Skip to content

Commit

Permalink
PR review changes: info->debug logs and conceal/obscure->hidden
Browse files Browse the repository at this point in the history 
Signed-off-by: Kevin Conner <kev.conner@gmail.com>
  • Loading branch information
@knrc
knrc committed Feb 9, 2023
1 parent a82d044 commit 4641333
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 34 deletions.
64 changes: 35 additions & 29 deletions src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -645,7 +645,9 @@ private void validateBom(final Bom bom) {
for (Entry<String, Component> entry: components.entrySet()) {
final String componentRef = entry.getKey();
if (!dependencyRefs.contains(componentRef)) {
getLog().info("CycloneDX: Component not used in dependency graph, pruning component from bom: " + componentRef);
if (getLog().isDebugEnabled()) {
getLog().debug("CycloneDX: Component not used in dependency graph, pruning component from bom: " + componentRef);
}
final Component component = entry.getValue();
if (component != null) {
bom.getComponents().remove(component);
Expand Down Expand Up @@ -754,28 +756,28 @@ public boolean visit(final DependencyNode node) {
}

/*
Test and Runtime scope artifacts may conceal transitive compile dependencies.
Test artifacts will conceal other artifacts if includeTestScope is false, whereas Runtime artifacs
will conceal other artifacts if both includeTestScope and includeRuntimeScope are false.
Test and Runtime scope artifacts may hide transitive compile dependencies.
Test artifacts will hide other artifacts if includeTestScope is false, whereas Runtime artifacts
will hide other artifacts if both includeTestScope and includeRuntimeScope are false.
*/
if ((includeCompileScope && !includeTestScope) || !excludedNodes.isEmpty()){
final ProjectBuildingRequest testBuildingRequest = getProjectBuildingRequest(mavenProject);
final Map<String, DependencyNode> concealedNodes = new HashMap<>();
final Map<String, DependencyNode> concealedEmptyNodes = new HashMap<>();
final Map<String, DependencyNode> hiddenNodes = new HashMap<>();
final Map<String, DependencyNode> hiddenEmptyNodes = new HashMap<>();
if (includeCompileScope && !includeTestScope) {
final DependencyNode testRootNode = dependencyCollectorBuilder.collectDependencyGraph(testBuildingRequest, null);
for (DependencyNode child: testRootNode.getChildren()) {
if (Artifact.SCOPE_TEST.equals(child.getArtifact().getScope())) {
collectNodes(concealedNodes, concealedEmptyNodes, child);
collectNodes(hiddenNodes, hiddenEmptyNodes, child);
}
}
if (!includeRuntimeScope) {
collectRuntimeNodes(concealedNodes, concealedEmptyNodes, testRootNode);
collectRuntimeNodes(hiddenNodes, hiddenEmptyNodes, testRootNode);
}
}
if (!excludedNodes.isEmpty()) {
for (DependencyNode excluded: excludedNodes.values()) {
collectNodes(concealedNodes, concealedEmptyNodes, excluded);
collectNodes(hiddenNodes, hiddenEmptyNodes, excluded);
}
}

Expand All @@ -785,16 +787,18 @@ public boolean visit(final DependencyNode node) {
final Dependency dependency = toProcess.remove();
if ((dependency.getDependencies() == null) || dependency.getDependencies().isEmpty()) {
final String purl = dependency.getRef();
DependencyNode concealedNode = concealedNodes.get(purl);
if (concealedNode == null) {
concealedNode = concealedEmptyNodes.get(purl);
DependencyNode hiddenNode = hiddenNodes.get(purl);
if (hiddenNode == null) {
hiddenNode = hiddenEmptyNodes.get(purl);
}
if (concealedNode != null) {
if (hiddenNode != null) {
if (!loggedPurls.contains(purl)) {
getLog().info("CycloneDX: Populating concealed node: " + purl);
if (getLog().isDebugEnabled()) {
getLog().debug("CycloneDX: Populating hidden node: " + purl);
}
loggedPurls.add(purl);
}
for (DependencyNode child: concealedNode.getChildren()) {
for (DependencyNode child: hiddenNode.getChildren()) {
buildDependencyGraphNode(dependencies, child, dependency, excludedNodes, resolvedPUrls, loggedReplacementPUrls);
buildDependencyGraphNode(dependencies, child, null, excludedNodes, resolvedPUrls, loggedReplacementPUrls);
}
Expand Down Expand Up @@ -835,41 +839,41 @@ private Map<String, String> generateResolvedPUrls(final MavenProject mavenProjec

/**
* Add all runtime nodes with children into the map. Key is purl, value is the node.
* @param concealedNodes The map of references to concealed nodes with children
* @param concealedEmptyNodes The map of references to concealed nodes without children
* @param hiddenNodes The map of references to hidden nodes with children
* @param hiddenEmptyNodes The map of references to hidden nodes without children
* @param node The node to add
*/
private void collectRuntimeNodes(Map<String, DependencyNode> concealedNodes, Map<String, DependencyNode> concealedEmptyNodes, DependencyNode node) {
private void collectRuntimeNodes(Map<String, DependencyNode> hiddenNodes, Map<String, DependencyNode> hiddenEmptyNodes, DependencyNode node) {
if (!node.getChildren().isEmpty()) {
if (Artifact.SCOPE_RUNTIME.equals(node.getArtifact().getScope())) {
final String purl = generatePackageUrl(node.getArtifact());
concealedNodes.put(purl, node) ;
hiddenNodes.put(purl, node) ;
for (DependencyNode child: node.getChildren()) {
collectNodes(concealedNodes, concealedEmptyNodes, child);
collectNodes(hiddenNodes, hiddenEmptyNodes, child);
}
} else {
for (DependencyNode child: node.getChildren()) {
collectRuntimeNodes(concealedNodes, concealedEmptyNodes, child);
collectRuntimeNodes(hiddenNodes, hiddenEmptyNodes, child);
}
}
}
}

/**
* Add all nodes with children into the map. Key is purl, value is the node.
* @param concealedNodes The map of references to concealed nodes with children
* @param concealedEmptyNodes The map of references to concealed nodes without children
* @param hiddenNodes The map of references to hidden nodes with children
* @param hiddenEmptyNodes The map of references to hidden nodes without children
* @param node The node to add
*/
private void collectNodes(Map<String, DependencyNode> concealedNodes, Map<String, DependencyNode> concealedEmptyNodes, DependencyNode node) {
private void collectNodes(Map<String, DependencyNode> hiddenNodes, Map<String, DependencyNode> hiddenEmptyNodes, DependencyNode node) {
final String purl = generatePackageUrl(node.getArtifact());
if (!node.getChildren().isEmpty()) {
concealedNodes.put(purl, node) ;
hiddenNodes.put(purl, node) ;
for (DependencyNode child: node.getChildren()) {
collectNodes(concealedNodes, concealedEmptyNodes, child);
collectNodes(hiddenNodes, hiddenEmptyNodes, child);
}
} else {
concealedEmptyNodes.put(purl, node);
hiddenEmptyNodes.put(purl, node);
}
}

Expand All @@ -886,7 +890,7 @@ private void buildDependencyGraphNode(final Map<Dependency, Dependency> dependen
excludedNodes.put(purl, artifactNode);
return;
}
// When adding concealed nodes we may inadvertently pull in runtime artifacts
// When adding hidden nodes we may inadvertently pull in runtime artifacts
if (!includeTestScope && !includeRuntimeScope && Artifact.SCOPE_RUNTIME.equals(artifactNode.getArtifact().getScope())) {
return;
}
Expand All @@ -897,7 +901,9 @@ private void buildDependencyGraphNode(final Map<Dependency, Dependency> dependen
final String resolvedPurl = resolvedPurls.get(versionlessPurl);
if (!purl.equals(resolvedPurl)) {
if (!loggedReplacementPUrls.contains(purl)) {
getLog().info("CycloneDX: replacing reference to " + purl + " with resolved package url " + resolvedPurl);
if (getLog().isDebugEnabled()) {
getLog().debug("CycloneDX: replacing reference to " + purl + " with resolved package url " + resolvedPurl);
}
loggedReplacementPUrls.add(purl);
}
purl = resolvedPurl;
Expand Down
10 changes: 5 additions & 5 deletions src/test/java/org/cyclonedx/maven/IssueTrustification1Test.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,11 +63,11 @@ public IssueTrustification1Test(MavenRuntimeBuilder runtimeBuilder)
}

/**
* This test ensures that any dependencies obscured by <i>test</i> dependencies are discovered and present in the dependency graph
* This test ensures that any dependencies hidden by <i>test</i> dependencies are discovered and present in the dependency graph
* @throws Exception
*/
@Test
public void testConcealedTestArtifacts() throws Exception {
public void testHiddenTestArtifacts() throws Exception {
final File projDir = cleanAndBuild(null);

final Document bom = readXML(new File(projDir, "trustification/target/bom.xml"));
Expand Down Expand Up @@ -130,11 +130,11 @@ public void testConcealedTestArtifacts() throws Exception {
}

/**
* This test ensures that any dependencies obscured by <i>runtime</i> dependencies are discovered and present in the dependency graph
* This test ensures that any dependencies hidden by <i>runtime</i> dependencies are discovered and present in the dependency graph
* @throws Exception
*/
@Test
public void testConcealedRuntimeArtifacts() throws Exception {
public void testHiddenRuntimeArtifacts() throws Exception {
final File projDir = cleanAndBuild(null);

final Document bom = readXML(new File(projDir, "trustification/target/bom.xml"));
Expand Down Expand Up @@ -225,7 +225,7 @@ public void testTopLevelTestComponentsAsCompile() throws Exception {
}

/**
* This test ensures that any <i>compile</i> dependencies concealed by excluded types are included in the BOM if they are visible dependencies
* This test ensures that any <i>compile</i> dependencies hidden by excluded types are included in the BOM if they are visible dependencies
* @throws Exception
*/
@Test
Expand Down

0 comments on commit 4641333

Please sign in to comment.