require 'ox' require 'json' module Bibliothecary module Parsers class Nuget include Bibliothecary::Analyser extend Bibliothecary::MultiParsers::JSONRuntime def self.mapping { match_filename("Project.json") => { kind: 'manifest', parser: :parse_json_runtime_manifest }, match_filename("Project.lock.json") => { kind: 'lockfile', parser: :parse_project_lock_json }, match_filename("packages.lock.json") => { kind: 'lockfile', parser: :parse_packages_lock_json }, match_filename("packages.config") => { kind: 'manifest', parser: :parse_packages_config }, match_extension(".nuspec") => { kind: 'manifest', parser: :parse_nuspec }, match_extension(".csproj") => { kind: 'manifest', parser: :parse_csproj }, match_filename("paket.lock") => { kind: 'lockfile', parser: :parse_paket_lock }, match_filename("project.assets.json") => { kind: 'lockfile', parser: :parse_project_assets_json } } end add_multi_parser(Bibliothecary::MultiParsers::CycloneDX) add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV) def self.parse_project_lock_json(file_contents, options: {}) manifest = JSON.parse file_contents manifest.fetch('libraries',[]).map do |name, _requirement| dep = name.split('/') { name: dep[0], requirement: dep[1], type: 'runtime' } end end def self.parse_packages_lock_json(file_contents, options: {}) manifest = JSON.parse file_contents frameworks = {} manifest.fetch('dependencies',[]).each do |framework, deps| frameworks[framework] = deps.map do |name, details| { name: name, # 'resolved' has been set in all examples so far # so fallback to requested is pure paranoia requirement: details.fetch('resolved', details.fetch('requested', '*')), type: 'runtime' } end end if frameworks.size > 0 # we should really return multiple manifests, but bibliothecary doesn't # do that yet so at least pick deterministically. # Note, frameworks can be empty, so remove empty ones and then return the last sorted item if any frameworks = frameworks.delete_if { |_k, v| v.empty? } return frameworks[frameworks.keys.sort.last] unless frameworks.empty? end [] end def self.parse_packages_config(file_contents, options: {}) manifest = Ox.parse file_contents manifest.packages.locate('package').map do |dependency| { name: dependency.id, requirement: (dependency.version if dependency.respond_to? "version") || "*", type: dependency.respond_to?("developmentDependency") && dependency.developmentDependency == "true" ? 'development' : 'runtime' } end rescue [] end def self.parse_csproj(file_contents, options: {}) manifest = Ox.parse file_contents packages = manifest.locate('ItemGroup/PackageReference').select{ |dep| dep.respond_to? "Include" }.map do |dependency| requirement = (dependency.Version if dependency.respond_to? "Version") || "*" if requirement.is_a?(Ox::Element) requirement = dependency.nodes.detect{ |n| n.value == "Version" }&.text end type = if dependency.nodes.first && dependency.nodes.first.nodes.include?("all") && dependency.nodes.first.value.include?("PrivateAssets") || dependency.attributes[:PrivateAssets] == "All" "development" else "runtime" end { name: dependency.Include, requirement: requirement, type: type } end packages.uniq {|package| package[:name] } rescue [] end def self.parse_nuspec(file_contents, options: {}) manifest = Ox.parse file_contents manifest.package.metadata.dependencies.locate('dependency').map do |dependency| { name: dependency.id, requirement: dependency.attributes[:version] || '*', type: dependency.respond_to?("developmentDependency") && dependency.developmentDependency == "true" ? 'development' : 'runtime' } end rescue [] end def self.parse_paket_lock(file_contents, options: {}) lines = file_contents.split("\n") package_version_re = /\s+(?\S+)\s\((?\d+\.\d+[\.\d+[\.\d+]*]*)\)/ packages = lines.select { |line| package_version_re.match(line) }.map { |line| package_version_re.match(line) }.map do |match| { name: match[:name].strip, requirement: match[:version], type: 'runtime' } end # we only have to enforce uniqueness by name because paket ensures that there is only the single version globally in the project packages.uniq {|package| package[:name] } end def self.parse_project_assets_json(file_contents, options: {}) manifest = JSON.parse file_contents frameworks = {} manifest.fetch("targets",[]).each do |framework, deps| frameworks[framework] = deps .select { |_name, details| details["type"] == "package" } .map do |name, _details| name_split = name.split("/") { name: name_split[0], requirement: name_split[1], type: "runtime" } end end if frameworks.size > 0 # we should really return multiple manifests, but bibliothecary doesn't # do that yet so at least pick deterministically. # Note, frameworks can be empty, so remove empty ones and then return the last sorted item if any frameworks = frameworks.delete_if { |_k, v| v.empty? } return frameworks[frameworks.keys.sort.last] unless frameworks.empty? end [] end end end end