RubyGems - dependabot-core - Versions diffs - 0.79.4 → 0.80.0 - Mend

dependabot-core 0.79.4 → 0.80.0

Files changed (30) hide show

data/lib/dependabot/file_fetchers/dotnet/nuget/sln_project_paths_finder.rb DELETED

@@ -1,55 +0,0 @@
-# frozen_string_literal: true
-require "pathname"
-require "dependabot/file_fetchers/dotnet/nuget"
-module Dependabot
-  module FileFetchers
-    module Dotnet
-      class Nuget
-        class SlnProjectPathsFinder
-          PROJECT_PATH_REGEX =
-            /(?<=["'])[^"']*?\.(?:vb|cs|fs)proj(?=["'])/.freeze
-          def initialize(sln_file:)
-            @sln_file = sln_file
-          end
-          def project_paths
-            paths = []
-            sln_file_lines = sln_file.content.lines
-            sln_file_lines.each_with_index do |line, index|
-              next unless line.match?(/^\s*Project/)
-              # Don't know how to handle multi-line project declarations yet
-              next unless sln_file_lines[index + 1]&.match?(/^\s*EndProject/)
-              path = line.split('"')[5]
-              path = path.tr("\\", "/")
-              # If the path doesn't have an extension it's probably a directory
-              next unless path.match?(/\.[a-z]{2}proj$/)
-              path = File.join(current_dir, path) unless current_dir.nil?
-              paths << Pathname.new(path).cleanpath.to_path
-            end
-            paths
-          end
-          private
-          attr_reader :sln_file
-          def current_dir
-            parts = sln_file.name.split("/")[0..-2]
-            return if parts.empty?
-            parts.join("/")
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_parsers/dotnet/nuget.rb DELETED

@@ -1,85 +0,0 @@
-# frozen_string_literal: true
-require "nokogiri"
-require "dependabot/dependency"
-require "dependabot/file_parsers/base"
-# For details on how dotnet handles version constraints, see:
-# https://docs.microsoft.com/en-us/nuget/reference/package-versioning
-module Dependabot
-  module FileParsers
-    module Dotnet
-      class Nuget < Dependabot::FileParsers::Base
-        require "dependabot/file_parsers/base/dependency_set"
-        require "dependabot/file_parsers/dotnet/nuget/project_file_parser"
-        require "dependabot/file_parsers/dotnet/nuget/packages_config_parser"
-        PACKAGE_CONF_DEPENDENCY_SELECTOR = "packages > packages"
-        def parse
-          dependency_set = DependencySet.new
-          dependency_set += project_file_dependencies
-          dependency_set += packages_config_dependencies
-          dependency_set.dependencies
-        end
-        private
-        def project_file_dependencies
-          dependency_set = DependencySet.new
-          (project_files + project_import_files).each do |file|
-            parser = project_file_parser
-            dependency_set += parser.dependency_set(project_file: file)
-          end
-          dependency_set
-        end
-        def packages_config_dependencies
-          dependency_set = DependencySet.new
-          packages_config_files.each do |file|
-            parser = PackagesConfigParser.new(packages_config: file)
-            dependency_set += parser.dependency_set
-          end
-          dependency_set
-        end
-        def project_file_parser
-          @project_file_parser ||=
-            ProjectFileParser.new(dependency_files: dependency_files)
-        end
-        def project_files
-          dependency_files.select { |df| df.name.match?(/\.[a-z]{2}proj$/) }
-        end
-        def packages_config_files
-          dependency_files.select do |f|
-            f.name.split("/").last.casecmp("packages.config").zero?
-          end
-        end
-        def project_import_files
-          dependency_files -
-            project_files -
-            packages_config_files -
-            [nuget_config]
-        end
-        def nuget_config
-          dependency_files.find { |f| f.name.casecmp("nuget.config").zero? }
-        end
-        def check_required_files
-          return if project_files.any? || packages_config_files.any?
-          raise "No project file or packages.config!"
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_parsers/dotnet/nuget/packages_config_parser.rb DELETED

@@ -1,65 +0,0 @@
-# frozen_string_literal: true
-require "nokogiri"
-require "dependabot/dependency"
-require "dependabot/file_parsers/dotnet/nuget"
-# For details on packages.config files see:
-# https://docs.microsoft.com/en-us/nuget/reference/packages-config
-module Dependabot
-  module FileParsers
-    module Dotnet
-      class Nuget
-        class PackagesConfigParser
-          require "dependabot/file_parsers/base/dependency_set"
-          DEPENDENCY_SELECTOR = "packages > package"
-          def initialize(packages_config:)
-            @packages_config = packages_config
-          end
-          def dependency_set
-            dependency_set = Dependabot::FileParsers::Base::DependencySet.new
-            doc = Nokogiri::XML(packages_config.content)
-            doc.remove_namespaces!
-            doc.css(DEPENDENCY_SELECTOR).each do |dependency_node|
-              dependency_set <<
-                Dependency.new(
-                  name: dependency_name(dependency_node),
-                  version: dependency_version(dependency_node),
-                  package_manager: "nuget",
-                  requirements: [{
-                    requirement: dependency_version(dependency_node),
-                    file: packages_config.name,
-                    groups: [],
-                    source: nil
-                  }]
-                )
-            end
-            dependency_set
-          end
-          private
-          attr_reader :packages_config
-          def dependency_name(dependency_node)
-            dependency_node.attribute("id")&.value&.strip ||
-              dependency_node.at_xpath("./id")&.content&.strip
-          end
-          def dependency_version(dependency_node)
-            # Ranges and wildcards aren't allowed in a packages.config - the
-            # specified requirement is always an exact version.
-            dependency_node.attribute("version")&.value&.strip ||
-              dependency_node.at_xpath("./version")&.content&.strip
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_parsers/dotnet/nuget/project_file_parser.rb DELETED

@@ -1,156 +0,0 @@
-# frozen_string_literal: true
-require "nokogiri"
-require "dependabot/dependency"
-require "dependabot/file_parsers/dotnet/nuget"
-# For details on how dotnet handles version constraints, see:
-# https://docs.microsoft.com/en-us/nuget/reference/package-versioning
-module Dependabot
-  module FileParsers
-    module Dotnet
-      class Nuget
-        class ProjectFileParser
-          require "dependabot/file_parsers/base/dependency_set"
-          require_relative "property_value_finder"
-          DEPENDENCY_SELECTOR = "ItemGroup > PackageReference, "\
-                                "ItemGroup > Dependency, "\
-                                "ItemGroup > DevelopmentDependency"
-          PROPERTY_REGEX      = /\$\((?<property>.*?)\)/.freeze
-          def initialize(dependency_files:)
-            @dependency_files = dependency_files
-          end
-          def dependency_set(project_file:)
-            dependency_set = Dependabot::FileParsers::Base::DependencySet.new
-            doc = Nokogiri::XML(project_file.content)
-            doc.remove_namespaces!
-            doc.css(DEPENDENCY_SELECTOR).each do |dependency_node|
-              name = dependency_name(dependency_node, project_file)
-              req = dependency_requirement(dependency_node, project_file)
-              version = dependency_version(dependency_node, project_file)
-              prop_name = req_property_name(dependency_node)
-              dependency =
-                build_dependency(name, req, version, prop_name, project_file)
-              dependency_set << dependency if dependency
-            end
-            dependency_set
-          end
-          private
-          attr_reader :dependency_files
-          def build_dependency(name, req, version, prop_name, project_file)
-            return unless name
-            # Exclude any dependencies specified using interpolation
-            return if [name, req, version].any? { |s| s&.include?("%(") }
-            requirement = {
-              requirement: req,
-              file: project_file.name,
-              groups: [],
-              source: nil
-            }
-            if prop_name
-              # Get the root property name unless no details could be found,
-              # in which case use the top-level name to ease debugging
-              root_prop_name = details_for_property(prop_name, project_file)&.
-                               fetch(:root_property_name) || prop_name
-              requirement[:metadata] = { property_name: root_prop_name }
-            end
-            Dependency.new(
-              name: name,
-              version: version,
-              package_manager: "nuget",
-              requirements: [requirement]
-            )
-          end
-          def dependency_name(dependency_node, project_file)
-            raw_name =
-              dependency_node.attribute("Include")&.value&.strip ||
-              dependency_node.at_xpath("./Include")&.content&.strip
-            return unless raw_name
-            evaluated_value(raw_name, project_file)
-          end
-          def dependency_requirement(dependency_node, project_file)
-            raw_requirement =
-              dependency_node.attribute("Version")&.value&.strip ||
-              dependency_node.at_xpath("./Version")&.content&.strip
-            return unless raw_requirement
-            evaluated_value(raw_requirement, project_file)
-          end
-          def dependency_version(dependency_node, project_file)
-            requirement = dependency_requirement(dependency_node, project_file)
-            return unless requirement
-            # Remove brackets if present
-            version = requirement.gsub(/[\(\)\[\]]/, "").strip
-            # We don't know the version for range requirements or wildcard
-            # requirements, so return `nil` for these.
-            return if version.include?(",") || version.include?("*") ||
-                      version == ""
-            version
-          end
-          def req_property_name(dependency_node)
-            raw_requirement =
-              dependency_node.attribute("Version")&.value&.strip ||
-              dependency_node.at_xpath("./Version")&.content&.strip
-            return unless raw_requirement
-            return unless raw_requirement.match?(PROPERTY_REGEX)
-            raw_requirement.
-              match(PROPERTY_REGEX).
-              named_captures.fetch("property")
-          end
-          def evaluated_value(value, project_file)
-            return value unless value.match?(PROPERTY_REGEX)
-            property_name = value.match(PROPERTY_REGEX).
-                            named_captures.fetch("property")
-            property_details = details_for_property(property_name, project_file)
-            # Don't halt parsing for a missing property value until we're
-            # confident we're fetching property values correctly
-            return value unless property_details&.fetch(:value)
-            value.gsub(PROPERTY_REGEX, property_details&.fetch(:value))
-          end
-          def details_for_property(property_name, project_file)
-            property_value_finder.
-              property_details(
-                property_name: property_name,
-                callsite_file: project_file
-              )
-          end
-          def property_value_finder
-            @property_value_finder ||=
-              PropertyValueFinder.new(dependency_files: dependency_files)
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_parsers/dotnet/nuget/property_value_finder.rb DELETED

@@ -1,131 +0,0 @@
-# frozen_string_literal: true
-require "dependabot/file_fetchers/dotnet/nuget/import_paths_finder"
-require "dependabot/file_parsers/dotnet/nuget"
-# For docs, see:
-# - https://docs.microsoft.com/en-us/visualstudio/msbuild/msbuild-properties
-# - https://docs.microsoft.com/en-us/visualstudio/msbuild/customize-your-build
-module Dependabot
-  module FileParsers
-    module Dotnet
-      class Nuget
-        class PropertyValueFinder
-          PROPERTY_REGEX = /\$\((?<property>.*?)\)/.freeze
-          def initialize(dependency_files:)
-            @dependency_files = dependency_files
-          end
-          def property_details(property_name:, callsite_file:, stack: [])
-            stack += [[property_name, callsite_file.name]]
-            node_details = deep_find_prop_node(
-              property: property_name,
-              file: callsite_file
-            )
-            node_details ||=
-              find_property_in_directory_build_props(
-                property: property_name,
-                callsite_file: callsite_file
-              )
-            return unless node_details
-            return node_details unless node_details[:value] =~ PROPERTY_REGEX
-            check_next_level_of_stack(node_details, stack)
-          end
-          def check_next_level_of_stack(node_details, stack)
-            property_name = node_details.fetch(:value).
-                            match(PROPERTY_REGEX).
-                            named_captures.fetch("property")
-            callsite_file = dependency_files.
-                            find { |f| f.name == node_details.fetch(:file) }
-            if stack.include?([property_name, callsite_file.name])
-              raise "Circular reference!"
-            end
-            property_details(
-              property_name: property_name,
-              callsite_file: callsite_file,
-              stack: stack
-            )
-          end
-          private
-          attr_reader :dependency_files
-          def deep_find_prop_node(property:, file:)
-            doc = Nokogiri::XML(file.content)
-            doc.remove_namespaces!
-            node = doc.at_xpath(property_xpath(property))
-            # If we found a value for the property, return it
-            if node
-              return node_details(file: file, node: node, property: property)
-            end
-            # Otherwise, we need to look in an imported file
-            import_path_finder =
-              FileFetchers::Dotnet::Nuget::ImportPathsFinder.
-              new(project_file: file)
-            import_paths = [
-              *import_path_finder.import_paths,
-              *import_path_finder.project_reference_paths
-            ]
-            file = import_paths.
-                   map { |p| dependency_files.find { |f| f.name == p } }.
-                   compact.
-                   find { |f| deep_find_prop_node(property: property, file: f) }
-            return unless file
-            deep_find_prop_node(property: property, file: file)
-          end
-          def find_property_in_directory_build_props(property:, callsite_file:)
-            file = buildfile_for_project(callsite_file)
-            return unless file
-            deep_find_prop_node(property: property, file: file)
-          end
-          def buildfile_for_project(project_file)
-            dir = File.dirname(project_file.name)
-            # Nuget walks up the directory structure looking for a
-            # Directory.Build.props file
-            possible_paths = dir.split("/").map.with_index do |_, i|
-              base = dir.split("/").first(i + 1).join("/")
-              Pathname.new(base + "/Directory.Build.props").cleanpath.to_path
-            end.reverse + ["Directory.Build.props"]
-            path = possible_paths.uniq.
-                   find { |p| dependency_files.find { |f| f.name == p } }
-            dependency_files.find { |f| f.name == path }
-          end
-          def property_xpath(property_name)
-            "/Project/PropertyGroup/#{property_name}"
-          end
-          def node_details(file:, node:, property:)
-            {
-              file: file.name,
-              node: node,
-              value: node.content.strip,
-              root_property_name: property
-            }
-          end
-        end
-      end
-    end
-  end
-end