diff --git a/tests/CycloneDX.Utils.Tests/MergeTests.cs b/tests/CycloneDX.Utils.Tests/MergeTests.cs index 5d08b01d..7c5af11e 100644 --- a/tests/CycloneDX.Utils.Tests/MergeTests.cs +++ b/tests/CycloneDX.Utils.Tests/MergeTests.cs @@ -131,6 +131,126 @@ public void FlatMergeDuplicatedComponentsTest() Assert.Single(result.Components); } + [Fact] + public void FlatMergeDuplicatedComponentsDependenciesTest() + { + var sboms = new List(); + var bom1 = new Bom + { + Components = new List + { + new Component + { + Name = "Component1", + Version = "1", + BomRef = "Component1", + }, + new Component + { + Name = "CommonDependencyComponent", + Version = "1", + BomRef = "CommonDependencyComponent" + }, + new Component + { + Name = "OtherDependencyComponent", + Version = "1", + BomRef = "OtherDependencyComponent" + } + }, + Dependencies = new List + { + new Dependency + { + Ref = "Component1", + Dependencies = new List + { + new Dependency + { + Ref = "CommonDependencyComponent" + }, + new Dependency + { + Ref = "OtherDependencyComponent" + } + } + }, + new Dependency + { + Ref = "CommonDependencyComponent", + Dependencies = new List{} + }, + new Dependency + { + Ref = "OtherDependencyComponent", + Dependencies = new List{} + } + } + }; + sboms.Add(bom1); + var bom2 = new Bom + { + Components = new List + { + new Component + { + Name = "Component2", + Version = "1", + BomRef = "Component2", + }, + new Component + { + Name = "CommonDependencyComponent", + Version = "1", + BomRef = "CommonDependencyComponent" + }, + new Component + { + Name = "OtherDependencyComponent2", + Version = "1", + BomRef = "OtherDependencyComponent2" + } + }, + Dependencies = new List + { + new Dependency + { + Ref = "Component2", + Dependencies = new List + { + new Dependency + { + Ref = "CommonDependencyComponent" + }, + new Dependency + { + Ref = "OtherDependencyComponent2" + } + } + }, + new Dependency + { + Ref = "CommonDependencyComponent", + Dependencies = new List{} + }, + new Dependency + { + Ref = "OtherDependencyComponent2", + Dependencies = new List{} + } + } + }; + sboms.Add(bom2); + var result = CycloneDXUtils.FlatMerge(sboms); + + // there are 5 involved components: + // Component1, Component2, CommonDependencyComponent, + // OtherDependencyComponent, OtherDependencyComponent2 + Assert.Equal(5, result.Dependencies.Count); + Snapshot.Match(result); + } + + [Fact] public void FlatMergeVulnerabilitiesTest() diff --git a/tests/CycloneDX.Utils.Tests/__snapshots__/MergeTests.FlatMergeDuplicatedComponentsDependenciesTest.snap b/tests/CycloneDX.Utils.Tests/__snapshots__/MergeTests.FlatMergeDuplicatedComponentsDependenciesTest.snap new file mode 100644 index 00000000..99402f12 --- /dev/null +++ b/tests/CycloneDX.Utils.Tests/__snapshots__/MergeTests.FlatMergeDuplicatedComponentsDependenciesTest.snap @@ -0,0 +1,188 @@ +{ + "BomFormat": "CycloneDX", + "SpecVersion": "v1_6", + "SpecVersionString": "1.6", + "SerialNumber": null, + "Version": null, + "Metadata": null, + "Components": [ + { + "Type": "Null", + "MimeType": null, + "BomRef": "Component1", + "Supplier": null, + "Author": null, + "Publisher": null, + "Group": null, + "Name": "Component1", + "Version": "1", + "Description": null, + "Scope": null, + "Licenses": null, + "Copyright": null, + "Cpe": null, + "Purl": null, + "Swid": null, + "Modified": null, + "Pedigree": null, + "Evidence": null, + "ModelCard": null, + "CryptoProperties": null, + "XmlSignature": null, + "Signature": null + }, + { + "Type": "Null", + "MimeType": null, + "BomRef": "CommonDependencyComponent", + "Supplier": null, + "Author": null, + "Publisher": null, + "Group": null, + "Name": "CommonDependencyComponent", + "Version": "1", + "Description": null, + "Scope": null, + "Licenses": null, + "Copyright": null, + "Cpe": null, + "Purl": null, + "Swid": null, + "Modified": null, + "Pedigree": null, + "Evidence": null, + "ModelCard": null, + "CryptoProperties": null, + "XmlSignature": null, + "Signature": null + }, + { + "Type": "Null", + "MimeType": null, + "BomRef": "OtherDependencyComponent", + "Supplier": null, + "Author": null, + "Publisher": null, + "Group": null, + "Name": "OtherDependencyComponent", + "Version": "1", + "Description": null, + "Scope": null, + "Licenses": null, + "Copyright": null, + "Cpe": null, + "Purl": null, + "Swid": null, + "Modified": null, + "Pedigree": null, + "Evidence": null, + "ModelCard": null, + "CryptoProperties": null, + "XmlSignature": null, + "Signature": null + }, + { + "Type": "Null", + "MimeType": null, + "BomRef": "Component2", + "Supplier": null, + "Author": null, + "Publisher": null, + "Group": null, + "Name": "Component2", + "Version": "1", + "Description": null, + "Scope": null, + "Licenses": null, + "Copyright": null, + "Cpe": null, + "Purl": null, + "Swid": null, + "Modified": null, + "Pedigree": null, + "Evidence": null, + "ModelCard": null, + "CryptoProperties": null, + "XmlSignature": null, + "Signature": null + }, + { + "Type": "Null", + "MimeType": null, + "BomRef": "OtherDependencyComponent2", + "Supplier": null, + "Author": null, + "Publisher": null, + "Group": null, + "Name": "OtherDependencyComponent2", + "Version": "1", + "Description": null, + "Scope": null, + "Licenses": null, + "Copyright": null, + "Cpe": null, + "Purl": null, + "Swid": null, + "Modified": null, + "Pedigree": null, + "Evidence": null, + "ModelCard": null, + "CryptoProperties": null, + "XmlSignature": null, + "Signature": null + } + ], + "Dependencies": [ + { + "Ref": "Component1", + "Dependencies": [ + { + "Ref": "CommonDependencyComponent", + "Dependencies": null, + "Provides": null + }, + { + "Ref": "OtherDependencyComponent", + "Dependencies": null, + "Provides": null + } + ], + "Provides": null + }, + { + "Ref": "CommonDependencyComponent", + "Dependencies": [], + "Provides": null + }, + { + "Ref": "OtherDependencyComponent", + "Dependencies": [], + "Provides": null + }, + { + "Ref": "Component2", + "Dependencies": [ + { + "Ref": "CommonDependencyComponent", + "Dependencies": null, + "Provides": null + }, + { + "Ref": "OtherDependencyComponent2", + "Dependencies": null, + "Provides": null + } + ], + "Provides": null + }, + { + "Ref": "OtherDependencyComponent2", + "Dependencies": [], + "Provides": null + } + ], + "Compositions": null, + "Definitions": null, + "XmlSignature": null, + "Signature": null +}