Skip to content

Commit

Permalink
chore: fix circular dependencies
Browse files Browse the repository at this point in the history
  • Loading branch information
@kzantow
kzantow committed Oct 21, 2024
1 parent 84af8e1 commit e388701
Showing 1 changed file with 23 additions and 20 deletions.
43 changes: 23 additions & 20 deletions syft/pkg/cataloger/java/parse_pom_xml.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,8 +163,7 @@ func collectDependencies(ctx context.Context, r *maven.Resolver, resolved map[ma
// we may have a reference to a package pointing to an existing pom on the filesystem, but we don't want to duplicate these entries
depPkg := resolved[depID]
if depPkg == nil {
var err error
depPkg, err = newPackageFromDependency(
p, err := newPackageFromDependency(
ctx,
r,
pom,
Expand All @@ -174,33 +173,37 @@ func collectDependencies(ctx context.Context, r *maven.Resolver, resolved map[ma
if err != nil {
log.WithFields("error", err, "pomLocation", loc, "mavenID", pomID, "dependencyID", depID).Debugf("error adding dependency")
}

if p == nil {
// we don't have a valid package, just continue to the next dependency
continue
}
depPkg = p
resolved[depID] = depPkg

// only resolve transitive dependencies if we're not already looking these up for the specific package
if includeTransitiveDependencies && depID.Valid() {
depPom, err := r.FindPom(ctx, depID.GroupID, depID.ArtifactID, depID.Version)
if err != nil {
log.WithFields("mavenID", depID, "error", err).Debug("error finding pom")
}
if depPom != nil {
transitivePkgs, transitiveRelationships, transitiveErrs := collectDependencies(ctx, r, resolved, depPkg, depPom, loc, includeTransitiveDependencies)
pkgs = append(pkgs, transitivePkgs...)
relationships = append(relationships, transitiveRelationships...)
errs = unknown.Join(errs, transitiveErrs)
}
}
}
if depPkg == nil {
continue
}
pkgs = append(pkgs, *depPkg)

pkgs = append(pkgs, *depPkg)
if parentPkg != nil {
relationships = append(relationships, artifact.Relationship{
From: *depPkg,
To: *parentPkg,
Type: artifact.DependencyOfRelationship,
})
}

if includeTransitiveDependencies {
depPom, err := r.FindPom(ctx, depID.GroupID, depID.ArtifactID, depID.Version)
if err != nil {
errs = unknown.Join(errs, err)
}
if depPom == nil {
continue
}
transitivePkgs, transitiveRelationships, transitiveErrs := collectDependencies(ctx, r, resolved, depPkg, depPom, loc, includeTransitiveDependencies)
pkgs = append(pkgs, transitivePkgs...)
relationships = append(relationships, transitiveRelationships...)
errs = unknown.Join(errs, transitiveErrs)
}
}

return pkgs, relationships, errs
Expand Down

0 comments on commit e388701

Please sign in to comment.