dependabot-nuget 0.288.0 → 0.290.0

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/PathHelperTests.cs

@@ -29,9 +29,54 @@ public class PathHelperTests
 
         var repoRootPath = Path.Combine(temp.DirectoryPath, "src");
 
-        var resolvedPath = PathHelper.ResolveCaseInsensitivePathInsideRepoRoot(Path.Combine(repoRootPath, "A", "PACKAGES.CONFIG"), repoRootPath);
+        var resolvedPath = PathHelper.ResolveCaseInsensitivePathsInsideRepoRoot(Path.Combine(repoRootPath, "A", "PACKAGES.CONFIG"), repoRootPath);
 
         var expected = Path.Combine(temp.DirectoryPath, "src", "a", "packages.config").NormalizePathToUnix();
-        Assert.Equal(expected, resolvedPath);
+        Assert.Equal(expected, resolvedPath!.First());
+    }
+
+    [LinuxOnlyFact]
+    public void VerifyMultipleMatchingPathsReturnsAllPaths()
+    {
+        using var temp = new TemporaryDirectory();
+        Directory.CreateDirectory(Path.Combine(temp.DirectoryPath, "src", "a"));
+        Directory.CreateDirectory(Path.Combine(temp.DirectoryPath, "src", "A"));
+
+        File.WriteAllText(Path.Combine(temp.DirectoryPath, "src", "a", "packages.config"), "");
+        File.WriteAllText(Path.Combine(temp.DirectoryPath, "src", "A", "packages.config"), "");
+
+        var repoRootPath = Path.Combine(temp.DirectoryPath, "src");
+
+        var resolvedPaths = PathHelper.ResolveCaseInsensitivePathsInsideRepoRoot(Path.Combine(repoRootPath, "A", "PACKAGES.CONFIG"), repoRootPath);
+
+        var expected = new[]
+        {
+            Path.Combine(temp.DirectoryPath, "src", "A", "packages.config").NormalizePathToUnix(),
+            Path.Combine(temp.DirectoryPath, "src", "a", "packages.config").NormalizePathToUnix(),
+        };
+
+        AssertEx.Equal(expected, resolvedPaths!);
+    }
+
+    [LinuxOnlyFact]
+    public async void FilesWithDifferentlyCasedDirectoriesCanBeResolved()
+    {
+        // arrange
+        using var temp = new TemporaryDirectory();
+        var testFile1 = "src/project1/project1.csproj";
+        var testFile2 = "SRC/project2/project2.csproj";
+        var testFiles = new[] { testFile1, testFile2 };
+        foreach (var testFile in testFiles)
+        {
+            var fullPath = Path.Join(temp.DirectoryPath, testFile); Directory.CreateDirectory(Path.GetDirectoryName(fullPath)!);
+            await File.WriteAllTextAsync(fullPath, "");
+        }
+
+        // act        
+        var actualFile1 = PathHelper.ResolveCaseInsensitivePathsInsideRepoRoot(Path.Join(temp.DirectoryPath, testFile1), temp.DirectoryPath);
+        var actualFile2 = PathHelper.ResolveCaseInsensitivePathsInsideRepoRoot(Path.Join(temp.DirectoryPath, testFile2), temp.DirectoryPath);
+
+        // assert        
+        Assert.EndsWith(testFile1, actualFile1![0]); Assert.EndsWith(testFile2, actualFile2![0]);
     }
 }

data/lib/dependabot/nuget/analysis/analysis_json_reader.rb

@@ -3,7 +3,7 @@
 
 require "dependabot/dependency"
 require "dependabot/nuget/analysis/dependency_analysis"
-require "dependabot/nuget/native_discovery/native_discovery_json_reader"
+require "dependabot/nuget/discovery/discovery_json_reader"
 require "json"
 require "sorbet-runtime"
 
@@ -14,7 +14,9 @@ module Dependabot
 
       sig { returns(String) }
       def self.temp_directory
-        File.join(NativeDiscoveryJsonReader.temp_directory, "analysis")
+        d = File.join(Dir.tmpdir, "analysis")
+        FileUtils.mkdir_p(d)
+        d
       end
 
       sig { params(dependency_name: String).returns(String) }

data/lib/dependabot/nuget/analysis/dependency_analysis.rb

@@ -20,7 +20,7 @@ module Dependabot
                                                              T::Boolean)
         updated_dependencies = T.let(json.fetch("UpdatedDependencies"),
                                      T::Array[T::Hash[String, T.untyped]]).map do |dep|
-          NativeDependencyDetails.from_json(dep)
+          DependencyDetails.from_json(dep)
         end
 
         DependencyAnalysis.new(
@@ -35,7 +35,7 @@ module Dependabot
         params(updated_version: String,
                can_update: T::Boolean,
                version_comes_from_multi_dependency_property: T::Boolean,
-               updated_dependencies: T::Array[NativeDependencyDetails]).void
+               updated_dependencies: T::Array[DependencyDetails]).void
       end
       def initialize(updated_version:, can_update:, version_comes_from_multi_dependency_property:,
                      updated_dependencies:)
@@ -54,7 +54,7 @@ module Dependabot
       sig { returns(T::Boolean) }
       attr_reader :version_comes_from_multi_dependency_property
 
-      sig { returns(T::Array[NativeDependencyDetails]) }
+      sig { returns(T::Array[DependencyDetails]) }
       attr_reader :updated_dependencies
 
       sig { returns(Dependabot::Nuget::Version) }

data/lib/dependabot/nuget/discovery/dependency_details.rb

@@ -22,6 +22,7 @@ module Dependabot
         is_transitive = T.let(json.fetch("IsTransitive"), T::Boolean)
         is_override = T.let(json.fetch("IsOverride"), T::Boolean)
         is_update = T.let(json.fetch("IsUpdate"), T::Boolean)
+        info_url = T.let(json.fetch("InfoUrl"), T.nilable(String))
 
         DependencyDetails.new(name: name,
                               version: version,
@@ -32,7 +33,8 @@ module Dependabot
                               is_direct: is_direct,
                               is_transitive: is_transitive,
                               is_override: is_override,
-                              is_update: is_update)
+                              is_update: is_update,
+                              info_url: info_url)
       end
 
       sig do
@@ -45,10 +47,11 @@ module Dependabot
                is_direct: T::Boolean,
                is_transitive: T::Boolean,
                is_override: T::Boolean,
-               is_update: T::Boolean).void
+               is_update: T::Boolean,
+               info_url: T.nilable(String)).void
       end
       def initialize(name:, version:, type:, evaluation:, target_frameworks:, is_dev_dependency:, is_direct:,
-                     is_transitive:, is_override:, is_update:)
+                     is_transitive:, is_override:, is_update:, info_url:)
         @name = name
         @version = version
         @type = type
@@ -59,6 +62,7 @@ module Dependabot
         @is_transitive = is_transitive
         @is_override = is_override
         @is_update = is_update
+        @info_url = info_url
       end
 
       sig { returns(String) }
@@ -90,6 +94,9 @@ module Dependabot
 
       sig { returns(T::Boolean) }
       attr_reader :is_update
+
+      sig { returns(T.nilable(String)) }
+      attr_reader :info_url
     end
   end
 end

data/lib/dependabot/nuget/discovery/dependency_file_discovery.rb

@@ -9,11 +9,14 @@ module Dependabot
     class DependencyFileDiscovery
       extend T::Sig
 
-      sig { params(json: T.nilable(T::Hash[String, T.untyped])).returns(T.nilable(DependencyFileDiscovery)) }
-      def self.from_json(json)
+      sig do
+        params(json: T.nilable(T::Hash[String, T.untyped]),
+               directory: String).returns(T.nilable(DependencyFileDiscovery))
+      end
+      def self.from_json(json, directory)
         return nil if json.nil?
 
-        file_path = T.let(json.fetch("FilePath"), String)
+        file_path = File.join(directory, T.let(json.fetch("FilePath"), String))
         dependencies = T.let(json.fetch("Dependencies"), T::Array[T::Hash[String, T.untyped]]).map do |dep|
           DependencyDetails.from_json(dep)
         end
@@ -38,7 +41,7 @@ module Dependabot
       attr_reader :dependencies
 
       sig { overridable.returns(Dependabot::FileParsers::Base::DependencySet) }
-      def dependency_set # rubocop:disable Metrics/PerceivedComplexity,Metrics/CyclomaticComplexity,Metrics/AbcSize
+      def dependency_set # rubocop:disable Metrics/PerceivedComplexity
         dependency_set = Dependabot::FileParsers::Base::DependencySet.new
 
         file_name = Pathname.new(file_path).cleanpath.to_path
@@ -62,14 +65,7 @@ module Dependabot
           # Exclude any dependencies which reference an item type
           next if dependency.name.include?("@(")
 
-          dependency_file_name = file_name
-          if dependency.type == "PackagesConfig"
-            dir_name = File.dirname(file_name)
-            dependency_file_name = "packages.config"
-            dependency_file_name = File.join(dir_name, "packages.config") unless dir_name == "."
-          end
-
-          dependency_set << build_dependency(dependency_file_name, dependency)
+          dependency_set << build_dependency(file_name, dependency)
         end
 
         dependency_set

data/lib/dependabot/nuget/discovery/discovery_json_reader.rb

@@ -2,6 +2,8 @@
 # frozen_string_literal: true
 
 require "dependabot/dependency"
+require "dependabot/file_parsers/base/dependency_set"
+require "dependabot/nuget/cache_manager"
 require "dependabot/nuget/discovery/workspace_discovery"
 require "json"
 require "sorbet-runtime"
@@ -11,37 +13,199 @@ module Dependabot
     class DiscoveryJsonReader
       extend T::Sig
 
-      DISCOVERY_JSON_PATH = ".dependabot/discovery.json"
+      sig { returns(T::Hash[String, DiscoveryJsonReader]) }
+      def self.cache_directory_to_discovery_json_reader
+        CacheManager.cache("cache_directory_to_discovery_json_reader")
+      end
 
-      sig { returns(String) }
-      private_class_method def self.temp_directory
-        Dir.tmpdir
+      sig { returns(T::Hash[String, DiscoveryJsonReader]) }
+      def self.cache_dependency_file_paths_to_discovery_json_reader
+        CacheManager.cache("cache_dependency_file_paths_to_discovery_json_reader")
+      end
+
+      sig { returns(T::Hash[String, String]) }
+      def self.cache_dependency_file_paths_to_discovery_json_path
+        CacheManager.cache("cache_dependency_file_paths_to_discovery_json_path")
+      end
+
+      sig { void }
+      def self.testonly_clear_caches
+        cache_directory_to_discovery_json_reader.clear
+        cache_dependency_file_paths_to_discovery_json_reader.clear
+        cache_dependency_file_paths_to_discovery_json_path.clear
+      end
+
+      sig { void }
+      def self.testonly_clear_discovery_files
+        # this will get recreated when necessary
+        FileUtils.rm_rf(discovery_directory)
+      end
+
+      # Runs NuGet dependency discovery in the given directory and returns a new instance of DiscoveryJsonReader.
+      # The location of the resultant JSON file is saved.
+      sig do
+        params(
+          repo_contents_path: String,
+          directory: String,
+          credentials: T::Array[Dependabot::Credential]
+        ).returns(DiscoveryJsonReader)
+      end
+      def self.run_discovery_in_directory(repo_contents_path:, directory:, credentials:)
+        # run discovery
+        job_file_path = ENV.fetch("DEPENDABOT_JOB_PATH")
+        discovery_json_path = discovery_file_path_from_workspace_path(directory)
+        unless File.exist?(discovery_json_path)
+          NativeHelpers.run_nuget_discover_tool(job_path: job_file_path,
+                                                repo_root: repo_contents_path,
+                                                workspace_path: directory,
+                                                output_path: discovery_json_path,
+                                                credentials: credentials)
+
+          Dependabot.logger.info("Discovery JSON content: #{File.read(discovery_json_path)}")
+        end
+        load_discovery_for_directory(repo_contents_path: repo_contents_path, directory: directory)
+      end
+
+      # Loads NuGet dependency discovery for the given directory and returns a new instance of DiscoveryJsonReader and
+      # caches the resultant object.
+      sig { params(repo_contents_path: String, directory: String).returns(DiscoveryJsonReader) }
+      def self.load_discovery_for_directory(repo_contents_path:, directory:)
+        cache_directory_to_discovery_json_reader[directory] ||= begin
+          discovery_json_reader = discovery_json_reader(repo_contents_path: repo_contents_path,
+                                                        workspace_path: directory)
+          cache_directory_to_discovery_json_reader[directory] = discovery_json_reader
+          dependency_file_cache_key = cache_key_from_dependency_file_paths(discovery_json_reader.dependency_file_paths)
+          cache_dependency_file_paths_to_discovery_json_reader[dependency_file_cache_key] = discovery_json_reader
+          discovery_file_path = discovery_file_path_from_workspace_path(directory)
+          cache_dependency_file_paths_to_discovery_json_path[dependency_file_cache_key] = discovery_file_path
+
+          discovery_json_reader
+        end
+      end
+
+      # Retrieves the cached DiscoveryJsonReader object for the given dependency file paths.
+      sig { params(dependency_file_paths: T::Array[String]).returns(DiscoveryJsonReader) }
+      def self.load_discovery_for_dependency_file_paths(dependency_file_paths)
+        dependency_file_cache_key = cache_key_from_dependency_file_paths(dependency_file_paths)
+        T.must(cache_dependency_file_paths_to_discovery_json_reader[dependency_file_cache_key])
+      end
+
+      # Retrieves the cached location of the discovery JSON file for the given dependency file paths.
+      sig { params(dependency_file_paths: T::Array[String]).returns(String) }
+      def self.get_discovery_json_path_for_dependency_file_paths(dependency_file_paths)
+        dependency_file_cache_key = cache_key_from_dependency_file_paths(dependency_file_paths)
+        T.must(cache_dependency_file_paths_to_discovery_json_path[dependency_file_cache_key])
+      end
+
+      sig { params(repo_contents_path: String, dependency_file: Dependabot::DependencyFile).returns(String) }
+      def self.dependency_file_path(repo_contents_path:, dependency_file:)
+        dep_file_path = Pathname.new(File.join(dependency_file.directory, dependency_file.name)).cleanpath.to_path
+        dep_file_path.delete_prefix("#{repo_contents_path}/")
       end
 
       sig { returns(String) }
-      def self.discovery_file_path
-        File.join(temp_directory, DISCOVERY_JSON_PATH)
+      def self.discovery_map_file_path
+        File.join(discovery_directory, "discovery_map.json")
       end
 
-      sig { returns(T.nilable(DependencyFile)) }
-      def self.discovery_json
-        return unless File.exist?(discovery_file_path)
+      sig { params(workspace_path: String).returns(String) }
+      def self.discovery_file_path_from_workspace_path(workspace_path)
+        # Given an update directory (also known as a workspace path), this function returns the path where the discovery
+        # JSON file is located.  This function is called both by methods that need to write the discovery JSON file and
+        # by methods that need to read the discovery JSON file.  This function is also called by multiple processes so
+        # we need a way to retain the data.  This is accomplished by the following steps:
+        #  1. Check a well-known file for a mapping of workspace_path => discovery file path.  If found, return it.
+        #  2. If the path is not found, generate a new path, save it to the well-known file, and return the value.
+        discovery_map_contents = File.exist?(discovery_map_file_path) ? File.read(discovery_map_file_path) : "{}"
+        discovery_map = T.let(JSON.parse(discovery_map_contents), T::Hash[String, String])
+
+        discovery_json_path = discovery_map[workspace_path]
+        if discovery_json_path
+          Dependabot.logger.info("Discovery JSON path for workspace path [#{workspace_path}] found in file " \
+                                 "[#{discovery_map_file_path}] at location [#{discovery_json_path}]")
+          return discovery_json_path
+        end
+
+        # no discovery JSON path found; generate a new one, but first find a suitable location
+        discovery_json_counter = 1
+        new_discovery_json_path = ""
+        loop do
+          new_discovery_json_path = File.join(discovery_directory, "discovery.#{discovery_json_counter}.json")
+          break unless File.exist?(new_discovery_json_path)
 
-        DependencyFile.new(
+          discovery_json_counter += 1
+        end
+
+        discovery_map[workspace_path] = new_discovery_json_path
+
+        File.write(discovery_map_file_path, discovery_map.to_json)
+        Dependabot.logger.info("Discovery JSON path for workspace path [#{workspace_path}] created for file " \
+                               "[#{discovery_map_file_path}] at location [#{new_discovery_json_path}]")
+        new_discovery_json_path
+      end
+
+      sig { params(dependency_file_paths: T::Array[String]).returns(String) }
+      def self.cache_key_from_dependency_file_paths(dependency_file_paths)
+        dependency_file_paths.sort.join(",")
+      end
+
+      sig { returns(String) }
+      def self.discovery_directory
+        t = File.join(Dir.home, ".dependabot")
+        FileUtils.mkdir_p(t)
+        t
+      end
+
+      sig { params(repo_contents_path: String, workspace_path: String).returns(DiscoveryJsonReader) }
+      def self.discovery_json_reader(repo_contents_path:, workspace_path:)
+        discovery_file_path = discovery_file_path_from_workspace_path(workspace_path)
+        discovery_json = DependencyFile.new(
           name: Pathname.new(discovery_file_path).cleanpath.to_path,
-          directory: temp_directory,
+          directory: discovery_directory,
           type: "file",
           content: File.read(discovery_file_path)
         )
+        DiscoveryJsonReader.new(repo_contents_path: repo_contents_path, discovery_json: discovery_json)
       end
 
-      sig { params(discovery_json: DependencyFile).void }
-      def initialize(discovery_json:)
+      sig { returns(T.nilable(WorkspaceDiscovery)) }
+      attr_reader :workspace_discovery
+
+      sig { returns(Dependabot::FileParsers::Base::DependencySet) }
+      attr_reader :dependency_set
+
+      sig { returns(T::Array[String]) }
+      attr_reader :dependency_file_paths
+
+      sig { params(repo_contents_path: String, discovery_json: DependencyFile).void }
+      def initialize(repo_contents_path:, discovery_json:)
+        @repo_contents_path = repo_contents_path
         @discovery_json = discovery_json
+        @workspace_discovery = T.let(read_workspace_discovery, T.nilable(Dependabot::Nuget::WorkspaceDiscovery))
+        @dependency_set = T.let(read_dependency_set, Dependabot::FileParsers::Base::DependencySet)
+        @dependency_file_paths = T.let(read_dependency_file_paths, T::Array[String])
+      end
+
+      private
+
+      sig { returns(String) }
+      attr_reader :repo_contents_path
+
+      sig { returns(DependencyFile) }
+      attr_reader :discovery_json
+
+      sig { returns(T.nilable(WorkspaceDiscovery)) }
+      def read_workspace_discovery
+        return nil unless discovery_json.content
+
+        parsed_json = T.let(JSON.parse(T.must(discovery_json.content)), T::Hash[String, T.untyped])
+        WorkspaceDiscovery.from_json(parsed_json)
+      rescue JSON::ParserError
+        raise Dependabot::DependencyFileNotParseable, discovery_json.path
       end
 
       sig { returns(Dependabot::FileParsers::Base::DependencySet) }
-      def dependency_set
+      def read_dependency_set
         dependency_set = Dependabot::FileParsers::Base::DependencySet.new
         return dependency_set unless workspace_discovery
 
@@ -49,9 +213,6 @@ module Dependabot
         workspace_result.projects.each do |project|
           dependency_set += project.dependency_set
         end
-        if workspace_result.directory_packages_props
-          dependency_set += T.must(workspace_result.directory_packages_props).dependency_set
-        end
         if workspace_result.dotnet_tools_json
           dependency_set += T.must(workspace_result.dotnet_tools_json).dependency_set
         end
@@ -60,22 +221,46 @@ module Dependabot
         dependency_set
       end
 
-      sig { returns(T.nilable(WorkspaceDiscovery)) }
-      def workspace_discovery
-        @workspace_discovery ||= T.let(begin
-          return nil unless discovery_json.content
+      sig { returns(T::Array[String]) }
+      def read_dependency_file_paths
+        dependency_file_paths = T.let([], T::Array[T.nilable(String)])
+        dependency_file_paths << dependency_file_path_from_repo_path("global.json") if workspace_discovery&.global_json
+        if workspace_discovery&.dotnet_tools_json
+          dependency_file_paths << dependency_file_path_from_repo_path(".config/dotnet-tools.json")
+        end
 
-          parsed_json = T.let(JSON.parse(T.must(discovery_json.content)), T::Hash[String, T.untyped])
-          WorkspaceDiscovery.from_json(parsed_json)
-        end, T.nilable(WorkspaceDiscovery))
-      rescue JSON::ParserError
-        raise Dependabot::DependencyFileNotParseable, discovery_json.path
+        projects = workspace_discovery&.projects || []
+        projects.each do |project|
+          dependency_file_paths << dependency_file_path_from_repo_path(project.file_path)
+          dependency_file_paths += project.imported_files.map do |f|
+            dependency_file_path_from_project_path(project.file_path, f)
+          end
+          dependency_file_paths += project.additional_files.map do |f|
+            dependency_file_path_from_project_path(project.file_path, f)
+          end
+        end
+
+        deduped_dependency_file_paths = T.let(Set.new(dependency_file_paths.compact), T::Set[String])
+        result = deduped_dependency_file_paths.sort
+        result
       end
 
-      private
+      sig { params(path_parts: String).returns(T.nilable(String)) }
+      def dependency_file_path_from_repo_path(*path_parts)
+        path_parts = path_parts.map { |p| p.delete_prefix("/").delete_suffix("/") }
+        normalized_repo_path = Pathname.new(path_parts.join("/")).cleanpath.to_path.delete_prefix("/")
+        full_path = Pathname.new(File.join(repo_contents_path, normalized_repo_path)).cleanpath.to_path
+        return unless File.exist?(full_path)
 
-      sig { returns(DependencyFile) }
-      attr_reader :discovery_json
+        normalized_repo_path = "/#{normalized_repo_path}" unless normalized_repo_path.start_with?("/")
+        normalized_repo_path
+      end
+
+      sig { params(project_path: String, relative_file_path: String).returns(T.nilable(String)) }
+      def dependency_file_path_from_project_path(project_path, relative_file_path)
+        project_directory = File.dirname(project_path)
+        dependency_file_path_from_repo_path(project_directory, relative_file_path)
+      end
     end
   end
 end

data/lib/dependabot/nuget/discovery/project_discovery.rb

@@ -10,41 +10,68 @@ module Dependabot
     class ProjectDiscovery < DependencyFileDiscovery
       extend T::Sig
 
+      # rubocop:disable Metrics/AbcSize
       sig do
-        params(json: T.nilable(T::Hash[String, T.untyped])).returns(T.nilable(ProjectDiscovery))
+        override.params(json: T.nilable(T::Hash[String, T.untyped]),
+                        directory: String).returns(T.nilable(ProjectDiscovery))
       end
-      def self.from_json(json)
+      def self.from_json(json, directory)
         return nil if json.nil?
 
-        file_path = T.let(json.fetch("FilePath"), String)
+        file_path = File.join(directory, T.let(json.fetch("FilePath"), String))
         properties = T.let(json.fetch("Properties"), T::Array[T::Hash[String, T.untyped]]).map do |prop|
           PropertyDetails.from_json(prop)
         end
         target_frameworks = T.let(json.fetch("TargetFrameworks"), T::Array[String])
         referenced_project_paths = T.let(json.fetch("ReferencedProjectPaths"), T::Array[String])
-        dependencies = T.let(json.fetch("Dependencies"), T::Array[T::Hash[String, T.untyped]]).map do |dep|
-          DependencyDetails.from_json(dep)
+        dependencies = T.let(json.fetch("Dependencies"), T::Array[T::Hash[String, T.untyped]]).filter_map do |dep|
+          details = DependencyDetails.from_json(dep)
+          next unless details.version # can't do anything without a version
+
+          version = T.must(details.version)
+          next unless version.length.positive? # can't do anything with an empty version
+
+          next if version.include? "," # can't do anything with a range
+
+          next if version.include? "*" # can't do anything with a wildcard
+
+          details
         end
+        imported_files = T.let(json.fetch("ImportedFiles"), T::Array[String])
+        additional_files = T.let(json.fetch("AdditionalFiles"), T::Array[String])
 
         ProjectDiscovery.new(file_path: file_path,
                              properties: properties,
                              target_frameworks: target_frameworks,
                              referenced_project_paths: referenced_project_paths,
-                             dependencies: dependencies)
+                             dependencies: dependencies,
+                             imported_files: imported_files,
+                             additional_files: additional_files)
       end
+      # rubocop:enable Metrics/AbcSize
 
       sig do
         params(file_path: String,
                properties: T::Array[PropertyDetails],
                target_frameworks: T::Array[String],
                referenced_project_paths: T::Array[String],
-               dependencies: T::Array[DependencyDetails]).void
+               dependencies: T::Array[DependencyDetails],
+               imported_files: T::Array[String],
+               additional_files: T::Array[String]).void
       end
-      def initialize(file_path:, properties:, target_frameworks:, referenced_project_paths:, dependencies:)
+      def initialize(file_path:,
+                     properties:,
+                     target_frameworks:,
+                     referenced_project_paths:,
+                     dependencies:,
+                     imported_files:,
+                     additional_files:)
         super(file_path: file_path, dependencies: dependencies)
         @properties = properties
         @target_frameworks = target_frameworks
         @referenced_project_paths = referenced_project_paths
+        @imported_files = imported_files
+        @additional_files = additional_files
       end
 
       sig { returns(T::Array[PropertyDetails]) }
@@ -56,6 +83,12 @@ module Dependabot
       sig { returns(T::Array[String]) }
       attr_reader :referenced_project_paths
 
+      sig { returns(T::Array[String]) }
+      attr_reader :imported_files
+
+      sig { returns(T::Array[String]) }
+      attr_reader :additional_files
+
       sig { override.returns(Dependabot::FileParsers::Base::DependencySet) }
       def dependency_set
         if target_frameworks.empty? && file_path.end_with?("proj")

data/lib/dependabot/nuget/discovery/workspace_discovery.rb

@@ -2,8 +2,8 @@
 # frozen_string_literal: true
 
 require "dependabot/nuget/discovery/dependency_file_discovery"
-require "dependabot/nuget/discovery/directory_packages_props_discovery"
 require "dependabot/nuget/discovery/project_discovery"
+require "dependabot/nuget/native_helpers"
 require "sorbet-runtime"
 
 module Dependabot
@@ -13,49 +13,44 @@ module Dependabot
 
       sig { params(json: T::Hash[String, T.untyped]).returns(WorkspaceDiscovery) }
       def self.from_json(json)
-        file_path = T.let(json.fetch("FilePath"), String)
+        Dependabot::Nuget::NativeHelpers.ensure_no_errors(json)
+
+        path = T.let(json.fetch("Path"), String)
+        path = "/" + path unless path.start_with?("/")
         projects = T.let(json.fetch("Projects"), T::Array[T::Hash[String, T.untyped]]).filter_map do |project|
-          ProjectDiscovery.from_json(project)
+          ProjectDiscovery.from_json(project, path)
         end
-        directory_packages_props = DirectoryPackagesPropsDiscovery
-                                   .from_json(T.let(json.fetch("DirectoryPackagesProps"),
-                                                    T.nilable(T::Hash[String, T.untyped])))
         global_json = DependencyFileDiscovery
-                      .from_json(T.let(json.fetch("GlobalJson"), T.nilable(T::Hash[String, T.untyped])))
+                      .from_json(T.let(json.fetch("GlobalJson"), T.nilable(T::Hash[String, T.untyped])), path)
         dotnet_tools_json = DependencyFileDiscovery
-                            .from_json(T.let(json.fetch("DotNetToolsJson"), T.nilable(T::Hash[String, T.untyped])))
+                            .from_json(T.let(json.fetch("DotNetToolsJson"),
+                                             T.nilable(T::Hash[String, T.untyped])), path)
 
-        WorkspaceDiscovery.new(file_path: file_path,
+        WorkspaceDiscovery.new(path: path,
                                projects: projects,
-                               directory_packages_props: directory_packages_props,
                                global_json: global_json,
                                dotnet_tools_json: dotnet_tools_json)
       end
 
       sig do
-        params(file_path: String,
+        params(path: String,
                projects: T::Array[ProjectDiscovery],
-               directory_packages_props: T.nilable(DirectoryPackagesPropsDiscovery),
                global_json: T.nilable(DependencyFileDiscovery),
                dotnet_tools_json: T.nilable(DependencyFileDiscovery)).void
       end
-      def initialize(file_path:, projects:, directory_packages_props:, global_json:, dotnet_tools_json:)
-        @file_path = file_path
+      def initialize(path:, projects:, global_json:, dotnet_tools_json:)
+        @path = path
         @projects = projects
-        @directory_packages_props = directory_packages_props
         @global_json = global_json
         @dotnet_tools_json = dotnet_tools_json
       end
 
       sig { returns(String) }
-      attr_reader :file_path
+      attr_reader :path
 
       sig { returns(T::Array[ProjectDiscovery]) }
       attr_reader :projects
 
-      sig { returns(T.nilable(DirectoryPackagesPropsDiscovery)) }
-      attr_reader :directory_packages_props
-
       sig { returns(T.nilable(DependencyFileDiscovery)) }
       attr_reader :global_json