Use bom-ref consistently in the dependency tree (#1431)

Signed-off-by: Prabhu Subramanian <[email protected]>

Author: prabhu

lib/helpers/utils.js

@@ -2567,7 +2567,7 @@ export function parseMavenTree(rawOutput, pomFile) {
   const tmpA = rawOutput.split("\n");
   let last_level = 0;
   let last_purl = "";
-  let first_purl = undefined;
+  let first_ref = undefined;
   const stack = [];
   tmpA.forEach((l) => {
     l = l.replace("\r", "");
@@ -2589,7 +2589,11 @@ export function parseMavenTree(rawOutput, pomFile) {
       if (pkgArr && pkgArr.length > 2) {
         let versionStr = pkgArr[pkgArr.length - 2];
         const componentScope = pkgArr[pkgArr.length - 1];
-        if (pkgArr.length >= 6 && pkgArr[3] !== versionStr) {
+        if (
+          pkgArr.length >= 6 &&
+          pkgArr[3] !== versionStr &&
+          !pkgArr[3].includes(".jar")
+        ) {
           classifier = pkgArr[3];
         }
         // Ignore test scope
@@ -2619,9 +2623,10 @@ export function parseMavenTree(rawOutput, pomFile) {
           qualifiers,
           null,
         ).toString();
-        const key = purlString;
-        if (!first_purl) {
-          first_purl = purlString;
+        const bomRef = decodeURIComponent(purlString);
+        const key = bomRef;
+        if (!first_ref) {
+          first_ref = bomRef;
         }
         if (!keys_cache[key]) {
           keys_cache[key] = key;
@@ -2640,7 +2645,7 @@ export function parseMavenTree(rawOutput, pomFile) {
             scope,
             properties,
             purl: purlString,
-            "bom-ref": decodeURIComponent(purlString),
+            "bom-ref": bomRef,
           };
           if (pomFile) {
             properties.push({
@@ -2662,32 +2667,32 @@ export function parseMavenTree(rawOutput, pomFile) {
             };
           }
           deps.push(apkg);
-          if (!level_trees[purlString]) {
-            level_trees[purlString] = [];
+          if (!level_trees[bomRef]) {
+            level_trees[bomRef] = [];
           }
           if (level === 0 || last_purl === "") {
-            stack.push(purlString);
+            stack.push(bomRef);
           } else if (level > last_level) {
             const cnodes = level_trees[last_purl] || [];
-            cnodes.push(purlString);
+            cnodes.push(bomRef);
             level_trees[last_purl] = cnodes;
-            if (stack[stack.length - 1] !== purlString) {
-              stack.push(purlString);
+            if (stack[stack.length - 1] !== bomRef) {
+              stack.push(bomRef);
             }
           } else {
             for (let i = level; i <= last_level; i++) {
               stack.pop();
             }
             const last_stack = stack.length
               ? stack[stack.length - 1]
-              : first_purl;
+              : first_ref;
             const cnodes = level_trees[last_stack] || [];
-            cnodes.push(purlString);
+            cnodes.push(bomRef);
             level_trees[last_stack] = cnodes;
-            stack.push(purlString);
+            stack.push(bomRef);
           }
           last_level = level;
-          last_purl = purlString;
+          last_purl = bomRef;
         }
       }
     }

lib/helpers/utils.test.js

@@ -3277,8 +3277,8 @@ test("parsePnpmLock", async () => {
   expect(parsedList.dependenciesList).toHaveLength(462);
   expect(parsedList.pkgList.filter((pkg) => !pkg.scope)).toHaveLength(3);
   parsedList = await parsePnpmLock("./pnpm-lock.yaml");
-  expect(parsedList.pkgList.length).toEqual(632);
-  expect(parsedList.dependenciesList.length).toEqual(632);
+  expect(parsedList.pkgList.length).toEqual(631);
+  expect(parsedList.dependenciesList.length).toEqual(631);
   expect(parsedList.pkgList[0]).toEqual({
     group: "@ampproject",
     name: "remapping",