Merge pull request #290 from luotianqi777/master

update html template & fix mvn bug
XmirrorSecurity · May 8, 2024 · 8da3500 · 8da3500
2 parents 39045c1 + 57f54a1
commit 8da3500
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 9 deletions.
diff --git a/cmd/format/html_tpl b/cmd/format/html_tpl
diff --git a/opensca/sca/java/mvn.go b/opensca/sca/java/mvn.go
@@ -183,7 +183,7 @@ func inheritModules(poms []*Pom) {
 type getPomFunc func(dep PomDependency, repos ...[]string) *Pom
 
 // inheritPom 继承pom所需内容
-func inheritPom(pom *Pom, inheritDependencies bool, getpom getPomFunc) {
+func inheritPom(pom *Pom, getpom getPomFunc) {
 
 	// 记录统计过的parent 避免pom循环引用
 	parentSet := map[string]bool{}
@@ -218,9 +218,7 @@ func inheritPom(pom *Pom, inheritDependencies bool, getpom getPomFunc) {
 		pom.DependencyManagement = append(pom.DependencyManagement, parentPom.DependencyManagement...)
 
 		// 继承dependencies
-		if inheritDependencies {
-			pom.Dependencies = append(pom.Dependencies, parentPom.Dependencies...)
-		}
+		pom.Dependencies = append(pom.Dependencies, parentPom.Dependencies...)
 
 		// 继承repo&mirror
 		pom.Repositories = append(pom.Repositories, parentPom.Repositories...)
@@ -294,7 +292,7 @@ func parsePom(ctx context.Context, pom *Pom, getpom getPomFunc) *model.DepGraph
 	pom.Update(&pom.PomDependency)
 
 	// 继承pom
-	inheritPom(pom, true, getpom)
+	inheritPom(pom, getpom)
 
 	// 记录在根pom的dependencyManagement中非import组件信息
 	rootPomManagement := map[string]*PomDependency{}
@@ -406,8 +404,8 @@ func parsePom(ctx context.Context, pom *Pom, getpom getPomFunc) *model.DepGraph
 				subpom.PomDependency = *dep
 				// 继承根pom的exclusion
 				subpom.Exclusions = append(subpom.Exclusions, np.Exclusions...)
-				// 子依赖不继承parent的依赖项
-				inheritPom(subpom, false, getpom)
+				// 依赖继承parent
+				inheritPom(subpom, getpom)
 				sub.Expand = subpom
 			}
 

diff --git a/test/java/15/pom.xml b/test/java/15/pom.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+
+	<groupId>my.foo</groupId>
+	<version>1.0</version>
+	<artifactId>demo</artifactId>
+
+    <dependencies>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.datatype</groupId>
+            <artifactId>jackson-datatype-jsr310</artifactId>
+            <version>2.17.0</version>
+        </dependency>
+
+    </dependencies>
+
+</project>
diff --git a/test/java/java_test.go b/test/java/java_test.go
@@ -161,6 +161,19 @@ var cases = []tool.TaskCase{
 			),
 		),
 	)},
+
+	// 直接依赖继承parent
+	{Path: "15", Result: tool.Dep("", "",
+		tool.Dep3("my.foo", "demo", "1.0",
+			tool.Dep3("com.fasterxml.jackson.datatype", "jackson-datatype-jsr310", "2.17.0",
+				tool.Dep3("com.fasterxml.jackson.core", "jackson-annotations", "2.17.0"),
+				tool.Dep3("com.fasterxml.jackson.core", "jackson-core", "2.17.0"),
+				tool.Dep3("com.fasterxml.jackson.core", "jackson-databind", "2.17.0",
+					tool.Dep3("net.bytebuddy", "byte-buddy", "1.14.9"),
+				),
+			),
+		),
+	)},
 }
 
 func Test_JavaWithStatic(t *testing.T) {