From 3f0e94fb2ec517761cbeee79a4655ea2c4bac32e Mon Sep 17 00:00:00 2001
From: Ruben Romero Montes <rromerom@redhat.com>
Date: Mon, 12 Feb 2024 16:15:45 +0100
Subject: [PATCH] fix: correct contained_by/contains relationships and filter
 duplicate keys in Snyk

Signed-off-by: Ruben Romero Montes <rromerom@redhat.com>
---
 .../exhort/integration/backend/sbom/spdx/SpdxParser.java      | 4 ++--
 .../exhort/integration/providers/snyk/SnykRequestBuilder.java | 3 +++
 .../exhort/integration/backend/sbom/SbomParserTest.java       | 4 ++--
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/redhat/exhort/integration/backend/sbom/spdx/SpdxParser.java b/src/main/java/com/redhat/exhort/integration/backend/sbom/spdx/SpdxParser.java
index 8e4d78a8..c9754228 100644
--- a/src/main/java/com/redhat/exhort/integration/backend/sbom/spdx/SpdxParser.java
+++ b/src/main/java/com/redhat/exhort/integration/backend/sbom/spdx/SpdxParser.java
@@ -165,7 +165,7 @@ private enum RelationshipDirection {
     static RelationshipDirection fromRelationshipType(RelationshipType type) {
       return switch (type) {
         case DEPENDS_ON,
-            CONTAINS,
+            CONTAINED_BY,
             BUILD_DEPENDENCY_OF,
             OPTIONAL_COMPONENT_OF,
             OPTIONAL_DEPENDENCY_OF,
@@ -174,7 +174,7 @@ static RelationshipDirection fromRelationshipType(RelationshipType type) {
             RUNTIME_DEPENDENCY_OF,
             DEV_DEPENDENCY_OF,
             ANCESTOR_OF -> FORWARD;
-        case DEPENDENCY_OF, DESCENDANT_OF, PACKAGE_OF, CONTAINED_BY -> BACKWARDS;
+        case DEPENDENCY_OF, DESCENDANT_OF, PACKAGE_OF, CONTAINS -> BACKWARDS;
         default -> IGNORED;
       };
     }
diff --git a/src/main/java/com/redhat/exhort/integration/providers/snyk/SnykRequestBuilder.java b/src/main/java/com/redhat/exhort/integration/providers/snyk/SnykRequestBuilder.java
index c00b27a5..961bfb26 100644
--- a/src/main/java/com/redhat/exhort/integration/providers/snyk/SnykRequestBuilder.java
+++ b/src/main/java/com/redhat/exhort/integration/providers/snyk/SnykRequestBuilder.java
@@ -27,6 +27,7 @@
 import java.util.Map;
 import java.util.Set;
 import java.util.function.Predicate;
+import java.util.stream.Collectors;
 
 import org.apache.camel.Body;
 import org.apache.camel.Exchange;
@@ -125,6 +126,8 @@ private JsonNode addPackages(ObjectNode depGraph, Set<PackageRef> refs, PackageR
     var pkgs = mapper.createArrayNode().add(createPkg(root));
 
     refs.stream()
+        .collect(Collectors.toMap(k -> getId(k), v -> v, (a, b) -> a))
+        .values()
         .forEach(
             d -> {
               pkgs.add(createPkg(d));
diff --git a/src/test/java/com/redhat/exhort/integration/backend/sbom/SbomParserTest.java b/src/test/java/com/redhat/exhort/integration/backend/sbom/SbomParserTest.java
index 777fc5f2..f093dbea 100644
--- a/src/test/java/com/redhat/exhort/integration/backend/sbom/SbomParserTest.java
+++ b/src/test/java/com/redhat/exhort/integration/backend/sbom/SbomParserTest.java
@@ -136,8 +136,8 @@ void testSpdxReverseRelationships() {
     var file = getClass().getClassLoader().getResourceAsStream(fileName);
 
     var tree = parser.buildTree(file);
-    assertEquals(4, tree.dependencies().size());
-    assertEquals(260, tree.transitiveCount());
+    assertEquals(260, tree.dependencies().size());
+    assertEquals(4, tree.transitiveCount());
   }
 
   @ParameterizedTest