From 1f21568c6307fe90100241be7edc901e21f3f41e Mon Sep 17 00:00:00 2001 From: Xueqin Cui <72771658+cuixq@users.noreply.github.com> Date: Mon, 23 Dec 2024 11:54:05 +1100 Subject: [PATCH] chore: delete `internal/manifest` (#1462) `internal/maniefst` only holds the transitive scanning code for Maven pom.xml which is now moved to `internal/scalibrextract/language/java/pomxmlnet` --- internal/manifest/fixtures/maven/empty.xml | 7 - .../manifest/fixtures/maven/interpolation.xml | 37 -- .../fixtures/maven/invalid-syntax.xml | 13 - internal/manifest/fixtures/maven/not-pom.txt | 1 - .../manifest/fixtures/maven/one-package.xml | 17 - .../manifest/fixtures/maven/parent/pom.xml | 21 - .../manifest/fixtures/maven/transitive.xml | 33 -- .../manifest/fixtures/maven/two-packages.xml | 22 -- .../maven/with-dependency-management.xml | 37 -- .../manifest/fixtures/maven/with-parent.xml | 54 --- .../manifest/fixtures/maven/with-scope.xml | 14 - .../fixtures/universe/basic-universe.yaml | 60 --- internal/manifest/helpers_test.go | 105 ----- internal/manifest/maven.go | 156 -------- internal/manifest/maven_test.go | 361 ------------------ 15 files changed, 938 deletions(-) delete mode 100644 internal/manifest/fixtures/maven/empty.xml delete mode 100644 internal/manifest/fixtures/maven/interpolation.xml delete mode 100644 internal/manifest/fixtures/maven/invalid-syntax.xml delete mode 100644 internal/manifest/fixtures/maven/not-pom.txt delete mode 100644 internal/manifest/fixtures/maven/one-package.xml delete mode 100644 internal/manifest/fixtures/maven/parent/pom.xml delete mode 100644 internal/manifest/fixtures/maven/transitive.xml delete mode 100644 internal/manifest/fixtures/maven/two-packages.xml delete mode 100644 internal/manifest/fixtures/maven/with-dependency-management.xml delete mode 100644 internal/manifest/fixtures/maven/with-parent.xml delete mode 100644 internal/manifest/fixtures/maven/with-scope.xml delete mode 100644 internal/manifest/fixtures/universe/basic-universe.yaml delete mode 100644 internal/manifest/helpers_test.go delete mode 100644 internal/manifest/maven.go delete mode 100644 internal/manifest/maven_test.go diff --git a/internal/manifest/fixtures/maven/empty.xml b/internal/manifest/fixtures/maven/empty.xml deleted file mode 100644 index 8cfeebaaa4..0000000000 --- a/internal/manifest/fixtures/maven/empty.xml +++ /dev/null @@ -1,7 +0,0 @@ - - 4.0.0 - - com.mycompany.app - my-app - 1 - diff --git a/internal/manifest/fixtures/maven/interpolation.xml b/internal/manifest/fixtures/maven/interpolation.xml deleted file mode 100644 index 6b7f761afc..0000000000 --- a/internal/manifest/fixtures/maven/interpolation.xml +++ /dev/null @@ -1,37 +0,0 @@ - - - 4.0.0 - - io.library - my-library - 1.0-SNAPSHOT - jar - - - 1.0.0 - 2.3.4 - [9.4.35.v20201120,9.5) - - - - - org.mine - mypackage - ${mypackageVersion} - - - - org.mine - my.package - ${my.package.version} - - - - org.mine - ranged-package - ${version-range} - - - - diff --git a/internal/manifest/fixtures/maven/invalid-syntax.xml b/internal/manifest/fixtures/maven/invalid-syntax.xml deleted file mode 100644 index 761a32c1ab..0000000000 --- a/internal/manifest/fixtures/maven/invalid-syntax.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - <${Id}.version>${project.version} - - - - - io.netty - netty-all - 4.1.42.Final - - - diff --git a/internal/manifest/fixtures/maven/not-pom.txt b/internal/manifest/fixtures/maven/not-pom.txt deleted file mode 100644 index f9df712bcb..0000000000 --- a/internal/manifest/fixtures/maven/not-pom.txt +++ /dev/null @@ -1 +0,0 @@ -this is not a pom.xml file! diff --git a/internal/manifest/fixtures/maven/one-package.xml b/internal/manifest/fixtures/maven/one-package.xml deleted file mode 100644 index bbb1359e9d..0000000000 --- a/internal/manifest/fixtures/maven/one-package.xml +++ /dev/null @@ -1,17 +0,0 @@ - - com.mycompany.app - my-app - 1.0 - - - 3.0 - - - - - org.apache.maven - maven-artifact - 1.0.0 - - - diff --git a/internal/manifest/fixtures/maven/parent/pom.xml b/internal/manifest/fixtures/maven/parent/pom.xml deleted file mode 100644 index 3751df6be3..0000000000 --- a/internal/manifest/fixtures/maven/parent/pom.xml +++ /dev/null @@ -1,21 +0,0 @@ - - org.local - parent-pom - 1.0 - - pom - - - org.upstream - parent-pom - 1.0 - - - - - org.dave - dave - 4.0.0 - - - diff --git a/internal/manifest/fixtures/maven/transitive.xml b/internal/manifest/fixtures/maven/transitive.xml deleted file mode 100644 index 52e416a0bc..0000000000 --- a/internal/manifest/fixtures/maven/transitive.xml +++ /dev/null @@ -1,33 +0,0 @@ - - com.mycompany.app - my-app - 1.0 - - - - - org.transitive - frank - 4.4.4 - - - - - - - org.direct - alice - 1.0.0 - - - org.direct - bob - 2.0.0 - - - org.direct - chris - 3.0.0 - - - diff --git a/internal/manifest/fixtures/maven/two-packages.xml b/internal/manifest/fixtures/maven/two-packages.xml deleted file mode 100644 index 897f648a1e..0000000000 --- a/internal/manifest/fixtures/maven/two-packages.xml +++ /dev/null @@ -1,22 +0,0 @@ - - com.mycompany.app - my-app - 1.0 - - - 3.0 - - - - - io.netty - netty-all - 4.1.42.Final - - - org.slf4j - slf4j-log4j12 - 1.7.25 - - - diff --git a/internal/manifest/fixtures/maven/with-dependency-management.xml b/internal/manifest/fixtures/maven/with-dependency-management.xml deleted file mode 100644 index 1928688e94..0000000000 --- a/internal/manifest/fixtures/maven/with-dependency-management.xml +++ /dev/null @@ -1,37 +0,0 @@ - - com.mycompany.app - my-app - 1.0 - - - 3.0 - - - - - io.netty - netty-all - 4.1.9 - - - org.slf4j - slf4j-log4j12 - 1.7.25 - - - - - - - io.netty - netty-all - 4.1.42.Final - - - com.google.code.findbugs - jsr305 - 3.0.2 - - - - diff --git a/internal/manifest/fixtures/maven/with-parent.xml b/internal/manifest/fixtures/maven/with-parent.xml deleted file mode 100644 index 602b8b877f..0000000000 --- a/internal/manifest/fixtures/maven/with-parent.xml +++ /dev/null @@ -1,54 +0,0 @@ - - com.mycompany.app - my-app - 1.0 - - - org.local - parent-pom - 1.0 - ./parent/pom.xml - - - - 2.0.0 - - - - - org.alice - alice - 1.0.0 - - - org.bob - bob - ${bob.version} - - - org.chuck - chuck - - - org.frank - frank - - - - - - - org.chuck - chuck - 3.0.0 - - - org.import - import - 1.2.3 - pom - import - - - - diff --git a/internal/manifest/fixtures/maven/with-scope.xml b/internal/manifest/fixtures/maven/with-scope.xml deleted file mode 100644 index 688c6bb7bc..0000000000 --- a/internal/manifest/fixtures/maven/with-scope.xml +++ /dev/null @@ -1,14 +0,0 @@ - - com.mycompany.app - my-app - 1.0 - - - - junit - junit - 4.12 - runtime - - - diff --git a/internal/manifest/fixtures/universe/basic-universe.yaml b/internal/manifest/fixtures/universe/basic-universe.yaml deleted file mode 100644 index 2bf2b32724..0000000000 --- a/internal/manifest/fixtures/universe/basic-universe.yaml +++ /dev/null @@ -1,60 +0,0 @@ -system: maven -schema: | - com.google.code.findbugs:jsr305 - 3.0.2 - io.netty:netty-all - 4.1.9 - 4.1.42.Final - junit:junit - 4.12 - org.alice:alice - 1.0.0 - org.apache.maven:maven-artifact - 1.0.0 - org.bob:bob - 2.0.0 - org.chuck:chuck - 3.0.0 - org.dave:dave - 4.0.0 - org.direct:alice - 1.0.0 - org.transitive:chuck@1.1.1 - org.transitive:dave@2.2.2 - org.direct:bob - 2.0.0 - org.transitive:eve@3.3.3 - org.direct:chris - 3.0.0 - org.transitive:frank@3.3.3 - org.eve:eve - 5.0.0 - org.frank:frank - 6.0.0 - org.mine:my.package - 2.3.4 - org.mine:mypackage - 1.0.0 - org.mine:ranged-package - 9.4.35 - 9.4.36 - 9.4.37 - 9.5 - org.slf4j:slf4j-log4j12 - 1.7.25 - org.transitive:chuck - 1.1.1 - 2.2.2 - org.transitive:eve@2.2.2 - 3.3.3 - org.transitive:dave - 1.1.1 - 2.2.2 - 3.3.3 - org.transitive:eve - 1.1.1 - 2.2.2 - 3.3.3 - org.transitive:frank - 3.3.3 - 4.4.4 diff --git a/internal/manifest/helpers_test.go b/internal/manifest/helpers_test.go deleted file mode 100644 index ffcab3d06e..0000000000 --- a/internal/manifest/helpers_test.go +++ /dev/null @@ -1,105 +0,0 @@ -package manifest_test - -import ( - "errors" - "fmt" - "reflect" - "strings" - "testing" - - "github.com/google/osv-scanner/internal/output" - "github.com/google/osv-scanner/pkg/lockfile" -) - -func expectErrContaining(t *testing.T, err error, str string) { - t.Helper() - - if err == nil { - t.Errorf("Expected to get error, but did not") - } - - if !strings.Contains(err.Error(), str) { - t.Errorf("Expected to get \"%s\" error, but got \"%v\"", str, err) - } -} - -func expectErrIs(t *testing.T, err error, expected error) { - t.Helper() - - if err == nil { - t.Errorf("Expected to get error, but did not") - } - - if !errors.Is(err, expected) { - t.Errorf("Expected to get \"%v\" error but got \"%v\" instead", expected, err) - } -} - -func packageToString(pkg lockfile.PackageDetails) string { - commit := pkg.Commit - - if commit == "" { - commit = "" - } - - groups := strings.Join(pkg.DepGroups, ", ") - - if groups == "" { - groups = "" - } - - return fmt.Sprintf("%s@%s (%s, %s, %s)", pkg.Name, pkg.Version, pkg.Ecosystem, commit, groups) -} - -func hasPackage(t *testing.T, packages []lockfile.PackageDetails, pkg lockfile.PackageDetails) bool { - t.Helper() - - for _, details := range packages { - if reflect.DeepEqual(details, pkg) { - return true - } - } - - return false -} - -func findMissingPackages(t *testing.T, actualPackages []lockfile.PackageDetails, expectedPackages []lockfile.PackageDetails) []lockfile.PackageDetails { - t.Helper() - var missingPackages []lockfile.PackageDetails - - for _, pkg := range actualPackages { - if !hasPackage(t, expectedPackages, pkg) { - missingPackages = append(missingPackages, pkg) - } - } - - return missingPackages -} - -func expectPackages(t *testing.T, actualPackages []lockfile.PackageDetails, expectedPackages []lockfile.PackageDetails) { - t.Helper() - - if len(expectedPackages) != len(actualPackages) { - t.Errorf( - "Expected to get %d %s, but got %d", - len(expectedPackages), - output.Form(len(expectedPackages), "package", "packages"), - len(actualPackages), - ) - } - - missingActualPackages := findMissingPackages(t, actualPackages, expectedPackages) - missingExpectedPackages := findMissingPackages(t, expectedPackages, actualPackages) - - if len(missingActualPackages) != 0 { - for _, unexpectedPackage := range missingActualPackages { - t.Errorf("Did not expect %s", packageToString(unexpectedPackage)) - } - } - - if len(missingExpectedPackages) != 0 { - for _, unexpectedPackage := range missingExpectedPackages { - t.Errorf("Did not find %s", packageToString(unexpectedPackage)) - } - } -} diff --git a/internal/manifest/maven.go b/internal/manifest/maven.go deleted file mode 100644 index a5463f2de5..0000000000 --- a/internal/manifest/maven.go +++ /dev/null @@ -1,156 +0,0 @@ -package manifest - -import ( - "context" - "fmt" - "path/filepath" - - "deps.dev/util/maven" - "deps.dev/util/resolve" - "deps.dev/util/resolve/dep" - mavenresolve "deps.dev/util/resolve/maven" - "github.com/google/osv-scanner/internal/resolution/client" - "github.com/google/osv-scanner/internal/resolution/datasource" - "github.com/google/osv-scanner/internal/resolution/util" - mavenutil "github.com/google/osv-scanner/internal/utility/maven" - "github.com/google/osv-scanner/pkg/lockfile" - "golang.org/x/exp/maps" -) - -type MavenResolverExtractor struct { - client.DependencyClient - *datasource.MavenRegistryAPIClient -} - -func (e MavenResolverExtractor) ShouldExtract(path string) bool { - return filepath.Base(path) == "pom.xml" -} - -func (e MavenResolverExtractor) Extract(f lockfile.DepFile) ([]lockfile.PackageDetails, error) { - ctx := context.Background() - - var project maven.Project - if err := datasource.NewMavenDecoder(f).Decode(&project); err != nil { - return nil, fmt.Errorf("could not extract from %s: %w", f.Path(), err) - } - // Empty JDK and ActivationOS indicates merging the default profiles. - if err := project.MergeProfiles("", maven.ActivationOS{}); err != nil { - return nil, fmt.Errorf("failed to merge profiles: %w", err) - } - for _, repo := range project.Repositories { - if err := e.MavenRegistryAPIClient.AddRegistry(datasource.MavenRegistry{ - URL: string(repo.URL), - ID: string(repo.ID), - ReleasesEnabled: repo.Releases.Enabled.Boolean(), - SnapshotsEnabled: repo.Snapshots.Enabled.Boolean(), - }); err != nil { - return nil, fmt.Errorf("failed to add registry %s: %w", repo.URL, err) - } - } - // Merging parents data by parsing local parent pom.xml or fetching from upstream. - if err := mavenutil.MergeParents(ctx, e.MavenRegistryAPIClient, &project, project.Parent, 1, f.Path(), true); err != nil { - return nil, fmt.Errorf("failed to merge parents: %w", err) - } - // Process the dependencies: - // - dedupe dependencies and dependency management - // - import dependency management - // - fill in missing dependency version requirement - project.ProcessDependencies(func(groupID, artifactID, version maven.String) (maven.DependencyManagement, error) { - return mavenutil.GetDependencyManagement(ctx, e.MavenRegistryAPIClient, groupID, artifactID, version) - }) - - if registries := e.MavenRegistryAPIClient.GetRegistries(); len(registries) > 0 { - clientRegs := make([]client.Registry, len(registries)) - for i, reg := range registries { - clientRegs[i] = reg - } - if err := e.DependencyClient.AddRegistries(clientRegs); err != nil { - return nil, err - } - } - overrideClient := client.NewOverrideClient(e.DependencyClient) - resolver := mavenresolve.NewResolver(overrideClient) - - // Resolve the dependencies. - root := resolve.Version{ - VersionKey: resolve.VersionKey{ - PackageKey: resolve.PackageKey{ - System: resolve.Maven, - Name: project.ProjectKey.Name(), - }, - VersionType: resolve.Concrete, - Version: string(project.Version), - }} - reqs := make([]resolve.RequirementVersion, len(project.Dependencies)+len(project.DependencyManagement.Dependencies)) - for i, d := range project.Dependencies { - reqs[i] = resolve.RequirementVersion{ - VersionKey: resolve.VersionKey{ - PackageKey: resolve.PackageKey{ - System: resolve.Maven, - Name: d.Name(), - }, - VersionType: resolve.Requirement, - Version: string(d.Version), - }, - Type: resolve.MavenDepType(d, ""), - } - } - for i, d := range project.DependencyManagement.Dependencies { - reqs[len(project.Dependencies)+i] = resolve.RequirementVersion{ - VersionKey: resolve.VersionKey{ - PackageKey: resolve.PackageKey{ - System: resolve.Maven, - Name: d.Name(), - }, - VersionType: resolve.Requirement, - Version: string(d.Version), - }, - Type: resolve.MavenDepType(d, mavenutil.OriginManagement), - } - } - overrideClient.AddVersion(root, reqs) - - client.PreFetch(ctx, overrideClient, reqs, f.Path()) - g, err := resolver.Resolve(ctx, root.VersionKey) - if err != nil { - return nil, fmt.Errorf("failed resolving %v: %w", root, err) - } - for i, e := range g.Edges { - e.Type = dep.Type{} - g.Edges[i] = e - } - - details := map[string]lockfile.PackageDetails{} - for i := 1; i < len(g.Nodes); i++ { - // Ignore the first node which is the root. - node := g.Nodes[i] - pkgDetails := util.VKToPackageDetails(node.Version) - // We are only able to know dependency groups of direct dependencies but - // not transitive dependencies because the nodes in the resolve graph does - // not have the scope information. - for _, dep := range project.Dependencies { - if dep.Name() != pkgDetails.Name { - continue - } - if dep.Scope != "" && dep.Scope != "compile" { - pkgDetails.DepGroups = append(pkgDetails.DepGroups, string(dep.Scope)) - } - } - details[pkgDetails.Name] = pkgDetails - } - - return maps.Values(details), nil -} - -func ParseMavenWithResolver(depClient client.DependencyClient, mavenClient *datasource.MavenRegistryAPIClient, pathToLockfile string) ([]lockfile.PackageDetails, error) { - f, err := lockfile.OpenLocalDepFile(pathToLockfile) - if err != nil { - return nil, err - } - defer f.Close() - - return MavenResolverExtractor{ - DependencyClient: depClient, - MavenRegistryAPIClient: mavenClient, - }.Extract(f) -} diff --git a/internal/manifest/maven_test.go b/internal/manifest/maven_test.go deleted file mode 100644 index 0f38a78b7a..0000000000 --- a/internal/manifest/maven_test.go +++ /dev/null @@ -1,361 +0,0 @@ -package manifest_test - -import ( - "io/fs" - "testing" - - "github.com/google/osv-scanner/internal/manifest" - "github.com/google/osv-scanner/internal/resolution/clienttest" - "github.com/google/osv-scanner/internal/resolution/datasource" - "github.com/google/osv-scanner/internal/testutility" - "github.com/google/osv-scanner/pkg/lockfile" -) - -func TestMavenResolverExtractor_ShouldExtract(t *testing.T) { - t.Parallel() - - tests := []struct { - name string - path string - want bool - }{ - { - name: "", - path: "", - want: false, - }, - { - name: "", - path: "pom.xml", - want: true, - }, - { - name: "", - path: "path/to/my/pom.xml", - want: true, - }, - { - name: "", - path: "path/to/my/pom.xml/file", - want: false, - }, - { - name: "", - path: "path/to/my/pom.xml.file", - want: false, - }, - { - name: "", - path: "path.to.my.pom.xml", - want: false, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - e := manifest.MavenResolverExtractor{} - got := e.ShouldExtract(tt.path) - if got != tt.want { - t.Errorf("Extract() got = %v, want %v", got, tt.want) - } - }) - } -} - -func TestParseMavenWithResolver_FileDoesNotExist(t *testing.T) { - t.Parallel() - - packages, err := manifest.ParseMavenWithResolver(nil, nil, "fixtures/maven/does-not-exist") - - expectErrIs(t, err, fs.ErrNotExist) - expectPackages(t, packages, []lockfile.PackageDetails{}) -} - -func TestParseMavenWithResolver_Invalid(t *testing.T) { - t.Parallel() - - packages, err := manifest.ParseMavenWithResolver(nil, nil, "fixtures/maven/not-pom.txt") - - expectErrContaining(t, err, "could not extract from") - expectPackages(t, packages, []lockfile.PackageDetails{}) -} - -func TestParseMavenWithResolver_InvalidSyntax(t *testing.T) { - t.Parallel() - - packages, err := manifest.ParseMavenWithResolver(nil, nil, "fixtures/maven/invalid-syntax.xml") - - expectErrContaining(t, err, "XML syntax error") - expectPackages(t, packages, []lockfile.PackageDetails{}) -} - -func TestParseMavenWithResolver_NoPackages(t *testing.T) { - t.Parallel() - - resolutionClient := clienttest.NewMockResolutionClient(t, "fixtures/universe/basic-universe.yaml") - packages, err := manifest.ParseMavenWithResolver(resolutionClient, &datasource.MavenRegistryAPIClient{}, "fixtures/maven/empty.xml") - if err != nil { - t.Errorf("Got unexpected error: %v", err) - } - - expectPackages(t, packages, []lockfile.PackageDetails{}) -} - -func TestParseMavenWithResolver_OnePackage(t *testing.T) { - t.Parallel() - - resolutionClient := clienttest.NewMockResolutionClient(t, "fixtures/universe/basic-universe.yaml") - packages, err := manifest.ParseMavenWithResolver(resolutionClient, &datasource.MavenRegistryAPIClient{}, "fixtures/maven/one-package.xml") - if err != nil { - t.Errorf("Got unexpected error: %v", err) - } - - expectPackages(t, packages, []lockfile.PackageDetails{ - { - Name: "org.apache.maven:maven-artifact", - Version: "1.0.0", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - }) -} - -func TestParseMavenWithResolver_TwoPackages(t *testing.T) { - t.Parallel() - - resolutionClient := clienttest.NewMockResolutionClient(t, "fixtures/universe/basic-universe.yaml") - packages, err := manifest.ParseMavenWithResolver(resolutionClient, &datasource.MavenRegistryAPIClient{}, "fixtures/maven/two-packages.xml") - if err != nil { - t.Errorf("Got unexpected error: %v", err) - } - - expectPackages(t, packages, []lockfile.PackageDetails{ - { - Name: "io.netty:netty-all", - Version: "4.1.42.Final", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - { - Name: "org.slf4j:slf4j-log4j12", - Version: "1.7.25", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - }) -} - -func TestParseMavenWithResolver_WithDependencyManagement(t *testing.T) { - t.Parallel() - - resolutionClient := clienttest.NewMockResolutionClient(t, "fixtures/universe/basic-universe.yaml") - packages, err := manifest.ParseMavenWithResolver(resolutionClient, &datasource.MavenRegistryAPIClient{}, "fixtures/maven/with-dependency-management.xml") - if err != nil { - t.Errorf("Got unexpected error: %v", err) - } - - expectPackages(t, packages, []lockfile.PackageDetails{ - { - Name: "io.netty:netty-all", - Version: "4.1.9", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - { - Name: "org.slf4j:slf4j-log4j12", - Version: "1.7.25", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - }) -} - -func TestParseMavenWithResolver_Interpolation(t *testing.T) { - t.Parallel() - - resolutionClient := clienttest.NewMockResolutionClient(t, "fixtures/universe/basic-universe.yaml") - packages, err := manifest.ParseMavenWithResolver(resolutionClient, &datasource.MavenRegistryAPIClient{}, "fixtures/maven/interpolation.xml") - if err != nil { - t.Errorf("Got unexpected error: %v", err) - } - - expectPackages(t, packages, []lockfile.PackageDetails{ - { - Name: "org.mine:mypackage", - Version: "1.0.0", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - { - Name: "org.mine:my.package", - Version: "2.3.4", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - { - Name: "org.mine:ranged-package", - Version: "9.4.37", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - }) -} - -func TestParseMavenWithResolver_WithScope(t *testing.T) { - t.Parallel() - - resolutionClient := clienttest.NewMockResolutionClient(t, "fixtures/universe/basic-universe.yaml") - packages, err := manifest.ParseMavenWithResolver(resolutionClient, &datasource.MavenRegistryAPIClient{}, "fixtures/maven/with-scope.xml") - if err != nil { - t.Errorf("Got unexpected error: %v", err) - } - - expectPackages(t, packages, []lockfile.PackageDetails{ - { - Name: "junit:junit", - Version: "4.12", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - DepGroups: []string{"runtime"}, - }, - }) -} - -func TestParseMavenWithResolver_WithParent(t *testing.T) { - t.Parallel() - - srv := testutility.NewMockHTTPServer(t) - srv.SetResponse(t, "org/upstream/parent-pom/1.0/parent-pom-1.0.pom", []byte(` - - org.upstream - parent-pom - 1.0 - pom - - - org.eve - eve - 5.0.0 - - - - `)) - srv.SetResponse(t, "org/import/import/1.2.3/import-1.2.3.pom", []byte(` - - org.import - import - 1.2.3 - pom - - - - org.frank - frank - 6.0.0 - - - - - `)) - - resolutionClient := clienttest.NewMockResolutionClient(t, "fixtures/universe/basic-universe.yaml") - client, _ := datasource.NewMavenRegistryAPIClient(datasource.MavenRegistry{URL: srv.URL, ReleasesEnabled: true}) - packages, err := manifest.ParseMavenWithResolver(resolutionClient, client, "fixtures/maven/with-parent.xml") - if err != nil { - t.Errorf("Got unexpected error: %v", err) - } - - expectPackages(t, packages, []lockfile.PackageDetails{ - { - Name: "org.alice:alice", - Version: "1.0.0", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - { - Name: "org.bob:bob", - Version: "2.0.0", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - { - Name: "org.chuck:chuck", - Version: "3.0.0", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - { - Name: "org.dave:dave", - Version: "4.0.0", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - { - Name: "org.eve:eve", - Version: "5.0.0", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - { - Name: "org.frank:frank", - Version: "6.0.0", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - }) -} - -func TestParseMavenWithResolver_Transitive(t *testing.T) { - t.Parallel() - - resolutionClient := clienttest.NewMockResolutionClient(t, "fixtures/universe/basic-universe.yaml") - packages, err := manifest.ParseMavenWithResolver(resolutionClient, &datasource.MavenRegistryAPIClient{}, "fixtures/maven/transitive.xml") - if err != nil { - t.Errorf("Got unexpected error: %v", err) - } - - expectPackages(t, packages, []lockfile.PackageDetails{ - { - Name: "org.direct:alice", - Version: "1.0.0", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - { - Name: "org.direct:bob", - Version: "2.0.0", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - { - Name: "org.direct:chris", - Version: "3.0.0", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - { - Name: "org.transitive:chuck", - Version: "1.1.1", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - { - Name: "org.transitive:dave", - Version: "2.2.2", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - { - Name: "org.transitive:eve", - Version: "3.3.3", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - { - Name: "org.transitive:frank", - Version: "4.4.4", - Ecosystem: lockfile.MavenEcosystem, - CompareAs: lockfile.MavenEcosystem, - }, - }) -}