dependabot-nuget 0.246.0 → 0.247.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3e0fef609dc45e4b8d8f1bc8bf9c4d62ee6fd83a4fea8e28ae9022a469151875
-  data.tar.gz: caab818c3d702d5f34c1986e7ca9dca6b7457eade3a0c5f4d4df004682193d98
+  metadata.gz: 9e8dda5e47b38dec152ba8797986aaaca62fde7dbed194960864b779932d6ff7
+  data.tar.gz: 4f1cb76b3dafc332d90ddf7acec0b39c6295d2d9749741e3229af6ad7d7e363d
 SHA512:
-  metadata.gz: ce37d23d0440b68f8fce93364bcda68d61fb093b2435e853f956549c6c44e1bb68940ad06365e54c70ec18d667faa251455dc28f201b1b93b9410bfc1861681c
-  data.tar.gz: '0396865c4813a9c0b357826545eb6dcbee4c350d62fceed1d97469a9de4c0f2ec751974d07862d7667b0824a24bff12453f8f5309789e6a10a1ca7c25cb0a4f6'
+  metadata.gz: c350131e183da643b7caf57a76acc2cb954e9d7f0a4532b340db90a064f0e1b7d735a531d2bea8efea6ee483060b3dbb8efb4a8e1567d2c9d30d88bc907848f2
+  data.tar.gz: 9f2a6505e1eca5a2fbe8369e8e21ce0b5eabc4c658bec9d628b5250c16f78f40a7c8b19bc0778b2b7fe6e0c3b215a71b2282407544eb0f6808bdfde3da35d8e0

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs

@@ -17,6 +17,8 @@ using Microsoft.Build.Exceptions;
 using Microsoft.Build.Locator;
 using Microsoft.Extensions.FileSystemGlobbing;
 
+using NuGet.Configuration;
+
 using NuGetUpdater.Core.Utilities;
 
 namespace NuGetUpdater.Core;
@@ -82,14 +84,10 @@ internal static partial class MSBuildHelper
         {
             var (resultType, tfms, errorMessage) =
                 GetEvaluatedValue(targetFrameworkValue, propertyInfo, propertiesToIgnore: ["TargetFramework", "TargetFrameworks"]);
-            if (resultType == EvaluationResultType.PropertyIgnored)
+            if (resultType != EvaluationResultType.Success)
             {
                 continue;
             }
-            else if (resultType != EvaluationResultType.Success)
-            {
-                throw new InvalidDataException(errorMessage);
-            }
 
             if (string.IsNullOrEmpty(tfms))
             {
@@ -335,6 +333,25 @@ internal static partial class MSBuildHelper
         return projectRoot;
     }
 
+    private static IEnumerable<PackageSource>? LoadPackageSources(string nugetConfigPath)
+    {
+        try
+        {
+            var nugetConfigDir = Path.GetDirectoryName(nugetConfigPath);
+            var settings = Settings.LoadSpecificSettings(nugetConfigDir, Path.GetFileName(nugetConfigPath));
+            var packageSourceProvider = new PackageSourceProvider(settings);
+            return packageSourceProvider.LoadPackageSources();
+        }
+        catch (NuGetConfigurationException ex)
+        {
+            Console.WriteLine("Error while parsing NuGet.config");
+            Console.WriteLine(ex.Message);
+
+            // Nuget.config is invalid. Won't be able to do anything with specific sources.
+            return null;
+        }
+    }
+
     private static async Task<string> CreateTempProjectAsync(
         DirectoryInfo tempDir,
         string repoRoot,
@@ -345,10 +362,27 @@ internal static partial class MSBuildHelper
         var projectDirectory = Path.GetDirectoryName(projectPath);
         projectDirectory ??= repoRoot;
         var topLevelFiles = Directory.GetFiles(repoRoot);
-        var nugetConfigPath = PathHelper.GetFileInDirectoryOrParent(projectDirectory, repoRoot, "NuGet.Config", caseSensitive: false);
+        var nugetConfigPath = PathHelper.GetFileInDirectoryOrParent(projectPath, repoRoot, "NuGet.Config", caseSensitive: false);
         if (nugetConfigPath is not null)
         {
+            // Copy nuget.config to temp project directory
             File.Copy(nugetConfigPath, Path.Combine(tempDir.FullName, "NuGet.Config"));
+            var nugetConfigDir = Path.GetDirectoryName(nugetConfigPath);
+
+            var packageSources = LoadPackageSources(nugetConfigPath);
+            if (packageSources is not null)
+            {
+                // We need to copy local package sources from the NuGet.Config file to the temp directory
+                foreach (var localSource in packageSources.Where(p => p.IsLocal))
+                {
+                    var subDir = localSource.Source.Split(nugetConfigDir)[1];
+                    var destPath = Path.Join(tempDir.FullName, subDir);
+                    if (Directory.Exists(localSource.Source))
+                    {
+                        PathHelper.CopyDirectory(localSource.Source, destPath);
+                    }
+                }
+            }
         }
 
         var packageReferences = string.Join(

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/PathHelper.cs

@@ -79,4 +79,31 @@ internal static class PathHelper
 
         return null;
     }
+
+    public static void CopyDirectory(string sourceDirectory, string destinationDirectory)
+    {
+        var sourceDirInfo = new DirectoryInfo(sourceDirectory);
+        var destinationDirInfo = new DirectoryInfo(destinationDirectory);
+
+        if (!sourceDirInfo.Exists)
+        {
+            throw new DirectoryNotFoundException($"Source directory does not exist or could not be found: {sourceDirectory}");
+        }
+
+        if (!destinationDirInfo.Exists)
+        {
+            destinationDirInfo.Create();
+        }
+
+        foreach (var file in sourceDirInfo.EnumerateFiles())
+        {
+            file.CopyTo(Path.Combine(destinationDirectory, file.Name), true);
+        }
+
+        foreach (var subDir in sourceDirInfo.EnumerateDirectories())
+        {
+            var newDestinationDir = Path.Combine(destinationDirectory, subDir.Name);
+            CopyDirectory(subDir.FullName, newDestinationDir);
+        }
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.Sdk.cs

@@ -2479,5 +2479,23 @@ public partial class UpdateWorkerTests
                 </Project>
                 """);
         }
+
+        [Fact]
+        public async Task NoChange_IfTargetFrameworkCouldNotBeEvaluated()
+        {
+            // Make sure we don't throw if the project's TFM is an unresolvable property
+            await TestNoChangeforProject("Newtonsoft.Json", "7.0.1", "13.0.1",
+                projectContents: """
+                    <Project Sdk="Microsoft.NET.Sdk">
+                      <PropertyGroup>
+                        <TargetFramework>$(PropertyThatCannotBeResolved)</TargetFramework>
+                      </PropertyGroup>
+                      <ItemGroup>
+                        <PackageReference Include="Newtonsoft.Json" Version="7.0.1" />
+                      </ItemGroup>
+                    </Project>
+                    """
+                );
+        }
     }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs

@@ -319,6 +319,116 @@ public class MSBuildHelperTests
         Assert.Equal(expectedDependencies, actualDependencies);
     }
 
+    [Fact]
+    public async Task GetAllPackageDependencies_NugetConfigInvalid_DoesNotThrow()
+    {
+        var nugetPackagesDirectory = Environment.GetEnvironmentVariable("NUGET_PACKAGES");
+        var nugetHttpCacheDirectory = Environment.GetEnvironmentVariable("NUGET_HTTP_CACHE_PATH");
+
+        try
+        {
+            using var temp = new TemporaryDirectory();
+
+            // It is important to have empty NuGet caches for this test, so override them with temp directories.
+            var tempNuGetPackagesDirectory = Path.Combine(temp.DirectoryPath, ".nuget", "packages");
+            Environment.SetEnvironmentVariable("NUGET_PACKAGES", tempNuGetPackagesDirectory);
+            var tempNuGetHttpCacheDirectory = Path.Combine(temp.DirectoryPath, ".nuget", "v3-cache");
+            Environment.SetEnvironmentVariable("NUGET_HTTP_CACHE_PATH", tempNuGetHttpCacheDirectory);
+
+            // Write the NuGet.config with a missing "/>"
+            await File.WriteAllTextAsync(
+                Path.Combine(temp.DirectoryPath, "NuGet.Config"), """
+                <?xml version="1.0" encoding="utf-8"?>
+                <configuration>
+                  <packageSources>
+                    <clear />
+                    <add key="contoso" value="https://contoso.com/v3/index.json"
+                  </packageSources>
+                </configuration>
+                """);
+
+            // Asserting it didn't throw
+            var actualDependencies = await MSBuildHelper.GetAllPackageDependenciesAsync(
+                temp.DirectoryPath,
+                temp.DirectoryPath,
+                "netstandard2.0",
+                [new Dependency("Newtonsoft.Json", "4.5.11", DependencyType.Unknown)]
+            );
+        }
+        finally
+        {
+            // Restore the NuGet caches.
+            Environment.SetEnvironmentVariable("NUGET_PACKAGES", nugetPackagesDirectory);
+            Environment.SetEnvironmentVariable("NUGET_HTTP_CACHE_PATH", nugetHttpCacheDirectory);
+        }
+    }
+
+    [Fact]
+    public async Task GetAllPackageDependencies_LocalNuGetRepos_AreCopiedToTempProject()
+    {
+        // If we end up using this EnvVar pattern again I think it'd be worth it to abstract it out into an IDisposable.
+        var nugetPackagesDirectory = Environment.GetEnvironmentVariable("NUGET_PACKAGES");
+        var nugetHttpCacheDirectory = Environment.GetEnvironmentVariable("NUGET_HTTP_CACHE_PATH");
+        var logger = new Logger(verbose: true);
+        try
+        {
+            // First create a fake local nuget repository
+            using var restoreDir = new TemporaryDirectory();
+
+            var restoreNuGetPackagesDirectory = Path.Combine(restoreDir.DirectoryPath, ".nuget", "packages");
+            Environment.SetEnvironmentVariable("NUGET_PACKAGES", restoreNuGetPackagesDirectory);
+            var restoreNuGetHttpCacheDirectory = Path.Combine(restoreDir.DirectoryPath, ".nuget", "v3-cache");
+            Environment.SetEnvironmentVariable("NUGET_HTTP_CACHE_PATH", restoreNuGetHttpCacheDirectory);
+
+            using var temp = new TemporaryDirectory();
+            using (var restoreProjectTemp = new TemporaryDirectory())
+            {
+                // dotnet restore .csproj with things we want
+                await MSBuildHelper.DependenciesAreCoherentAsync(restoreProjectTemp.DirectoryPath, restoreProjectTemp.DirectoryPath, "netstandard2.0",
+                    [new Dependency("Newtonsoft.Json", "4.5.11", DependencyType.Unknown)], logger);
+                Assert.True(Directory.Exists(restoreNuGetPackagesDirectory), "packages directory didn't exist");
+                PathHelper.CopyDirectory(restoreNuGetPackagesDirectory, Path.Combine(temp.DirectoryPath, "local_repo"));
+            }
+
+            // It is important to have empty NuGet caches for this test, so override them with temp directories.
+            var tempNuGetPackagesDirectory = Path.Combine(temp.DirectoryPath, ".nuget", "packages");
+            Environment.SetEnvironmentVariable("NUGET_PACKAGES", tempNuGetPackagesDirectory);
+            var tempNuGetHttpCacheDirectory = Path.Combine(temp.DirectoryPath, ".nuget", "v3-cache");
+            Environment.SetEnvironmentVariable("NUGET_HTTP_CACHE_PATH", tempNuGetHttpCacheDirectory);
+
+            // Write the NuGet.config.
+            await File.WriteAllTextAsync(
+                Path.Combine(temp.DirectoryPath, "NuGet.Config"), """
+                <?xml version="1.0" encoding="utf-8"?>
+                <configuration>
+                  <packageSources>
+                    <clear />
+                    <add key="local-repo" value="local_repo" />
+                  </packageSources>
+                </configuration>
+                """);
+            var expectedDependencies = new Dependency[]
+            {
+                new("Newtonsoft.Json", "4.5.11", DependencyType.Unknown),
+                new("NETStandard.Library", "2.0.3", DependencyType.Unknown),
+            };
+            var actualDependencies = await MSBuildHelper.GetAllPackageDependenciesAsync(
+                temp.DirectoryPath,
+                temp.DirectoryPath,
+                "netstandard2.0",
+                [new Dependency("Newtonsoft.Json", "4.5.11", DependencyType.Unknown)]
+            );
+            Assert.False(Directory.Exists(tempNuGetHttpCacheDirectory), "The .nuget/.v3-cache directory was created, meaning http was used.");
+            Assert.Equal(expectedDependencies, actualDependencies);
+        }
+        finally
+        {
+            // Restore the NuGet caches.
+            Environment.SetEnvironmentVariable("NUGET_PACKAGES", nugetPackagesDirectory);
+            Environment.SetEnvironmentVariable("NUGET_HTTP_CACHE_PATH", nugetHttpCacheDirectory);
+        }
+    }
+
     [Fact]
     public async Task AllPackageDependenciesCanBeFoundWithNuGetConfig()
     {

data/lib/dependabot/nuget/cache_manager.rb

@@ -1,21 +1,27 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
+require "set"
+require "sorbet-runtime"
+
 require "dependabot/file_fetchers"
 require "dependabot/file_fetchers/base"
-require "set"
 
 module Dependabot
   module Nuget
     class CacheManager
+      extend T::Sig
+
+      sig { returns(T::Boolean) }
       def self.caching_disabled?
         ENV["DEPENDABOT_NUGET_CACHE_DISABLED"] == "true"
       end
 
+      sig { params(name: String).returns(T::Hash[String, T.untyped]) }
       def self.cache(name)
         return {} if caching_disabled?
 
-        @cache ||= {}
+        @cache ||= T.let({}, T.nilable(T::Hash[String, T.untyped]))
         @cache[name] ||= {}
         @cache[name]
       end

data/lib/dependabot/nuget/file_fetcher/import_paths_finder.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "nokogiri"
@@ -10,24 +10,28 @@ module Dependabot
   module Nuget
     class FileFetcher
       class ImportPathsFinder
+        extend T::Sig
+        sig { params(project_file: T.untyped).void }
         def initialize(project_file:)
-          @project_file = project_file
+          @project_file = T.let(project_file, Dependabot::DependencyFile)
         end
 
+        sig { returns(T::Array[String]) }
         def import_paths
-          doc = Nokogiri::XML(project_file.content)
+          doc = T.let(Nokogiri::XML(project_file.content), Nokogiri::XML::Document)
           doc.remove_namespaces!
-          doc.xpath("/Project/Import").map do |import_node|
+          doc.xpath("/Project/Import").filter_map do |import_node|
             path = import_node.attribute("Project").value.strip.tr("\\", "/")
             path = File.join(current_dir, path) unless current_dir.nil?
             Pathname.new(path).cleanpath.to_path
           end
         end
 
+        sig { returns(T::Array[String]) }
         def project_reference_paths
-          doc = Nokogiri::XML(project_file.content)
+          doc = T.let(Nokogiri::XML(project_file.content), Nokogiri::XML::Document)
           doc.remove_namespaces!
-          nodes = doc.xpath("/Project/ItemGroup/ProjectReference").map do |node|
+          doc.xpath("/Project/ItemGroup/ProjectReference").filter_map do |node|
             attribute = node.attribute("Include")
             next unless attribute
 
@@ -35,14 +39,13 @@ module Dependabot
             path = File.join(current_dir, path) unless current_dir.nil?
             Pathname.new(path).cleanpath.to_path
           end
-
-          nodes.compact
         end
 
+        sig { returns(T::Array[String]) }
         def project_file_paths
-          doc = Nokogiri::XML(project_file.content)
+          doc = T.let(Nokogiri::XML(project_file.content), Nokogiri::XML::Document)
           doc.remove_namespaces!
-          nodes = doc.xpath("/Project/ItemGroup/ProjectFile").map do |node|
+          doc.xpath("/Project/ItemGroup/ProjectFile").filter_map do |node|
             attribute = node.attribute("Include")
             next unless attribute
 
@@ -50,14 +53,14 @@ module Dependabot
             path = File.join(current_dir, path) unless current_dir.nil?
             Pathname.new(path).cleanpath.to_path
           end
-
-          nodes.compact
         end
 
         private
 
+        sig { returns(Dependabot::DependencyFile) }
         attr_reader :project_file
 
+        sig { returns(T.nilable(String)) }
         def current_dir
           current_dir = project_file.name.rpartition("/").first
           current_dir = nil if current_dir == ""

data/lib/dependabot/nuget/file_fetcher/sln_project_paths_finder.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strong
 # frozen_string_literal: true
 
 require "pathname"
@@ -8,19 +8,27 @@ module Dependabot
   module Nuget
     class FileFetcher
       class SlnProjectPathsFinder
+        extend T::Sig
+
+        sig { params(sln_file: Dependabot::DependencyFile).void }
         def initialize(sln_file:)
           @sln_file = sln_file
         end
 
+        sig { returns(T::Array[String]) }
         def project_paths
-          paths = []
-          sln_file_lines = sln_file.content.lines
+          paths = T.let([], T::Array[String])
+          return paths unless sln_file.content
+
+          sln_file_lines = T.must(sln_file.content).lines
 
           sln_file_lines.each do |line|
             next unless line.match?(/^\s*Project\(/)
             next unless line.split('"')[5]
 
             path = line.split('"')[5]
+            next unless path
+
             path = path.tr("\\", "/")
 
             # If the path doesn't have an extension it's probably a directory
@@ -35,8 +43,10 @@ module Dependabot
 
         private
 
+        sig { returns(Dependabot::DependencyFile) }
         attr_reader :sln_file
 
+        sig { returns(T.nilable(String)) }
         def current_dir
           current_dir = sln_file.name.rpartition("/").first
           current_dir = nil if current_dir == ""