Skip to content

Commit

Permalink
fix(java): parse modules from pom.xml files once (aquasecurity#6312)
Browse files Browse the repository at this point in the history
  • Loading branch information
DmitriyLewen authored Mar 24, 2024
1 parent 1b68327 commit 7c409fd
Show file tree
Hide file tree
Showing 5 changed files with 86 additions and 3 deletions.
11 changes: 8 additions & 3 deletions pkg/dependency/parser/java/pom/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -105,10 +105,10 @@ func (p *parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency,
// Cache root POM
p.cache.put(result.artifact, result)

return p.parseRoot(root.artifact())
return p.parseRoot(root.artifact(), make(map[string]struct{}))
}

func (p *parser) parseRoot(root artifact) ([]types.Library, []types.Dependency, error) {
func (p *parser) parseRoot(root artifact, uniqModules map[string]struct{}) ([]types.Library, []types.Dependency, error) {
// Prepare a queue for dependencies
queue := newArtifactQueue()

Expand All @@ -132,7 +132,12 @@ func (p *parser) parseRoot(root artifact) ([]types.Library, []types.Dependency,
// Modules should be handled separately so that they can have independent dependencies.
// It means multi-module allows for duplicate dependencies.
if art.Module {
moduleLibs, moduleDeps, err := p.parseRoot(art)
if _, ok := uniqModules[art.String()]; ok {
continue
}
uniqModules[art.String()] = struct{}{}

moduleLibs, moduleDeps, err := p.parseRoot(art, uniqModules)
if err != nil {
return nil, nil, err
}
Expand Down
37 changes: 37 additions & 0 deletions pkg/dependency/parser/java/pom/parse_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -959,6 +959,43 @@ func TestPom_Parse(t *testing.T) {
},
},
},
{
name: "Infinity loop for modules",
inputFile: filepath.Join("testdata", "modules-infinity-loop", "pom.xml"),
local: true,
want: []types.Library{
// as module
{
ID: "org.example:module-1:2.0.0",
Name: "org.example:module-1",
Version: "2.0.0",
},
// as dependency
{
ID: "org.example:module-1:2.0.0",
Name: "org.example:module-1",
Version: "2.0.0",
},
{
ID: "org.example:module-2:3.0.0",
Name: "org.example:module-2",
Version: "3.0.0",
},
{
ID: "org.example:root:1.0.0",
Name: "org.example:root",
Version: "1.0.0",
},
},
wantDeps: []types.Dependency{
{
ID: "org.example:module-2:3.0.0",
DependsOn: []string{
"org.example:module-1:2.0.0",
},
},
},
},
{
name: "multi module soft requirement",
inputFile: filepath.Join("testdata", "multi-module-soft-requirement", "pom.xml"),
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<artifactId>module-2</artifactId>
<groupId>org.example</groupId>
<version>3.0.0</version>

<dependencies>
<dependency>
<groupId>org.example</groupId>
<artifactId>module-1</artifactId>
<version>2.0.0</version>
</dependency>
</dependencies>
</project>
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<artifactId>module-1</artifactId>
<groupId>org.example</groupId>
<version>2.0.0</version>

<modules>
<module>module-2</module>
</modules>
</project>
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<artifactId>root</artifactId>
<groupId>org.example</groupId>
<version>1.0.0</version>

<modules>
<module>module-1</module>
<module>module-2</module>
</modules>
</project>

0 comments on commit 7c409fd

Please sign in to comment.