fix(java): correctly inherit properties from parent fields for pom.xml files (#9111)

2026-01-31 05:43:14 +08:00 · 2026-01-30 12:34:59 +06:00
parent 47d3103c50
commit 2933b01cd5
5 changed files with 67 additions and 52 deletions
--- a/pkg/dependency/parser/java/pom/parse_test.go
+++ b/pkg/dependency/parser/java/pom/parse_test.go
@@ -496,31 +496,47 @@ func TestPom_Parse(t *testing.T) {
 				},
 			},
 		},
+		// [INFO] com.example:child:jar:1.2.3
+		// [INFO] +- org.example:example-dependency:jar:1.2.3:compile
+		// [INFO] |  \- org.example:example-api:jar:4.0.0:compile
+		// [INFO] \- org.example:example-api3:jar:4.0.3:compile
 		{
 			name:      "dependencyManagement prefers child properties",
-			inputFile: filepath.Join("testdata", "parent-child-properties", "child", "pom.xml"),
+			inputFile: filepath.Join("testdata", "parent-child-properties", "pom.xml"),
 			local:     true,
 			want: []ftypes.Package{
 				{
-					ID:           "com.example:child:1.0.0::b6c336a6",
+					ID:           "com.example:child:1.2.3::14cce9f5",
 					Name:         "com.example:child",
-					Version:      "1.0.0",
+					Version:      "1.2.3",
 					Relationship: ftypes.RelationshipRoot,
 				},
 				{
-					ID:           "org.example:example-dependency:1.2.3::60fa7625",
+					ID:           "org.example:example-api3:4.0.3::c4062c26",
+					Name:         "org.example:example-api3",
+					Version:      "4.0.3",
+					Relationship: ftypes.RelationshipDirect,
+					Locations: ftypes.Locations{
+						{
+							StartLine: 30,
+							EndLine:   34,
+						},
+					},
+				},
+				{
+					ID:           "org.example:example-dependency:1.2.3::d1f3e5ff",
 					Name:         "org.example:example-dependency",
 					Version:      "1.2.3",
 					Relationship: ftypes.RelationshipDirect,
 					Locations: ftypes.Locations{
 						{
-							StartLine: 22,
-							EndLine:   26,
+							StartLine: 25,
+							EndLine:   29,
 						},
 					},
 				},
 				{
-					ID:           "org.example:example-api:4.0.0::221fee5d",
+					ID:           "org.example:example-api:4.0.0::daf5884b",
 					Name:         "org.example:example-api",
 					Version:      "4.0.0",
 					Relationship: ftypes.RelationshipIndirect,
@@ -528,15 +544,16 @@ func TestPom_Parse(t *testing.T) {
 			},
 			wantDeps: []ftypes.Dependency{
 				{
-					ID: "com.example:child:1.0.0::b6c336a6",
+					ID: "com.example:child:1.2.3::14cce9f5",
 					DependsOn: []string{
-						"org.example:example-dependency:1.2.3::60fa7625",
+						"org.example:example-api3:4.0.3::c4062c26",
+						"org.example:example-dependency:1.2.3::d1f3e5ff",
 					},
 				},
 				{
-					ID: "org.example:example-dependency:1.2.3::60fa7625",
+					ID: "org.example:example-dependency:1.2.3::d1f3e5ff",
 					DependsOn: []string{
-						"org.example:example-api:4.0.0::221fee5d",
+						"org.example:example-api:4.0.0::daf5884b",
 					},
 				},
 			},
--- a/pkg/dependency/parser/java/pom/pom.go
+++ b/pkg/dependency/parser/java/pom/pom.go
@@ -97,6 +97,16 @@ func (p *pom) listProperties(val reflect.Value) map[string]string {
 			m := val.Field(i)
 			for _, e := range m.MapKeys() {
 				v := m.MapIndex(e)
+
+				// <properties> element may contain:
+				// - properties from <properties> element of current POM
+				// - properties from parent POMs (we added these properties early)
+				//    - properties from <properties> element of parent POMs
+				//    - properties got from fields of parent POMs (`project.groupId`, `parent.project.version`, etc.)
+				// Properties from field has higher priority than properties from <properties> element.
+				if tag == "properties" && props[e.String()] != "" {
+					continue
+				}
 				props[e.String()] = v.String()
 			}
 		case reflect.Struct:
--- a/pkg/dependency/parser/java/pom/testdata/parent-child-properties/parent/pom.xml
+++ b/pkg/dependency/parser/java/pom/testdata/parent-child-properties/parent/pom.xml
@@ -2,20 +2,29 @@
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

-    <parent>
-        <groupId>com.example</groupId>
-        <artifactId>top-parent</artifactId>
-        <version>1.0.0</version>
-        <relativePath>../top-parent</relativePath>
-    </parent>
-
-
    <groupId>com.example</groupId>
    <artifactId>parent</artifactId>
-    <version>1.0.0</version>
+    <version>4.0.3</version>

    <packaging>pom</packaging>
    <name>parent</name>
    <description>Parent</description>

+    <properties>
+        <bom.version>3.0.0</bom.version>
+        <dep.version>1.2.3</dep.version>
+    </properties>
+
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.example</groupId>
+                <artifactId>example-bom</artifactId>
+                <version>${bom.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
 </project>
--- a/pkg/dependency/parser/java/pom/testdata/parent-child-properties/child/pom.xml
+++ b/pkg/dependency/parser/java/pom/testdata/parent-child-properties/child/pom.xml
@@ -5,24 +5,32 @@
    <artifactId>child</artifactId>

    <name>child</name>
+    <version>1.2.3</version>
    <description>Child</description>

    <parent>
        <groupId>com.example</groupId>
        <artifactId>parent</artifactId>
-        <version>1.0.0</version>
-        <relativePath>../parent</relativePath>
+        <version>4.0.3</version>
+        <relativePath>./parent</relativePath>
    </parent>

    <properties>
        <bom.version>4.0.0</bom.version>
+        <project.parent.version>1.1.1</project.parent.version>
+        <project.version>2.3.4</project.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.example</groupId>
            <artifactId>example-dependency</artifactId>
-            <version>1.2.3</version>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.example</groupId>
+            <artifactId>example-api3</artifactId>
+            <version>${project.parent.version}</version>
        </dependency>
    </dependencies>
 </project>
--- a/pkg/dependency/parser/java/pom/testdata/parent-child-properties/top-parent/pom.xml
+++ b/pkg/dependency/parser/java/pom/testdata/parent-child-properties/top-parent/pom.xml
@@ -1,29 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-
-    <groupId>com.example</groupId>
-    <artifactId>top-parent</artifactId>
-    <version>1.0.0</version>
-
-    <packaging>pom</packaging>
-    <name>top-parent</name>
-    <description>Parent</description>
-
-    <properties>
-        <bom.version>3.0.0</bom.version>
-    </properties>
-
-    <dependencyManagement>
-        <dependencies>
-            <dependency>
-                <groupId>org.example</groupId>
-                <artifactId>example-bom</artifactId>
-                <version>${bom.version}</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
-        </dependencies>
-    </dependencyManagement>
-
-</project>