Skip to content

Commit f077517

Browse files
committed
fix: GH-7566 resolve overridden plugin dependencies correctly
1 parent 3cfebef commit f077517

1 file changed

Lines changed: 18 additions & 0 deletions

File tree

maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@
3434
import org.apache.maven.doxia.sink.Sink;
3535
import org.apache.maven.execution.MavenSession;
3636
import org.apache.maven.model.License;
37+
import org.apache.maven.model.Plugin;
3738
import org.apache.maven.plugin.AbstractMojo;
3839
import org.apache.maven.plugin.MojoExecution;
3940
import org.apache.maven.plugin.MojoExecutionException;
@@ -98,6 +99,7 @@
9899
import org.owasp.dependencycheck.xml.pom.Model;
99100
import org.owasp.dependencycheck.xml.pom.PomUtils;
100101

102+
import javax.inject.Inject;
101103
import java.io.File;
102104
import java.io.IOException;
103105
import java.io.InputStream;
@@ -1546,6 +1548,22 @@ protected Set<Artifact> resolveArtifactDependencies(final org.eclipse.aether.art
15461548
collectRequest.setRoot(new org.eclipse.aether.graph.Dependency(rootArtifact, null));
15471549
collectRequest.setRepositories(project.getRemoteProjectRepositories());
15481550

1551+
final Plugin projectPlugin = project.getPlugin(rootArtifact.getGroupId() + ":" + rootArtifact.getArtifactId());
1552+
1553+
if (projectPlugin != null) {
1554+
for (org.apache.maven.model.Dependency dep : projectPlugin.getDependencies()) {
1555+
final org.eclipse.aether.graph.Dependency aetherDep = new org.eclipse.aether.graph.Dependency(
1556+
new org.eclipse.aether.artifact.DefaultArtifact(
1557+
dep.getGroupId(),
1558+
dep.getArtifactId(),
1559+
null,
1560+
"jar",
1561+
dep.getVersion()),
1562+
dep.getScope());
1563+
collectRequest.addDependency(aetherDep);
1564+
}
1565+
}
1566+
15491567
final DependencyResult dependencyResult = repoSystem.resolveDependencies(
15501568
session.getRepositorySession(), new DependencyRequest(collectRequest, null));
15511569

0 commit comments

Comments
 (0)