From 00f5b59bb47b2d4dd2b5d1d9d634e6b0bdfa2353 Mon Sep 17 00:00:00 2001
From: Zvi Grinberg <zgrinber@redhat.com>
Date: Sun, 7 Jul 2024 16:23:50 +0300
Subject: [PATCH 1/2] fix: maven component analysis xml wrong parsing of x.0
 versions ( x >=0)

Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
---
 src/providers/java_maven.js                            |  5 ++++-
 .../component_analysis_expected_sbom.json              | 10 +++++-----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/providers/java_maven.js b/src/providers/java_maven.js
index 950eee1..6f41052 100644
--- a/src/providers/java_maven.js
+++ b/src/providers/java_maven.js
@@ -228,7 +228,10 @@ export default class Java_maven extends Base_java {
 		// build xml parser with options
 		let parser = new XMLParser({
 			commentPropName: '#comment', // mark comments with #comment
-			isArray: (_, jpath) => 'project.dependencies.dependency' === jpath // load deps as array
+			isArray: (_, jpath) => 'project.dependencies.dependency' === jpath,
+			numberParseOptions: {
+				skipLike: /[0-9]+[.]0/
+			}
 		})
 		// read manifest pom.xml file into buffer
 		let buf = fs.readFileSync(manifest)
diff --git a/test/providers/tst_manifests/maven/pom_with_multiple_modules/component_analysis_expected_sbom.json b/test/providers/tst_manifests/maven/pom_with_multiple_modules/component_analysis_expected_sbom.json
index bdcc06d..f28bdeb 100644
--- a/test/providers/tst_manifests/maven/pom_with_multiple_modules/component_analysis_expected_sbom.json
+++ b/test/providers/tst_manifests/maven/pom_with_multiple_modules/component_analysis_expected_sbom.json
@@ -169,10 +169,10 @@
 		{
 			"group": "javax.enterprise",
 			"name": "cdi-api",
-			"version": "2",
-			"purl": "pkg:maven/javax.enterprise/cdi-api@2",
+			"version": "2.0",
+			"purl": "pkg:maven/javax.enterprise/cdi-api@2.0",
 			"type": "library",
-			"bom-ref": "pkg:maven/javax.enterprise/cdi-api@2"
+			"bom-ref": "pkg:maven/javax.enterprise/cdi-api@2.0"
 		},
 		{
 			"group": "commons-configuration",
@@ -221,7 +221,7 @@
 				"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.16.0",
 				"pkg:maven/com.google.code.findbugs/jsr305@3.0.2",
 				"pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3",
-				"pkg:maven/javax.enterprise/cdi-api@2",
+				"pkg:maven/javax.enterprise/cdi-api@2.0",
 				"pkg:maven/commons-configuration/commons-configuration@1.1",
 				"pkg:maven/com.squareup.okhttp3/okhttp@4.12.0",
 				"pkg:maven/org.projectlombok/lombok@1.18.30"
@@ -300,7 +300,7 @@
 			"dependsOn": []
 		},
 		{
-			"ref": "pkg:maven/javax.enterprise/cdi-api@2",
+			"ref": "pkg:maven/javax.enterprise/cdi-api@2.0",
 			"dependsOn": []
 		},
 		{

From b61215fb83cc47f8db17b3cad4f3aa2cee666adc Mon Sep 17 00:00:00 2001
From: Zvi Grinberg <zgrinber@redhat.com>
Date: Sun, 7 Jul 2024 17:58:08 +0300
Subject: [PATCH 2/2] fix: broken Integration tests

Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
---
 test/it/end-to-end.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/it/end-to-end.js b/test/it/end-to-end.js
index 4bde719..8e21104 100644
--- a/test/it/end-to-end.js
+++ b/test/it/end-to-end.js
@@ -65,7 +65,7 @@ suite('Integration Tests', () => {
 			let pomPath = `test/it/test_manifests/${packageManager}/${manifestName}`
 			let providedDataForStack = await index.stackAnalysis(pomPath)
 			console.log(JSON.stringify(providedDataForStack,null , 4))
-			let providers = ["osv-nvd"]
+			let providers = ["osv"]
 			providers.forEach(provider => expect(extractTotalsGeneralOrFromProvider(providedDataForStack, provider)).greaterThan(0))
 			//TO DO - if sources doesn't exists, add "scanned" instead
 			// python transitive count for stack analysis is awaiting fix in exhort backend
@@ -104,7 +104,7 @@ suite('Integration Tests', () => {
 			}
 			finally
 			{
-				parsedStatusFromHtmlOsvNvd = reportParsedFromHtml.providers["osv-nvd"].status
+				parsedStatusFromHtmlOsvNvd = reportParsedFromHtml.providers["osv"].status
 				expect(parsedStatusFromHtmlOsvNvd.code).equals(200)
 				parsedScannedFromHtml = reportParsedFromHtml.scanned
 				expect( typeof html).equals("string")
@@ -128,7 +128,7 @@ suite('Integration Tests', () => {
 
 			expect(analysisReport.scanned.total).greaterThan(0)
 			expect(analysisReport.scanned.transitive).equal(0)
-			let providers = ["osv-nvd"]
+			let providers = ["osv"]
 			providers.forEach(provider => expect(extractTotalsGeneralOrFromProvider(analysisReport,provider)).greaterThan(0))
 			providers.forEach(provider => expect(analysisReport.providers[provider].status.code).equals(200))
 		}).timeout(20000);