Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add handler for packages.lock.json in nuget #3825

Merged
merged 12 commits into from
Jun 26, 2024
Merged

Add handler for packages.lock.json in nuget #3825

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
6722ed0
Add handler for packages.lock.json in nuget
TG1999 Jun 24, 2024
a5ba6c5
Add new generate files
TG1999 Jun 24, 2024
03fce8c
Fix parsing format
TG1999 Jun 25, 2024
c3d4449
Add version in resolved package
TG1999 Jun 25, 2024
f368bd4
Add version in resolved package
TG1999 Jun 25, 2024
22be070
Add version in resolved package
TG1999 Jun 25, 2024
7a6d0ae
Fix errors
TG1999 Jun 25, 2024
1cd12d5
Address review comments
TG1999 Jun 25, 2024
81c2b23
Address review comments
TG1999 Jun 25, 2024
e9bcb30
Address review comments
TG1999 Jun 25, 2024
3afc678
Fix errors
TG1999 Jun 26, 2024
b89d6c4
Add CHANGELOG entry
AyanSinhaMahapatra Jun 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
91 changes: 91 additions & 0 deletions src/packagedcode/nuget.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
# See https://aboutcode.org for more information about nexB OSS projects.
#

import json
import xmltodict
from packageurl import PackageURL

Expand Down Expand Up @@ -179,3 +180,93 @@ def parse(cls, location, package_only=False):
)
yield models.PackageData.from_data(package_data, package_only)

class NugetPackagesLockHandler(models.DatafileHandler):
datasource_id = 'nuget_packages_lock'
path_patterns = ('packages.lock.json',)
default_package_type = 'nuget'
description = 'NuGet packages.lock.json file'
documentation_url = 'https://docs.microsoft.com/en-us/nuget/reference/packages-lock-file'

@classmethod
def is_datafile(cls, location, filetypes=..., _bare_filename=False):
return super().is_datafile(location, filetypes, _bare_filename) and location.endswith('.lock.json')

@staticmethod
def get_dependencies(package_info, scope):
dependencies = []
for dep in package_info.get('dependencies', {}):
dependency = models.DependentPackage(
purl=str(PackageURL(type='nuget', name=dep, version=package_info["dependencies"][dep])),
extracted_requirement=package_info["dependencies"][dep],
is_resolved=True,
scope=scope,
is_optional=False,
is_runtime=True,
is_direct=False,
)
dependencies.append(dependency)
return dependencies

@classmethod
def parse(cls, location, package_only=False):
with open(location) as loc:
parsed = json.load(loc)

if not parsed:
return

top_dependencies = []
for target_framework, packages in parsed.get('dependencies', {}).items():
extra_data = dict(
target_framework=target_framework,
)
for package_name, package_info in packages.items():
dependencies = NugetPackagesLockHandler.get_dependencies(package_info=package_info, scope=target_framework)
resolved_package_mapping = dict(
datasource_id=cls.datasource_id,
type=cls.default_package_type,
primary_language=cls.default_primary_language,
name=package_name,
dependencies=[
dep.to_dict() for dep in dependencies
],
is_virtual=True,
version=package_info.get('resolved'),
)
resolved_package = models.PackageData.from_data(resolved_package_mapping)
package_type = package_info.get('type')
if package_type == "Direct":
is_direct = True
elif package_type == "Transitive":
is_direct = False
else:
raise Exception(f"Unknown package type: {package_type}")


version = package_info.get('resolved')
requested = package_info.get('requested')
dependency = models.DependentPackage(
purl=str(PackageURL(type='nuget', name=package_name, version=version)),
extracted_requirement=requested or version,
is_resolved=True,
resolved_package=resolved_package.to_dict(),
# We use the target framework as scope since there is no concept of scope in .NET
# and we may have different resolutions for different target frameworks
scope=target_framework,
is_optional=False,
is_runtime=True,
is_direct=is_direct,
)
top_dependencies.append(dependency.to_dict())
package_data = dict(
datasource_id=cls.datasource_id,
type=cls.default_package_type,
primary_language=cls.default_primary_language,
extra_data=extra_data,
dependencies=top_dependencies,
# TODO: Check if we to put virtual or private for packages without a name and version
# is_virtual=True,
# is_private=True,
)
yield models.PackageData.from_data(package_data, package_only)

Loading
Loading