Skip to content

Commit 2e76901

Browse files
authored
feat: override packages with inaccurate pom.properties files (#764)
* feat: override packages with inaccurate pom.properties files * feat: add addiional context on long term solution * fix: lint
1 parent 1175cc6 commit 2e76901

File tree

3 files changed

+26
-0
lines changed

3 files changed

+26
-0
lines changed

lib/analyzer/applications/java.ts

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -251,6 +251,16 @@ async function unpackJars(
251251
return fingerprints;
252252
}
253253

254+
/**
255+
* Packages with inaccurate pom.properties files return null so that the JAR
256+
* will be resolved using the SHA lookup instead.
257+
*
258+
* Long-term solution: resolve all JARs via maven-deps to remove the need for overrides.
259+
*/
260+
const POM_PROPERTIES_OVERRIDES = new Set([
261+
"com.microsoft.sqlserver:mssql-jdbc",
262+
]);
263+
254264
/**
255265
* Gets coords from the contents of a pom.properties file
256266
* @param {string} fileContent
@@ -261,6 +271,10 @@ export function getCoordsFromPomProperties(
261271
): JarCoords | null {
262272
const coords = parsePomProperties(fileContent);
263273

274+
if (POM_PROPERTIES_OVERRIDES.has(`${coords.groupId}:${coords.artifactId}`)) {
275+
return null;
276+
}
277+
264278
// we need all of these props to allow us to inject the package
265279
// into the depGraph
266280
if (!coords.artifactId || !coords.groupId || !coords.version) {
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
# Generated by Maven
2+
groupId=com.microsoft.sqlserver
3+
artifactId=mssql-jdbc
4+
version=12.10.2

test/lib/analyzer/java.spec.ts

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -114,4 +114,12 @@ describe("getCoordsFromPomProperties function", () => {
114114
const coords = getCoordsFromPomProperties(fixture);
115115
expect(coords).toBeNull();
116116
});
117+
118+
it("returns null for packages with inaccurate pom.properties (e.g. mssql-jdbc omits version classifier)", () => {
119+
const fixture = getTextFromFixture(
120+
"pom-properties/mssql-jdbc.pom.properties",
121+
);
122+
const coords = getCoordsFromPomProperties(fixture);
123+
expect(coords).toBeNull();
124+
});
117125
});

0 commit comments

Comments
 (0)