From 0d1cbe09bb40c4dcd33c2b5897cefe5187289ab0 Mon Sep 17 00:00:00 2001
From: wkoot <3715211+wkoot@users.noreply.github.com>
Date: Thu, 19 Sep 2024 13:26:53 +0200
Subject: [PATCH] Include bom-ref value within component hash calculation

Fixes https://github.com/CycloneDX/cyclonedx-python-lib/issues/540

Signed-off-by: wkoot <3715211+wkoot@users.noreply.github.com>
---
 cyclonedx/model/component.py  |  2 +-
 tests/test_model_component.py | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/cyclonedx/model/component.py b/cyclonedx/model/component.py
index 5287030b4..f7499af35 100644
--- a/cyclonedx/model/component.py
+++ b/cyclonedx/model/component.py
@@ -1783,7 +1783,7 @@ def __hash__(self) -> int:
             self.mime_type, self.supplier, self.author, self.publisher,
             self.description, self.scope, tuple(self.hashes),
             tuple(self.licenses), self.copyright, self.cpe,
-            self.purl,
+            self.purl, self.bom_ref.value,
             self.swid, self.pedigree,
             tuple(self.external_references), tuple(self.properties),
             tuple(self.components), self.evidence, self.release_notes, self.modified,
diff --git a/tests/test_model_component.py b/tests/test_model_component.py
index 8ad7014c0..c325f2b72 100644
--- a/tests/test_model_component.py
+++ b/tests/test_model_component.py
@@ -219,6 +219,16 @@ def test_component_equal_3(self) -> None:
 
         self.assertNotEqual(c, c2)
 
+    def test_component_equal_4(self) -> None:
+        c = Component(
+            name='test-component', version='1.2.3', bom_ref='ref1'
+        )
+        c2 = Component(
+            name='test-component', version='1.2.3', bom_ref='ref2'
+        )
+
+        self.assertNotEqual(c, c2)
+
     def test_same_1(self) -> None:
         c1 = get_component_setuptools_simple()
         c2 = get_component_setuptools_simple()