rename maven.optional SBOM property to maven.optional.unused, inserted in SBOM only when activated

hboutemy · hboutemy · commit c76fd033de6a · 2023-05-16T20:02:59.000+02:00
diff --git a/src/it/makeAggregateBom/verify.groovy b/src/it/makeAggregateBom/verify.groovy
@@ -8,7 +8,7 @@ void assertBomFiles(String path, boolean aggregate) {
     String analysis = aggregate ? "makeAggregateBom" : "makeBom"
     assert bomFileXml.text.contains('<property name="maven.goal">' + analysis + '</property>')
     assert bomFileXml.text.contains('<property name="maven.scopes">compile,provided,runtime,system</property>')
-    assert bomFileXml.text.contains('<property name="maven.optional">true</property>')
+    assert !bomFileXml.text.contains('<property name="maven.optional.unused">')
     assert bomFileJson.text.contains('"name" : "maven.goal",')
     assert bomFileJson.text.contains('"value" : "' + analysis + '"')
     assert bomFileJson.text.contains('"name" : "maven.scopes",')
diff --git a/src/it/makeBom/verify.groovy b/src/it/makeBom/verify.groovy
@@ -6,7 +6,7 @@ assert bomFileJson.exists()
 
 assert bomFileXml.text.contains('<reference type="website"><url>https://github.com/CycloneDX/cyclonedx-maven-plugin</url></reference>')
 
-assert bomFileXml.text.contains('<property name="maven.optional">true</property>')
+assert !bomFileXml.text.contains('<property name="maven.optional.unused">')
 
 // Reproducible Builds
 assert !bomFileJson.text.contains('"serialNumber"')
diff --git a/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java b/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java
@@ -168,8 +168,8 @@ public abstract class BaseCycloneDxMojo extends AbstractMojo {
     private String[] excludeTypes;
 
     /**
-     * Use the original mechanism for determining whether an artifact is OPTIONAL/REQUIRED, relying on bytecode analysis
-     * of the compiled classes instead of the maven declaration of optional.
+     * Use the original mechanism for determining whether a component has OPTIONAL or REQUIRED scope,
+     * relying on bytecode analysis of the compiled classes instead of the Maven dependency declaration of optional.
      *
      * @since 2.7.9
      */
@@ -290,7 +290,9 @@ public void execute() throws MojoExecutionException {
                 if (includeTestScope) scopes.add("test");
                 metadata.addProperty(newProperty("maven.scopes", String.join(",", scopes)));
 
-                metadata.addProperty(newProperty("maven.optional", Boolean.toString(!detectUnusedForOptionalScope)));
+                if (detectUnusedForOptionalScope) {
+                    metadata.addProperty(newProperty("maven.optional.unused", Boolean.toString(detectUnusedForOptionalScope)));
+                }
             }
 
             final Component rootComponent = metadata.getComponent();
diff --git a/src/test/java/org/cyclonedx/maven/Issue314OptionalTest.java b/src/test/java/org/cyclonedx/maven/Issue314OptionalTest.java
@@ -23,17 +23,17 @@
 import io.takari.maven.testing.executor.junit.MavenJUnitTestRunner;
 
 /**
- * Fix BOM handling of conflicting dependency tree graphs
+ * Test optional detection as Maven dependency optional vs bytecode analysis of unused.
  */
 @RunWith(MavenJUnitTestRunner.class)
 @MavenVersions({"3.6.3"})
-public class Issue314Test extends BaseMavenVerifier {
+public class Issue314OptionalTest extends BaseMavenVerifier {
 
     private static final String ISSUE_314_DEPENDENCY_B = "pkg:maven/com.example.issue_314/dependency_B@1.0.0?type=jar";
     private static final String ISSUE_314_DEPENDENCY_C = "pkg:maven/com.example.issue_314/dependency_C@1.0.0?type=jar";
     private static final String ISSUE_314_DEPENDENCY_D = "pkg:maven/com.example.issue_314/dependency_D@1.0.0?type=jar";
 
-    public Issue314Test(MavenRuntimeBuilder runtimeBuilder) throws Exception {
+    public Issue314OptionalTest(MavenRuntimeBuilder runtimeBuilder) throws Exception {
         super(runtimeBuilder);
     }
 
@@ -77,6 +77,7 @@ public void testBytecodeDependencyTree() throws Exception {
     /**
      * Validate the maven optional components.
      * - com.example.issue_314:dependency_C:1.0.0 and com.example.issue_314:dependency_D:1.0.0 *should* be marked as optional
+     * because dependency_A declares dependency_C as optional, which depends on dependency_D
      */
     @Test
     public void testMavenOptionalDependencyTree() throws Exception {
diff --git a/src/test/resources/issue-314/dependency_A/pom.xml b/src/test/resources/issue-314/dependency_A/pom.xml
@@ -14,12 +14,6 @@
     <artifactId>dependency_A</artifactId>
 
     <name>Dependency A</name>
-
-    <properties>
-        <maven.compiler.target>1.8</maven.compiler.target>
-        <maven.compiler.source>1.8</maven.compiler.source>
-    </properties>
-
     <dependencies>
         <dependency>
             <groupId>com.example.issue_314</groupId>
@@ -50,18 +44,6 @@
                         </goals>
                     </execution>
                 </executions>
-                <configuration>
-                    <projectType>library</projectType>
-                    <schemaVersion>1.4</schemaVersion>
-                    <includeBomSerialNumber>true</includeBomSerialNumber>
-                    <includeCompileScope>true</includeCompileScope>
-                    <includeProvidedScope>true</includeProvidedScope>
-                    <includeRuntimeScope>false</includeRuntimeScope>
-                    <includeSystemScope>false</includeSystemScope>
-                    <includeTestScope>false</includeTestScope>
-                    <includeLicenseText>false</includeLicenseText>
-                    <outputFormat>xml</outputFormat>
-                </configuration>
             </plugin>
         </plugins>
     </build>
diff --git a/src/test/resources/issue-314/dependency_B/pom.xml b/src/test/resources/issue-314/dependency_B/pom.xml
@@ -14,9 +14,4 @@
     <artifactId>dependency_B</artifactId>
 
     <name>Dependency B</name>
-
-    <properties>
-        <maven.compiler.target>1.8</maven.compiler.target>
-        <maven.compiler.source>1.8</maven.compiler.source>
-    </properties>
 </project>
diff --git a/src/test/resources/issue-314/dependency_C/pom.xml b/src/test/resources/issue-314/dependency_C/pom.xml
@@ -15,11 +15,6 @@
 
     <name>Dependency C</name>
 
-    <properties>
-        <maven.compiler.target>1.8</maven.compiler.target>
-        <maven.compiler.source>1.8</maven.compiler.source>
-    </properties>
-
     <dependencies>
         <dependency>
             <groupId>com.example.issue_314</groupId>
diff --git a/src/test/resources/issue-314/dependency_D/pom.xml b/src/test/resources/issue-314/dependency_D/pom.xml
@@ -14,9 +14,4 @@
     <artifactId>dependency_D</artifactId>
 
     <name>Dependency D</name>
-
-    <properties>
-        <maven.compiler.target>1.8</maven.compiler.target>
-        <maven.compiler.source>1.8</maven.compiler.source>
-    </properties>
 </project>
diff --git a/src/test/resources/issue-314/pom.xml b/src/test/resources/issue-314/pom.xml
@@ -20,6 +20,8 @@
     </modules>
 
     <properties>
+        <maven.compiler.target>1.8</maven.compiler.target>
+        <maven.compiler.source>1.8</maven.compiler.source>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
 </project>
