Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(pom): add support of * for exclusions #215

Merged
merged 1 commit into from
May 28, 2023
Merged

fix(pom): add support of * for exclusions #215

merged 1 commit into from
May 28, 2023

Conversation

DmitriyLewen
Copy link
Collaborator

Description

Maven supports wildcards in Exclusion fields - https://maven.apache.org/pom.html#exclusions.

But i have playing with it and looks like Maven only supports * value. So i added logic only for * value.
For example this doesn't work:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>example</groupId>
    <artifactId>trivy-test</artifactId>
    <version>1.0-SNAPSHOT</version>

    <dependencies>
        <dependency>
            <groupId>org.springframework.ws</groupId>
            <artifactId>spring-ws-core</artifactId>
            <version>3.0.1.RELEASE</version>
            <exclusions>
                <exclusion>
                    <groupId>org.*</groupId>
                    <artifactId>*</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
    </dependencies>
</project>

Maven result:

➜  4051 mvn dependency:tree
...
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ trivy-test ---
[INFO] example:trivy-test:jar:1.0-SNAPSHOT
[INFO] \- org.springframework.ws:spring-ws-core:jar:3.0.1.RELEASE:compile
[INFO]    +- org.springframework.ws:spring-xml:jar:3.0.1.RELEASE:compile
[INFO]    |  \- org.springframework:spring-context:jar:5.0.4.RELEASE:compile
[INFO]    +- org.springframework:spring-aop:jar:5.0.4.RELEASE:compile
[INFO]    +- org.springframework:spring-beans:jar:5.0.4.RELEASE:compile
[INFO]    +- org.springframework:spring-oxm:jar:5.0.4.RELEASE:compile
[INFO]    +- org.springframework:spring-web:jar:5.0.4.RELEASE:compile
[INFO]    +- org.springframework:spring-webmvc:jar:5.0.4.RELEASE:compile
[INFO]    |  \- org.springframework:spring-expression:jar:5.0.4.RELEASE:compile
[INFO]    +- commons-logging:commons-logging:jar:1.2:compile
[INFO]    +- commons-io:commons-io:jar:2.5:compile
[INFO]    \- org.springframework:spring-core:jar:5.0.4.RELEASE:compile
[INFO]       \- org.springframework:spring-jcl:jar:5.0.4.RELEASE:compile
...

Related Issues

@DmitriyLewen DmitriyLewen self-assigned this May 10, 2023
@DmitriyLewen DmitriyLewen marked this pull request as ready for review May 10, 2023 10:38
@knqyf263 knqyf263 merged commit 555b677 into aquasecurity:main May 28, 2023
1 check passed
@DmitriyLewen DmitriyLewen deleted the fix/pom-exlusions-wildcard branch May 29, 2023 02:44
@DmitriyLewen DmitriyLewen mentioned this pull request May 30, 2023
Merged
7 tasks
Sq34sy pushed a commit to Sq34sy/go-dep-parser that referenced this pull request Jul 28, 2023
@DmitriyLewen @Sq34sy
fix(pom): add support of * for exclusions (aquasecurity#215)
2bf0fb7
Sq34sy pushed a commit to Sq34sy/go-dep-parser that referenced this pull request Jul 28, 2023
@DmitriyLewen @Sq34sy
fix(pom): add support of * for exclusions (aquasecurity#215)
51e8af1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees

@DmitriyLewen DmitriyLewen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@DmitriyLewen @knqyf263