fix: output.py compares tools by ComponentIdentity

Festo-se · Dec 17, 2024 · 81cc1d5 · 81cc1d5
1 parent f1bb48d
commit 81cc1d5
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/cdxev/auxiliary/output.py b/cdxev/auxiliary/output.py
@@ -10,6 +10,7 @@
 
 from cdxev import pkg
 from cdxev.auxiliary.filename_gen import generate_filename
+from cdxev.auxiliary.identity import ComponentIdentity
 from cdxev.auxiliary.sbomFunctions import CycloneDXVersion, SpecVersion
 from cdxev.error import AppError
 
@@ -99,14 +100,19 @@ def update_tools(sbom: dict) -> None:
             "version": pkg.VERSION,
         }
 
+    this_tool_id = ComponentIdentity.create(this_tool, allow_unsafe=True)
+
     if t.TYPE_CHECKING:
         # At this point we can be sure that tools is definitely a list.
         # This assertion is for mypy only and has no runtime relevance, because if tools isn't
         # truly a list that would mean the SBOM is invalid in which case we're fine with letting
         # the tool crash. Therefore, bandit error B101 is silenced.
         assert isinstance(tools, list)  # nosec
 
-    if any(tool for tool in tools if tool == this_tool):
+    if any(
+        ComponentIdentity.create(tool, allow_unsafe=True) == this_tool_id
+        for tool in tools
+    ):
         return
 
     tools.append(this_tool)