Add maven test case and fallback case

Signed-off-by: 석지영/책임연구원/SW공학(연)Open Source TP <jiyeong.seok@lge.com>

Author: dd-jy

.reuse/dep5

@@ -122,6 +122,10 @@ Files: tests/test_mod/*
 Copyright: 2024 junegunn(Junegunn Choi)
 License: MIT
 
+Files: tests/test_maven_custom_repo/*
+Copyright: 2026 LG Electronics
+License: Apache-2.0
+
 Files: LICENSES/LicenseRef-3rd_party_licenses.txt
 Copyright: 2021 LG Electronics
 License: Apache-2.0

src/fosslight_dependency/_package_manager.py

@@ -512,8 +512,8 @@ def get_download_location(download_url_map, group_id, artifact_id, version, mvnr
             if actual_url:
                 central_like = ("repo1.maven.org" in actual_url) or ("repo.maven.apache.org" in actual_url)
                 google_like = (("maven.google.com" in actual_url) or
-                            ("dl.google.com/android/maven2" in actual_url) or
-                            ("dl.google.com/dl/android/maven2" in actual_url))
+                               ("dl.google.com/android/maven2" in actual_url) or
+                               ("dl.google.com/dl/android/maven2" in actual_url))
                 if central_like or google_like:
                     use_mvnrepo = True
                 else:

src/fosslight_dependency/package_manager/Maven.py

@@ -10,6 +10,7 @@
 from bs4 import BeautifulSoup as bs
 from defusedxml.ElementTree import parse
 import re
+from pathlib import Path
 import fosslight_util.constant as constant
 import fosslight_dependency.constant as const
 from fosslight_dependency._package_manager import PackageManager
@@ -66,6 +67,7 @@ def run_plugin(self):
     def add_plugin_in_pom(self, pom_backup):
         ret = False
         xml = 'xml'
+        f_content = None
 
         manifest_file = const.SUPPORT_PACKAE.get(self.package_manager_name)
         if os.path.isfile(manifest_file) != 1:
@@ -94,25 +96,32 @@ def add_plugin_in_pom(self, pom_backup):
 
             tmp_plugin = bs(license_maven_plugin, xml)
 
-            license_maven_plugins = f"<plugins>{license_maven_plugin}<plugins>"
+            license_maven_plugins = f"<plugins>{license_maven_plugin}</plugins>"
             tmp_plugins = bs(license_maven_plugins, xml)
 
             with open(pom_backup, 'r', encoding='utf8') as f:
                 f_xml = f.read()
                 f_content = bs(f_xml, xml)
 
-                build = f_content.find('build')
-                if build is not None:
-                    plugins = build.find('plugins')
-                    if plugins is not None:
-                        plugins.append(tmp_plugin.plugin)
-                        ret = True
-                    else:
-                        build.append(tmp_plugins.plugins)
-                        ret = True
+            build = f_content.find('build')
+            if build is not None:
+                plugins = build.find('plugins')
+                if plugins is not None:
+                    plugins.append(tmp_plugin.plugin)
+                    ret = True
+                else:
+                    build.append(tmp_plugins.plugins)
+                    ret = True
+            else:
+                project = f_content.find('project')
+                if project is not None:
+                    build_with_plugins = f"<build>{license_maven_plugins}</build>"
+                    tmp_build = bs(build_with_plugins, xml)
+                    project.append(tmp_build.build)
+                    ret = True
         except Exception as e:
             ret = False
-            logger.error(f"Failed to add plugin in pom : {e}")
+            logger.warning(f"Failed to add plugin in pom : {e}")
 
         if ret:
             with open(manifest_file, "w", encoding='utf8') as f_w:
@@ -196,14 +205,88 @@ def collect_source_download_urls(self, include_groups=None, include_artifacts=No
                     self._parse_downloaded_from_lines_mvn(proc.stdout)
                 else:
                     logger.debug(f"dependency:resolve failed (rc={proc.returncode})")
+            if not self.download_url_map and (include_groups and include_artifacts):
+                logger.debug("No download URLs found, attempting to reconstruct from local repository")
+                self._collect_urls_from_local_repository(include_groups, include_artifacts)
         except Exception as e:
             logger.debug(f"Error occurred while collecting source download URLs: {e}")
         finally:
             if current_mode:
                 change_file_mode(cmd_mvn, current_mode)
 
+    def _collect_urls_from_local_repository(self, include_groups=None, include_artifacts=None):
+        try:
+            m2_repo = Path.home() / ".m2" / "repository"
+            if not m2_repo.exists():
+                return
+            repo_map = self._parse_pom_repositories()
+            if include_groups and include_artifacts:
+                for group_id in include_groups:
+                    group_path = group_id.replace('.', '/')
+                    for artifact_id in include_artifacts:
+                        artifact_path = m2_repo / group_path / artifact_id
+                        if artifact_path.exists():
+                            self._scan_artifact_versions(artifact_path, group_id, artifact_id, repo_map)
+        except Exception as e:
+            logger.debug(f"Failed to collect URLs from local repository: {e}")
+
+    def _parse_pom_repositories(self):
+        repo_map = {}
+        try:
+            pom_file = os.path.join(self.input_dir, 'pom.xml')
+            if not os.path.exists(pom_file):
+                return repo_map
+            with open(pom_file, 'r', encoding='utf8') as f:
+                soup = bs(f.read(), 'xml')
+                repositories = soup.find_all('repository')
+                for repo in repositories:
+                    repo_id = repo.find('id')
+                    repo_url = repo.find('url')
+                    if repo_id and repo_url:
+                        repo_map[repo_id.text.strip()] = repo_url.text.strip().rstrip('/')
+        except Exception as e:
+            logger.debug(f"Failed to parse pom repositories: {e}")
+        return repo_map
+
+    def _scan_artifact_versions(self, artifact_path, group_id, artifact_id, repo_map):
+        try:
+            for version_dir in artifact_path.iterdir():
+                if not version_dir.is_dir():
+                    continue
+                version = version_dir.name
+                remote_repos_file = version_dir / "_remote.repositories"
+
+                if remote_repos_file.exists():
+                    with open(remote_repos_file, 'r') as f:
+                        for line in f:
+                            if line.startswith('#') or '>' not in line:
+                                continue
+                            parts = line.strip().split('>')
+                            if len(parts) != 2:
+                                continue
+                            filename = parts[0]
+                            repo_id = parts[1].rstrip('=')
+
+                            if '-sources.jar' in filename:
+                                if repo_id in repo_map:
+                                    repo_url = repo_map[repo_id]
+                                elif repo_id == 'central':
+                                    repo_url = 'https://repo.maven.apache.org/maven2'
+                                else:
+                                    continue
+                                group_path = group_id.replace('.', '/')
+                                url = f"{repo_url}/{group_path}/{artifact_id}/{version}/{filename}"
+                                key = f"{group_id}:{artifact_id}:{version}"
+                                self.download_url_map[key] = url
+                                logger.debug(f"Reconstructed URL from local repo: {key} -> {url}")
+                                break
+        except Exception as e:
+            logger.debug(f"Failed to scan artifact versions: {e}")
+
     def _parse_downloaded_from_lines_mvn(self, stdout_text: str):
         current_gav = None
+        tld_roots = {'com', 'org', 'io', 'net', 'edu', 'gov', 'mil', 'co', 'de', 'fr', 'uk', 'kr', 'jp', 'cn'}
+
         for raw in stdout_text.splitlines():
             line = raw.strip()
             try:
@@ -217,6 +300,26 @@ def _parse_downloaded_from_lines_mvn(self, stdout_text: str):
                     if not m:
                         continue
                     url = m.group(1)
+
+                    if not current_gav:
+                        parts = url.split('/')
+                        if len(parts) >= 6 and parts[0].startswith('http'):
+                            filename = parts[-1]
+                            version = parts[-2]
+                            artifactid = parts[-3]
+
+                            if filename.startswith(f"{artifactid}-{version}"):
+                                artifact_idx = len(parts) - 3
+                                group_start_idx = -1
+                                for i in range(artifact_idx - 1, 2, -1):
+                                    if parts[i] in tld_roots:
+                                        group_start_idx = i
+                                        break
+                                if group_start_idx > 0:
+                                    group_parts = parts[group_start_idx:artifact_idx]
+                                    groupid = '.'.join(group_parts)
+                                    current_gav = (groupid, artifactid, version)
+
                     if not current_gav:
                         continue
                     groupid, artifactid, version = current_gav
@@ -228,6 +331,8 @@ def _parse_downloaded_from_lines_mvn(self, stdout_text: str):
                     prev = self.download_url_map.get(key)
                     if (prev is None) or (('-sources.' in url) and ('-sources.' not in (prev or ''))):
                         self.download_url_map[key] = url
+
+                    current_gav = None
             except Exception as e:
                 logger.debug(f"Failed to parse mvn line: {line} ({e})")
 

tests/pytest/package_manager/test_maven.py

@@ -5,6 +5,7 @@
 import os
 import pytest
 import subprocess
+import openpyxl
 
 DIST_PATH = os.path.join(os.environ.get("TOX_PATH", ""), "dist", "cli.exe")
 
@@ -30,3 +31,63 @@ def test_windows(input_path, output_path):
     result = subprocess.run(command, capture_output=True, text=True)
     assert result.returncode == 0, f"Command failed: {command}\nstdout: {result.stdout}\nstderr: {result.stderr}"
     assert any(os.scandir(output_path)), f"Output file does not exist: {output_path}"
+
+
+@pytest.mark.ubuntu
+def test_custom_repository_url():
+    """
+    Test that custom repository URLs are collected correctly from non-central repositories.
+    Uses Spring Milestone repository as test case.
+    """
+    import shutil
+    import tempfile
+    from pathlib import Path
+    
+    test_dir = "tests/test_maven_custom_repo"
+    assert os.path.exists(os.path.join(test_dir, "pom.xml")), f"Test project not found: {test_dir}"
+    
+    # Clean Maven cache for test packages to force download
+    m2_repo = Path.home() / ".m2" / "repository"
+    test_packages = [
+        m2_repo / "org/springframework/data/spring-data-r2dbc/1.5.0-M1"
+    ]
+    for pkg_path in test_packages:
+        if pkg_path.exists():
+            shutil.rmtree(pkg_path)
+    
+    # Run fosslight_dependency
+    with tempfile.TemporaryDirectory() as output_dir:
+        command = f"fosslight_dependency -p {test_dir} -o {output_dir}"
+        result = subprocess.run(command, shell=True, capture_output=True, text=True)
+        
+        assert result.returncode == 0, f"Command failed: {command}\nstdout: {result.stdout}\nstderr: {result.stderr}"
+        
+        # Find output Excel file
+        output_files = list(Path(output_dir).glob("fosslight_report_dep_*.xlsx"))
+        assert len(output_files) > 0, f"No output file found in {output_dir}"
+        
+        # Read Excel and check URLs
+        wb = openpyxl.load_workbook(output_files[0])
+        sheet = wb['DEP_FL_Dependency']
+        
+        headers = [cell.value for cell in sheet[1]]
+        name_idx = headers.index('OSS Name')
+        download_idx = headers.index('Download Location')
+        
+        spring_r2dbc_found = False
+        spring_r2dbc_url_correct = False
+        
+        for row in sheet.iter_rows(min_row=2, values_only=True):
+            name = row[name_idx] if name_idx < len(row) else ''
+            download_url = row[download_idx] if download_idx < len(row) else ''
+            
+            # Check spring-data-r2dbc has custom repo URL
+            if 'spring-data-r2dbc' in str(name):
+                spring_r2dbc_found = True
+                if 'repo.spring.io' in str(download_url):
+                    spring_r2dbc_url_correct = True
+                    break
+        
+        assert spring_r2dbc_found, "spring-data-r2dbc package not found in output"
+        assert spring_r2dbc_url_correct, f"spring-data-r2dbc should have repo.spring.io URL, but got: {download_url}"
+

tests/test_maven_custom_repo/pom.xml

@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
+         http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.test</groupId>
+    <artifactId>custom-repo-test</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <packaging>jar</packaging>
+
+    <name>Custom Repository Test</name>
+    <description>Test project for custom Maven repositories</description>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <maven.compiler.source>1.8</maven.compiler.source>
+        <maven.compiler.target>1.8</maven.compiler.target>
+    </properties>
+
+    <repositories>
+        <!-- Spring Milestone Repository (custom repository) -->
+        <repository>
+            <id>spring-milestones</id>
+            <name>Spring Milestones</name>
+            <url>https://repo.spring.io/milestone</url>
+            <releases>
+                <enabled>true</enabled>
+            </releases>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </repository>
+    </repositories>
+
+    <dependencies>
+        <!-- Package from Spring Milestone Repository -->
+        <dependency>
+            <groupId>org.springframework.data</groupId>
+            <artifactId>spring-data-r2dbc</artifactId>
+            <version>1.5.0-M1</version>
+        </dependency>
+        
+        <!-- Package from Maven Central for comparison -->
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.20</version>
+        </dependency>
+    </dependencies>
+</project>