feat: dependency inherit parent

Author: luotianqi777

opensca/sca/java/mvn.go

@@ -183,7 +183,7 @@ func inheritModules(poms []*Pom) {
 type getPomFunc func(dep PomDependency, repos ...[]string) *Pom
 
 // inheritPom 继承pom所需内容
-func inheritPom(pom *Pom, inheritDependencies bool, getpom getPomFunc) {
+func inheritPom(pom *Pom, getpom getPomFunc) {
 
 	// 记录统计过的parent 避免pom循环引用
 	parentSet := map[string]bool{}
@@ -218,9 +218,7 @@ func inheritPom(pom *Pom, inheritDependencies bool, getpom getPomFunc) {
 		pom.DependencyManagement = append(pom.DependencyManagement, parentPom.DependencyManagement...)
 
 		// 继承dependencies
-		if inheritDependencies {
-			pom.Dependencies = append(pom.Dependencies, parentPom.Dependencies...)
-		}
+		pom.Dependencies = append(pom.Dependencies, parentPom.Dependencies...)
 
 		// 继承repo&mirror
 		pom.Repositories = append(pom.Repositories, parentPom.Repositories...)
@@ -294,7 +292,7 @@ func parsePom(ctx context.Context, pom *Pom, getpom getPomFunc) *model.DepGraph
 	pom.Update(&pom.PomDependency)
 
 	// 继承pom
-	inheritPom(pom, true, getpom)
+	inheritPom(pom, getpom)
 
 	// 记录在根pom的dependencyManagement中非import组件信息
 	rootPomManagement := map[string]*PomDependency{}
@@ -406,8 +404,8 @@ func parsePom(ctx context.Context, pom *Pom, getpom getPomFunc) *model.DepGraph
 				subpom.PomDependency = *dep
 				// 继承根pom的exclusion
 				subpom.Exclusions = append(subpom.Exclusions, np.Exclusions...)
-				// 子依赖不继承parent的依赖项
-				inheritPom(subpom, false, getpom)
+				// 依赖继承parent
+				inheritPom(subpom, getpom)
 				sub.Expand = subpom
 			}
 

test/java/15/pom.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+
+	<groupId>my.foo</groupId>
+	<version>1.0</version>
+	<artifactId>demo</artifactId>
+
+    <dependencies>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.datatype</groupId>
+            <artifactId>jackson-datatype-jsr310</artifactId>
+            <version>2.17.0</version>
+        </dependency>
+
+    </dependencies>
+
+</project>

test/java/java_test.go

@@ -161,6 +161,19 @@ var cases = []tool.TaskCase{
 			),
 		),
 	)},
+
+	// 直接依赖继承parent
+	{Path: "15", Result: tool.Dep("", "",
+		tool.Dep3("my.foo", "demo", "1.0",
+			tool.Dep3("com.fasterxml.jackson.datatype", "jackson-datatype-jsr310", "2.17.0",
+				tool.Dep3("com.fasterxml.jackson.core", "jackson-annotations", "2.17.0"),
+				tool.Dep3("com.fasterxml.jackson.core", "jackson-core", "2.17.0"),
+				tool.Dep3("com.fasterxml.jackson.core", "jackson-databind", "2.17.0",
+					tool.Dep3("net.bytebuddy", "byte-buddy", "1.14.9"),
+				),
+			),
+		),
+	)},
 }
 
 func Test_JavaWithStatic(t *testing.T) {