From 78a39f8671e2c2e9b6e3c1af846b9e9ea8b08e61 Mon Sep 17 00:00:00 2001
From: Maisie Sadler <maisie.sadler@truelayer.com>
Date: Thu, 8 Aug 2024 11:58:26 +0100
Subject: [PATCH 1/2]     Failing test showing package dependency in range does
 not work if more than one package references

Signed-off-by: Maisie Sadler <maisie.sadler@truelayer.com>
---
 CycloneDX.Tests/ProgramTests.cs | 57 +++++++++++++++++++++++++++++++--
 1 file changed, 55 insertions(+), 2 deletions(-)

diff --git a/CycloneDX.Tests/ProgramTests.cs b/CycloneDX.Tests/ProgramTests.cs
index 0e1ca4a3..badf094b 100755
--- a/CycloneDX.Tests/ProgramTests.cs
+++ b/CycloneDX.Tests/ProgramTests.cs
@@ -18,12 +18,17 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
+using System.IO.Abstractions;
 using System.IO.Abstractions.TestingHelpers;
+using System.Runtime.Serialization.Formatters;
+using System.Security.Cryptography;
 using System.Threading.Tasks;
 using CycloneDX.Interfaces;
 using CycloneDX.Models;
+using CycloneDX.Services;
 using Moq;
 using Xunit;
+using static CycloneDX.Models.Component;
 using XFS = System.IO.Abstractions.TestingHelpers.MockUnixSupport;
 
 namespace CycloneDX.Tests
@@ -75,7 +80,7 @@ public async Task CallingCycloneDX_WithOutputFilename_CreatesOutputFilename()
                 .Setup(s => s.GetSolutionDotnetDependencys(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<bool>(), It.IsAny<string>(), It.IsAny<string>()))
                 .ReturnsAsync(new HashSet<DotnetDependency>());
 
-            Runner runner = new Runner(fileSystem: mockFileSystem, null, null, null, null, null, solutionFileService: mockSolutionFileService.Object, null);            
+            Runner runner = new Runner(fileSystem: mockFileSystem, null, null, null, null, null, solutionFileService: mockSolutionFileService.Object, null);
 
             RunOptions runOptions = new RunOptions
             {
@@ -128,7 +133,55 @@ public async Task CallingCycloneDX_WithSolutionOrProjectFileThatDoesntExistsRetu
 
             var exitCode = await runner.HandleCommandAsync(runOptions);
 
-            Assert.NotEqual((int)ExitCode.OK, exitCode);            
+            Assert.NotEqual((int)ExitCode.OK, exitCode);
+        }
+
+        [Fact]
+        public async Task CallingCycloneDX_WithMultipleReferencesToPackage_ResolvesOne()
+        {
+            var solutionFile = "test.sln";
+            var mockFileSystem = new MockFileSystem(new Dictionary<string, MockFileData>
+            {
+                {solutionFile,new MockFileData("") },
+            });
+            var mockSolutionFileService = new Mock<ISolutionFileService>();
+            mockSolutionFileService
+                .Setup(s => s.GetSolutionDotnetDependencys(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<bool>(), It.IsAny<string>(), It.IsAny<string>()))
+                .ReturnsAsync(new HashSet<DotnetDependency>
+                {
+                    new DotnetDependency { Name = "Package 1", Version = "1.2.3" },
+                    new DotnetDependency { Name = "Package 1", Version = "1.3.5" },
+                    new DotnetDependency { Name = "Package 2", Version = "2.0.0", Dependencies = new Dictionary<string, string>{{"Package 1", "[1.2.3, 1.2.3]" }} },
+                });
+
+            var mockNugetService = new Mock<INugetService>();
+            mockNugetService.Setup(s => s.GetComponentAsync(It.Is<DotnetDependency>(o => o.Name == "Package 1" && o.Version == "1.2.3")))
+                .ReturnsAsync(new Component { Name = "Package 1", Version = "1.2.3", });
+            mockNugetService.Setup(s => s.GetComponentAsync(It.Is<DotnetDependency>(o => o.Name == "Package 1" && o.Version == "1.3.5")))
+                .ReturnsAsync(new Component { Name = "Package 1", Version = "1.3.5", });
+            mockNugetService.Setup(s => s.GetComponentAsync(It.Is<DotnetDependency>(o => o.Name == "Package 2" && o.Version == "2.0.0")))
+                .ReturnsAsync(new Component { Name = "Package 2", Version = "2.0.0", });
+
+            var mockNugetServiceFactory = new Mock<INugetServiceFactory>();
+            mockNugetServiceFactory
+                .Setup(s => s.Create(It.IsAny<RunOptions>(), It.IsAny<IFileSystem>(), It.IsAny<IGithubService>(), It.IsAny<List<string>>()))
+                .Returns(mockNugetService.Object);
+
+            Runner runner = new Runner(fileSystem: mockFileSystem, null, null, null, null, null, solutionFileService: mockSolutionFileService.Object, nugetServiceFactory: mockNugetServiceFactory.Object);
+
+            RunOptions runOptions = new RunOptions
+            {
+                SolutionOrProjectFile = XFS.Path(solutionFile),
+                scanProjectReferences = true,
+                outputDirectory = XFS.Path(@"c:\NewDirectory"),
+                outputFilename = XFS.Path(@"my_bom.xml")
+            };
+
+            var exitCode = await runner.HandleCommandAsync(runOptions);
+
+            Assert.Equal((int)ExitCode.OK, exitCode);
+            var output = mockFileSystem.GetFile("/NewDirectory/my_bom.xml");
+            Assert.NotNull(output);
         }
     }
 }

From c426ea85d54c9c51a5b0a57419d4c98c073a9647 Mon Sep 17 00:00:00 2001
From: Maisie Sadler <maisie.sadler@truelayer.com>
Date: Thu, 8 Aug 2024 12:00:28 +0100
Subject: [PATCH 2/2] Check for packages >= 1

Signed-off-by: Maisie Sadler <maisie.sadler@truelayer.com>
---
 CycloneDX/Runner.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CycloneDX/Runner.cs b/CycloneDX/Runner.cs
index 890278a2..57e2ad1b 100644
--- a/CycloneDX/Runner.cs
+++ b/CycloneDX/Runner.cs
@@ -312,7 +312,7 @@ public async Task<int> HandleCommandAsync(RunOptions options)
                             if (!bomRefLookup.ContainsKey(lookupKey))
                             {
                                 var packageNameMatch = bomRefLookup.Where(x => x.Key.Item1 == dep.Key.ToLower(CultureInfo.InvariantCulture)).ToList();
-                                if (packageNameMatch.Count == 1)
+                                if (packageNameMatch.Count >= 1)
                                 {
                                     lookupKey = packageNameMatch.First().Key;
                                 }