Skip to content

Commit

Permalink
Add support for paket.lock files (#611)
Browse files Browse the repository at this point in the history 
* NuGet parser for paket.lock files

Signed-off-by: Robert Liias <[email protected]>

* Add tests for paket.lock

Signed-off-by: Robert Liias <[email protected]>

* Update readme

Signed-off-by: Robert Liias <[email protected]>

* Isolate paket.lock parsing into its own statement

Signed-off-by: Robert Liias <[email protected]>

* Update readme, transitive dependencies

Signed-off-by: Robert Liias <[email protected]>

* Add repotest for Paket projects

Signed-off-by: Robert Liias <[email protected]>

---------

Signed-off-by: Robert Liias <[email protected]>
Co-authored-by: prabhu <[email protected]>
  • Loading branch information
@robaliias @prabhu
robaliias and prabhu authored Oct 5, 2023
1 parent 45c2f28 commit 24d39c3
Show file tree
Hide file tree
Showing 6 changed files with 106 additions and 1 deletion.
5 changes: 5 additions & 0 deletions .github/workflows/repotests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,10 @@ jobs:
with:
repository: 'tokio-rs/axum'
path: 'repotests/rs-axum'
- uses: actions/checkout@v4
with:
repository: 'fsprojects/FAKE'
path: 'repotests/dotnet-paket'
- uses: dtolnay/rust-toolchain@stable
- name: repotests
run: |
Expand Down Expand Up @@ -175,6 +179,7 @@ jobs:
cargo generate-lockfile --manifest-path repotests/rs-validator/validator/Cargo.toml
bin/cdxgen.js -r -t rust repotests/rs-validator -o bomresults/bom-rs-validator.json --validate
bin/cdxgen.js -r -t rust repotests/rs-axum -o bomresults/bom-rs-axum.json --validate
bin/cdxgen.js -p -r -t dotnet repotests/dotnet-paket -o bomresults/bom-dotnet-paket.json --validate
# mkdir -p jenkins
# wget https://updates.jenkins.io/download/plugins/sonar/2.14/sonar.hpi
# wget https://updates.jenkins.io/download/plugins/bouncycastle-api/2.26/bouncycastle-api.hpi
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ A typical application might have several repos, components, and libraries. Tradi
| go | binary, go.mod, go.sum, Gopkg.lock | Yes except binary |
| ruby | Gemfile.lock, gemspec | Only for Gemfile.lock |
| rust | binary, Cargo.toml, Cargo.lock | Only for Cargo.lock |
| .Net | .csproj, packages.config, project.assets.json [3], packages.lock.json, .nupkg | Only for project.assets.json, packages.lock.json |
| .Net | .csproj, packages.config, project.assets.json [3], packages.lock.json, .nupkg, paket.lock | Only for project.assets.json, packages.lock.json, paket.lock |
| dart | pubspec.lock, pubspec.yaml | Only for pubspec.lock |
| haskell | cabal.project.freeze | Yes |
| elixir | mix.lock | Yes |
Expand Down
19 changes: 19 additions & 0 deletions index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ import {
parseCsPkgLockData,
parseCsPkgData,
parseCsProjData,
parsePaketLockData,
DEBUG_MODE,
parsePyProjectToml,
addEvidenceForImports,
Expand Down Expand Up @@ -3963,6 +3964,10 @@ export const createCsharpBom = async (
path,
(options.multiProject ? "**/" : "") + "packages.lock.json"
);
const paketLockFiles = getAllFiles(
path,
(options.multiProject ? "**/" : "") + "paket.lock"
);
const nupkgFiles = getAllFiles(
path,
(options.multiProject ? "**/" : "") + "*.nupkg"
Expand Down Expand Up @@ -4046,6 +4051,20 @@ export const createCsharpBom = async (
}
}
}
if (paketLockFiles.length) {
manifestFiles = manifestFiles.concat(paketLockFiles);
// paket.lock parsing
for (const f of paketLockFiles) {
if (DEBUG_MODE) {
console.log(`Parsing ${f}`);
}
pkgData = readFileSync(f, { encoding: "utf-8" });
const dlist = await parsePaketLockData(pkgData);
if (dlist && dlist.length) {
pkgList = pkgList.concat(dlist);
}
}
}
if (!parentComponent) {
parentComponent = createDefaultParentComponent(path, options.type, options);
}
Expand Down
44 changes: 44 additions & 0 deletions test/data/paket.lock
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
GITHUB
remote: fsharp/FAKE
src/app/FakeLib/Globbing/Globbing.fs (0341a2e614eb2a7f34607cec914eb0ed83ce9add)
remote: fsprojects/FSharp.TypeProviders.SDK
src/AssemblyReader.fs (dc5ac01a1ac288eceb1fd6f12a5d388236f4f8e5)
remote: forki/FsUnit
FsUnit.fs (fa4eb37288d355eb855261be6c0b3945fba68432)
GROUP Build
CONTENT: NONE
RESTRICTION: >= net461
NUGET
remote: https://api.nuget.org/v3/index.json
0x53A.ReferenceAssemblies.Paket (0.2)
FAKE (4.64.17)
FSharp.Compiler.Service (17.0.1)
System.Collections.Immutable (>= 1.3.1)
System.Reflection.Metadata (>= 1.4.2)
ILRepack (2.0.18)
Microsoft.AspNet.Razor (3.2.4)
Microsoft.NETCore.Platforms (2.0) - restriction: || (&& (>= monotouch) (>= net461)) (&& (< net45) (>= net461) (>= netstandard1.5) (< netstandard1.6)) (&& (< net45) (>= net461) (< netstandard1.5)) (&& (>= net461) (< netstandard1.0)) (&& (>= net461) (< netstandard1.3)) (&& (>= net461) (< netstandard1.4)) (&& (>= net461) (< netstandard1.5) (>= uap10.0)) (&& (>= net461) (< netstandard2.0)) (&& (>= net461) (< portable-net45+win8+wpa81)) (&& (>= net461) (< portable-net451+win81+wpa81)) (&& (>= net461) (>= uap10.1))
NETStandard.Library (2.0) - restriction: && (>= net461) (< netstandard2.0)
Microsoft.NETCore.Platforms (>= 1.1)
Octokit (0.29)
System.Collections.Immutable (1.4)
NETStandard.Library (>= 1.6.1) - restriction: && (>= net461) (< netstandard2.0)
System.Reflection.Metadata (1.5)
NETStandard.Library (>= 1.6.1) - restriction: && (>= net461) (< netstandard2.0)
System.Collections.Immutable (>= 1.4)
System.ValueTuple (4.4)
remote: https://ci.appveyor.com/nuget/fsharp-formatting
FSharp.Formatting (3.0.0-beta09)
FSharp.Compiler.Service (>= 17.0.1 < 18.0)
Microsoft.AspNet.Razor (>= 3.2.3 < 4.0)
System.ValueTuple (>= 4.4 < 5.0)
GITHUB
remote: fsharp/FAKE
modules/Octokit/Octokit.fsx (13eee5a7b990fa310813f9760094aa3cfebeb33f)
Octokit (>= 0.20)
remote: enricosada/add_icon_to_exe
rh/ResourceHacker.exe (e11eda501acea369ac2950beb34b8888495bf21f)
GROUP FSharpDepManagerExtension
NUGET
remote: https://api.nuget.org/v3/index.json
FSharp.Core (5.0) - redirects: force
22 changes: 22 additions & 0 deletions utils.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4639,6 +4639,28 @@ export const parseCsPkgLockData = async function (csLockData) {
return pkgList;
};

export const parsePaketLockData = async function (paketLockData) {
const pkgList = [];
let pkg = null;
if (!paketLockData) {
return pkgList;
}
const pkgRegex = /\s+([a-zA-Z0-9-.]+) \(((?=.*?\.)[a-zA-Z0-9-.]+)\)/g;
for (const [, name, version] of paketLockData.matchAll(pkgRegex)) {
const purl = decodeURIComponent(
new PackageURL("nuget", "", name, version, null, null).toString()
);
pkg = {
group: "",
name: name,
version: version,
purl: purl
};
pkgList.push(pkg);
}
return pkgList;
};

/**
* Parse composer lock file
*
Expand Down
15 changes: 15 additions & 0 deletions utils.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ import {
parseCsProjData,
parseCsProjAssetsData,
parseCsPkgLockData,
parsePaketLockData,
getNugetMetadata,
parsePom,
getMvnMetadata,
Expand Down Expand Up @@ -1246,6 +1247,20 @@ test("parse packages.lock.json", async () => {
});
});

test("parse paket.lock", async () => {
expect(await parsePaketLockData(null)).toEqual([]);
const dep_list = await parsePaketLockData(
readFileSync("./test/data/paket.lock", { encoding: "utf-8" })
);
expect(dep_list.length).toEqual(13);
expect(dep_list[0]).toEqual({
group: "",
name: "0x53A.ReferenceAssemblies.Paket",
version: "0.2",
purl: "pkg:nuget/[email protected]"
});
});

test("parse .net cs proj", async () => {
expect(await parseCsProjData(null)).toEqual([]);
const dep_list = await parseCsProjData(
Expand Down

0 comments on commit 24d39c3

Please sign in to comment.