diff --git a/pkg/dependency/parser/java/pom/parse_test.go b/pkg/dependency/parser/java/pom/parse_test.go
index 15740d599eb9..934085d5d536 100644
--- a/pkg/dependency/parser/java/pom/parse_test.go
+++ b/pkg/dependency/parser/java/pom/parse_test.go
@@ -979,6 +979,60 @@ func TestPom_Parse(t *testing.T) {
},
},
},
+ // ➜ mvn dependency:tree
+ // ...
+ // [INFO]
+ // [INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ child ---
+ // [INFO] com.example:child:jar:3.0.0
+ // [INFO] \- org.example:example-exclusions:jar:3.0.0:compile
+ // [INFO] \- org.example:example-nested:jar:3.3.3:compile
+ // [INFO] ------------------------------------------------------------------------
+ {
+ name: "exclusions in child and parent dependency management",
+ inputFile: filepath.Join("testdata", "exclusions-parent-dependency-management", "child", "pom.xml"),
+ local: true,
+ want: []ftypes.Package{
+ {
+ ID: "com.example:child:3.0.0",
+ Name: "com.example:child",
+ Version: "3.0.0",
+ Licenses: []string{"Apache 2.0"},
+ Relationship: ftypes.RelationshipRoot,
+ },
+ {
+ ID: "org.example:example-exclusions:3.0.0",
+ Name: "org.example:example-exclusions",
+ Version: "3.0.0",
+ Relationship: ftypes.RelationshipDirect,
+ Locations: ftypes.Locations{
+ {
+ StartLine: 26,
+ EndLine: 35,
+ },
+ },
+ },
+ {
+ ID: "org.example:example-nested:3.3.3",
+ Name: "org.example:example-nested",
+ Version: "3.3.3",
+ Relationship: ftypes.RelationshipIndirect,
+ },
+ },
+ wantDeps: []ftypes.Dependency{
+ {
+ ID: "com.example:child:3.0.0",
+ DependsOn: []string{
+ "org.example:example-exclusions:3.0.0",
+ },
+ },
+ {
+ ID: "org.example:example-exclusions:3.0.0",
+ DependsOn: []string{
+ "org.example:example-nested:3.3.3",
+ },
+ },
+ },
+ },
{
name: "exclusions with wildcards",
inputFile: filepath.Join("testdata", "wildcard-exclusions", "pom.xml"),
diff --git a/pkg/dependency/parser/java/pom/pom.go b/pkg/dependency/parser/java/pom/pom.go
index 3a0170d36811..889d107c3c6c 100644
--- a/pkg/dependency/parser/java/pom/pom.go
+++ b/pkg/dependency/parser/java/pom/pom.go
@@ -266,9 +266,8 @@ func (d pomDependency) Resolve(props map[string]string, depManagement, rootDepMa
if !dep.Optional {
dep.Optional = managed.Optional
}
- if len(dep.Exclusions.Exclusion) == 0 {
- dep.Exclusions = managed.Exclusions
- }
+ // `mvn` always merges exceptions for pom and parent
+ dep.Exclusions.Exclusion = append(dep.Exclusions.Exclusion, managed.Exclusions.Exclusion...)
}
return dep
}
diff --git a/pkg/dependency/parser/java/pom/testdata/exclusions-parent-dependency-management/child/pom.xml b/pkg/dependency/parser/java/pom/testdata/exclusions-parent-dependency-management/child/pom.xml
new file mode 100644
index 000000000000..967033369b92
--- /dev/null
+++ b/pkg/dependency/parser/java/pom/testdata/exclusions-parent-dependency-management/child/pom.xml
@@ -0,0 +1,38 @@
+
+ 4.0.0
+
+ child
+ 3.0.0
+
+ child
+ Child
+
+
+ com.example
+ parent
+ 2.0.0
+
+
+
+
+ Apache 2.0
+ http://www.apache.org/licenses/LICENSE-2.0.html
+ repo
+
+
+
+
+
+ org.example
+ example-exclusions
+
+
+ org.example
+ example-dependency
+
+
+
+
+
+
diff --git a/pkg/dependency/parser/java/pom/testdata/exclusions-parent-dependency-management/pom.xml b/pkg/dependency/parser/java/pom/testdata/exclusions-parent-dependency-management/pom.xml
new file mode 100644
index 000000000000..d5093a29ab59
--- /dev/null
+++ b/pkg/dependency/parser/java/pom/testdata/exclusions-parent-dependency-management/pom.xml
@@ -0,0 +1,37 @@
+
+ 4.0.0
+
+ com.example
+ parent
+ 2.0.0
+
+ pom
+ parent
+ Parent
+
+
+
+ Apache 2.0
+ http://www.apache.org/licenses/LICENSE-2.0.html
+ repo
+
+
+
+
+
+
+ org.example
+ example-exclusions
+ 3.0.0
+
+
+ org.example
+ example-dependency2
+
+
+
+
+
+
+
diff --git a/pkg/dependency/parser/java/pom/testdata/repository/org/example/example-exclusions/3.0.0/example-exclusions-3.0.0.pom b/pkg/dependency/parser/java/pom/testdata/repository/org/example/example-exclusions/3.0.0/example-exclusions-3.0.0.pom
new file mode 100644
index 000000000000..57f908f362f5
--- /dev/null
+++ b/pkg/dependency/parser/java/pom/testdata/repository/org/example/example-exclusions/3.0.0/example-exclusions-3.0.0.pom
@@ -0,0 +1,27 @@
+
+ 4.0.0
+
+ org.example
+ example-exclusions
+ 3.0.0
+
+
+
+ org.example
+ example-dependency
+ 1.2.3
+
+
+ org.example
+ example-dependency2
+ 2.3.4
+
+
+ org.example
+ example-nested
+ 3.3.3
+
+
+
+