Fixed issue with duplicated projects names for mend

cmd/whitesourceExecuteScan.go

@@ -470,34 +470,35 @@ func validateProductVersion(version string) string {
 
 func wsScanOptions(config *ScanOptions) *ws.ScanOptions {
 	return &ws.ScanOptions{
-		BuildTool:                   config.BuildTool,
-		ScanType:                    "", // no longer provided via config
-		OrgToken:                    config.OrgToken,
-		UserToken:                   config.UserToken,
-		ProductName:                 config.ProductName,
-		ProductToken:                config.ProductToken,
-		ProductVersion:              config.Version,
-		ProjectName:                 config.ProjectName,
-		BuildDescriptorFile:         config.BuildDescriptorFile,
-		BuildDescriptorExcludeList:  config.BuildDescriptorExcludeList,
-		PomPath:                     config.BuildDescriptorFile,
-		M2Path:                      config.M2Path,
-		GlobalSettingsFile:          config.GlobalSettingsFile,
-		ProjectSettingsFile:         config.ProjectSettingsFile,
-		InstallArtifacts:            config.InstallArtifacts,
-		DefaultNpmRegistry:          config.DefaultNpmRegistry,
-		AgentDownloadURL:            config.AgentDownloadURL,
-		AgentFileName:               config.AgentFileName,
-		ConfigFilePath:              config.ConfigFilePath,
-		Includes:                    config.Includes,
-		Excludes:                    config.Excludes,
-		JreDownloadURL:              config.JreDownloadURL,
-		AgentURL:                    config.AgentURL,
-		ServiceURL:                  config.ServiceURL,
-		ScanPath:                    config.ScanPath,
-		InstallCommand:              config.InstallCommand,
-		Verbose:                     GeneralConfig.Verbose,
-		SkipParentProjectResolution: config.SkipParentProjectResolution,
+		BuildTool:                      config.BuildTool,
+		ScanType:                       "", // no longer provided via config
+		OrgToken:                       config.OrgToken,
+		UserToken:                      config.UserToken,
+		ProductName:                    config.ProductName,
+		ProductToken:                   config.ProductToken,
+		ProductVersion:                 config.Version,
+		ProjectName:                    config.ProjectName,
+		BuildDescriptorFile:            config.BuildDescriptorFile,
+		BuildDescriptorExcludeList:     config.BuildDescriptorExcludeList,
+		PomPath:                        config.BuildDescriptorFile,
+		M2Path:                         config.M2Path,
+		GlobalSettingsFile:             config.GlobalSettingsFile,
+		ProjectSettingsFile:            config.ProjectSettingsFile,
+		InstallArtifacts:               config.InstallArtifacts,
+		DefaultNpmRegistry:             config.DefaultNpmRegistry,
+		AgentDownloadURL:               config.AgentDownloadURL,
+		AgentFileName:                  config.AgentFileName,
+		ConfigFilePath:                 config.ConfigFilePath,
+		Includes:                       config.Includes,
+		Excludes:                       config.Excludes,
+		JreDownloadURL:                 config.JreDownloadURL,
+		AgentURL:                       config.AgentURL,
+		ServiceURL:                     config.ServiceURL,
+		ScanPath:                       config.ScanPath,
+		InstallCommand:                 config.InstallCommand,
+		Verbose:                        GeneralConfig.Verbose,
+		SkipParentProjectResolution:    config.SkipParentProjectResolution,
+		SkipModulesWithDuplicatedNames: config.SkipModulesWithDuplicatedNames,
 	}
 }
 

cmd/whitesourceExecuteScan_test.go

@@ -484,7 +484,7 @@ func TestCheckPolicyViolations(t *testing.T) {
 		ctx := context.Background()
 		config := ScanOptions{ProductName: "mock-product", Version: "1"}
 		scan := newWhitesourceScan(&config)
-		if err := scan.AppendScannedProject("testProject1"); err != nil {
+		if err := scan.AppendScannedProject("testProject1", false); err != nil {
 			t.Fail()
 		}
 		systemMock := ws.NewSystemMock("ignored")
@@ -513,7 +513,7 @@ func TestCheckPolicyViolations(t *testing.T) {
 		ctx := context.Background()
 		config := ScanOptions{}
 		scan := newWhitesourceScan(&config)
-		if err := scan.AppendScannedProject("testProject1"); err != nil {
+		if err := scan.AppendScannedProject("testProject1", false); err != nil {
 			t.Fail()
 		}
 		systemMock := ws.NewSystemMock("ignored")
@@ -534,7 +534,7 @@ func TestCheckPolicyViolations(t *testing.T) {
 		ctx := context.Background()
 		config := ScanOptions{FailOnSevereVulnerabilities: true}
 		scan := newWhitesourceScan(&config)
-		if err := scan.AppendScannedProject("testProject1"); err != nil {
+		if err := scan.AppendScannedProject("testProject1", false); err != nil {
 			t.Fail()
 		}
 		systemMock := ws.NewSystemMock("ignored")
@@ -562,7 +562,7 @@ func TestCheckPolicyViolations(t *testing.T) {
 		ctx := context.Background()
 		config := ScanOptions{}
 		scan := newWhitesourceScan(&config)
-		if err := scan.AppendScannedProject("testProject1"); err != nil {
+		if err := scan.AppendScannedProject("testProject1", false); err != nil {
 			t.Fail()
 		}
 		systemMock := ws.NewSystemMock("ignored")
@@ -579,7 +579,7 @@ func TestCheckPolicyViolations(t *testing.T) {
 		ctx := context.Background()
 		config := ScanOptions{}
 		scan := newWhitesourceScan(&config)
-		if err := scan.AppendScannedProject("testProject1"); err != nil {
+		if err := scan.AppendScannedProject("testProject1", false); err != nil {
 			t.Fail()
 		}
 		systemMock := ws.NewSystemMock("ignored")
@@ -597,7 +597,7 @@ func TestCheckPolicyViolations(t *testing.T) {
 		ctx := context.Background()
 		config := ScanOptions{ProductName: "mock-product", Version: "1"}
 		scan := newWhitesourceScan(&config)
-		if err := scan.AppendScannedProject("testProject1"); err != nil {
+		if err := scan.AppendScannedProject("testProject1", false); err != nil {
 			t.Fail()
 		}
 		systemMock := ws.NewSystemMock("ignored")
@@ -623,7 +623,7 @@ func TestCheckSecurityViolations(t *testing.T) {
 			CvssSeverityLimit: "7",
 		}
 		scan := newWhitesourceScan(&config)
-		if err := scan.AppendScannedProject("testProject1"); err != nil {
+		if err := scan.AppendScannedProject("testProject1", false); err != nil {
 			t.Fail()
 		}
 		systemMock := ws.NewSystemMock("ignored")
@@ -678,7 +678,7 @@ func TestCheckSecurityViolations(t *testing.T) {
 			FailOnSevereVulnerabilities: true,
 		}
 		scan := newWhitesourceScan(&config)
-		if err := scan.AppendScannedProject("testProject1"); err != nil {
+		if err := scan.AppendScannedProject("testProject1", false); err != nil {
 			t.Fail()
 		}
 		systemMock := ws.NewSystemMock("ignored")
@@ -832,7 +832,7 @@ func TestPersistScannedProjects(t *testing.T) {
 		cpe := whitesourceExecuteScanCommonPipelineEnvironment{}
 		config := &ScanOptions{Version: "1"}
 		scan := newWhitesourceScan(config)
-		_ = scan.AppendScannedProject("project")
+		_ = scan.AppendScannedProject("project", false)
 		// test
 		persistScannedProjects(config, scan, &cpe)
 		// assert
@@ -843,8 +843,8 @@ func TestPersistScannedProjects(t *testing.T) {
 		cpe := whitesourceExecuteScanCommonPipelineEnvironment{}
 		config := &ScanOptions{Version: "1"}
 		scan := newWhitesourceScan(config)
-		_ = scan.AppendScannedProject("project-app")
-		_ = scan.AppendScannedProject("project-db")
+		_ = scan.AppendScannedProject("project-app", false)
+		_ = scan.AppendScannedProject("project-db", false)
 		// test
 		persistScannedProjects(config, scan, &cpe)
 		// assert

pkg/whitesource/reporting_test.go

@@ -29,7 +29,7 @@ func TestCreateCustomVulnerabilityReport(t *testing.T) {
 			AggregateProjectName: config.ProjectName,
 			ProductVersion:       config.ProductVersion,
 		}
-		scan.AppendScannedProject("testProject")
+		scan.AppendScannedProject("testProject", false)
 		alerts := []Alert{
 			{Library: Library{Filename: "vul1"}, Vulnerability: Vulnerability{CVSS3Score: 7.0, Score: 6}},
 			{Library: Library{Filename: "vul2"}, Vulnerability: Vulnerability{CVSS3Score: 8.0, TopFix: Fix{Message: "this is the top fix"}}},
@@ -77,7 +77,7 @@ func TestCreateCycloneSBOM(t *testing.T) {
 			ProductVersion:       config.ProductVersion,
 			Coordinates:          versioning.Coordinates{GroupID: "com.sap", ArtifactID: "myproduct", Version: "1.3.4"},
 		}
-		scan.AppendScannedProject("testProject")
+		scan.AppendScannedProject("testProject", false)
 		alerts := []Alert{
 			{Library: Library{KeyID: 42, Name: "log4j", GroupID: "apache-logging", ArtifactID: "log4j", Filename: "vul1"}, Vulnerability: Vulnerability{CVSS3Score: 7.0, Score: 6}},
 			{Library: Library{KeyID: 43, Name: "commons-lang", GroupID: "apache-commons", ArtifactID: "commons-lang", Filename: "vul2"}, Vulnerability: Vulnerability{CVSS3Score: 8.0, TopFix: Fix{Message: "this is the top fix"}}},
@@ -126,7 +126,7 @@ func TestCreateCycloneSBOM(t *testing.T) {
 			ProductToken:         "productToken-123",
 			Coordinates:          versioning.Coordinates{GroupID: "com.sap", ArtifactID: "myproduct", Version: "1.3.4"},
 		}
-		scan.AppendScannedProject("testProject")
+		scan.AppendScannedProject("testProject", false)
 
 		lib3 := Library{KeyID: 43, Name: "commons-lang", GroupID: "apache-commons", ArtifactID: "commons-lang", Version: "2.4.30", LibType: "Java", Filename: "vul2"}
 		lib4 := Library{KeyID: 45, Name: "commons-lang", GroupID: "apache-commons", ArtifactID: "commons-lang", Version: "3.15", LibType: "Java", Filename: "novul"}
@@ -177,7 +177,7 @@ func TestWriteCycloneSBOM(t *testing.T) {
 
 func TestCreateSarifResultFile(t *testing.T) {
 	scan := &Scan{ProductVersion: "1"}
-	scan.AppendScannedProject("project1")
+	scan.AppendScannedProject("project1", false)
 	scan.AgentName = "Some test agent"
 	scan.AgentVersion = "1.2.6"
 	alerts := []Alert{
@@ -203,8 +203,8 @@ func TestWriteCustomVulnerabilityReports(t *testing.T) {
 	t.Run("success", func(t *testing.T) {
 		productName := "mock-product"
 		scan := &Scan{ProductVersion: "1"}
-		scan.AppendScannedProject("project1")
-		scan.AppendScannedProject("project2")
+		scan.AppendScannedProject("project1", false)
+		scan.AppendScannedProject("project2", false)
 
 		scanReport := reporting.ScanReport{}
 		var utilsMock piperutils.FileUtils
@@ -240,7 +240,7 @@ func TestWriteCustomVulnerabilityReports(t *testing.T) {
 	t.Run("failed to write json report", func(t *testing.T) {
 		productName := "mock-product"
 		scan := &Scan{ProductVersion: "1"}
-		scan.AppendScannedProject("project1")
+		scan.AppendScannedProject("project1", false)
 		scanReport := reporting.ScanReport{}
 		utilsMock := &mock.FilesMock{}
 		utilsMock.FileWriteErrors = map[string]error{

pkg/whitesource/scan.go

@@ -11,6 +11,10 @@ import (
 	"github.com/SAP/jenkins-library/pkg/versioning"
 )
 
+var (
+	ErrDuplicatedProjectName = fmt.Errorf("project with the same name was already scanned")
+)
+
 // Scan stores information about scanned WhiteSource projects (modules).
 type Scan struct {
 	// AggregateProjectName stores the name of the WhiteSource project where scans shall be aggregated.
@@ -43,19 +47,19 @@ func (s *Scan) versionSuffix() string {
 
 // AppendScannedProject checks that no Project with the same name is already contained in the list of scanned projects,
 // and appends a new Project with the given name. The global product version is appended to the name.
-func (s *Scan) AppendScannedProject(projectName string) error {
+func (s *Scan) AppendScannedProject(projectName string, skipModulesWithDuplicatedNames bool) error {
 	if len(projectName) == 0 {
 		return fmt.Errorf("projectName must not be empty")
 	}
 	if strings.HasSuffix(projectName, s.versionSuffix()) {
 		return fmt.Errorf("projectName is not expected to include the product version already")
 	}
-	return s.AppendScannedProjectVersion(projectName + s.versionSuffix())
+	return s.AppendScannedProjectVersion(projectName+s.versionSuffix(), skipModulesWithDuplicatedNames)
 }
 
 // AppendScannedProjectVersion checks that no Project with the same name is already contained in the list of scanned
 // projects,  and appends a new Project with the given name (which is expected to include the product version).
-func (s *Scan) AppendScannedProjectVersion(projectName string) error {
+func (s *Scan) AppendScannedProjectVersion(projectName string, skipModulesWithDuplicatedNames bool) error {
 	if !strings.HasSuffix(projectName, s.versionSuffix()) {
 		return fmt.Errorf("projectName is expected to include the product version")
 	}
@@ -67,6 +71,10 @@ func (s *Scan) AppendScannedProjectVersion(projectName string) error {
 	if exists {
 		log.Entry().Errorf("A module with the name '%s' was already scanned. "+
 			"Your project's modules must have unique names.", projectName)
+		if skipModulesWithDuplicatedNames {
+			return ErrDuplicatedProjectName
+		}
+
 		return fmt.Errorf("project with name '%s' was already scanned", projectName)
 	}
 	s.scannedProjects[projectName] = Project{Name: projectName}

pkg/whitesource/scanMaven.go

@@ -117,7 +117,7 @@ func (s *Scan) appendModulesThatWillBeScanned(utils Utils, excludes []string) er
 				return fmt.Errorf("artifactId missing from '%s'", info.PomXMLPath)
 			}
 
-			err := s.AppendScannedProject(project.ArtifactID)
+			err := s.AppendScannedProject(project.ArtifactID, false)
 			if err != nil {
 				return err
 			}

pkg/whitesource/scanNPM.go

@@ -136,7 +136,7 @@ func (s *Scan) executeNpmScanForModule(modulePath string, config *ScanOptions, u
 		return err
 	}
 
-	if err := s.AppendScannedProject(projectName); err != nil {
+	if err := s.AppendScannedProject(projectName, false); err != nil {
 		return err
 	}
 

pkg/whitesource/scanOptions.go

@@ -46,7 +46,8 @@ type ScanOptions struct {
 
 	InstallCommand string
 
-	SkipParentProjectResolution bool
+	SkipParentProjectResolution    bool
+	SkipModulesWithDuplicatedNames bool
 
 	Verbose bool
 }

pkg/whitesource/scanReports_test.go

@@ -23,7 +23,7 @@ func TestDownloadReports(t *testing.T) {
 		utils := &mock.FilesMock{}
 		system := NewSystemMock("2010-05-30 00:15:00 +0100")
 		scan := &Scan{ProductVersion: "1"}
-		_ = scan.AppendScannedProject("mock-project")
+		_ = scan.AppendScannedProject("mock-project", false)
 		_ = scan.UpdateProjects("mock-product-token", system)
 		// test
 		paths, err := scan.DownloadReports(options, utils, system)
@@ -76,7 +76,7 @@ func TestDownloadReports(t *testing.T) {
 		utils := &mock.FilesMock{}
 		system := NewSystemMock("2010-05-30 00:15:00 +0100")
 		scan := &Scan{ProductVersion: "1"}
-		_ = scan.AppendScannedProject("no-such-project")
+		_ = scan.AppendScannedProject("no-such-project", false)
 		_ = scan.UpdateProjects("mock-product-token", system)
 		// test
 		paths, err := scan.DownloadReports(options, utils, system)
@@ -93,7 +93,7 @@ func TestDownloadReports(t *testing.T) {
 		utils := &mock.FilesMock{}
 		system := NewSystemMock("2010-05-30 00:15:00 +0100")
 		scan := &Scan{ProductVersion: "1"}
-		err := scan.AppendScannedProjectVersion("mock-project - 1")
+		err := scan.AppendScannedProjectVersion("mock-project - 1", false)
 		require.NoError(t, err)
 		_ = scan.UpdateProjects("mock-product-token", system)
 		// test

pkg/whitesource/scanUA.go

@@ -99,7 +99,11 @@ func (s *Scan) ExecuteUAScanInPath(config *ScanOptions, utils Utils, scanPath st
 
 	// ToDo: check if this is required
 	if !config.SkipParentProjectResolution {
-		if err := s.AppendScannedProject(s.AggregateProjectName); err != nil {
+		if err := s.AppendScannedProject(s.AggregateProjectName, config.SkipModulesWithDuplicatedNames); err != nil {
+			if config.SkipModulesWithDuplicatedNames && errors.Is(err, ErrDuplicatedProjectName) {
+				return nil
+			}
+
 			return err
 		}
 	}