diff --git a/src/nuget-inspector.sln b/src/nuget-inspector.sln index 6a1d751c..633f293f 100644 --- a/src/nuget-inspector.sln +++ b/src/nuget-inspector.sln @@ -1,23 +1,25 @@ - -Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio Version 17 -VisualStudioVersion = 17.1.32228.430 -MinimumVisualStudioVersion = 10.0.40219.1 -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "nuget-inspector", "nuget-inspector\nuget-inspector.csproj", "{12C8B8AB-5476-42CD-961A-4DACD9C8C0FD}" -EndProject -Global - GlobalSection(SolutionConfigurationPlatforms) = preSolution - Debug|Any CPU = Debug|Any CPU - Release|Any CPU = Release|Any CPU - EndGlobalSection - GlobalSection(ProjectConfigurationPlatforms) = postSolution - {12C8B8AB-5476-42CD-961A-4DACD9C8C0FD}.Debug|Any CPU.ActiveCfg = Debug|Any CPU - {12C8B8AB-5476-42CD-961A-4DACD9C8C0FD}.Debug|Any CPU.Build.0 = Debug|Any CPU - EndGlobalSection - GlobalSection(SolutionProperties) = preSolution - HideSolutionNode = FALSE - EndGlobalSection - GlobalSection(ExtensibilityGlobals) = postSolution - SolutionGuid = {B81C40A9-6510-4181-A94F-95FD0219DA10} - EndGlobalSection -EndGlobal + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 17 +VisualStudioVersion = 17.1.32228.430 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "nuget-inspector", "nuget-inspector\nuget-inspector.csproj", "{12C8B8AB-5476-42CD-961A-4DACD9C8C0FD}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Any CPU = Debug|Any CPU + Release|Any CPU = Release|Any CPU + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {12C8B8AB-5476-42CD-961A-4DACD9C8C0FD}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {12C8B8AB-5476-42CD-961A-4DACD9C8C0FD}.Debug|Any CPU.Build.0 = Debug|Any CPU + {12C8B8AB-5476-42CD-961A-4DACD9C8C0FD}.Release|Any CPU.ActiveCfg = Release|Any CPU + {12C8B8AB-5476-42CD-961A-4DACD9C8C0FD}.Release|Any CPU.Build.0 = Release|Any CPU + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {B81C40A9-6510-4181-A94F-95FD0219DA10} + EndGlobalSection +EndGlobal diff --git a/src/nuget-inspector/LockFileHelper.cs b/src/nuget-inspector/LockFileHelper.cs index 0257804c..f55aeed4 100644 --- a/src/nuget-inspector/LockFileHelper.cs +++ b/src/nuget-inspector/LockFileHelper.cs @@ -67,15 +67,21 @@ public DependencyResolution Process() { var tree_builder = new PackageTree(); var resolution = new DependencyResolution(); + var project_references = ProjectLockFile.Libraries + .Where(l => l.Type.Equals(ComponentType.Project)) + .Select(l => l.Name) + .ToList(); foreach (var target in ProjectLockFile.Targets) { foreach (var library in target.Libraries) { + var type = library.Type; var name = library.Name; var version = library.Version.ToNormalizedString(); - var package = new BasePackage(name: name, version: version); + var package = new BasePackage(name: name, type: type, version: version); var dependencies = new List(); + foreach (var dependency in library.Dependencies) { var dep_name = dependency.Id; @@ -90,7 +96,10 @@ public DependencyResolution Process() } else { - var depId = new BasePackage(name: dep_name, version: best_version.ToNormalizedString()); + var dep_type = project_references.Contains(dep_name) + ? ComponentType.Project + : ComponentType.NuGet; + var depId = new BasePackage(name: dep_name, dep_type, version: best_version.ToNormalizedString()); dependencies.Add(item: depId); } } @@ -111,7 +120,10 @@ public DependencyResolution Process() foreach (var dep in ProjectLockFile.PackageSpec.Dependencies) { var version = tree_builder.GetResolvedVersion(name: dep.Name, range: dep.LibraryRange.VersionRange); - resolution.Dependencies.Add(item: new BasePackage(name: dep.Name, version: version)); + var dep_type1 = project_references.Contains(dep.Name) + ? ComponentType.Project + : ComponentType.NuGet; + resolution.Dependencies.Add(item: new BasePackage(name: dep.Name, dep_type1, version: version)); } } else @@ -128,8 +140,11 @@ public DependencyResolution Process() { foreach (var dep in framework.Dependencies) { + var dep_type1 = project_references.Contains(dep.Name) + ? ComponentType.Project + : ComponentType.NuGet; var version = tree_builder.GetResolvedVersion(name: dep.Name, range: dep.LibraryRange.VersionRange); - resolution.Dependencies.Add(item: new BasePackage(name: dep.Name, version: version)); + resolution.Dependencies.Add(item: new BasePackage(name: dep.Name, dep_type1, version: version)); } } } @@ -152,8 +167,13 @@ public DependencyResolution Process() version = library_version.ToNormalizedString(); } - resolution.Dependencies.Add( - item: new BasePackage(name: project_dependency.GetName()!, version: version)); + var name = project_dependency.GetName()!; + + + var dep_type1 = project_references.Contains(name) + ? ComponentType.Project + : ComponentType.NuGet; + resolution.Dependencies.Add(item: new BasePackage(name: name, dep_type1, version: version)); } } diff --git a/src/nuget-inspector/Models.cs b/src/nuget-inspector/Models.cs index 0cda11dc..fad88f5a 100644 --- a/src/nuget-inspector/Models.cs +++ b/src/nuget-inspector/Models.cs @@ -7,13 +7,14 @@ using NuGet.Versioning; namespace NugetInspector -{ - #pragma warning disable IDE1006 +{ +#pragma warning disable IDE1006 public class Dependency { public string? name; public NuGetFramework? framework; public VersionRange? version_range; + public string type; public bool is_direct; //True only for legacy packages.config-based projects only when set there @@ -21,6 +22,7 @@ public class Dependency public Dependency( string? name, + string type, VersionRange? version_range, NuGetFramework? framework = null, bool is_direct = false, @@ -28,6 +30,7 @@ public Dependency( { this.framework = framework; this.name = name; + this.type = type; this.version_range = version_range; this.is_direct = is_direct; this.is_development_dependency = is_development_dependency; @@ -40,6 +43,7 @@ public BasePackage CreateEmptyBasePackage() { return new BasePackage( name: name!, + type: type, version: version_range?.MinVersion.ToNormalizedString(), framework: framework?.ToString() ); @@ -144,6 +148,12 @@ public VersionPair(string rawVersion, NuGetVersion version) } } + public static class ComponentType + { + public const string NuGet = "nuget"; + public const string Project = "project"; + } + /// /// Package data object using purl as identifying attributes as /// specified here https://github.com/package-url/purl-spec @@ -192,13 +202,14 @@ public class BasePackage : IEquatable, IComparable // Track if we updated this package metadata [JsonIgnore] - public bool has_updated_metadata; - - public BasePackage(){} + public bool has_updated_metadata; + + public BasePackage() { } - public BasePackage(string name, string? version, string? framework = "", string? datafile_path = "") + public BasePackage(string name, string type, string? version, string? framework = "", string? datafile_path = "") { this.name = name; + this.type = type; this.version = version; if (!string.IsNullOrWhiteSpace(framework)) this.version = version; @@ -210,7 +221,7 @@ public BasePackage(string name, string? version, string? framework = "", string? public static BasePackage FromPackage(BasePackage package, List dependencies) { - return new(name: package.name, version: package.version) + return new(name: package.name, type: package.type, version: package.version) { extra_data = package.extra_data, dependencies = dependencies @@ -220,13 +231,14 @@ public static BasePackage FromPackage(BasePackage package, List dep /// /// Return a deep clone of this package. Optionally clone dependencies. /// - public BasePackage Clone(bool with_deps=false) + public BasePackage Clone(bool with_deps = false) { List deps = with_deps ? dependencies : new List(); return new BasePackage( name: name, - version:version, + type: type, + version: version, datafile_path: datafile_path ) { @@ -318,7 +330,8 @@ public void Update(NugetApi nugetApi, bool with_details = false) try { - UpdateWithRemoteMetadata(nugetApi, with_details: with_details); + if (!type.Equals(ComponentType.Project)) + UpdateWithRemoteMetadata(nugetApi, with_details: with_details); } catch (Exception ex) { @@ -527,7 +540,8 @@ public static string GetApiDataUrl(PackageIdentity pid, SourcePackageDependencyI /// /// Sort recursively the dependencies of this package. /// - public void Sort() { + public void Sort() + { dependencies.Sort(); foreach (var dep in dependencies) dep.Sort(); @@ -599,12 +613,13 @@ public class Party public Party Clone() { - return new Party(){ - type=type, - role=role, - name=name, - email=email, - url=url + return new Party() + { + type = type, + role = role, + name = name, + email = email, + url = url }; } } @@ -631,14 +646,15 @@ public class PackageDownload public string hash { get; set; } = ""; public string hash_algorithm { get; set; } = ""; public int? size { get; set; } = 0; - public bool IsEnhanced(){ + public bool IsEnhanced() + { return !string.IsNullOrWhiteSpace(download_url) && !string.IsNullOrWhiteSpace(hash); } public static PackageDownload FromSpdi(SourcePackageDependencyInfo spdi) { - PackageDownload download = new(){ download_url = spdi.DownloadUri.ToString() }; - /// Note that this hash is unlikely there per https://github.com/NuGet/NuGetGallery/issues/9433 + PackageDownload download = new() { download_url = spdi.DownloadUri.ToString() }; + // Note that this hash is unlikely there per https://github.com/NuGet/NuGetGallery/issues/9433 if (!string.IsNullOrEmpty(spdi.PackageHash)) { download.hash = spdi.PackageHash; diff --git a/src/nuget-inspector/NugetResolverHelper.cs b/src/nuget-inspector/NugetResolverHelper.cs index 4646d32c..baab2613 100644 --- a/src/nuget-inspector/NugetResolverHelper.cs +++ b/src/nuget-inspector/NugetResolverHelper.cs @@ -56,12 +56,13 @@ public void ResolveOne(Dependency dependency) } if (dependency.name != null) - package_tree.AddOrUpdatePackage(id: new BasePackage(name: dependency.name, version: version)); + package_tree.AddOrUpdatePackage(id: new BasePackage(name: dependency.name, type: dependency.type, version: version)); return; } var base_package = new BasePackage( name: dependency.name!, + type: dependency.type, version: psmr.Identity.Version.ToNormalizedString()); IEnumerable packages = nugetApi.GetPackageDependenciesForPackage( @@ -74,7 +75,7 @@ public void ResolveOne(Dependency dependency) var resolved_version = package_tree.GetResolvedVersion(name: pkg.Id, range: pkg.VersionRange); if (resolved_version != null) { - var base_pkg = new BasePackage(name: pkg.Id, version: resolved_version); + var base_pkg = new BasePackage(name: pkg.Id, type: ComponentType.NuGet, version: resolved_version); dependencies.Add(item: base_pkg); if (Config.TRACE) Console.WriteLine($" dependencies.Add name: {pkg.Id}, version: {resolved_version}"); @@ -93,6 +94,7 @@ public void ResolveOne(Dependency dependency) var dependent_package = new BasePackage( name: psrm.Identity.Id, + type: ComponentType.NuGet, version: psrm.Identity.Version.ToNormalizedString()); dependencies.Add(item: dependent_package); @@ -101,6 +103,7 @@ public void ResolveOne(Dependency dependency) { Dependency pd = new( name: pkg.Id, + type: ComponentType.NuGet, version_range: pkg.VersionRange, framework: dependency.framework); diff --git a/src/nuget-inspector/PackagesConfigHelper.cs b/src/nuget-inspector/PackagesConfigHelper.cs index fdfa327f..a2ea9ebc 100644 --- a/src/nuget-inspector/PackagesConfigHelper.cs +++ b/src/nuget-inspector/PackagesConfigHelper.cs @@ -28,7 +28,7 @@ public PackagesConfigHelper(NugetApi nugetApi) foreach (var depPair in pkg.Dependencies) { if (depPair.Key == id) - result.Add(item: depPair.Value); + result.Add(item: depPair.Value); } } @@ -39,8 +39,10 @@ public List ProcessAll(List dependencies) { foreach (var dependency in dependencies) { + Console.WriteLine($"ProcessAll() Adding {dependency.type} {dependency.name} to builder"); Add( id: dependency.name!, + type: dependency.type, name: dependency.name, range: dependency.version_range, framework: dependency.framework); @@ -60,12 +62,15 @@ public List ProcessAll(List dependencies) { deps.Add(item: new BasePackage( name: ResolutionDatas[key: dep].Name!, + type: ResolutionDatas[key: dep].Type!, version: ResolutionDatas[key: dep].CurrentVersion?.ToNormalizedString())); } } builder.AddOrUpdatePackage( - base_package: new BasePackage(name: data.Name!, + base_package: new BasePackage( + name: data.Name!, + type: data.Type!, version: data.CurrentVersion?.ToNormalizedString()), dependencies: deps!); } @@ -73,11 +78,12 @@ public List ProcessAll(List dependencies) return builder.GetPackageList(); } - public void Add(string id, string? name, VersionRange? range, NuGetFramework? framework) + public void Add(string id, string type, string? name, VersionRange? range, NuGetFramework? framework) { id = id.ToLower(); Resolve( id: id, + type: type, name: name, project_target_framework: framework, overrideRange: range); @@ -85,12 +91,14 @@ public void Add(string id, string? name, VersionRange? range, NuGetFramework? fr private void Resolve( string id, + string type, string? name, NuGetFramework? project_target_framework = null, VersionRange? overrideRange = null) { id = id.ToLower(); ResolutionData data = new(); + data.Type = type; if (ResolutionDatas.ContainsKey(key: id)) { data = ResolutionDatas[key: id]; @@ -117,7 +125,7 @@ private void Resolve( if (best == null) { if (Config.TRACE) - Console.WriteLine( value: $"Unable to find package for '{id}' with versions range '{combo}'."); + Console.WriteLine(value: $"Unable to find package for '{id}' with versions range '{combo}'."); if (data.CurrentVersion == null) data.CurrentVersion = combo.MinVersion; @@ -138,6 +146,7 @@ private void Resolve( data.Dependencies.Add(key: dependency.Id.ToLower(), value: dependency.VersionRange); Resolve( id: dependency.Id.ToLower(), + type: ComponentType.NuGet, name: dependency.Id, project_target_framework: project_target_framework); } @@ -150,5 +159,6 @@ private class ResolutionData public readonly Dictionary Dependencies = new(); public VersionRange? ExternalVersionRange; public string? Name; + public string? Type; } } \ No newline at end of file diff --git a/src/nuget-inspector/PackagesConfigProcessor.cs b/src/nuget-inspector/PackagesConfigProcessor.cs index b36deb6c..0226479e 100644 --- a/src/nuget-inspector/PackagesConfigProcessor.cs +++ b/src/nuget-inspector/PackagesConfigProcessor.cs @@ -101,6 +101,7 @@ private List GetDependencies() Dependency dep = new( name: name, + type: ComponentType.NuGet, version_range: range, framework: package_framework, is_direct: true, diff --git a/src/nuget-inspector/Program.cs b/src/nuget-inspector/Program.cs index c2d809d5..3d59eab0 100644 --- a/src/nuget-inspector/Program.cs +++ b/src/nuget-inspector/Program.cs @@ -37,14 +37,14 @@ public static void Main(string[] args) } /// - /// Return True if there is an warning in the results. + /// Return True if there is a warning in the results. /// public static bool Has_warnings(OutputFormatJson output) { var has_top_level = output.scan_result.warnings.Any(); if (has_top_level) return true; - bool has_package_level = output.scan_result.project_package.warnings.Any(); + bool has_package_level = output.scan_result.project_package.warnings.Any(); if (has_package_level) return true; bool has_dep_level = false; @@ -52,7 +52,7 @@ public static bool Has_warnings(OutputFormatJson output) { if (dep.warnings.Any()) has_dep_level = true; - break; + break; } return has_dep_level; } @@ -65,7 +65,7 @@ public static bool Has_errors(OutputFormatJson output) var has_top_level = output.scan_result.errors.Any(); if (has_top_level) return true; - bool has_package_level = output.scan_result.project_package.errors.Any(); + bool has_package_level = output.scan_result.project_package.errors.Any(); if (has_package_level) return true; bool has_dep_level = false; @@ -73,7 +73,7 @@ public static bool Has_errors(OutputFormatJson output) { if (dep.errors.Any()) has_dep_level = true; - break; + break; } return has_dep_level; } @@ -111,6 +111,7 @@ private static ExecutionResult ExecuteInspector(Options options) Stopwatch deps_timer = Stopwatch.StartNew(); ScanResult scan_result = scanner.RunScan(); + deps_timer.Stop(); Stopwatch meta_timer = Stopwatch.StartNew(); @@ -163,7 +164,7 @@ private static ExecutionResult ExecuteInspector(Options options) if (with_warnings) PrintWarnings(scan_result, project_package); - return ExecutionResult.Succeeded(); + return ExecutionResult.Succeeded(); } else { diff --git a/src/nuget-inspector/ProjectFileProcessor.cs b/src/nuget-inspector/ProjectFileProcessor.cs index 005bc314..73c32e71 100644 --- a/src/nuget-inspector/ProjectFileProcessor.cs +++ b/src/nuget-inspector/ProjectFileProcessor.cs @@ -42,6 +42,7 @@ public List GetDependenciesFromReferences(List ref var rpid = reference.PackageIdentity; var dep = new Dependency( name: rpid.Id, + type: ComponentType.NuGet, version_range: reference.AllowedVersions ?? new VersionRange(rpid.Version), framework: ProjectFramework, is_direct: true); @@ -76,7 +77,7 @@ public static List DeduplicateReferences(List(); - foreach(var dupes in by_name.Values) + foreach (var dupes in by_name.Values) { if (Config.TRACE) { @@ -152,7 +153,7 @@ public virtual List GetPackageReferences() bool is_implicit = false; foreach (var meta in reference.Metadata) { - if (meta.Name == "IsImplicitlyDefined" && meta.EvaluatedValue=="true") + if (meta.Name == "IsImplicitlyDefined" && meta.EvaluatedValue == "true") is_implicit = true; } if (is_implicit) @@ -288,7 +289,7 @@ public virtual List GetPackageReferences() vers = version_range.MinVersion; } - PackageReference plainref = new ( + PackageReference plainref = new( identity: new PackageIdentity(id: artifact, version: vers), targetFramework: ProjectFramework, userInstalled: false, @@ -344,7 +345,7 @@ public DependencyResolution ResolveUseGather() List direct_dependency_pids = references.ConvertAll(r => r.PackageIdentity); // Use the gather approach to gather all possible deps - ISet available_dependencies = nugetApi.GatherPotentialDependencies( + ISet available_dependencies = nugetApi.GatherPotentialDependencies( direct_dependencies: direct_dependency_pids, framework: ProjectFramework! ); @@ -408,6 +409,7 @@ public DependencyResolution ResolveUseGather() } BasePackage dep = new( name: resolved_dep.Id, + type: ComponentType.NuGet, version: resolved_dep.Version.ToString(), framework: ProjectFramework!.GetShortFolderName()); @@ -456,6 +458,7 @@ public DependencyResolution ResolveUsingLib() } BasePackage dep = new( name: resolved_dep.Id, + type: ComponentType.NuGet, version: resolved_dep.Version.ToString(), framework: ProjectFramework!.GetShortFolderName()); @@ -550,7 +553,9 @@ public override List GetPackageReferences() packref = new PackageReference( identity: identity, targetFramework: ProjectFramework); - } else { + } + else + { packref = new PackageReference( identity: identity, targetFramework: ProjectFramework, diff --git a/src/nuget-inspector/ProjectJsonProcessor.cs b/src/nuget-inspector/ProjectJsonProcessor.cs index db9940c9..1d97ee64 100644 --- a/src/nuget-inspector/ProjectJsonProcessor.cs +++ b/src/nuget-inspector/ProjectJsonProcessor.cs @@ -27,6 +27,7 @@ public DependencyResolution Resolve() { var bpwd = new BasePackage( name: package.Name, + type: ComponentType.NuGet, version: package.LibraryRange.VersionRange.OriginalString ); resolution.Dependencies.Add(item: bpwd); diff --git a/src/nuget-inspector/ProjectScanner.cs b/src/nuget-inspector/ProjectScanner.cs index 53f902f2..cec01fca 100644 --- a/src/nuget-inspector/ProjectScanner.cs +++ b/src/nuget-inspector/ProjectScanner.cs @@ -88,8 +88,8 @@ static string combine_paths(string? project_directory, string file_name) string project_directory = ScannerOptions.ProjectDirectory; - // TODO: Also rarer files named packahes..congig - // See CommandLineUtility.IsValidConfigFileName(Path.GetFileName(path) + // TODO: Also rarer files named packages..config + // See CommandLineUtility.IsValidConfigFileName(Path.GetFileName(path) if (string.IsNullOrWhiteSpace(value: ScannerOptions.PackagesConfigPath)) ScannerOptions.PackagesConfigPath = combine_paths(project_directory, "packages.config"); @@ -152,11 +152,13 @@ public ScanResult RunScan() var project = new BasePackage( name: ScannerOptions.ProjectName!, + type: ComponentType.Project, version: ScannerOptions.ProjectVersion, datafile_path: ScannerOptions.ProjectFilePath ); - var scan_result = new ScanResult() { + var scan_result = new ScanResult() + { Options = ScannerOptions, project_package = project }; @@ -174,11 +176,11 @@ public ScanResult RunScan() IDependencyProcessor resolver; // project.assets.json is the gold standard when available - // TODO: make the use of lockfiles optional + // TODO: make the use of lock files optional if (FileExists(path: ScannerOptions.ProjectAssetsJsonPath!)) { if (Config.TRACE) - Console.WriteLine($" Using project-assets.json lockfile at: {ScannerOptions.ProjectAssetsJsonPath}"); + Console.WriteLine($" Using project.assets.json lockfile at: {ScannerOptions.ProjectAssetsJsonPath}"); try { resolver = new ProjectAssetsJsonProcessor(projectAssetsJsonPath: ScannerOptions.ProjectAssetsJsonPath!); @@ -287,7 +289,6 @@ public ScanResult RunScan() // first we try using MSbuild to read the project if (Config.TRACE) Console.WriteLine($" Using project file: {ScannerOptions.ProjectFilePath}"); - try { resolver = new ProjectFileProcessor( @@ -372,4 +373,4 @@ private static bool FileExists(string path) { return !string.IsNullOrWhiteSpace(value: path) && File.Exists(path: path); } -} +} \ No newline at end of file diff --git a/src/nuget-inspector/nuget-inspector.csproj b/src/nuget-inspector/nuget-inspector.csproj index 9b8abcfa..f507ca87 100644 --- a/src/nuget-inspector/nuget-inspector.csproj +++ b/src/nuget-inspector/nuget-inspector.csproj @@ -1,7 +1,7 @@ Exe - net6.0 + net9.0 linux-x64 true @@ -49,37 +49,37 @@ - - - - - - + + + + + + - - + + - - - - - - - - - - - - - + + + + + + + + + + + + +