Description
We already discussed this in an old internal ticket and the test case is still there and disabled in https://github.com/sw360/capycli/blob/v2.6.0/tests/test_bom_map2.py#L181.
Citing my analysis in https://code.siemens.com/sw360/clearingautomation/-/issues/25#note_8819792:
The real underlying issue seems map_bom_item() which allows different mapping results to be added to the updated BOM depending on the order of SW360 answers.
I think this is caused by incomplete logic around is_better_match. Example from https://github.com/sw360/capycli/blob/v2.6.0/capycli/bom/map_bom.py#L423:
if self.is_better_match(
result.releases,
MapResult.FULL_MATCH_BY_NAME_AND_VERSION):
result.releases.clear()
if self.verbosity > 1:
print(" CLEAR (FULL_MATCH_BY_NAME_AND_VERSION)")
result.result = MapResult.FULL_MATCH_BY_NAME_AND_VERSION
release["MapResult"] = MapResult.FULL_MATCH_BY_NAME_AND_VERSION
result.releases.append(release)
If we first get a MATCH_BY_NAME, followed by a FULL_MATCH_BY_NAME_AND_VERSION, the latter will be detected as better match and previously found releases will be cleared from the MapResult. If we however get the best match first, followed by bad matches, the bad matches will also be added to the MapResult.
The assertion marked with TODO in the new test case test_map_bom_item_nocache_mixed_match in https://github.com/sw360/capycli/blob/v2.6.0/tests/test_bom_map2.py#L181. illustrates this: depending on the order in which releases are returned by SW360, we currently get either one mapping result or multiple ones.
I think the logic around is_better_match needs to be changed: when we have a better match, delete the old releases and add new match (as it is now). When we have equally good matches, add the new one (as it is now). But if we have a worse match, do not add it at all (currently missing).
This however means changing all calls to is_better_match...