From bc054e47242daedf3d79ee1b74707f080700263a Mon Sep 17 00:00:00 2001
From: cpendery <35637443+cpendery@users.noreply.github.com>
Date: Thu, 30 Jun 2022 10:31:36 -0400
Subject: [PATCH] fix: purl generation for pom.xml (#1078)

---
 syft/pkg/cataloger/java/parse_pom_xml.go          | 5 +++++
 syft/pkg/cataloger/java/parse_pom_xml_test.go     | 2 +-
 syft/pkg/cataloger/java/test-fixtures/pom/pom.xml | 5 ++---
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/syft/pkg/cataloger/java/parse_pom_xml.go b/syft/pkg/cataloger/java/parse_pom_xml.go
index 621e0fa40..1f7b932b6 100644
--- a/syft/pkg/cataloger/java/parse_pom_xml.go
+++ b/syft/pkg/cataloger/java/parse_pom_xml.go
@@ -63,6 +63,11 @@ func newPackageFromPom(dep gopom.Dependency) *pkg.Package {
 		Type:         pkg.JavaPkg, // TODO: should we differentiate between packages from jar/war/zip versus packages from a pom.xml that were not installed yet?
 		MetadataType: pkg.JavaMetadataType,
 		FoundBy:      javaPomCataloger,
+		Metadata: pkg.JavaMetadata{
+			PomProperties: &pkg.PomProperties{
+				GroupID: dep.GroupID,
+			},
+		},
 	}
 
 	p.Metadata = pkg.JavaMetadata{PURL: packageURL(*p)}
diff --git a/syft/pkg/cataloger/java/parse_pom_xml_test.go b/syft/pkg/cataloger/java/parse_pom_xml_test.go
index bae7f7449..e314716f4 100644
--- a/syft/pkg/cataloger/java/parse_pom_xml_test.go
+++ b/syft/pkg/cataloger/java/parse_pom_xml_test.go
@@ -26,7 +26,7 @@ func Test_parserPomXML(t *testing.T) {
 					Type:         pkg.JavaPkg,
 					MetadataType: pkg.JavaMetadataType,
 					Metadata: pkg.JavaMetadata{
-						PURL: "pkg:maven/joda-time/joda-time@2.9.2",
+						PURL: "pkg:maven/com.joda/joda-time@2.9.2",
 					},
 				},
 				{
diff --git a/syft/pkg/cataloger/java/test-fixtures/pom/pom.xml b/syft/pkg/cataloger/java/test-fixtures/pom/pom.xml
index 4ab76d1d9..6dec1a75a 100644
--- a/syft/pkg/cataloger/java/test-fixtures/pom/pom.xml
+++ b/syft/pkg/cataloger/java/test-fixtures/pom/pom.xml
@@ -1,6 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 
 	<groupId>org.anchore</groupId>
@@ -16,7 +15,7 @@
 	<dependencies>
 		<!-- tag::joda[] -->
 		<dependency>
-			<groupId>joda-time</groupId>
+			<groupId>com.joda</groupId>
 			<artifactId>joda-time</artifactId>
 			<version>2.9.2</version>
 		</dependency>