fix: adding support for .csproj as root when manifest is custom file (#12)

Author: eavichay

lib/dependency.js

@@ -1,3 +1,5 @@
+var debug = require('debug')('snyk');
+
 function Dependency(name, version) {
   this.name = name;
   this.version = version;
@@ -24,6 +26,7 @@ Dependency.extractFromDotVersionNotation = function (expression) {
 
 Dependency.from = {
   folderName: function (folderName) {
+    debug('Extracting by folder name ' + folderName);
     var info = Dependency.extractFromDotVersionNotation(folderName);
     var result = new Dependency(
       info.name,
@@ -32,13 +35,17 @@ Dependency.from = {
     return result;
   },
   packgesConfigEntry: function (manifest) {
+    debug('Extracting by packages.config entry:' +
+      ' name = ' + manifest.$.id +
+      ' version = ' + manifest.$.version);
     var result = new Dependency(
       manifest.$.id,
       manifest.$.version);
     result.versionSpec = manifest.$.version;
     return result;
   },
   csprojEntry: function (referenceItem) {
+    debug('Extracting by hintPath ' + referenceItem.HintPath[0]);
     var sep = (
       /\//.exec(referenceItem.HintPath[0]) ||
       /\\/.exec(referenceItem.HintPath[0]))[0];

lib/index.js

@@ -5,6 +5,7 @@ var Dependecy = require('./dependency');
 var findFolder = require('./find-folder');
 var path = require('path');
 var parseNuspec = require('./nuspec-parser');
+var jsonManifestParest = require('./json-manifest-parser');
 var debug = require('debug')('snyk');
 
 function determineManifestType (filename) {
@@ -43,6 +44,7 @@ module.exports = {
     try {
       manifestType = determineManifestType(path.basename(targetFile || root));
       fileContent = fs.readFileSync(targetFile).toString();
+      debug('Loaded ' + targetFile + ' with manifest type ' + manifestType);
     }
     catch (error) {
       return Promise.reject(error);
@@ -66,8 +68,10 @@ module.exports = {
       var installedPackages = [];
       switch (manifestType) {
         case 'project.json': {
-          debug('Trying to parse project.json manifest');
-          var rawDependencies = JSON.parse(fileContent).dependencies;
+          debug('Trying to parse project.json format manifest');
+          var projectData = jsonManifestParest.parse(fileContent);
+          var rawDependencies = projectData.dependencies;
+          debug(rawDependencies);
           if (rawDependencies) {
             for (var name in rawDependencies) {
               // Array<{ "libraryName": "version" }>
@@ -78,6 +82,10 @@ module.exports = {
               }
             }
           }
+          if (projectData.project) {
+            packageTree.package.name = projectData.project.name;
+            packageTree.package.version = projectData.project.version;
+          }
           resolve(installedPackages);
           break;
         }

lib/json-manifest-parser.js

@@ -0,0 +1,46 @@
+function scanForDependencies(obj, deps) {
+  deps = deps || {};
+  if (typeof obj !== 'object') {
+    return deps;
+  }
+  Object.keys(obj).forEach(function (key) {
+    if (key === 'dependencies') {
+      var dependencies = obj.dependencies;
+      Object.keys(dependencies).forEach(function (key) {
+        var depName = key;
+        var version = dependencies[key];
+        if (typeof version === 'object') {
+          version = version.version;
+        }
+        if (typeof version === 'undefined') {
+          version = 'unknown';
+        } else {
+          version = version.toString();
+        }
+        deps[depName] = version;
+      })
+    } else {
+      scanForDependencies(obj[key], deps);
+    }
+  });
+  return deps;
+}
+
+module.exports = {
+  parse: function parseJsonManifest(fileContent) {
+    var rawContent = JSON.parse(fileContent);
+    var result = {};
+    result.dependencies = scanForDependencies(rawContent, {});
+    if (typeof rawContent.project === 'object') {
+      var pData = rawContent.project
+      var name = (pData.restore && pData.restore.projectName)
+      result.project = {
+        version: pData.version || '0.0.0',
+      };
+      if (name) {
+        result.project.name = name;
+      }
+    }
+    return result;
+  },
+};

test/parse-with-traverse.test.js

@@ -9,6 +9,42 @@ var alternatePackagesFolder =
   stubProjectLocation + 'alternate_packages';
 var targetCSProjFile =
   stubProjectLocation + 'dummy_project_1/WebApplication1.csproj';
+var targetJSONManifest =
+  './test/stubs/_2_project.json';
+var targetJSONManifestData =
+  require('./stubs/_2_project.json');
+
+
+test('parse assets.project.json and traverse packages', function (t) {
+  var expectedTreeFile =
+  fs.readFileSync(
+    stubProjectLocation + 'dummy_project_1/expected_csproj.json');
+  var expectedTree = JSON.parse(expectedTreeFile.toString());
+  // NUnit can be referenced in .nuspec files.
+  // In this test the manifest file has no NUnit reference,
+  // therefor it is not expected to be in the result.
+  delete expectedTree.package.dependencies.NUnit;
+  plugin.inspect(stubProjectLocation, targetJSONManifest, {
+    packagesFolder: stubProjectLocation + '/packages',
+  }).then(function (result) {
+    // In case project details are included in manifest file,
+    // it's expected to be included in the 'package' section
+    t.equal(
+      result.package.name,
+      targetJSONManifestData.project.restore.projectName,
+      'expects extraction of project\'s name from manifest');
+    t.equal(
+      result.package.version,
+      targetJSONManifestData.project.version,
+      'expects extraction of project\'s version from manifest');
+    t.deepEqual(
+      result.package.dependencies,
+      expectedTree.package.dependencies,
+      'expects dependency tree to be correct');
+    t.ok(result.plugin);
+    t.end();
+  });
+});
 
 
 test('parse .csproj and traverse packages', function (t) {
@@ -22,8 +58,13 @@ test('parse .csproj and traverse packages', function (t) {
     t.test('traversing', function (t) {
       t.deepEqual(
         result.package.dependencies,
-        expectedTree.package.dependencies);
-      t.ok(result.plugin);
+        expectedTree.package.dependencies,
+        'expects dependency tree to be correct');
+      t.ok(result.plugin, 'plugin details exists in result');
+      t.equal(result.plugin.name, 'snyk-nuget-plugin',
+        'plugin\'s name is snyk-nuget-plugin');
+      t.equal(result.plugin.targetFile, targetCSProjFile,
+        'plugin shows correct targetFile');
       t.end();
     })
     return result;

test/stubs/_2_project.json

@@ -0,0 +1,194 @@
+{
+  "version": 3,
+  "targets": {
+    "Target_1": {
+      "Microsoft.NETCore.App/2.0.0": {
+        "type": "package",
+        "dependencies": {
+          "Antlr": "3.4.1.9004",
+          "bootstrap": "3.0.0",
+          "EntityFramework": "6.1.3",
+          "jQuery": "1.10.2",
+          "Knockout.Validation": "1.0.1",
+          "knockoutjs": "2.3.0",
+          "Microsoft.ApplicationInsights": "2.2.0",
+          "Microsoft.ApplicationInsights.Agent.Intercept": "2.0.6",
+          "Microsoft.ApplicationInsights.DependencyCollector": "2.2.0",
+          "Microsoft.ApplicationInsights.PerfCounterCollector": "2.2.0",
+          "Microsoft.ApplicationInsights.Web": "2.2.0",
+          "Microsoft.ApplicationInsights.WindowsServer": "2.2.0",
+          "Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel": "2.2.0",
+          "Microsoft.AspNet.Identity.Core": "2.2.1",
+          "Microsoft.AspNet.Identity.EntityFramework": "2.2.1",
+          "Microsoft.AspNet.Identity.Owin": "2.2.1",
+          "Microsoft.AspNet.Mvc": "5.2.3",
+          "Microsoft.AspNet.Razor": "3.2.3",
+          "Microsoft.AspNet.Web.Optimization": "1.1.3",
+          "Microsoft.AspNet.WebApi": "5.2.3",
+          "Microsoft.AspNet.WebApi.Client": "5.2.3",
+          "Microsoft.AspNet.WebApi.Core": "5.2.3",
+          "Microsoft.AspNet.WebApi.HelpPage": "5.2.3",
+          "Microsoft.AspNet.WebApi.Owin": "5.2.3",
+          "Microsoft.AspNet.WebApi.WebHost": "5.2.3",
+          "Microsoft.AspNet.WebPages": "3.2.3",
+          "Microsoft.CodeAnalysis.Analyzers": "1.1.0",
+          "Microsoft.CodeAnalysis.Common": "1.3.2",
+          "Microsoft.CodeAnalysis.CSharp": "1.3.2",
+          "Microsoft.CodeDom.Providers.DotNetCompilerPlatform": "1.0.5",
+          "Microsoft.Net.Compilers": "2.1.0",
+          "Microsoft.Orleans.Core": "1.4.0",
+          "Microsoft.Orleans.OrleansCodeGenerator": "1.4.0",
+          "Microsoft.Owin": "3.0.1",
+          "Microsoft.Owin.Host.SystemWeb": "3.0.1",
+          "Microsoft.Owin.Security": "3.0.1",
+          "Microsoft.Owin.Security.Cookies": "3.0.1",
+          "Microsoft.Owin.Security.Facebook": "3.0.1",
+          "Microsoft.Owin.Security.Google": "3.0.1",
+          "Microsoft.Owin.Security.MicrosoftAccount": "3.0.1",
+          "Microsoft.Owin.Security.OAuth": "3.0.1",
+          "Microsoft.Owin.Security.Twitter": "3.0.1",
+          "Microsoft.Web.Infrastructure": "1.0.0.0",
+          "Modernizr": "2.6.2",
+          "Newtonsoft.Json": "10.0.3",
+          "Owin": "1.0",
+          "Respond": "1.2.0",
+          "Sammy.js": "0.7.4",
+          "System.AppContext": "4.1.0",
+          "System.Collections": "4.0.11",
+          "System.Collections.Concurrent": "4.0.12",
+          "System.Collections.Immutable": "1.2.0",
+          "System.Console": "4.0.0",
+          "System.Diagnostics.Debug": "4.0.11",
+          "System.Diagnostics.FileVersionInfo": "4.0.0",
+          "System.Diagnostics.StackTrace": "4.0.1",
+          "System.Diagnostics.Tools": "4.0.1",
+          "System.Dynamic.Runtime": "4.0.11",
+          "System.Globalization": "4.0.11",
+          "System.IO.FileSystem": "4.0.1",
+          "System.IO.FileSystem.Primitives": "4.0.1",
+          "System.Linq": "4.1.0",
+          "System.Linq.Expressions": "4.1.0",
+          "System.Reflection": "4.1.0",
+          "System.Reflection.Metadata": "1.3.0",
+          "System.Reflection.Primitives": "4.0.1",
+          "System.Resources.ResourceManager": "4.0.1",
+          "System.Runtime": "4.1.0",
+          "System.Runtime.Extensions": "4.1.0",
+          "System.Runtime.Handles": "4.0.1",
+          "System.Runtime.InteropServices": "4.1.0",
+          "System.Runtime.Numerics": "4.0.1",
+          "System.Security.Cryptography.Algorithms": "4.2.0",
+          "System.Security.Cryptography.Encoding": "4.0.0",
+          "System.Security.Cryptography.Primitives": "4.0.0",
+          "System.Security.Cryptography.X509Certificates": "4.1.0",
+          "System.Text.Encoding": "4.0.11",
+          "System.Text.Encoding.CodePages": "4.0.1"
+        },
+        "compile": {
+          "ignored": "ignored"
+        },
+        "build": {
+          "ignored": "ignored"
+        }
+      }
+    },
+    "Target_2": {
+      "Microsoft.NETCore.App/2.0.0": {
+        "type": "package",
+        "dependencies": {
+          "System.Text.Encoding.Extensions": "4.0.11",
+          "System.Threading": "4.0.11",
+          "System.Threading.Tasks": "4.0.11",
+          "System.Threading.Tasks.Parallel": "4.0.1",
+          "System.Threading.Thread": "4.0.0",
+          "System.Xml.ReaderWriter": "4.0.11",
+          "System.Xml.XDocument": "4.0.11",
+          "System.Xml.XmlDocument": "4.0.1",
+          "System.Xml.XPath": "4.0.1",
+          "System.Xml.XPath.XDocument": "4.0.1",
+          "WebGrease": "1.5.2"
+        },
+        "compile": {
+          "ignored": "ignored"
+        },
+        "build": {
+          "ignored": "ignored"
+        }
+      },
+      "NETStandard.Library/2.0.0": {
+        "type": "package",
+        "dependencies": {
+          "System.Xml.XDocument": "4.0.11",
+          "System.Xml.XmlDocument": "4.0.1",
+          "System.Xml.XPath": "4.0.1",
+          "System.Xml.XPath.XDocument": "4.0.1",
+          "WebGrease": "1.5.2"
+        },
+        "compile": {
+          "ignored": "ignored"
+        },
+        "runtime": {
+          "ignored": "ignored"
+        },
+        "build": {
+          "ignored": "ignored"
+        }
+      }
+    }
+  },
+  "projectFileDependencyGroups": {
+    "NOTE_TO_DEVELOPERS": "This is for the resolver",
+    ".NETCoreApp,Version=v2.0": [
+      "Microsoft.NETCore.App >= 2.0.0"
+    ]
+  },
+  "packageFolders": {
+    "/path/to/.nuget/packages/": {}
+  },
+  "project": {
+    "NOTE_TO_DEVELOPERS": "This could be a source of data to add to the snyk manifest",
+    "version": "1.0.0",
+    "restore": {
+      "projectUniqueName": "/path/to/project/testapp.csproj",
+      "projectName": "project-name",
+      "projectPath": "/path/to/project/project-manifest.csproj",
+      "packagesPath": "/path/to/packages",
+      "outputPath": "/path/to/project/obj",
+      "projectStyle": "PackageReference",
+      "configFilePaths": [
+        "/path/to/nuget/.config/NuGet/NuGet.Config"
+      ],
+      "originalTargetFrameworks": [
+        "netcoreapp2.0"
+      ],
+      "sources": {
+        "https://api.nuget.org/v3/index.json": {}
+      },
+      "frameworks": {
+        "netcoreapp2.0": {
+          "projectReferences": {}
+        }
+      },
+      "warningProperties": {
+        "warnAsError": [
+          "NU1605"
+        ]
+      }
+    },
+    "frameworks": {
+      "NOTE_TO_DEVELOPERS": "We may want to include these as dependencies",
+      "netcoreapp2.0": {
+        "dependencies": {
+        },
+        "imports": [
+          "net461"
+        ],
+        "assetTargetFallback": true,
+        "warn": true
+      }
+    },
+    "runtimes": {
+      "ignored": "ignored"
+    }
+  }
+}