fix(java): Disable overwriting exclusions (#10088)

2026-01-31 13:53:14 +08:00 · 2026-01-30 13:15:38 +00:00
parent 65e151fab0
commit 9a3e0a845d
5 changed files with 62 additions and 8 deletions
--- a/pkg/dependency/parser/java/pom/parse_test.go
+++ b/pkg/dependency/parser/java/pom/parse_test.go
@@ -1174,8 +1174,12 @@ func TestPom_Parse(t *testing.T) {
 		// [INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ child ---
 		// [INFO] com.example:child:jar:3.0.0
 		// [INFO] \- org.example:example-exclusions:jar:3.0.0:compile
-		// [INFO]    \- org.example:example-nested:jar:3.3.3:compile
+		// [INFO]    \- org.example:example-nested:jar:3.3.5:compile
 		// [INFO] ------------------------------------------------------------------------
 		// org.example:example-dependency is excluded via com.example:child (dependencies)
 		// org.example:example-dependency2 is excluded via com.example:parent (dependencyManagement)
 		// org.example:example-api2 is excluded via org.example:example-exclusions (dependencies)
 		// org.example:example-api3 is excluded via com.example:parent (dependencyManagement)
 		{
 			name:      "exclusions in child and parent dependency management",
 			inputFile: filepath.Join("testdata", "exclusions-parent-dependency-management", "child", "pom.xml"),
@@ -1201,9 +1205,9 @@ func TestPom_Parse(t *testing.T) {
 					},
 				},
 				{
-					ID:           "org.example:example-nested:3.3.3::39880dca",
+					ID:           "org.example:example-nested:3.3.5::c5a28f33",
 					Name:         "org.example:example-nested",
-					Version:      "3.3.3",
+					Version:      "3.3.5",
 					Relationship: ftypes.RelationshipIndirect,
 				},
 			},
@@ -1217,7 +1221,7 @@ func TestPom_Parse(t *testing.T) {
 				{
 					ID: "org.example:example-exclusions:3.0.0::1e4e34b7",
 					DependsOn: []string{
-						"org.example:example-nested:3.3.3::39880dca",
+						"org.example:example-nested:3.3.5::c5a28f33",
 					},
 				},
 			},
--- a/pkg/dependency/parser/java/pom/pom.go
+++ b/pkg/dependency/parser/java/pom/pom.go
@@ -257,9 +257,9 @@ func (d pomDependency) Resolve(props map[string]string, depManagement, rootDepMa
 		if managed.Optional {
 			dep.Optional = managed.Optional
 		}
-		if len(managed.Exclusions.Exclusion) != 0 {
+
-			dep.Exclusions = managed.Exclusions
+		// 'mvn' always merges exceptions for pom and root POM
-		}
+		dep.Exclusions.Exclusion = append(dep.Exclusions.Exclusion, managed.Exclusions.Exclusion...)
 		return dep
 	}
 	return dep
--- a/pkg/dependency/parser/java/pom/testdata/exclusions-parent-dependency-management/pom.xml
+++ b/pkg/dependency/parser/java/pom/testdata/exclusions-parent-dependency-management/pom.xml
@@ -31,6 +31,17 @@
                    </exclusion>
                </exclusions>
            </dependency>
            <dependency>
                <artifactId>example-nested</artifactId>
                <groupId>org.example</groupId>
                <version>3.3.5</version>
                <exclusions>
                    <exclusion>
                        <groupId>org.example</groupId>
                        <artifactId>example-api3</artifactId>
                    </exclusion>
                </exclusions>
            </dependency>
        </dependencies>
    </dependencyManagement>
--- a/pkg/dependency/parser/java/pom/testdata/repository/org/example/example-exclusions/3.0.0/example-exclusions-3.0.0.pom
+++ b/pkg/dependency/parser/java/pom/testdata/repository/org/example/example-exclusions/3.0.0/example-exclusions-3.0.0.pom
@@ -20,7 +20,13 @@
        <dependency>
            <groupId>org.example</groupId>
            <artifactId>example-nested</artifactId>
-            <version>3.3.3</version>
+            <version>3.3.5</version>
            <exclusions>
                <exclusion>
                    <groupId>org.example</groupId>
                    <artifactId>example-api2</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
    </dependencies>
--- a/pkg/dependency/parser/java/pom/testdata/repository/org/example/example-nested/3.3.5/example-nested-3.3.5.pom
+++ b/pkg/dependency/parser/java/pom/testdata/repository/org/example/example-nested/3.3.5/example-nested-3.3.5.pom
@@ -0,0 +1,33 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>org.example</groupId>
    <artifactId>example-nested</artifactId>
    <version>3.3.3</version>
    <packaging>jar</packaging>
    <name>Example API Dependency</name>
    <description>The example API</description>
    <dependencies>
        <dependency>
            <groupId>org.example</groupId>
            <artifactId>example-dependency</artifactId>
            <version>1.2.3</version>
        </dependency>
        <dependency>
            <groupId>org.example</groupId>
            <artifactId>example-api2</artifactId>
            <version>2.0.0</version>
        </dependency>
        <dependency>
            <groupId>org.example</groupId>
            <artifactId>example-api3</artifactId>
            <version>3.0.0</version>
        </dependency>
    </dependencies>
 </project>