e09f-4df9-80ea-%012d")
+
f, err := os.Open(filepath.Join(tt.inputDir, tt.inputFile))
require.NoError(t, err)
defer f.Close()
diff --git a/pkg/report/table/vulnerability.go b/pkg/report/table/vulnerability.go
index 450349ed5fcb..d53544c39d35 100644
--- a/pkg/report/table/vulnerability.go
+++ b/pkg/report/table/vulnerability.go
@@ -17,6 +17,7 @@ import (
"github.com/aquasecurity/table"
"github.com/aquasecurity/tml"
dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
+ "github.com/aquasecurity/trivy/pkg/dependency"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/types"
@@ -276,10 +277,10 @@ Dependency Origin Tree (Reversed)
// Render tree
for _, vulnPkg := range vulnPkgs {
_, summaries := summarize(r.severities, pkgSeverityCount[vulnPkg.ID])
- topLvlID := tml.Sprintf("%s, (%s)", vulnPkg.ID, strings.Join(summaries, ", "))
+ topLvlID := tml.Sprintf("%s, (%s)", r.pkgID(vulnPkg), strings.Join(summaries, ", "))
branch := root.AddBranch(topLvlID)
- addParents(branch, vulnPkg, parents, ancestors, map[string]struct{}{vulnPkg.ID: {}}, 1)
+ r.addParents(branch, vulnPkg, parents, ancestors, map[string]struct{}{vulnPkg.ID: {}}, 1)
}
r.printf(root.String())
@@ -290,7 +291,7 @@ func (r *vulnerabilityRenderer) printf(format string, args ...any) {
_ = tml.Fprintf(r.w, format, args...)
}
-func addParents(topItem treeprint.Tree, pkg ftypes.Package, parentMap map[string]ftypes.Packages, ancestors map[string][]string,
+func (r *vulnerabilityRenderer) addParents(topItem treeprint.Tree, pkg ftypes.Package, parentMap map[string]ftypes.Packages, ancestors map[string][]string,
seen map[string]struct{}, depth int) {
if pkg.Relationship == ftypes.RelationshipDirect {
return
@@ -304,7 +305,7 @@ func addParents(topItem treeprint.Tree, pkg ftypes.Package, parentMap map[string
seen[parent.ID] = struct{}{} // to avoid infinite loops
if depth == 1 && parent.Relationship == ftypes.RelationshipDirect {
- topItem.AddBranch(parent.ID)
+ topItem.AddBranch(r.pkgID(parent))
} else {
// We omit intermediate dependencies and show only direct dependencies
// as this could make the dependency tree huge.
@@ -323,11 +324,23 @@ func addParents(topItem treeprint.Tree, pkg ftypes.Package, parentMap map[string
if len(rootIDs) > 0 {
branch := topItem.AddBranch("...(omitted)...")
for _, rootID := range rootIDs {
- branch.AddBranch(rootID)
+ rootIDPkg, _ := lo.Find(r.result.Packages, func(pkg ftypes.Package) bool {
+ return pkg.ID == rootID
+ })
+ branch.AddBranch(r.pkgID(rootIDPkg))
}
}
}
+// pkgID overwrites ID for pom packages.
+// This is required to overwrite UUIDs to maven (:) format.
+func (r *vulnerabilityRenderer) pkgID(pkg ftypes.Package) string {
+ if r.result.Type != ftypes.Pom {
+ return pkg.ID
+ }
+ return dependency.ID(r.result.Type, pkg.Name, pkg.Version)
+}
+
func traverseAncestors(pkgs []ftypes.Package, parentMap map[string]ftypes.Packages) map[string][]string {
ancestors := make(map[string][]string)
for _, pkg := range pkgs {
diff --git a/pkg/report/table/vulnerability_test.go b/pkg/report/table/vulnerability_test.go
index 9a773c90eafe..94a3ecd53aa1 100644
--- a/pkg/report/table/vulnerability_test.go
+++ b/pkg/report/table/vulnerability_test.go
@@ -259,6 +259,158 @@ package-lock.json
│ └── ...(omitted)...
│ └── styled-components@3.1.3
└── sanitize-html@1.20.0, (MEDIUM: 1, HIGH: 0)
+`,
+ },
+ {
+ name: "happy path with vulnerability origin graph for pom.xml file with modules",
+ result: types.Result{
+ Target: "pom.xml",
+ Class: types.ClassLangPkg,
+ Type: "pom",
+ Packages: []ftypes.Package{
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000001",
+ Name: "com.example:root",
+ Version: "0.0.1",
+ Relationship: ftypes.RelationshipRoot,
+ DependsOn: []string{
+ "3ff14136-e09f-4df9-80ea-000000000003",
+ },
+ },
+ // module1
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000002",
+ Name: "com.example:module1",
+ Version: "1.0.0",
+ Relationship: ftypes.RelationshipWorkspace,
+ DependsOn: []string{
+ "3ff14136-e09f-4df9-80ea-000000000003",
+ },
+ },
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000003",
+ Name: "org.apache.logging.log4j:log4j-core",
+ Version: "2.6.1",
+ Relationship: ftypes.RelationshipDirect,
+ },
+ // module2
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000004",
+ Name: "com.example:module2",
+ Version: "2.0.0",
+ Relationship: ftypes.RelationshipRoot,
+ DependsOn: []string{
+ "3ff14136-e09f-4df9-80ea-000000000005",
+ },
+ },
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000005",
+ Name: "com.example:example-dependency",
+ Version: "2.0.0",
+ Relationship: ftypes.RelationshipDirect,
+ DependsOn: []string{
+ "3ff14136-e09f-4df9-80ea-000000000006",
+ },
+ },
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000006",
+ Name: "org.apache.logging.log4j:log4j-core",
+ Version: "2.6.1",
+ Relationship: ftypes.RelationshipIndirect,
+ },
+ // Root pkg
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000007",
+ Name: "com.example:example-nested-dependency",
+ Version: "2.0.0",
+ Relationship: ftypes.RelationshipDirect,
+ DependsOn: []string{
+ "3ff14136-e09f-4df9-80ea-000000000008",
+ },
+ },
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000008",
+ Name: "com.example:example-dependency",
+ Version: "2.0.0",
+ Relationship: ftypes.RelationshipIndirect,
+ DependsOn: []string{
+ "3ff14136-e09f-4df9-80ea-000000000009",
+ },
+ },
+
+ {
+ ID: "3ff14136-e09f-4df9-80ea-000000000009",
+ Name: "org.apache.logging.log4j:log4j-core",
+ Version: "2.6.1",
+ Relationship: ftypes.RelationshipIndirect,
+ },
+ },
+ Vulnerabilities: []types.DetectedVulnerability{
+ {
+ VulnerabilityID: "CVE-2017-5645",
+ PkgID: "3ff14136-e09f-4df9-80ea-000000000003",
+ PkgName: "org.apache.logging.log4j:log4j-core",
+ Vulnerability: dbTypes.Vulnerability{
+ Title: "foobar",
+ Description: "baz",
+ Severity: "HIGH",
+ },
+ InstalledVersion: "2.6.1",
+ FixedVersion: "2.8.2",
+ Status: dbTypes.StatusFixed,
+ },
+ {
+ VulnerabilityID: "CVE-2017-5645",
+ PkgID: "3ff14136-e09f-4df9-80ea-000000000006",
+ PkgName: "org.apache.logging.log4j:log4j-core",
+ Vulnerability: dbTypes.Vulnerability{
+ Title: "foobar",
+ Description: "baz",
+ Severity: "HIGH",
+ },
+ InstalledVersion: "2.6.1",
+ FixedVersion: "2.8.2",
+ Status: dbTypes.StatusFixed,
+ },
+ {
+ VulnerabilityID: "CVE-2017-5645",
+ PkgID: "3ff14136-e09f-4df9-80ea-000000000009",
+ PkgName: "org.apache.logging.log4j:log4j-core",
+ Vulnerability: dbTypes.Vulnerability{
+ Title: "foobar",
+ Description: "baz",
+ Severity: "HIGH",
+ },
+ InstalledVersion: "2.6.1",
+ FixedVersion: "2.8.2",
+ Status: dbTypes.StatusFixed,
+ },
+ },
+ },
+ want: `
+pom.xml (pom)
+=============
+Total: 3 (MEDIUM: 0, HIGH: 3)
+
+┌─────────────────────────────────────┬───────────────┬──────────┬────────┬───────────────────┬───────────────┬────────┐
+│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
+├─────────────────────────────────────┼───────────────┼──────────┼────────┼───────────────────┼───────────────┼────────┤
+│ org.apache.logging.log4j:log4j-core │ CVE-2017-5645 │ HIGH │ fixed │ 2.6.1 │ 2.8.2 │ foobar │
+│ │ │ │ │ │ │ │
+│ │ │ │ │ │ │ │
+│ │ │ │ │ │ │ │
+│ │ │ │ │ │ │ │
+└─────────────────────────────────────┴───────────────┴──────────┴────────┴───────────────────┴───────────────┴────────┘
+
+Dependency Origin Tree (Reversed)
+=================================
+pom.xml
+├── org.apache.logging.log4j:log4j-core:2.6.1, (MEDIUM: 0, HIGH: 1)
+├── org.apache.logging.log4j:log4j-core:2.6.1, (MEDIUM: 0, HIGH: 1)
+│ └── com.example:example-dependency:2.0.0
+└── org.apache.logging.log4j:log4j-core:2.6.1, (MEDIUM: 0, HIGH: 1)
+ └── ...(omitted)...
+ └── com.example:example-nested-dependency:2.0.0
`,
},
{
diff --git a/pkg/result/filter.go b/pkg/result/filter.go
index 83e0c0a7170e..b8fe8ef5caec 100644
--- a/pkg/result/filter.go
+++ b/pkg/result/filter.go
@@ -103,7 +103,7 @@ func filterVulnerabilities(result *types.Result, severities []string, ignoreStat
}
// Check if there is a duplicate vulnerability
- key := fmt.Sprintf("%s/%s/%s/%s", vuln.VulnerabilityID, vuln.PkgName, vuln.InstalledVersion, vuln.PkgPath)
+ key := fmt.Sprintf("%s/%s/%s/%s/%s", vuln.VulnerabilityID, vuln.PkgID, vuln.PkgName, vuln.InstalledVersion, vuln.PkgPath)
if old, ok := uniqVulns[key]; ok && !shouldOverwrite(old, vuln) {
continue
}
diff --git a/pkg/result/filter_test.go b/pkg/result/filter_test.go
index 08b523dd2dde..5d948695d70a 100644
--- a/pkg/result/filter_test.go
+++ b/pkg/result/filter_test.go
@@ -998,6 +998,102 @@ func TestFilter(t *testing.T) {
},
},
},
+ {
+ name: "happy path with duplicates and different package IDs",
+ args: args{
+ report: types.Report{
+ Results: types.Results{
+ {
+ Vulnerabilities: []types.DetectedVulnerability{
+ {
+ VulnerabilityID: "CVE-2019-0001",
+ PkgID: "3ff14136-e09f-4df9-80ea-000000000001",
+ PkgName: "foo",
+ InstalledVersion: "1.2.3",
+ FixedVersion: "1.2.4",
+ Vulnerability: dbTypes.Vulnerability{
+ Severity: dbTypes.SeverityCritical.String(),
+ },
+ },
+ {
+ VulnerabilityID: "CVE-2019-0001",
+ PkgID: "3ff14136-e09f-4df9-80ea-000000000002",
+ PkgName: "foo",
+ InstalledVersion: "1.2.3",
+ FixedVersion: "1.2.4",
+ Vulnerability: dbTypes.Vulnerability{
+ Severity: dbTypes.SeverityCritical.String(),
+ },
+ },
+ {
+ VulnerabilityID: "CVE-2019-0002",
+ PkgID: "bar@1.2.3",
+ PkgName: "bar",
+ InstalledVersion: "1.2.3",
+ FixedVersion: "1.2.4",
+ Vulnerability: dbTypes.Vulnerability{
+ Severity: dbTypes.SeverityCritical.String(),
+ },
+ },
+ {
+ VulnerabilityID: "CVE-2019-0002",
+ PkgID: "bar@1.2.3",
+ PkgName: "bar",
+ InstalledVersion: "1.2.3",
+ FixedVersion: "1.2.4",
+ Vulnerability: dbTypes.Vulnerability{
+ Severity: dbTypes.SeverityCritical.String(),
+ },
+ },
+ },
+ },
+ },
+ },
+ severities: []dbTypes.Severity{
+ dbTypes.SeverityCritical,
+ dbTypes.SeverityHigh,
+ dbTypes.SeverityUnknown,
+ },
+ },
+ want: types.Report{
+ Results: types.Results{
+ {
+ Vulnerabilities: []types.DetectedVulnerability{
+ {
+ VulnerabilityID: "CVE-2019-0002",
+ PkgID: "bar@1.2.3",
+ PkgName: "bar",
+ InstalledVersion: "1.2.3",
+ FixedVersion: "1.2.4",
+ Vulnerability: dbTypes.Vulnerability{
+ Severity: dbTypes.SeverityCritical.String(),
+ },
+ },
+ {
+ VulnerabilityID: "CVE-2019-0001",
+ PkgID: "3ff14136-e09f-4df9-80ea-000000000001",
+ PkgName: "foo",
+ InstalledVersion: "1.2.3",
+ FixedVersion: "1.2.4",
+ Vulnerability: dbTypes.Vulnerability{
+ Severity: dbTypes.SeverityCritical.String(),
+ },
+ },
+ {
+ VulnerabilityID: "CVE-2019-0001",
+ PkgID: "3ff14136-e09f-4df9-80ea-000000000002",
+ PkgName: "foo",
+ InstalledVersion: "1.2.3",
+ FixedVersion: "1.2.4",
+ Vulnerability: dbTypes.Vulnerability{
+ Severity: dbTypes.SeverityCritical.String(),
+ },
+ },
+ },
+ },
+ },
+ },
+ },
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
diff --git a/pkg/sbom/io/encode_test.go b/pkg/sbom/io/encode_test.go
index 93cdd2a9410c..32b3fdde9922 100644
--- a/pkg/sbom/io/encode_test.go
+++ b/pkg/sbom/io/encode_test.go
@@ -778,7 +778,7 @@ func TestEncoder_Encode(t *testing.T) {
Class: types.ClassLangPkg,
Packages: []ftypes.Package{
{
- ID: "com.example:root:1.0.0",
+ ID: "2ff14136-e09f-4df9-80ea-000000000001",
Name: "com.example:root",
Version: "1.0.0",
Identifier: ftypes.PkgIdentifier{
@@ -792,12 +792,12 @@ func TestEncoder_Encode(t *testing.T) {
},
Relationship: ftypes.RelationshipRoot,
DependsOn: []string{
- "com.example:module1:1.0.0",
- "com.example:module2:2.0.0",
+ "2ff14136-e09f-4df9-80ea-000000000002",
+ "2ff14136-e09f-4df9-80ea-000000000004",
},
},
{
- ID: "com.example:module1:1.0.0",
+ ID: "2ff14136-e09f-4df9-80ea-000000000002",
Name: "com.example:module1",
Version: "1.0.0",
Identifier: ftypes.PkgIdentifier{
@@ -811,11 +811,11 @@ func TestEncoder_Encode(t *testing.T) {
},
Relationship: ftypes.RelationshipWorkspace,
DependsOn: []string{
- "org.example:example-api:1.1.1",
+ "2ff14136-e09f-4df9-80ea-000000000003",
},
},
{
- ID: "com.example:module2:2.0.0",
+ ID: "2ff14136-e09f-4df9-80ea-000000000004",
Name: "com.example:module2",
Version: "2.0.0",
Identifier: ftypes.PkgIdentifier{
@@ -829,26 +829,26 @@ func TestEncoder_Encode(t *testing.T) {
},
Relationship: ftypes.RelationshipWorkspace,
DependsOn: []string{
- "org.example:example-dependency:1.2.3",
+ "2ff14136-e09f-4df9-80ea-000000000005",
},
},
{
- ID: "org.example:example-api:1.1.1",
+ ID: "2ff14136-e09f-4df9-80ea-000000000003",
Name: "org.example:example-api",
- Version: "1.1.1",
+ Version: "2.0.0",
Identifier: ftypes.PkgIdentifier{
UID: "45cdc62618708bb7",
PURL: &packageurl.PackageURL{
Type: packageurl.TypeMaven,
Namespace: "org.example",
Name: "example-api",
- Version: "1.1.1",
+ Version: "2.0.0",
},
},
Relationship: ftypes.RelationshipDirect,
},
{
- ID: "org.example:example-dependency:1.2.3",
+ ID: "2ff14136-e09f-4df9-80ea-000000000005",
Name: "org.example:example-dependency",
Version: "1.2.3",
Identifier: ftypes.PkgIdentifier{
@@ -862,11 +862,11 @@ func TestEncoder_Encode(t *testing.T) {
},
Relationship: ftypes.RelationshipDirect,
DependsOn: []string{
- "org.example:example-api:2.0.0",
+ "2ff14136-e09f-4df9-80ea-000000000006",
},
},
{
- ID: "org.example:example-api:2.0.0",
+ ID: "2ff14136-e09f-4df9-80ea-000000000006",
Name: "org.example:example-api",
Version: "2.0.0",
Identifier: ftypes.PkgIdentifier{
@@ -925,7 +925,7 @@ func TestEncoder_Encode(t *testing.T) {
Properties: []core.Property{
{
Name: core.PropertyPkgID,
- Value: "com.example:root:1.0.0",
+ Value: "2ff14136-e09f-4df9-80ea-000000000001",
},
{
Name: core.PropertyPkgType,
@@ -952,7 +952,7 @@ func TestEncoder_Encode(t *testing.T) {
Properties: []core.Property{
{
Name: core.PropertyPkgID,
- Value: "com.example:module1:1.0.0",
+ Value: "2ff14136-e09f-4df9-80ea-000000000002",
},
{
Name: core.PropertyPkgType,
@@ -979,7 +979,7 @@ func TestEncoder_Encode(t *testing.T) {
Properties: []core.Property{
{
Name: core.PropertyPkgID,
- Value: "com.example:module2:2.0.0",
+ Value: "2ff14136-e09f-4df9-80ea-000000000004",
},
{
Name: core.PropertyPkgType,
@@ -1001,12 +1001,12 @@ func TestEncoder_Encode(t *testing.T) {
Type: core.TypeLibrary,
Group: "org.example",
Name: "example-api",
- Version: "1.1.1",
+ Version: "2.0.0",
SrcFile: "pom.xml",
Properties: []core.Property{
{
Name: core.PropertyPkgID,
- Value: "org.example:example-api:1.1.1",
+ Value: "2ff14136-e09f-4df9-80ea-000000000003",
},
{
Name: core.PropertyPkgType,
@@ -1019,9 +1019,9 @@ func TestEncoder_Encode(t *testing.T) {
Type: packageurl.TypeMaven,
Namespace: "org.example",
Name: "example-api",
- Version: "1.1.1",
+ Version: "2.0.0",
},
- BOMRef: "pkg:maven/org.example/example-api@1.1.1",
+ BOMRef: "3ff14136-e09f-4df9-80ea-000000000006",
},
},
uuid.MustParse("3ff14136-e09f-4df9-80ea-000000000007"): {
@@ -1033,7 +1033,7 @@ func TestEncoder_Encode(t *testing.T) {
Properties: []core.Property{
{
Name: core.PropertyPkgID,
- Value: "org.example:example-dependency:1.2.3",
+ Value: "2ff14136-e09f-4df9-80ea-000000000005",
},
{
Name: core.PropertyPkgType,
@@ -1060,7 +1060,7 @@ func TestEncoder_Encode(t *testing.T) {
Properties: []core.Property{
{
Name: core.PropertyPkgID,
- Value: "org.example:example-api:2.0.0",
+ Value: "2ff14136-e09f-4df9-80ea-000000000006",
},
{
Name: core.PropertyPkgType,
@@ -1075,7 +1075,7 @@ func TestEncoder_Encode(t *testing.T) {
Name: "example-api",
Version: "2.0.0",
},
- BOMRef: "pkg:maven/org.example/example-api@2.0.0",
+ BOMRef: "3ff14136-e09f-4df9-80ea-000000000008",
},
},
},