remove type assertion check in packageIdentitiesMatch fn

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2025-11-17 16:33:21 +01:00 · 2021-04-22 13:58:39 -04:00 · 2021-04-22 13:58:39 -04:00 · 170681943c
commit 170681943c
parent 46043510ae
1 changed files with 10 additions and 13 deletions
--- a/syft/pkg/cataloger/java/archive_parser.go
+++ b/syft/pkg/cataloger/java/archive_parser.go
@ -269,30 +269,27 @@ func (j *archiveParser) discoverPkgsFromNestedArchives(parentPkg *pkg.Package) (
 }

 func packageIdentitiesMatch(p pkg.Package, parentPkg *pkg.Package) bool {
-	pkgKey := uniquePkgKey(&p)
-	parentKey := uniquePkgKey(parentPkg)
-
 	// the name/version pair matches...
-	matchesParentPkg := pkgKey == parentKey
+	if uniquePkgKey(&p) == uniquePkgKey(parentPkg) {
+		return true
+	}
+
+	metadata := p.Metadata.(pkg.JavaMetadata)

 	// the virtual path matches...
-	matchesParentPkg = matchesParentPkg || parentPkg.Metadata.(pkg.JavaMetadata).VirtualPath == p.Metadata.(pkg.JavaMetadata).VirtualPath
-
-	metadata, ok := p.Metadata.(pkg.JavaMetadata)
-	if !ok {
-		return matchesParentPkg
+	if parentPkg.Metadata.(pkg.JavaMetadata).VirtualPath == metadata.VirtualPath {
+		return true
 	}
-	pomProperties := metadata.PomProperties

 	// the pom artifactId is the parent name
 	// note: you CANNOT use name-is-subset-of-artifact-id or vice versa --this is too generic. Shaded jars are a good
 	// example of this: where the package name is "cloudbees-analytics-segment-driver" and a child is "analytics", but
 	// they do not indicate the same package.
-	if pomProperties.ArtifactID != "" {
-		matchesParentPkg = matchesParentPkg || parentPkg.Name == pomProperties.ArtifactID
+	if metadata.PomProperties.ArtifactID != "" && parentPkg.Name == metadata.PomProperties.ArtifactID {
+		return true
 	}

-	return matchesParentPkg
+	return false
 }

 func updatePackage(p pkg.Package, parentPkg *pkg.Package) {