Skip to content

Commit d6c9097

Browse files
d3vv3d3vv3
committed
fix(cyclonedx): duplicated entries in dependsOn
1 parent 612ee98 commit d6c9097

File tree

2 files changed

+89
-0
lines changed

2 files changed

+89
-0
lines changed

pkg/sbom/cyclonedx/marshal.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -175,6 +175,7 @@ func (m *Marshaler) marshalDependencies() *[]cdx.Dependency {
175175
d, ok := m.componentIDs[rel.Dependency]
176176
return d, ok
177177
})
178+
deps = lo.Uniq(deps)
178179
sort.Strings(deps)
179180

180181
dependencies = append(dependencies, cdx.Dependency{

pkg/sbom/cyclonedx/marshal_test.go

Lines changed: 88 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2428,3 +2428,91 @@ func TestMarshaler_Licenses(t *testing.T) {
24282428
})
24292429
}
24302430
}
2431+
2432+
func TestMarshaler_DuplicateDependencies(t *testing.T) {
2433+
clock.SetFakeTime(t)
2434+
2435+
inputReport := types.Report{
2436+
SchemaVersion: report.SchemaVersion,
2437+
ArtifactName: "test-image",
2438+
ArtifactType: ftypes.TypeContainerImage,
2439+
Results: types.Results{
2440+
{
2441+
Target: "test",
2442+
Class: types.ClassLangPkg,
2443+
Type: ftypes.Jar,
2444+
Packages: []ftypes.Package{
2445+
{
2446+
ID: "[email protected]",
2447+
Name: "pkg-a",
2448+
Version: "1.0.0",
2449+
Identifier: ftypes.PkgIdentifier{
2450+
UID: "A",
2451+
PURL: &packageurl.PackageURL{
2452+
Type: packageurl.TypeMaven,
2453+
Name: "pkg-a",
2454+
Version: "1.0.0",
2455+
},
2456+
},
2457+
DependsOn: []string{
2458+
"[email protected]",
2459+
"[email protected]",
2460+
"[email protected]",
2461+
"[email protected]",
2462+
"[email protected]",
2463+
},
2464+
},
2465+
{
2466+
ID: "[email protected]",
2467+
Name: "pkg-b",
2468+
Version: "1.0.0",
2469+
Identifier: ftypes.PkgIdentifier{
2470+
UID: "B",
2471+
PURL: &packageurl.PackageURL{
2472+
Type: packageurl.TypeMaven,
2473+
Name: "pkg-b",
2474+
Version: "1.0.0",
2475+
},
2476+
},
2477+
},
2478+
{
2479+
ID: "[email protected]",
2480+
Name: "pkg-c",
2481+
Version: "1.0.0",
2482+
Identifier: ftypes.PkgIdentifier{
2483+
UID: "C",
2484+
PURL: &packageurl.PackageURL{
2485+
Type: packageurl.TypeMaven,
2486+
Name: "pkg-c",
2487+
Version: "1.0.0",
2488+
},
2489+
},
2490+
},
2491+
},
2492+
},
2493+
},
2494+
}
2495+
2496+
marshaler := cyclonedx.NewMarshaler("dev")
2497+
bom, err := marshaler.MarshalReport(clock.NewContext(), inputReport)
2498+
require.NoError(t, err)
2499+
2500+
require.NotNil(t, bom.Dependencies)
2501+
deps := *bom.Dependencies
2502+
2503+
var pkgADeps *cdx.Dependency
2504+
for i := range deps {
2505+
if deps[i].Ref == "pkg:maven/[email protected]" {
2506+
pkgADeps = &deps[i]
2507+
break
2508+
}
2509+
}
2510+
2511+
require.NotNil(t, pkgADeps, "pkg-a dependency not found")
2512+
require.NotNil(t, pkgADeps.Dependencies, "pkg-a dependencies is nil")
2513+
2514+
actualDeps := *pkgADeps.Dependencies
2515+
assert.Len(t, actualDeps, 2, "expected 2 unique dependencies, got %d", len(actualDeps))
2516+
assert.Contains(t, actualDeps, "pkg:maven/[email protected]")
2517+
assert.Contains(t, actualDeps, "pkg:maven/[email protected]")
2518+
}

0 commit comments

Comments
 (0)