admin/aquasecurity-trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2026-02-14 12:43:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(java): parse modules from pom.xml files once (#6312)

Browse Source
This commit is contained in:
DmitriyLewen
2024-03-24 15:57:32 +06:00
committed by GitHub
parent 1b68327b65
commit 7c409fd270
5 changed files with 86 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/dependency/parser/java/pom/parse.go
View File

@@ -105,10 +105,10 @@ func (p *parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency,
// Cache root POM
p.cache.put(result.artifact, result)
return p.parseRoot(root.artifact())
return p.parseRoot(root.artifact(), make(map[string]struct{}))
}
func (p *parser) parseRoot(root artifact) ([]types.Library, []types.Dependency, error) {
func (p *parser) parseRoot(root artifact, uniqModules map[string]struct{}) ([]types.Library, []types.Dependency, error) {
// Prepare a queue for dependencies
queue := newArtifactQueue()
@@ -132,7 +132,12 @@ func (p *parser) parseRoot(root artifact) ([]types.Library, []types.Dependency,
// Modules should be handled separately so that they can have independent dependencies.
// It means multi-module allows for duplicate dependencies.
if art.Module {
moduleLibs, moduleDeps, err := p.parseRoot(art)
if _, ok := uniqModules[art.String()]; ok {
continue
}
uniqModules[art.String()] = struct{}{}
moduleLibs, moduleDeps, err := p.parseRoot(art, uniqModules)
if err != nil {
return nil, nil, err
}