@@ -260,12 +260,12 @@ func SearchComponentByRef(components *[]cyclonedx.Component, ref string) (compon
260260 return
261261}
262262
263- func SearchComponentByCleanRef (components * []cyclonedx.Component , bomRef string ) (component * cyclonedx.Component ) {
263+ func SearchComponentByCleanPurl (components * []cyclonedx.Component , purl string ) (component * cyclonedx.Component ) {
264264 if components == nil || len (* components ) == 0 {
265265 return
266266 }
267267 for i , comp := range * components {
268- if techutils .PurlToXrayComponentId (comp .BOMRef ) == techutils .PurlToXrayComponentId (bomRef ) {
268+ if techutils .PurlToXrayComponentId (comp .PackageURL ) == techutils .PurlToXrayComponentId (purl ) {
269269 return & (* components )[i ]
270270 }
271271 }
@@ -321,12 +321,12 @@ func Exclude(bom cyclonedx.BOM, componentsToExclude ...cyclonedx.Component) (fil
321321 }
322322 filteredSbom = & bom
323323 for _ , compToExclude := range componentsToExclude {
324- if matchedBomComp := SearchComponentByCleanRef (bom .Components , compToExclude .BOMRef ); matchedBomComp == nil || GetComponentRelation (& bom , matchedBomComp .BOMRef , false ) == RootRelation {
324+ if matchedBomComp := SearchComponentByCleanPurl (bom .Components , compToExclude .PackageURL ); matchedBomComp == nil || GetComponentRelation (& bom , matchedBomComp .BOMRef , false ) == RootRelation {
325325 // If not a match or Root component, skip it
326326 continue
327327 }
328328 // Exclude the component from the dependencies
329- filteredSbom .Dependencies = excludeFromDependencies (bom .Dependencies , compToExclude . BOMRef )
329+ filteredSbom .Dependencies = excludeFromDependencies (bom .Dependencies , bom . Components , compToExclude )
330330 }
331331 toExclude := datastructures .MakeSet [string ]()
332332 for _ , comp := range * filteredSbom .Components {
@@ -378,13 +378,15 @@ func excludeFromComponents(components *[]cyclonedx.Component, excludeComponents
378378 return & filteredComponents
379379}
380380
381- func excludeFromDependencies (dependencies * []cyclonedx.Dependency , excludeComponents ... string ) * []cyclonedx.Dependency {
381+ func excludeFromDependencies (dependencies * []cyclonedx.Dependency , components * []cyclonedx. Component , excludeComponents ... cyclonedx. Component ) * []cyclonedx.Dependency {
382382 if dependencies == nil || len (* dependencies ) == 0 || len (excludeComponents ) == 0 {
383383 return dependencies
384384 }
385385 excludeRefs := datastructures .MakeSet [string ]()
386- for _ , compRef := range excludeComponents {
387- excludeRefs .Add (techutils .PurlToXrayComponentId (compRef ))
386+ excludePurls := datastructures .MakeSet [string ]()
387+ for _ , component := range excludeComponents {
388+ excludeRefs .Add (component .BOMRef )
389+ excludePurls .Add (techutils .PurlToXrayComponentId (component .PackageURL ))
388390 }
389391 filteredDependencies := []cyclonedx.Dependency {}
390392 for _ , dep := range * dependencies {
@@ -396,7 +398,7 @@ func excludeFromDependencies(dependencies *[]cyclonedx.Dependency, excludeCompon
396398 if dep .Dependencies != nil {
397399 // Also filter the components from the dependencies of this dependency
398400 for _ , depRef := range * dep .Dependencies {
399- if ! excludeRefs .Exists (techutils . PurlToXrayComponentId ( depRef ) ) {
401+ if ! excludeRefs .Exists (depRef ) {
400402 if filteredDep .Dependencies == nil {
401403 filteredDep .Dependencies = & []string {}
402404 }
0 commit comments