Include bom-ref value within component hash calculation

Fixes CycloneDX#540 Signed-off-by: wkoot <[email protected]>
wkoot · Sep 19, 2024 · 0d1cbe0 · 0d1cbe0
1 parent 111cadc
commit 0d1cbe0
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/cyclonedx/model/component.py b/cyclonedx/model/component.py
@@ -1783,7 +1783,7 @@ def __hash__(self) -> int:
             self.mime_type, self.supplier, self.author, self.publisher,
             self.description, self.scope, tuple(self.hashes),
             tuple(self.licenses), self.copyright, self.cpe,
-            self.purl,
+            self.purl, self.bom_ref.value,
             self.swid, self.pedigree,
             tuple(self.external_references), tuple(self.properties),
             tuple(self.components), self.evidence, self.release_notes, self.modified,

diff --git a/tests/test_model_component.py b/tests/test_model_component.py
@@ -219,6 +219,16 @@ def test_component_equal_3(self) -> None:
 
         self.assertNotEqual(c, c2)
 
+    def test_component_equal_4(self) -> None:
+        c = Component(
+            name='test-component', version='1.2.3', bom_ref='ref1'
+        )
+        c2 = Component(
+            name='test-component', version='1.2.3', bom_ref='ref2'
+        )
+
+        self.assertNotEqual(c, c2)
+
     def test_same_1(self) -> None:
         c1 = get_component_setuptools_simple()
         c2 = get_component_setuptools_simple()