Fix regression about transitive dependencies set scanning

src/main/java/com/csoft/MainMojo.java

@@ -2,6 +2,7 @@
 
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -91,7 +92,7 @@ public void execute() throws MojoExecutionException, MojoFailureException {
         ReportBuilder reportBuilder = new ReportBuilder(project);
 
         Set<Artifact> baseDeps = project.getDependencyArtifacts();
-        Set<Artifact> transitiveDeps = ArtifactUtils.getCumulativeDependencies(project);
+        Set<Artifact> transitiveDeps = ArtifactUtils.getTransitiveDependencies(project);
         Set<Artifact> allDeps = ArtifactUtils.getCumulativeDependencies(project);
         buildLogger.logHeadAnalysis(project);
         buildLogger.logBaseDeps(dependencyAnalyzer.analyze(baseDeps));
@@ -124,15 +125,14 @@ private boolean violationAnalysis(final Map<String, List<String>> violationsMap)
             log.info("");
             log.warn("FORBIDDEN LICENSES");
             log.warn("-----------------------");
-            log.info(
-                    "NOTE: For artifacts with multiple licenses, violation will be marked only when all licenses match the denylist.");
+            log.info("NOTE: For artifacts with multiple licenses, violation will be marked only when all licenses match the denylist.");
             for (String forbiddenLicense : forbiddenLicenses) {
                 List<String> array = violationsMap.get(forbiddenLicense);
-                log.warn("Found " + array.size() + " violations for license '" + forbiddenLicense + "':");
-                for (String artifact : array) {
-                    log.warn(" - " + artifact);
-                }
                 if (!array.isEmpty()) {
+                    log.warn("Found " + array.size() + " violations for license '" + forbiddenLicense + "':");
+                    for (String artifact : array) {
+                        log.warn(" - " + artifact);
+                    }
                     potentiallyFailBuild = true;
                 }
             }

src/main/java/com/csoft/utils/ArtifactUtils.java

@@ -1,5 +1,6 @@
 package com.csoft.utils;
 
+import java.util.HashSet;
 import java.util.Set;
 
 import org.apache.maven.artifact.Artifact;
@@ -17,8 +18,8 @@ private ArtifactUtils() {}
      * @return Set of dependencies.
      */
     public static Set<Artifact> getTransitiveDependencies(final MavenProject mavenProject) {
-        Set<Artifact> transitiveDependencies = mavenProject.getArtifacts();
-        transitiveDependencies.removeAll(mavenProject.getDependencyArtifacts());
+        Set<Artifact> transitiveDependencies = new HashSet<>(mavenProject.getArtifacts());
+        transitiveDependencies.removeAll(new HashSet<>(mavenProject.getDependencyArtifacts()));
         return transitiveDependencies;
     }
 
@@ -30,8 +31,8 @@ public static Set<Artifact> getTransitiveDependencies(final MavenProject mavenPr
      * @return Set of dependencies.
      */
     public static Set<Artifact> getCumulativeDependencies(final MavenProject mavenProject) {
-        Set<Artifact> cumulativeDependencies = mavenProject.getArtifacts();
-        cumulativeDependencies.addAll(mavenProject.getDependencyArtifacts());
+        Set<Artifact> cumulativeDependencies = new HashSet<>(mavenProject.getArtifacts());
+        cumulativeDependencies.addAll(new HashSet<>(mavenProject.getDependencyArtifacts()));
         return cumulativeDependencies;
     }
 

src/test/java/com/csoft/utils/ArtifactUtilsTest.java

@@ -45,7 +45,7 @@ public void testGetTransitiveDependencies_WHEN_inputHasNoDeps_THEN_returnsEmptyS
     @Test
     public void testGetTransitiveDependencies_WHEN_inputHasOnlyDirectDeps_THEN_returnsEmptySet() {
         //given
-        Set<Artifact> directDeps = new HashSet<Artifact>();
+        Set<Artifact> directDeps = new HashSet<>();
         directDeps.add(dep1);
         directDeps.add(dep2);
         when(mavenProject.getArtifacts()).thenReturn(new HashSet<Artifact>());
@@ -63,7 +63,7 @@ public void testGetTransitiveDependencies_WHEN_inputHasOnlyDirectDeps_THEN_retur
     @Test
     public void testGetTransitiveDependencies_WHEN_inputHasOnlyDepsInGlobalSet_THEN_returnsNonEmptySet() {
         //given
-        Set<Artifact> allDeps = new HashSet<Artifact>();
+        Set<Artifact> allDeps = new HashSet<>();
         allDeps.add(dep1);
         allDeps.add(dep2);
         when(mavenProject.getArtifacts()).thenReturn(allDeps);
@@ -79,12 +79,33 @@ public void testGetTransitiveDependencies_WHEN_inputHasOnlyDepsInGlobalSet_THEN_
         verify(mavenProject, times(1)).getDependencyArtifacts();
     }
 
+    @Test
+    public void testGetTransitiveDependencies_WHEN_inputHasDepsInBothSets_THEN_returnsNonEmptySetWithItemNotInCommon() {
+        //given
+        Set<Artifact> allDeps = new HashSet<>();
+        allDeps.add(dep1);
+        allDeps.add(dep2);
+        Set<Artifact> directDeps = new HashSet<>();
+        directDeps.add(dep2);
+        when(mavenProject.getArtifacts()).thenReturn(allDeps);
+        when(mavenProject.getDependencyArtifacts()).thenReturn(directDeps);
+
+        //when
+        Set<Artifact> artifacts = ArtifactUtils.getTransitiveDependencies(mavenProject);
+
+        //then
+        assertThat(artifacts.size(), is(1));
+        assertThat(artifacts, containsInAnyOrder(dep1));
+        verify(mavenProject, times(1)).getArtifacts();
+        verify(mavenProject, times(1)).getDependencyArtifacts();
+    }
+
     @Test
     public void testGetCumulativeDependencies_WHEN_inputHasDeps_THEN_returnsNonEmptySet() {
         //given
-        Set<Artifact> allDeps = new HashSet<Artifact>();
+        Set<Artifact> allDeps = new HashSet<>();
         allDeps.add(dep1);
-        Set<Artifact> directDeps = new HashSet<Artifact>();
+        Set<Artifact> directDeps = new HashSet<>();
         allDeps.add(dep2);
         when(mavenProject.getArtifacts()).thenReturn(allDeps);
         when(mavenProject.getDependencyArtifacts()).thenReturn(directDeps);