diff --git a/src/nuget-inspector/LockFileHelper.cs b/src/nuget-inspector/LockFileHelper.cs index 0257804c..f5a11e37 100644 --- a/src/nuget-inspector/LockFileHelper.cs +++ b/src/nuget-inspector/LockFileHelper.cs @@ -67,15 +67,21 @@ public DependencyResolution Process() { var tree_builder = new PackageTree(); var resolution = new DependencyResolution(); + var project_references = ProjectLockFile.Libraries + .Where( l => l.Type.Equals(ComponentType.Project) ) + .Select( l => l.Name) + .ToList(); foreach (var target in ProjectLockFile.Targets) { foreach (var library in target.Libraries) { + var type = library.Type; var name = library.Name; var version = library.Version.ToNormalizedString(); - var package = new BasePackage(name: name, version: version); + var package = new BasePackage(name: name, type: type, version: version); var dependencies = new List(); + foreach (var dependency in library.Dependencies) { var dep_name = dependency.Id; @@ -90,7 +96,10 @@ public DependencyResolution Process() } else { - var depId = new BasePackage(name: dep_name, version: best_version.ToNormalizedString()); + var dep_type = project_references.Contains( dep_name) + ? ComponentType.Project + : ComponentType.NuGet; + var depId = new BasePackage(name: dep_name, dep_type, version: best_version.ToNormalizedString()); dependencies.Add(item: depId); } } @@ -111,7 +120,10 @@ public DependencyResolution Process() foreach (var dep in ProjectLockFile.PackageSpec.Dependencies) { var version = tree_builder.GetResolvedVersion(name: dep.Name, range: dep.LibraryRange.VersionRange); - resolution.Dependencies.Add(item: new BasePackage(name: dep.Name, version: version)); + var dep_type1 = project_references.Contains( dep.Name ) + ? ComponentType.Project + : ComponentType.NuGet; + resolution.Dependencies.Add(item: new BasePackage(name: dep.Name, dep_type1, version: version)); } } else @@ -128,8 +140,11 @@ public DependencyResolution Process() { foreach (var dep in framework.Dependencies) { + var dep_type1 = project_references.Contains( dep.Name ) + ? ComponentType.Project + : ComponentType.NuGet; var version = tree_builder.GetResolvedVersion(name: dep.Name, range: dep.LibraryRange.VersionRange); - resolution.Dependencies.Add(item: new BasePackage(name: dep.Name, version: version)); + resolution.Dependencies.Add(item: new BasePackage(name: dep.Name, dep_type1, version: version)); } } } @@ -152,8 +167,13 @@ public DependencyResolution Process() version = library_version.ToNormalizedString(); } - resolution.Dependencies.Add( - item: new BasePackage(name: project_dependency.GetName()!, version: version)); + var name = project_dependency.GetName()!; + + + var dep_type1 = project_references.Contains( name ) + ? ComponentType.Project + : ComponentType.NuGet; + resolution.Dependencies.Add(item: new BasePackage(name: name, dep_type1, version: version)); } } diff --git a/src/nuget-inspector/Models.cs b/src/nuget-inspector/Models.cs index 0cda11dc..72fb13bc 100644 --- a/src/nuget-inspector/Models.cs +++ b/src/nuget-inspector/Models.cs @@ -14,6 +14,7 @@ public class Dependency public string? name; public NuGetFramework? framework; public VersionRange? version_range; + public string type; public bool is_direct; //True only for legacy packages.config-based projects only when set there @@ -21,6 +22,7 @@ public class Dependency public Dependency( string? name, + string type, VersionRange? version_range, NuGetFramework? framework = null, bool is_direct = false, @@ -28,6 +30,7 @@ public Dependency( { this.framework = framework; this.name = name; + this.type = type; this.version_range = version_range; this.is_direct = is_direct; this.is_development_dependency = is_development_dependency; @@ -40,6 +43,7 @@ public BasePackage CreateEmptyBasePackage() { return new BasePackage( name: name!, + type: type, version: version_range?.MinVersion.ToNormalizedString(), framework: framework?.ToString() ); @@ -144,6 +148,12 @@ public VersionPair(string rawVersion, NuGetVersion version) } } + public static class ComponentType + { + public const string NuGet = "nuget"; + public const string Project = "project"; + } + /// /// Package data object using purl as identifying attributes as /// specified here https://github.com/package-url/purl-spec @@ -196,9 +206,10 @@ public class BasePackage : IEquatable, IComparable public BasePackage(){} - public BasePackage(string name, string? version, string? framework = "", string? datafile_path = "") + public BasePackage(string name, string type, string? version, string? framework = "", string? datafile_path = "") { this.name = name; + this.type = type; this.version = version; if (!string.IsNullOrWhiteSpace(framework)) this.version = version; @@ -210,7 +221,7 @@ public BasePackage(string name, string? version, string? framework = "", string? public static BasePackage FromPackage(BasePackage package, List dependencies) { - return new(name: package.name, version: package.version) + return new(name: package.name, type: package.type, version: package.version) { extra_data = package.extra_data, dependencies = dependencies @@ -226,6 +237,7 @@ public BasePackage Clone(bool with_deps=false) return new BasePackage( name: name, + type: type, version:version, datafile_path: datafile_path ) @@ -318,7 +330,8 @@ public void Update(NugetApi nugetApi, bool with_details = false) try { - UpdateWithRemoteMetadata(nugetApi, with_details: with_details); + if( !type.Equals( ComponentType.Project ) ) + UpdateWithRemoteMetadata(nugetApi, with_details: with_details); } catch (Exception ex) { @@ -638,7 +651,7 @@ public bool IsEnhanced(){ public static PackageDownload FromSpdi(SourcePackageDependencyInfo spdi) { PackageDownload download = new(){ download_url = spdi.DownloadUri.ToString() }; - /// Note that this hash is unlikely there per https://github.com/NuGet/NuGetGallery/issues/9433 + // Note that this hash is unlikely there per https://github.com/NuGet/NuGetGallery/issues/9433 if (!string.IsNullOrEmpty(spdi.PackageHash)) { download.hash = spdi.PackageHash; diff --git a/src/nuget-inspector/NugetResolverHelper.cs b/src/nuget-inspector/NugetResolverHelper.cs index 4646d32c..baab2613 100644 --- a/src/nuget-inspector/NugetResolverHelper.cs +++ b/src/nuget-inspector/NugetResolverHelper.cs @@ -56,12 +56,13 @@ public void ResolveOne(Dependency dependency) } if (dependency.name != null) - package_tree.AddOrUpdatePackage(id: new BasePackage(name: dependency.name, version: version)); + package_tree.AddOrUpdatePackage(id: new BasePackage(name: dependency.name, type: dependency.type, version: version)); return; } var base_package = new BasePackage( name: dependency.name!, + type: dependency.type, version: psmr.Identity.Version.ToNormalizedString()); IEnumerable packages = nugetApi.GetPackageDependenciesForPackage( @@ -74,7 +75,7 @@ public void ResolveOne(Dependency dependency) var resolved_version = package_tree.GetResolvedVersion(name: pkg.Id, range: pkg.VersionRange); if (resolved_version != null) { - var base_pkg = new BasePackage(name: pkg.Id, version: resolved_version); + var base_pkg = new BasePackage(name: pkg.Id, type: ComponentType.NuGet, version: resolved_version); dependencies.Add(item: base_pkg); if (Config.TRACE) Console.WriteLine($" dependencies.Add name: {pkg.Id}, version: {resolved_version}"); @@ -93,6 +94,7 @@ public void ResolveOne(Dependency dependency) var dependent_package = new BasePackage( name: psrm.Identity.Id, + type: ComponentType.NuGet, version: psrm.Identity.Version.ToNormalizedString()); dependencies.Add(item: dependent_package); @@ -101,6 +103,7 @@ public void ResolveOne(Dependency dependency) { Dependency pd = new( name: pkg.Id, + type: ComponentType.NuGet, version_range: pkg.VersionRange, framework: dependency.framework); diff --git a/src/nuget-inspector/PackagesConfigHelper.cs b/src/nuget-inspector/PackagesConfigHelper.cs index fdfa327f..3b0579e0 100644 --- a/src/nuget-inspector/PackagesConfigHelper.cs +++ b/src/nuget-inspector/PackagesConfigHelper.cs @@ -28,7 +28,7 @@ public PackagesConfigHelper(NugetApi nugetApi) foreach (var depPair in pkg.Dependencies) { if (depPair.Key == id) - result.Add(item: depPair.Value); + result.Add(item: depPair.Value); } } @@ -39,8 +39,10 @@ public List ProcessAll(List dependencies) { foreach (var dependency in dependencies) { + Console.WriteLine( $"ProcessAll() Adding {dependency.type} {dependency.name} to builder" ); Add( id: dependency.name!, + type: dependency.type, name: dependency.name, range: dependency.version_range, framework: dependency.framework); @@ -60,12 +62,15 @@ public List ProcessAll(List dependencies) { deps.Add(item: new BasePackage( name: ResolutionDatas[key: dep].Name!, + type: ResolutionDatas[key: dep].Type!, version: ResolutionDatas[key: dep].CurrentVersion?.ToNormalizedString())); } } builder.AddOrUpdatePackage( - base_package: new BasePackage(name: data.Name!, + base_package: new BasePackage( + name: data.Name!, + type: data.Type!, version: data.CurrentVersion?.ToNormalizedString()), dependencies: deps!); } @@ -73,11 +78,12 @@ public List ProcessAll(List dependencies) return builder.GetPackageList(); } - public void Add(string id, string? name, VersionRange? range, NuGetFramework? framework) + public void Add(string id, string type, string? name, VersionRange? range, NuGetFramework? framework) { id = id.ToLower(); Resolve( id: id, + type: type, name: name, project_target_framework: framework, overrideRange: range); @@ -85,12 +91,14 @@ public void Add(string id, string? name, VersionRange? range, NuGetFramework? fr private void Resolve( string id, + string type, string? name, NuGetFramework? project_target_framework = null, VersionRange? overrideRange = null) { id = id.ToLower(); ResolutionData data = new(); + data.Type = type; if (ResolutionDatas.ContainsKey(key: id)) { data = ResolutionDatas[key: id]; @@ -138,6 +146,7 @@ private void Resolve( data.Dependencies.Add(key: dependency.Id.ToLower(), value: dependency.VersionRange); Resolve( id: dependency.Id.ToLower(), + type: ComponentType.NuGet, name: dependency.Id, project_target_framework: project_target_framework); } @@ -150,5 +159,6 @@ private class ResolutionData public readonly Dictionary Dependencies = new(); public VersionRange? ExternalVersionRange; public string? Name; + public string? Type; } } \ No newline at end of file diff --git a/src/nuget-inspector/PackagesConfigProcessor.cs b/src/nuget-inspector/PackagesConfigProcessor.cs index b36deb6c..0226479e 100644 --- a/src/nuget-inspector/PackagesConfigProcessor.cs +++ b/src/nuget-inspector/PackagesConfigProcessor.cs @@ -101,6 +101,7 @@ private List GetDependencies() Dependency dep = new( name: name, + type: ComponentType.NuGet, version_range: range, framework: package_framework, is_direct: true, diff --git a/src/nuget-inspector/Program.cs b/src/nuget-inspector/Program.cs index c2d809d5..2d15e00f 100644 --- a/src/nuget-inspector/Program.cs +++ b/src/nuget-inspector/Program.cs @@ -37,7 +37,7 @@ public static void Main(string[] args) } /// - /// Return True if there is an warning in the results. + /// Return True if there is a warning in the results. /// public static bool Has_warnings(OutputFormatJson output) { @@ -52,7 +52,7 @@ public static bool Has_warnings(OutputFormatJson output) { if (dep.warnings.Any()) has_dep_level = true; - break; + break; } return has_dep_level; } @@ -73,7 +73,7 @@ public static bool Has_errors(OutputFormatJson output) { if (dep.errors.Any()) has_dep_level = true; - break; + break; } return has_dep_level; } @@ -111,6 +111,7 @@ private static ExecutionResult ExecuteInspector(Options options) Stopwatch deps_timer = Stopwatch.StartNew(); ScanResult scan_result = scanner.RunScan(); + deps_timer.Stop(); Stopwatch meta_timer = Stopwatch.StartNew(); @@ -163,7 +164,7 @@ private static ExecutionResult ExecuteInspector(Options options) if (with_warnings) PrintWarnings(scan_result, project_package); - return ExecutionResult.Succeeded(); + return ExecutionResult.Succeeded(); } else { diff --git a/src/nuget-inspector/ProjectFileProcessor.cs b/src/nuget-inspector/ProjectFileProcessor.cs index 005bc314..b4155d59 100644 --- a/src/nuget-inspector/ProjectFileProcessor.cs +++ b/src/nuget-inspector/ProjectFileProcessor.cs @@ -42,6 +42,7 @@ public List GetDependenciesFromReferences(List ref var rpid = reference.PackageIdentity; var dep = new Dependency( name: rpid.Id, + type: ComponentType.NuGet, version_range: reference.AllowedVersions ?? new VersionRange(rpid.Version), framework: ProjectFramework, is_direct: true); @@ -408,6 +409,7 @@ public DependencyResolution ResolveUseGather() } BasePackage dep = new( name: resolved_dep.Id, + type: ComponentType.NuGet, version: resolved_dep.Version.ToString(), framework: ProjectFramework!.GetShortFolderName()); @@ -456,6 +458,7 @@ public DependencyResolution ResolveUsingLib() } BasePackage dep = new( name: resolved_dep.Id, + type: ComponentType.NuGet, version: resolved_dep.Version.ToString(), framework: ProjectFramework!.GetShortFolderName()); diff --git a/src/nuget-inspector/ProjectJsonProcessor.cs b/src/nuget-inspector/ProjectJsonProcessor.cs index db9940c9..1d97ee64 100644 --- a/src/nuget-inspector/ProjectJsonProcessor.cs +++ b/src/nuget-inspector/ProjectJsonProcessor.cs @@ -27,6 +27,7 @@ public DependencyResolution Resolve() { var bpwd = new BasePackage( name: package.Name, + type: ComponentType.NuGet, version: package.LibraryRange.VersionRange.OriginalString ); resolution.Dependencies.Add(item: bpwd); diff --git a/src/nuget-inspector/ProjectScanner.cs b/src/nuget-inspector/ProjectScanner.cs index 53f902f2..8a0d5a6c 100644 --- a/src/nuget-inspector/ProjectScanner.cs +++ b/src/nuget-inspector/ProjectScanner.cs @@ -88,8 +88,8 @@ static string combine_paths(string? project_directory, string file_name) string project_directory = ScannerOptions.ProjectDirectory; - // TODO: Also rarer files named packahes..congig - // See CommandLineUtility.IsValidConfigFileName(Path.GetFileName(path) + // TODO: Also rarer files named packages..config + // See CommandLineUtility.IsValidConfigFileName(Path.GetFileName(path) if (string.IsNullOrWhiteSpace(value: ScannerOptions.PackagesConfigPath)) ScannerOptions.PackagesConfigPath = combine_paths(project_directory, "packages.config"); @@ -152,6 +152,7 @@ public ScanResult RunScan() var project = new BasePackage( name: ScannerOptions.ProjectName!, + type: ComponentType.Project, version: ScannerOptions.ProjectVersion, datafile_path: ScannerOptions.ProjectFilePath ); @@ -174,11 +175,11 @@ public ScanResult RunScan() IDependencyProcessor resolver; // project.assets.json is the gold standard when available - // TODO: make the use of lockfiles optional + // TODO: make the use of lock files optional if (FileExists(path: ScannerOptions.ProjectAssetsJsonPath!)) { if (Config.TRACE) - Console.WriteLine($" Using project-assets.json lockfile at: {ScannerOptions.ProjectAssetsJsonPath}"); + Console.WriteLine($" Using project.assets.json lockfile at: {ScannerOptions.ProjectAssetsJsonPath}"); try { resolver = new ProjectAssetsJsonProcessor(projectAssetsJsonPath: ScannerOptions.ProjectAssetsJsonPath!); @@ -287,7 +288,6 @@ public ScanResult RunScan() // first we try using MSbuild to read the project if (Config.TRACE) Console.WriteLine($" Using project file: {ScannerOptions.ProjectFilePath}"); - try { resolver = new ProjectFileProcessor(