Java: Filter out internal dependencies when parsing multimodule poms

dependabot · greysteil · Apr 20, 2018 · Apr 19, 2018 · Apr 19, 2018 · Apr 19, 2018
commit aa31d032d91b0948b7d81923179edf02e4d2a725
diff --git a/lib/dependabot/file_parsers/java/maven.rb b/lib/dependabot/file_parsers/java/maven.rb
@@ -28,13 +28,12 @@ def pomfile_dependencies(pom)
 
           doc = Nokogiri::XML(pom.content)
           doc.css(DEPENDENCY_SELECTOR).each do |dependency_node|
-            next unless dependency_name(dependency_node)
-
-            # TODO: Filter out internal dependencies
+            next unless (name = dependency_name(dependency_node))
+            next if internal_dependency_names.include?(name)
 
             dependency_set <<
               Dependency.new(
-                name: dependency_name(dependency_node),
+                name: name,
                 version: dependency_version(dependency_node),
                 package_manager: "maven",
                 requirements: [{
@@ -108,6 +107,20 @@ def pomfiles
             dependency_files.select { |f| f.name.end_with?("pom.xml") }
         end
 
+        def internal_dependency_names
+          @internal_dependency_names =
+            pomfiles.map do |pom|
+              doc = Nokogiri::XML(pom.content)
+              group_id    = doc.at_css("project > groupId") ||
+                            doc.at_css("project > parent > groupId")
+              artifact_id = doc.at_css("project > artifactId")
+
+              next unless group_id && artifact_id
+
+              [group_id.content.strip, artifact_id.content.strip].join(":")
+            end.compact
+        end
+
         def check_required_files
           raise "No pom.xml!" unless get_original_file("pom.xml")
         end

diff --git a/spec/dependabot/file_parsers/java/maven_spec.rb b/spec/dependabot/file_parsers/java/maven_spec.rb
@@ -373,7 +373,7 @@
       end
     end
 
-    context "with a repeated dependency" do
+    context "with a multimodule pom" do
       let(:files) do
         [
           multimodule_pom, util_pom, business_app_pom, legacy_pom, webapp_pom,
@@ -417,7 +417,18 @@
         )
       end
 
-      its(:length) { is_expected.to eq(8) }
+      it "gets the right dependencies" do
+        expect(dependencies.map(&:name)).
+          to match_array(
+            %w(
+              com.google.guava:guava
+              junit:junit
+              org.apache.struts:struts-core
+              org.springframework:spring-aop
+              org.apache.maven.plugins:maven-compiler-plugin
+            )
+          )
+      end
 
       describe "the first dependency" do
         subject(:dependency) { dependencies.first }