Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add support for gradle.lockfile #2759

Merged
merged 10 commits into from Sep 1, 2022
Merged

feat: add support for gradle.lockfile #2759

merged 10 commits into from Sep 1, 2022

Conversation

DmitriyLewen
Copy link
Collaborator

@DmitriyLewen DmitriyLewen commented Aug 22, 2022

Description

add support for gradle.lockfile

Related issues

Related PRs

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@DmitriyLewen DmitriyLewen self-assigned this Aug 22, 2022
Comment on lines 38 to 39
func (a gradleLockAnalyzer) Required(filePath string, _ os.FileInfo) bool {
return strings.HasSuffix(filepath.Base(filePath), fileNameSuffix)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

os.FileInfo contains a base file name, right?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. But all language analyzers use filepath (expect go and rust binaries). That is why i also used filepath.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i meant that we don't neet to call filepath.Base(filePath), because os.FileInfo already has a file name, right?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right. Looks like an extra step.
Used os.FileInfo

@@ -28,7 +28,7 @@ func Test_rustBinaryLibraryAnalyzer_Analyze(t *testing.T) {
FilePath: "testdata/executable_rust",
Libraries: []types.Package{
{Name: "crate_with_features", Version: "0.1.0"},
{Name: "library_crate", Version: "0.1.0"},
{Name: "library_crate", Version: "0.1.0", Indirect: true},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why did it do in this PR?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed


const (
version = 1
fileNameSuffix = "gradle.lockfile"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can see on GitHub, that user have lock files with another names. is it ok?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is suffix of filename.
If I understand correctly - we need to check only this suffix.

return strings.HasSuffix(filepath.Base(filePath), fileNameSuffix)

@@ -23,6 +23,7 @@ const (
Pnpm = "pnpm"
Jar = "jar"
Pom = "pom"
GradleLock = "gradle-lock"
Copy link
Collaborator

@knqyf263 knqyf263 Aug 30, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think Gradle is enough. Other languages don't mention if it is a lock file.

Suggested change
GradleLock = "gradle-lock"
Gradle = "gradle"

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

Copy link
Collaborator

@knqyf263 knqyf263 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we also add an integration test?

@DmitriyLewen
Copy link
Collaborator Author

Can we also add an integration test?

Done!

@DmitriyLewen DmitriyLewen marked this pull request as ready for review August 30, 2022 13:07
@knqyf263 knqyf263 merged commit a000ade into main Sep 1, 2022
@knqyf263 knqyf263 deleted the feat/gradle.lockfile branch September 1, 2022 08:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add support for Java/Gradle
3 participants