Porting fixes from previous branch. Adding ability to only scan external nuget packages

Signed-off-by: Joseph Cutrono <[email protected]>

Author: jcutrono

src/nuget-inspector/LockFileHelper.cs

@@ -67,15 +67,21 @@ public DependencyResolution Process()
     {
         var tree_builder = new PackageTree();
         var resolution = new DependencyResolution();
+        var project_references = ProjectLockFile.Libraries
+            .Where(l => l.Type.Equals(ComponentType.Project))
+            .Select(l => l.Name)
+            .ToList();
 
         foreach (var target in ProjectLockFile.Targets)
         {
             foreach (var library in target.Libraries)
             {
+                var type = library.Type;
                 var name = library.Name;
                 var version = library.Version.ToNormalizedString();
-                var package = new BasePackage(name: name, version: version);
+                var package = new BasePackage(name: name, type: type, version: version);
                 var dependencies = new List<BasePackage>();
+
                 foreach (var dependency in library.Dependencies)
                 {
                     var dep_name = dependency.Id;
@@ -90,7 +96,10 @@ public DependencyResolution Process()
                     }
                     else
                     {
-                        var depId = new BasePackage(name: dep_name, version: best_version.ToNormalizedString());
+                        var dep_type = project_references.Contains(dep_name)
+                            ? ComponentType.Project
+                            : ComponentType.NuGet;
+                        var depId = new BasePackage(name: dep_name, dep_type, version: best_version.ToNormalizedString());
                         dependencies.Add(item: depId);
                     }
                 }
@@ -111,7 +120,10 @@ public DependencyResolution Process()
             foreach (var dep in ProjectLockFile.PackageSpec.Dependencies)
             {
                 var version = tree_builder.GetResolvedVersion(name: dep.Name, range: dep.LibraryRange.VersionRange);
-                resolution.Dependencies.Add(item: new BasePackage(name: dep.Name, version: version));
+                var dep_type1 = project_references.Contains(dep.Name)
+                    ? ComponentType.Project
+                    : ComponentType.NuGet;
+                resolution.Dependencies.Add(item: new BasePackage(name: dep.Name, dep_type1, version: version));
             }
         }
         else
@@ -128,8 +140,11 @@ public DependencyResolution Process()
             {
                 foreach (var dep in framework.Dependencies)
                 {
+                    var dep_type1 = project_references.Contains(dep.Name)
+                        ? ComponentType.Project
+                        : ComponentType.NuGet;
                     var version = tree_builder.GetResolvedVersion(name: dep.Name, range: dep.LibraryRange.VersionRange);
-                    resolution.Dependencies.Add(item: new BasePackage(name: dep.Name, version: version));
+                    resolution.Dependencies.Add(item: new BasePackage(name: dep.Name, dep_type1, version: version));
                 }
             }
         }
@@ -152,8 +167,13 @@ public DependencyResolution Process()
                     version = library_version.ToNormalizedString();
                 }
 
-                resolution.Dependencies.Add(
-                    item: new BasePackage(name: project_dependency.GetName()!, version: version));
+                var name = project_dependency.GetName()!;
+
+
+                var dep_type1 = project_references.Contains(name)
+                    ? ComponentType.Project
+                    : ComponentType.NuGet;
+                resolution.Dependencies.Add(item: new BasePackage(name: name, dep_type1, version: version));
             }
         }
 

src/nuget-inspector/Models.cs

@@ -7,27 +7,30 @@
 using NuGet.Versioning;
 
 namespace NugetInspector
-{
-    #pragma warning disable IDE1006
+{
+#pragma warning disable IDE1006
     public class Dependency
     {
         public string? name;
         public NuGetFramework? framework;
         public VersionRange? version_range;
+        public string type;
         public bool is_direct;
 
         //True only for legacy packages.config-based projects only when set there
         public bool is_development_dependency = false;
 
         public Dependency(
             string? name,
+            string type,
             VersionRange? version_range,
             NuGetFramework? framework = null,
             bool is_direct = false,
             bool is_development_dependency = false)
         {
             this.framework = framework;
             this.name = name;
+            this.type = type;
             this.version_range = version_range;
             this.is_direct = is_direct;
             this.is_development_dependency = is_development_dependency;
@@ -40,6 +43,7 @@ public BasePackage CreateEmptyBasePackage()
         {
             return new BasePackage(
                 name: name!,
+                type: type,
                 version: version_range?.MinVersion.ToNormalizedString(),
                 framework: framework?.ToString()
             );
@@ -144,6 +148,12 @@ public VersionPair(string rawVersion, NuGetVersion version)
         }
     }
 
+    public static class ComponentType
+    {
+        public const string NuGet = "nuget";
+        public const string Project = "project";
+    }
+
     /// <summary>
     /// Package data object using purl as identifying attributes as
     /// specified here https://github.com/package-url/purl-spec
@@ -192,13 +202,14 @@ public class BasePackage : IEquatable<BasePackage>, IComparable<BasePackage>
 
         // Track if we updated this package metadata
         [JsonIgnore]
-        public bool has_updated_metadata;
-
-       public BasePackage(){}
+        public bool has_updated_metadata;
+
+        public BasePackage() { }
 
-        public BasePackage(string name, string? version, string? framework = "", string? datafile_path = "")
+        public BasePackage(string name, string type, string? version, string? framework = "", string? datafile_path = "")
         {
             this.name = name;
+            this.type = type;
             this.version = version;
             if (!string.IsNullOrWhiteSpace(framework))
                 this.version = version;
@@ -210,7 +221,7 @@ public BasePackage(string name, string? version, string? framework = "", string?
 
         public static BasePackage FromPackage(BasePackage package, List<BasePackage> dependencies)
         {
-            return new(name: package.name, version: package.version)
+            return new(name: package.name, type: package.type, version: package.version)
             {
                 extra_data = package.extra_data,
                 dependencies = dependencies
@@ -220,13 +231,14 @@ public static BasePackage FromPackage(BasePackage package, List<BasePackage> dep
         ///<summary>
         /// Return a deep clone of this package. Optionally clone dependencies.
         ///</summary>
-        public BasePackage Clone(bool with_deps=false)
+        public BasePackage Clone(bool with_deps = false)
         {
             List<BasePackage> deps = with_deps ? dependencies : new List<BasePackage>();
 
             return new BasePackage(
                 name: name,
-                version:version,
+                type: type,
+                version: version,
                 datafile_path: datafile_path
             )
             {
@@ -318,7 +330,8 @@ public void Update(NugetApi nugetApi, bool with_details = false)
 
             try
             {
-                UpdateWithRemoteMetadata(nugetApi, with_details: with_details);
+                if (!type.Equals(ComponentType.Project))
+                    UpdateWithRemoteMetadata(nugetApi, with_details: with_details);
             }
             catch (Exception ex)
             {
@@ -527,7 +540,8 @@ public static string GetApiDataUrl(PackageIdentity pid, SourcePackageDependencyI
         /// <summary>
         /// Sort recursively the dependencies of this package.
         /// </summary>
-        public void Sort() {
+        public void Sort()
+        {
             dependencies.Sort();
             foreach (var dep in dependencies)
                 dep.Sort();
@@ -599,12 +613,13 @@ public class Party
 
         public Party Clone()
         {
-            return new Party(){
-                type=type,
-                role=role,
-                name=name,
-                email=email,
-                url=url
+            return new Party()
+            {
+                type = type,
+                role = role,
+                name = name,
+                email = email,
+                url = url
             };
         }
     }
@@ -631,14 +646,15 @@ public class PackageDownload
         public string hash { get; set; } = "";
         public string hash_algorithm { get; set; } = "";
         public int? size { get; set; } = 0;
-        public bool IsEnhanced(){
+        public bool IsEnhanced()
+        {
             return !string.IsNullOrWhiteSpace(download_url) && !string.IsNullOrWhiteSpace(hash);
         }
 
         public static PackageDownload FromSpdi(SourcePackageDependencyInfo spdi)
         {
-            PackageDownload download = new(){ download_url = spdi.DownloadUri.ToString() };
-            /// Note that this hash is unlikely there per https://github.com/NuGet/NuGetGallery/issues/9433
+            PackageDownload download = new() { download_url = spdi.DownloadUri.ToString() };
+            // Note that this hash is unlikely there per https://github.com/NuGet/NuGetGallery/issues/9433
             if (!string.IsNullOrEmpty(spdi.PackageHash))
             {
                 download.hash = spdi.PackageHash;

src/nuget-inspector/NugetResolverHelper.cs

@@ -56,12 +56,13 @@ public void ResolveOne(Dependency dependency)
             }
 
             if (dependency.name != null)
-                package_tree.AddOrUpdatePackage(id: new BasePackage(name: dependency.name, version: version));
+                package_tree.AddOrUpdatePackage(id: new BasePackage(name: dependency.name, type: dependency.type, version: version));
             return;
         }
 
         var base_package = new BasePackage(
             name: dependency.name!,
+            type: dependency.type,
             version: psmr.Identity.Version.ToNormalizedString());
 
         IEnumerable<NuGet.Packaging.Core.PackageDependency> packages = nugetApi.GetPackageDependenciesForPackage(
@@ -74,7 +75,7 @@ public void ResolveOne(Dependency dependency)
             var resolved_version = package_tree.GetResolvedVersion(name: pkg.Id, range: pkg.VersionRange);
             if (resolved_version != null)
             {
-                var base_pkg = new BasePackage(name: pkg.Id, version: resolved_version);
+                var base_pkg = new BasePackage(name: pkg.Id, type: ComponentType.NuGet, version: resolved_version);
                 dependencies.Add(item: base_pkg);
                 if (Config.TRACE)
                     Console.WriteLine($"        dependencies.Add name: {pkg.Id}, version: {resolved_version}");
@@ -93,6 +94,7 @@ public void ResolveOne(Dependency dependency)
 
                 var dependent_package = new BasePackage(
                     name: psrm.Identity.Id,
+                    type: ComponentType.NuGet,
                     version: psrm.Identity.Version.ToNormalizedString());
 
                 dependencies.Add(item: dependent_package);
@@ -101,6 +103,7 @@ public void ResolveOne(Dependency dependency)
                 {
                     Dependency pd = new(
                         name: pkg.Id,
+                        type: ComponentType.NuGet,
                         version_range: pkg.VersionRange,
                         framework: dependency.framework);
 

src/nuget-inspector/PackagesConfigHelper.cs

@@ -28,7 +28,7 @@ public PackagesConfigHelper(NugetApi nugetApi)
             foreach (var depPair in pkg.Dependencies)
             {
                 if (depPair.Key == id)
-                result.Add(item: depPair.Value);
+                    result.Add(item: depPair.Value);
             }
         }
 
@@ -39,8 +39,10 @@ public List<BasePackage> ProcessAll(List<Dependency> dependencies)
     {
         foreach (var dependency in dependencies)
         {
+            Console.WriteLine($"ProcessAll() Adding {dependency.type} {dependency.name} to builder");
             Add(
                 id: dependency.name!,
+                type: dependency.type,
                 name: dependency.name,
                 range: dependency.version_range,
                 framework: dependency.framework);
@@ -60,37 +62,43 @@ public List<BasePackage> ProcessAll(List<Dependency> dependencies)
                 {
                     deps.Add(item: new BasePackage(
                         name: ResolutionDatas[key: dep].Name!,
+                        type: ResolutionDatas[key: dep].Type!,
                         version: ResolutionDatas[key: dep].CurrentVersion?.ToNormalizedString()));
                 }
             }
 
             builder.AddOrUpdatePackage(
-                base_package: new BasePackage(name: data.Name!,
+                base_package: new BasePackage(
+                    name: data.Name!,
+                    type: data.Type!,
                     version: data.CurrentVersion?.ToNormalizedString()),
                     dependencies: deps!);
         }
 
         return builder.GetPackageList();
     }
 
-    public void Add(string id, string? name, VersionRange? range, NuGetFramework? framework)
+    public void Add(string id, string type, string? name, VersionRange? range, NuGetFramework? framework)
     {
         id = id.ToLower();
         Resolve(
             id: id,
+            type: type,
             name: name,
             project_target_framework: framework,
             overrideRange: range);
     }
 
     private void Resolve(
         string id,
+        string type,
         string? name,
         NuGetFramework? project_target_framework = null,
         VersionRange? overrideRange = null)
     {
         id = id.ToLower();
         ResolutionData data = new();
+        data.Type = type;
         if (ResolutionDatas.ContainsKey(key: id))
         {
             data = ResolutionDatas[key: id];
@@ -117,7 +125,7 @@ private void Resolve(
         if (best == null)
         {
             if (Config.TRACE)
-                Console.WriteLine( value: $"Unable to find package for '{id}' with versions range '{combo}'.");
+                Console.WriteLine(value: $"Unable to find package for '{id}' with versions range '{combo}'.");
 
             if (data.CurrentVersion == null)
                 data.CurrentVersion = combo.MinVersion;
@@ -138,6 +146,7 @@ private void Resolve(
                 data.Dependencies.Add(key: dependency.Id.ToLower(), value: dependency.VersionRange);
                 Resolve(
                     id: dependency.Id.ToLower(),
+                    type: ComponentType.NuGet,
                     name: dependency.Id,
                     project_target_framework: project_target_framework);
             }
@@ -150,5 +159,6 @@ private class ResolutionData
         public readonly Dictionary<string, VersionRange?> Dependencies = new();
         public VersionRange? ExternalVersionRange;
         public string? Name;
+        public string? Type;
     }
 }

src/nuget-inspector/PackagesConfigProcessor.cs

@@ -101,6 +101,7 @@ private List<Dependency> GetDependencies()
 
             Dependency dep = new(
                 name: name,
+                type: ComponentType.NuGet,
                 version_range: range,
                 framework: package_framework,
                 is_direct: true,