diff --git a/CycloneDX.Tests/CycloneDX.Tests.csproj b/CycloneDX.Tests/CycloneDX.Tests.csproj index ff51c778..e80c230e 100644 --- a/CycloneDX.Tests/CycloneDX.Tests.csproj +++ b/CycloneDX.Tests/CycloneDX.Tests.csproj @@ -33,6 +33,9 @@ + + Always + Always @@ -60,13 +63,13 @@ Always - + Always - + Always - + Always diff --git a/CycloneDX.Tests/FunctionalTests/TestcaseFiles/DevDependencies.json b/CycloneDX.Tests/FunctionalTests/ExcludeDevDependencies/DevDependencies.json similarity index 100% rename from CycloneDX.Tests/FunctionalTests/TestcaseFiles/DevDependencies.json rename to CycloneDX.Tests/FunctionalTests/ExcludeDevDependencies/DevDependencies.json diff --git a/CycloneDX.Tests/FunctionalTests/ExcludeDevDepenceny.cs b/CycloneDX.Tests/FunctionalTests/ExcludeDevDependencies/ExcludeDevDependency.cs similarity index 78% rename from CycloneDX.Tests/FunctionalTests/ExcludeDevDepenceny.cs rename to CycloneDX.Tests/FunctionalTests/ExcludeDevDependencies/ExcludeDevDependency.cs index b09bfba3..8850fb79 100644 --- a/CycloneDX.Tests/FunctionalTests/ExcludeDevDepenceny.cs +++ b/CycloneDX.Tests/FunctionalTests/ExcludeDevDependencies/ExcludeDevDependency.cs @@ -10,28 +10,30 @@ namespace CycloneDX.Tests.FunctionalTests { - public class ExcludeDevDepenceny + public class ExcludeDevDependency { [Fact] public async Task DevDependenciesNormalyGoIntoTheBom() { - var assetsJson = File.ReadAllText(Path.Combine("FunctionalTests", "TestcaseFiles", "DevDependencies.json")); + var assetsJson = File.ReadAllText(Path.Combine("FunctionalTests", "ExcludeDevDependencies", "DevDependencies.json")); var options = new RunOptions { }; + var bom = await FunctionalTestHelper.Test(assetsJson, options); Assert.True(bom.Components.Count == 1); Assert.Contains(bom.Components, c => string.Compare(c.Name, "SonarAnalyzer.CSharp", true) == 0 && c.Version == "9.16.0.82469"); + Assert.True(bom.Components.First(c => c.Name == "SonarAnalyzer.CSharp").Scope == Component.ComponentScope.Excluded, "Scope of development dependency is not excluded."); } [Fact] public async Task DevDependenciesAreExcludedWithExcludeDevDependencies() { - var assetsJson = File.ReadAllText(Path.Combine("FunctionalTests", "TestcaseFiles", "DevDependencies.json")); + var assetsJson = File.ReadAllText(Path.Combine("FunctionalTests", "ExcludeDevDependencies", "DevDependencies.json")); var options = new RunOptions { excludeDev = true diff --git a/CycloneDX.Tests/FunctionalTests/TestcaseFiles/DevDependencies_WithPackageConfig_CsProj.xml b/CycloneDX.Tests/FunctionalTests/ExcludeDevDependenciesPackagesConfig/DevDependencies_WithPackageConfig_CsProj.xml similarity index 100% rename from CycloneDX.Tests/FunctionalTests/TestcaseFiles/DevDependencies_WithPackageConfig_CsProj.xml rename to CycloneDX.Tests/FunctionalTests/ExcludeDevDependenciesPackagesConfig/DevDependencies_WithPackageConfig_CsProj.xml diff --git a/CycloneDX.Tests/FunctionalTests/TestcaseFiles/DevDependencies_WithPackageConfig_PackageConfig.xml b/CycloneDX.Tests/FunctionalTests/ExcludeDevDependenciesPackagesConfig/DevDependencies_WithPackageConfig_PackageConfig.xml similarity index 100% rename from CycloneDX.Tests/FunctionalTests/TestcaseFiles/DevDependencies_WithPackageConfig_PackageConfig.xml rename to CycloneDX.Tests/FunctionalTests/ExcludeDevDependenciesPackagesConfig/DevDependencies_WithPackageConfig_PackageConfig.xml diff --git a/CycloneDX.Tests/FunctionalTests/ExcludeDevDependnciesWithPackageConfig.cs b/CycloneDX.Tests/FunctionalTests/ExcludeDevDependenciesPackagesConfig/ExcludeDevDependnciesWithPackageConfig.cs similarity index 77% rename from CycloneDX.Tests/FunctionalTests/ExcludeDevDependnciesWithPackageConfig.cs rename to CycloneDX.Tests/FunctionalTests/ExcludeDevDependenciesPackagesConfig/ExcludeDevDependnciesWithPackageConfig.cs index c54c5dc1..acd25120 100644 --- a/CycloneDX.Tests/FunctionalTests/ExcludeDevDependnciesWithPackageConfig.cs +++ b/CycloneDX.Tests/FunctionalTests/ExcludeDevDependenciesPackagesConfig/ExcludeDevDependnciesWithPackageConfig.cs @@ -10,7 +10,7 @@ using CycloneDX.Models; using Xunit; -namespace CycloneDX.Tests.FunctionalTests +namespace CycloneDX.Tests.FunctionalTests.ExcludeDevDependenciesPackagesConfig { public class ExcludeDevDependnciesWithPackageConfig { @@ -20,10 +20,10 @@ private MockFileSystem getMockFS() { { MockUnixSupport.Path("c:/ProjectPath/Project.csproj"), new MockFileData( - File.ReadAllText(Path.Combine("FunctionalTests", "TestcaseFiles", "DevDependencies_WithPackageConfig_CsProj.xml"))) }, + File.ReadAllText(Path.Combine("FunctionalTests", "ExcludeDevDependenciesPackagesConfig", "DevDependencies_WithPackageConfig_CsProj.xml"))) }, { MockUnixSupport.Path("c:/ProjectPath/packages.config"), new MockFileData( - File.ReadAllText(Path.Combine("FunctionalTests", "TestcaseFiles", "DevDependencies_WithPackageConfig_PackageConfig.xml"))) } + File.ReadAllText(Path.Combine("FunctionalTests", "ExcludeDevDependenciesPackagesConfig", "DevDependencies_WithPackageConfig_PackageConfig.xml"))) } }); } @@ -38,12 +38,13 @@ public async Task DevDependenciesNormalyGoIntoTheBom() Assert.True(bom.Components.Count == 1, $"Unexpected number of components. Expected 1, got {bom.Components.Count}"); Assert.Contains(bom.Components, c => string.Compare(c.Name, "SonarAnalyzer.CSharp", true) == 0 && c.Version == "9.16.0.82469"); + Assert.True(bom.Components.First(c => c.Name == "SonarAnalyzer.CSharp").Scope == Component.ComponentScope.Excluded, "Scope of development dependency is not excluded."); } [Fact] public async Task DevDependenciesAreExcludedWithExcludeDevDependencies() - { + { var options = new RunOptions { excludeDev = true @@ -53,7 +54,7 @@ public async Task DevDependenciesAreExcludedWithExcludeDevDependencies() var bom = await FunctionalTestHelper.Test(options, getMockFS()); Assert.True(bom.Components.Count == 0); - + } diff --git a/CycloneDX.Tests/FunctionalTests/ExcludeTransitiveDevDependency/AssetsFile.json b/CycloneDX.Tests/FunctionalTests/ExcludeTransitiveDevDependency/AssetsFile.json new file mode 100644 index 00000000..87e0e19b --- /dev/null +++ b/CycloneDX.Tests/FunctionalTests/ExcludeTransitiveDevDependency/AssetsFile.json @@ -0,0 +1,539 @@ +{ + "version": 3, + "targets": { + "net8.0": { + "Microsoft.CodeAnalysis.FxCopAnalyzers/3.3.2": { + "type": "package", + "dependencies": { + "Microsoft.CodeAnalysis.VersionCheckAnalyzer": "[3.3.2]", + "Microsoft.CodeQuality.Analyzers": "[3.3.2]", + "Microsoft.NetCore.Analyzers": "[3.3.2]", + "Microsoft.NetFramework.Analyzers": "[3.3.2]" + }, + "build": { + "build/Microsoft.CodeAnalysis.FxCopAnalyzers.props": {}, + "build/Microsoft.CodeAnalysis.FxCopAnalyzers.targets": {} + } + }, + "Microsoft.CodeAnalysis.VersionCheckAnalyzer/3.3.2": { + "type": "package", + "build": { + "build/Microsoft.CodeAnalysis.VersionCheckAnalyzer.props": {}, + "build/Microsoft.CodeAnalysis.VersionCheckAnalyzer.targets": {} + } + }, + "Microsoft.CodeQuality.Analyzers/3.3.2": { + "type": "package", + "build": { + "build/Microsoft.CodeQuality.Analyzers.props": {}, + "build/Microsoft.CodeQuality.Analyzers.targets": {} + } + }, + "Microsoft.NetCore.Analyzers/3.3.2": { + "type": "package", + "build": { + "build/Microsoft.NetCore.Analyzers.props": {}, + "build/Microsoft.NetCore.Analyzers.targets": {} + } + }, + "Microsoft.NetFramework.Analyzers/3.3.2": { + "type": "package", + "build": { + "build/Microsoft.NetFramework.Analyzers.props": {}, + "build/Microsoft.NetFramework.Analyzers.targets": {} + } + } + } + }, + "libraries": { + "Microsoft.CodeAnalysis.FxCopAnalyzers/3.3.2": { + "sha512": "QlaP2SgpkiV5fnDgC1WwG3blfXIvz5WSPkA/R/AjKRwOLTGU1YLE3PArkvTz1ZtLCuXs29Qp3iY2fja7wF0iEg==", + "type": "package", + "path": "microsoft.codeanalysis.fxcopanalyzers/3.3.2", + "hasTools": true, + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "EULA.rtf", + "ThirdPartyNotices.rtf", + "build/Microsoft.CodeAnalysis.FxCopAnalyzers.props", + "build/Microsoft.CodeAnalysis.FxCopAnalyzers.targets", + "documentation/Analyzer Configuration.md", + "documentation/Microsoft.CodeAnalysis.FxCopAnalyzers.md", + "documentation/Microsoft.CodeAnalysis.FxCopAnalyzers.sarif", + "editorconfig/AllRulesDefault/.editorconfig", + "editorconfig/AllRulesDisabled/.editorconfig", + "editorconfig/AllRulesEnabled/.editorconfig", + "editorconfig/DataflowRulesDefault/.editorconfig", + "editorconfig/DataflowRulesEnabled/.editorconfig", + "editorconfig/DesignRulesDefault/.editorconfig", + "editorconfig/DesignRulesEnabled/.editorconfig", + "editorconfig/DocumentationRulesDefault/.editorconfig", + "editorconfig/DocumentationRulesEnabled/.editorconfig", + "editorconfig/GlobalizationRulesDefault/.editorconfig", + "editorconfig/GlobalizationRulesEnabled/.editorconfig", + "editorconfig/InteroperabilityRulesDefault/.editorconfig", + "editorconfig/InteroperabilityRulesEnabled/.editorconfig", + "editorconfig/MaintainabilityRulesDefault/.editorconfig", + "editorconfig/MaintainabilityRulesEnabled/.editorconfig", + "editorconfig/NamingRulesDefault/.editorconfig", + "editorconfig/NamingRulesEnabled/.editorconfig", + "editorconfig/PerformanceRulesDefault/.editorconfig", + "editorconfig/PerformanceRulesEnabled/.editorconfig", + "editorconfig/PortedFromFxCopRulesDefault/.editorconfig", + "editorconfig/PortedFromFxCopRulesEnabled/.editorconfig", + "editorconfig/PublishRulesDefault/.editorconfig", + "editorconfig/PublishRulesEnabled/.editorconfig", + "editorconfig/ReliabilityRulesDefault/.editorconfig", + "editorconfig/ReliabilityRulesEnabled/.editorconfig", + "editorconfig/SecurityRulesDefault/.editorconfig", + "editorconfig/SecurityRulesEnabled/.editorconfig", + "editorconfig/UsageRulesDefault/.editorconfig", + "editorconfig/UsageRulesEnabled/.editorconfig", + "microsoft.codeanalysis.fxcopanalyzers.3.3.2.nupkg.sha512", + "microsoft.codeanalysis.fxcopanalyzers.nuspec", + "rulesets/AllRulesDefault.ruleset", + "rulesets/AllRulesDisabled.ruleset", + "rulesets/AllRulesEnabled.ruleset", + "rulesets/DataflowRulesDefault.ruleset", + "rulesets/DataflowRulesEnabled.ruleset", + "rulesets/DesignRulesDefault.ruleset", + "rulesets/DesignRulesEnabled.ruleset", + "rulesets/DocumentationRulesDefault.ruleset", + "rulesets/DocumentationRulesEnabled.ruleset", + "rulesets/GlobalizationRulesDefault.ruleset", + "rulesets/GlobalizationRulesEnabled.ruleset", + "rulesets/InteroperabilityRulesDefault.ruleset", + "rulesets/InteroperabilityRulesEnabled.ruleset", + "rulesets/MaintainabilityRulesDefault.ruleset", + "rulesets/MaintainabilityRulesEnabled.ruleset", + "rulesets/NamingRulesDefault.ruleset", + "rulesets/NamingRulesEnabled.ruleset", + "rulesets/PerformanceRulesDefault.ruleset", + "rulesets/PerformanceRulesEnabled.ruleset", + "rulesets/PortedFromFxCopRulesDefault.ruleset", + "rulesets/PortedFromFxCopRulesEnabled.ruleset", + "rulesets/PublishRulesDefault.ruleset", + "rulesets/PublishRulesEnabled.ruleset", + "rulesets/ReliabilityRulesDefault.ruleset", + "rulesets/ReliabilityRulesEnabled.ruleset", + "rulesets/SecurityRulesDefault.ruleset", + "rulesets/SecurityRulesEnabled.ruleset", + "rulesets/UsageRulesDefault.ruleset", + "rulesets/UsageRulesEnabled.ruleset", + "rulesets/legacy/AllRules.ruleset", + "rulesets/legacy/BasicCorrectnessRules.ruleset", + "rulesets/legacy/BasicDesignGuidelineRules.ruleset", + "rulesets/legacy/ExtendedCorrectnessRules.ruleset", + "rulesets/legacy/ExtendedDesignGuidelineRules.ruleset", + "rulesets/legacy/GlobalizationRules.ruleset", + "rulesets/legacy/ManagedMinimumRules.ruleset", + "rulesets/legacy/MinimumRecommendedRules.ruleset", + "rulesets/legacy/SecurityRules.ruleset", + "tools/install.ps1", + "tools/uninstall.ps1" + ] + }, + "Microsoft.CodeAnalysis.VersionCheckAnalyzer/3.3.2": { + "sha512": "KTqeVJjGfwDX7/AGDgBXErYX/8Etjwu8Zg2TgmmjVPZReVZk4KLv5fpEiTtoBXis3AO+OM/Qu4cQfz828RSmDQ==", + "type": "package", + "path": "microsoft.codeanalysis.versioncheckanalyzer/3.3.2", + "hasTools": true, + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "EULA.rtf", + "ThirdPartyNotices.rtf", + "analyzers/dotnet/Microsoft.CodeAnalysis.VersionCheckAnalyzer.dll", + "analyzers/dotnet/cs/Microsoft.CodeAnalysis.VersionCheckAnalyzer.resources.dll", + "analyzers/dotnet/de/Microsoft.CodeAnalysis.VersionCheckAnalyzer.resources.dll", + "analyzers/dotnet/es/Microsoft.CodeAnalysis.VersionCheckAnalyzer.resources.dll", + "analyzers/dotnet/fr/Microsoft.CodeAnalysis.VersionCheckAnalyzer.resources.dll", + "analyzers/dotnet/it/Microsoft.CodeAnalysis.VersionCheckAnalyzer.resources.dll", + "analyzers/dotnet/ja/Microsoft.CodeAnalysis.VersionCheckAnalyzer.resources.dll", + "analyzers/dotnet/ko/Microsoft.CodeAnalysis.VersionCheckAnalyzer.resources.dll", + "analyzers/dotnet/pl/Microsoft.CodeAnalysis.VersionCheckAnalyzer.resources.dll", + "analyzers/dotnet/pt-BR/Microsoft.CodeAnalysis.VersionCheckAnalyzer.resources.dll", + "analyzers/dotnet/ru/Microsoft.CodeAnalysis.VersionCheckAnalyzer.resources.dll", + "analyzers/dotnet/tr/Microsoft.CodeAnalysis.VersionCheckAnalyzer.resources.dll", + "analyzers/dotnet/zh-Hans/Microsoft.CodeAnalysis.VersionCheckAnalyzer.resources.dll", + "analyzers/dotnet/zh-Hant/Microsoft.CodeAnalysis.VersionCheckAnalyzer.resources.dll", + "build/Microsoft.CodeAnalysis.VersionCheckAnalyzer.props", + "build/Microsoft.CodeAnalysis.VersionCheckAnalyzer.targets", + "documentation/Analyzer Configuration.md", + "documentation/Microsoft.CodeAnalysis.VersionCheckAnalyzer.md", + "documentation/Microsoft.CodeAnalysis.VersionCheckAnalyzer.sarif", + "editorconfig/AllRulesDefault/.editorconfig", + "editorconfig/AllRulesDisabled/.editorconfig", + "editorconfig/AllRulesEnabled/.editorconfig", + "editorconfig/DataflowRulesDefault/.editorconfig", + "editorconfig/DataflowRulesEnabled/.editorconfig", + "editorconfig/PortedFromFxCopRulesDefault/.editorconfig", + "editorconfig/PortedFromFxCopRulesEnabled/.editorconfig", + "editorconfig/ReliabilityRulesDefault/.editorconfig", + "editorconfig/ReliabilityRulesEnabled/.editorconfig", + "microsoft.codeanalysis.versioncheckanalyzer.3.3.2.nupkg.sha512", + "microsoft.codeanalysis.versioncheckanalyzer.nuspec", + "rulesets/AllRulesDefault.ruleset", + "rulesets/AllRulesDisabled.ruleset", + "rulesets/AllRulesEnabled.ruleset", + "rulesets/DataflowRulesDefault.ruleset", + "rulesets/DataflowRulesEnabled.ruleset", + "rulesets/PortedFromFxCopRulesDefault.ruleset", + "rulesets/PortedFromFxCopRulesEnabled.ruleset", + "rulesets/ReliabilityRulesDefault.ruleset", + "rulesets/ReliabilityRulesEnabled.ruleset", + "tools/install.ps1", + "tools/uninstall.ps1" + ] + }, + "Microsoft.CodeQuality.Analyzers/3.3.2": { + "sha512": "WwR96abpowLKCJ/+hREuBu58zbTBCiFLQx5FjAUAYrgtuIQsg+jRtv4n9gKw6zxydnO+jd5aFJB6H+eqGqQufw==", + "type": "package", + "path": "microsoft.codequality.analyzers/3.3.2", + "hasTools": true, + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "EULA.rtf", + "ThirdPartyNotices.rtf", + "analyzers/dotnet/cs/Humanizer.dll", + "analyzers/dotnet/cs/Microsoft.CodeQuality.Analyzers.dll", + "analyzers/dotnet/cs/Microsoft.CodeQuality.CSharp.Analyzers.dll", + "analyzers/dotnet/cs/cs/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/cs/de/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/cs/es/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/cs/fr/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/cs/it/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/cs/ja/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/cs/ko/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/cs/pl/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/cs/pt-BR/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/cs/ru/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/cs/tr/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/cs/zh-Hans/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/cs/zh-Hant/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/vb/Humanizer.dll", + "analyzers/dotnet/vb/Microsoft.CodeQuality.Analyzers.dll", + "analyzers/dotnet/vb/Microsoft.CodeQuality.VisualBasic.Analyzers.dll", + "analyzers/dotnet/vb/cs/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/vb/de/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/vb/es/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/vb/fr/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/vb/it/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/vb/ja/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/vb/ko/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/vb/pl/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/vb/pt-BR/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/vb/ru/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/vb/tr/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/vb/zh-Hans/Microsoft.CodeQuality.Analyzers.resources.dll", + "analyzers/dotnet/vb/zh-Hant/Microsoft.CodeQuality.Analyzers.resources.dll", + "build/DisableNETAnalyzersForNuGetPackage.props", + "build/Microsoft.CodeQuality.Analyzers.props", + "build/Microsoft.CodeQuality.Analyzers.targets", + "documentation/Analyzer Configuration.md", + "documentation/Microsoft.CodeQuality.Analyzers.md", + "documentation/Microsoft.CodeQuality.Analyzers.sarif", + "editorconfig/AllRulesDefault/.editorconfig", + "editorconfig/AllRulesDisabled/.editorconfig", + "editorconfig/AllRulesEnabled/.editorconfig", + "editorconfig/DataflowRulesDefault/.editorconfig", + "editorconfig/DataflowRulesEnabled/.editorconfig", + "editorconfig/DesignRulesDefault/.editorconfig", + "editorconfig/DesignRulesEnabled/.editorconfig", + "editorconfig/DocumentationRulesDefault/.editorconfig", + "editorconfig/DocumentationRulesEnabled/.editorconfig", + "editorconfig/MaintainabilityRulesDefault/.editorconfig", + "editorconfig/MaintainabilityRulesEnabled/.editorconfig", + "editorconfig/NamingRulesDefault/.editorconfig", + "editorconfig/NamingRulesEnabled/.editorconfig", + "editorconfig/PerformanceRulesDefault/.editorconfig", + "editorconfig/PerformanceRulesEnabled/.editorconfig", + "editorconfig/PortedFromFxCopRulesDefault/.editorconfig", + "editorconfig/PortedFromFxCopRulesEnabled/.editorconfig", + "editorconfig/ReliabilityRulesDefault/.editorconfig", + "editorconfig/ReliabilityRulesEnabled/.editorconfig", + "editorconfig/SecurityRulesDefault/.editorconfig", + "editorconfig/SecurityRulesEnabled/.editorconfig", + "editorconfig/UsageRulesDefault/.editorconfig", + "editorconfig/UsageRulesEnabled/.editorconfig", + "microsoft.codequality.analyzers.3.3.2.nupkg.sha512", + "microsoft.codequality.analyzers.nuspec", + "rulesets/AllRulesDefault.ruleset", + "rulesets/AllRulesDisabled.ruleset", + "rulesets/AllRulesEnabled.ruleset", + "rulesets/DataflowRulesDefault.ruleset", + "rulesets/DataflowRulesEnabled.ruleset", + "rulesets/DesignRulesDefault.ruleset", + "rulesets/DesignRulesEnabled.ruleset", + "rulesets/DocumentationRulesDefault.ruleset", + "rulesets/DocumentationRulesEnabled.ruleset", + "rulesets/MaintainabilityRulesDefault.ruleset", + "rulesets/MaintainabilityRulesEnabled.ruleset", + "rulesets/NamingRulesDefault.ruleset", + "rulesets/NamingRulesEnabled.ruleset", + "rulesets/PerformanceRulesDefault.ruleset", + "rulesets/PerformanceRulesEnabled.ruleset", + "rulesets/PortedFromFxCopRulesDefault.ruleset", + "rulesets/PortedFromFxCopRulesEnabled.ruleset", + "rulesets/ReliabilityRulesDefault.ruleset", + "rulesets/ReliabilityRulesEnabled.ruleset", + "rulesets/SecurityRulesDefault.ruleset", + "rulesets/SecurityRulesEnabled.ruleset", + "rulesets/UsageRulesDefault.ruleset", + "rulesets/UsageRulesEnabled.ruleset", + "tools/install.ps1", + "tools/uninstall.ps1" + ] + }, + "Microsoft.NetCore.Analyzers/3.3.2": { + "sha512": "L9lU2E9SaK8znn8ZkstOx8jjpYmsBTvt3xIW6btPM/Fi8m7zSK80itHV0p6f23q84uvyXS8ibECjP0Vra99zsQ==", + "type": "package", + "path": "microsoft.netcore.analyzers/3.3.2", + "hasTools": true, + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "EULA.rtf", + "ThirdPartyNotices.rtf", + "analyzers/dotnet/cs/Microsoft.NetCore.Analyzers.dll", + "analyzers/dotnet/cs/Microsoft.NetCore.CSharp.Analyzers.dll", + "analyzers/dotnet/cs/cs/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/cs/de/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/cs/es/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/cs/fr/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/cs/it/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/cs/ja/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/cs/ko/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/cs/pl/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/cs/pt-BR/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/cs/ru/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/cs/tr/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/cs/zh-Hans/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/cs/zh-Hant/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/vb/Microsoft.NetCore.Analyzers.dll", + "analyzers/dotnet/vb/Microsoft.NetCore.VisualBasic.Analyzers.dll", + "analyzers/dotnet/vb/cs/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/vb/de/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/vb/es/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/vb/fr/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/vb/it/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/vb/ja/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/vb/ko/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/vb/pl/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/vb/pt-BR/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/vb/ru/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/vb/tr/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/vb/zh-Hans/Microsoft.NetCore.Analyzers.resources.dll", + "analyzers/dotnet/vb/zh-Hant/Microsoft.NetCore.Analyzers.resources.dll", + "build/DisableNETAnalyzersForNuGetPackage.props", + "build/Microsoft.NetCore.Analyzers.props", + "build/Microsoft.NetCore.Analyzers.targets", + "documentation/Analyzer Configuration.md", + "documentation/Microsoft.NetCore.Analyzers.md", + "documentation/Microsoft.NetCore.Analyzers.sarif", + "editorconfig/AllRulesDefault/.editorconfig", + "editorconfig/AllRulesDisabled/.editorconfig", + "editorconfig/AllRulesEnabled/.editorconfig", + "editorconfig/DataflowRulesDefault/.editorconfig", + "editorconfig/DataflowRulesEnabled/.editorconfig", + "editorconfig/GlobalizationRulesDefault/.editorconfig", + "editorconfig/GlobalizationRulesEnabled/.editorconfig", + "editorconfig/InteroperabilityRulesDefault/.editorconfig", + "editorconfig/InteroperabilityRulesEnabled/.editorconfig", + "editorconfig/PerformanceRulesDefault/.editorconfig", + "editorconfig/PerformanceRulesEnabled/.editorconfig", + "editorconfig/PortedFromFxCopRulesDefault/.editorconfig", + "editorconfig/PortedFromFxCopRulesEnabled/.editorconfig", + "editorconfig/PublishRulesDefault/.editorconfig", + "editorconfig/PublishRulesEnabled/.editorconfig", + "editorconfig/ReliabilityRulesDefault/.editorconfig", + "editorconfig/ReliabilityRulesEnabled/.editorconfig", + "editorconfig/SecurityRulesDefault/.editorconfig", + "editorconfig/SecurityRulesEnabled/.editorconfig", + "editorconfig/UsageRulesDefault/.editorconfig", + "editorconfig/UsageRulesEnabled/.editorconfig", + "microsoft.netcore.analyzers.3.3.2.nupkg.sha512", + "microsoft.netcore.analyzers.nuspec", + "rulesets/AllRulesDefault.ruleset", + "rulesets/AllRulesDisabled.ruleset", + "rulesets/AllRulesEnabled.ruleset", + "rulesets/DataflowRulesDefault.ruleset", + "rulesets/DataflowRulesEnabled.ruleset", + "rulesets/GlobalizationRulesDefault.ruleset", + "rulesets/GlobalizationRulesEnabled.ruleset", + "rulesets/InteroperabilityRulesDefault.ruleset", + "rulesets/InteroperabilityRulesEnabled.ruleset", + "rulesets/PerformanceRulesDefault.ruleset", + "rulesets/PerformanceRulesEnabled.ruleset", + "rulesets/PortedFromFxCopRulesDefault.ruleset", + "rulesets/PortedFromFxCopRulesEnabled.ruleset", + "rulesets/PublishRulesDefault.ruleset", + "rulesets/PublishRulesEnabled.ruleset", + "rulesets/ReliabilityRulesDefault.ruleset", + "rulesets/ReliabilityRulesEnabled.ruleset", + "rulesets/SecurityRulesDefault.ruleset", + "rulesets/SecurityRulesEnabled.ruleset", + "rulesets/UsageRulesDefault.ruleset", + "rulesets/UsageRulesEnabled.ruleset", + "tools/install.ps1", + "tools/uninstall.ps1" + ] + }, + "Microsoft.NetFramework.Analyzers/3.3.2": { + "sha512": "NfmC8NoxrRtw2PSmqSu+kVTcsJuMhspxWKbVzrtPxw+O8hjpCPzD0IttCUJclDf36qkmScvvd1BgRHYE17zF9g==", + "type": "package", + "path": "microsoft.netframework.analyzers/3.3.2", + "hasTools": true, + "files": [ + ".nupkg.metadata", + ".signature.p7s", + "EULA.rtf", + "ThirdPartyNotices.rtf", + "analyzers/dotnet/cs/Microsoft.NetFramework.Analyzers.dll", + "analyzers/dotnet/cs/Microsoft.NetFramework.CSharp.Analyzers.dll", + "analyzers/dotnet/cs/cs/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/cs/de/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/cs/es/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/cs/fr/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/cs/it/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/cs/ja/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/cs/ko/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/cs/pl/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/cs/pt-BR/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/cs/ru/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/cs/tr/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/cs/zh-Hans/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/cs/zh-Hant/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/vb/Microsoft.NetFramework.Analyzers.dll", + "analyzers/dotnet/vb/Microsoft.NetFramework.VisualBasic.Analyzers.dll", + "analyzers/dotnet/vb/cs/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/vb/de/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/vb/es/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/vb/fr/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/vb/it/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/vb/ja/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/vb/ko/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/vb/pl/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/vb/pt-BR/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/vb/ru/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/vb/tr/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/vb/zh-Hans/Microsoft.NetFramework.Analyzers.resources.dll", + "analyzers/dotnet/vb/zh-Hant/Microsoft.NetFramework.Analyzers.resources.dll", + "build/DisableNETAnalyzersForNuGetPackage.props", + "build/Microsoft.NetFramework.Analyzers.props", + "build/Microsoft.NetFramework.Analyzers.targets", + "documentation/Analyzer Configuration.md", + "documentation/Microsoft.NetFramework.Analyzers.md", + "documentation/Microsoft.NetFramework.Analyzers.sarif", + "editorconfig/AllRulesDefault/.editorconfig", + "editorconfig/AllRulesDisabled/.editorconfig", + "editorconfig/AllRulesEnabled/.editorconfig", + "editorconfig/DataflowRulesDefault/.editorconfig", + "editorconfig/DataflowRulesEnabled/.editorconfig", + "editorconfig/DesignRulesDefault/.editorconfig", + "editorconfig/DesignRulesEnabled/.editorconfig", + "editorconfig/PortedFromFxCopRulesDefault/.editorconfig", + "editorconfig/PortedFromFxCopRulesEnabled/.editorconfig", + "editorconfig/ReliabilityRulesDefault/.editorconfig", + "editorconfig/ReliabilityRulesEnabled/.editorconfig", + "editorconfig/SecurityRulesDefault/.editorconfig", + "editorconfig/SecurityRulesEnabled/.editorconfig", + "microsoft.netframework.analyzers.3.3.2.nupkg.sha512", + "microsoft.netframework.analyzers.nuspec", + "rulesets/AllRulesDefault.ruleset", + "rulesets/AllRulesDisabled.ruleset", + "rulesets/AllRulesEnabled.ruleset", + "rulesets/DataflowRulesDefault.ruleset", + "rulesets/DataflowRulesEnabled.ruleset", + "rulesets/DesignRulesDefault.ruleset", + "rulesets/DesignRulesEnabled.ruleset", + "rulesets/PortedFromFxCopRulesDefault.ruleset", + "rulesets/PortedFromFxCopRulesEnabled.ruleset", + "rulesets/ReliabilityRulesDefault.ruleset", + "rulesets/ReliabilityRulesEnabled.ruleset", + "rulesets/SecurityRulesDefault.ruleset", + "rulesets/SecurityRulesEnabled.ruleset", + "tools/install.ps1", + "tools/uninstall.ps1" + ] + } + }, + "projectFileDependencyGroups": { + "net8.0": [ + "Microsoft.CodeAnalysis.FxCopAnalyzers >= 3.3.2" + ] + }, + "packageFolders": { + "C:\\Users\\mibau\\.nuget\\packages\\": {}, + "C:\\Program Files (x86)\\Microsoft Visual Studio\\Shared\\NuGetPackages": {} + }, + "project": { + "version": "1.0.0", + "restore": { + "projectUniqueName": "E:\\src\\CycloneDX-843\\ConsoleApp1\\ConsoleApp1\\ConsoleApp1.csproj", + "projectName": "ConsoleApp1", + "projectPath": "E:\\src\\CycloneDX-843\\ConsoleApp1\\ConsoleApp1\\ConsoleApp1.csproj", + "packagesPath": "C:\\Users\\mibau\\.nuget\\packages\\", + "outputPath": "E:\\src\\CycloneDX-843\\ConsoleApp1\\ConsoleApp1\\obj\\", + "projectStyle": "PackageReference", + "fallbackFolders": [ + "C:\\Program Files (x86)\\Microsoft Visual Studio\\Shared\\NuGetPackages" + ], + "configFilePaths": [ + "C:\\Users\\mibau\\AppData\\Roaming\\NuGet\\NuGet.Config", + "C:\\Program Files (x86)\\NuGet\\Config\\Microsoft.VisualStudio.FallbackLocation.config", + "C:\\Program Files (x86)\\NuGet\\Config\\Microsoft.VisualStudio.Offline.config" + ], + "originalTargetFrameworks": [ + "net8.0" + ], + "sources": { + "C:\\Program Files\\dotnet\\library-packs": {}, + "https://api.nuget.org/v3/index.json": {} + }, + "frameworks": { + "net8.0": { + "targetAlias": "net8.0", + "projectReferences": {} + } + }, + "warningProperties": { + "warnAsError": [ + "NU1605" + ] + } + }, + "frameworks": { + "net8.0": { + "targetAlias": "net8.0", + "dependencies": { + "Microsoft.CodeAnalysis.FxCopAnalyzers": { + "include": "Runtime, Build, Native, ContentFiles, Analyzers, BuildTransitive", + "suppressParent": "All", + "target": "Package", + "version": "[3.3.2, )" + } + }, + "imports": [ + "net461", + "net462", + "net47", + "net471", + "net472", + "net48", + "net481" + ], + "assetTargetFallback": true, + "warn": true, + "frameworkReferences": { + "Microsoft.NETCore.App": { + "privateAssets": "all" + } + }, + "runtimeIdentifierGraphPath": "C:\\Program Files\\dotnet\\sdk\\8.0.101/PortableRuntimeIdentifierGraph.json" + } + } + } +} diff --git a/CycloneDX.Tests/FunctionalTests/ExcludeTransitiveDevDependency/ExcludeDevDependencyNested.cs b/CycloneDX.Tests/FunctionalTests/ExcludeTransitiveDevDependency/ExcludeDevDependencyNested.cs new file mode 100644 index 00000000..cdfec852 --- /dev/null +++ b/CycloneDX.Tests/FunctionalTests/ExcludeTransitiveDevDependency/ExcludeDevDependencyNested.cs @@ -0,0 +1,59 @@ +using System; +using System.Collections.Generic; +using System.IO; +using System.IO.Abstractions.TestingHelpers; +using System.Linq; +using System.Linq.Expressions; +using System.Text; +using System.Threading.Tasks; +using CycloneDX.Models; +using Xunit; + +namespace CycloneDX.Tests.FunctionalTests +{ + public class ExcludeTransitiveDevDependency + { + + [Fact] + public async Task DevDependenciesNormalyGoIntoTheBom() + { + var assetsJson = File.ReadAllText(Path.Combine("FunctionalTests", "ExcludeTransitiveDevDependency", "AssetsFile.json")); + var options = new RunOptions + { + }; + + + + var bom = await FunctionalTestHelper.Test(assetsJson, options); + + Assert.Contains(bom.Components, c => string.Compare(c.Name, "Microsoft.CodeAnalysis.FxCopAnalyzers", true) == 0 && c.Version == "3.3.2"); + Assert.Contains(bom.Components, c => string.Compare(c.Name, "Microsoft.CodeQuality.Analyzers", true) == 0 && c.Version == "3.3.2"); + Assert.True(bom.Components.First(c => c.Name == "Microsoft.CodeAnalysis.FxCopAnalyzers").Scope == Component.ComponentScope.Excluded, "Scope of development dependency is not excluded."); + Assert.True(bom.Components.First(c => c.Name == "Microsoft.CodeQuality.Analyzers").Scope == Component.ComponentScope.Excluded, "Scope of development dependency is not excluded."); + FunctionalTestHelper.AssertHasDependencyWithChild(bom, "Project@0.0.0", "pkg:nuget/Microsoft.CodeAnalysis.FxCopAnalyzers@3.3.2", "expected dependency not found"); + FunctionalTestHelper.AssertHasDependencyWithChild(bom, "pkg:nuget/Microsoft.CodeAnalysis.FxCopAnalyzers@3.3.2", "pkg:nuget/Microsoft.CodeQuality.Analyzers@3.3.2", "expected dependency not found"); + + + + + } + + [Fact] + public async Task DevDependenciesAreExcludedWithExcludeDevDependencies() + { + var assetsJson = File.ReadAllText(Path.Combine("FunctionalTests", "ExcludeTransitiveDevDependency", "AssetsFile.json")); + var options = new RunOptions + { + excludeDev = true + }; + + + var bom = await FunctionalTestHelper.Test(assetsJson, options); + + Assert.True(bom.Components.Count == 0); + Assert.True(bom.Dependencies.Count == 1); // only the meta component + + + } + } +} diff --git a/CycloneDX/Services/PackagesFileService.cs b/CycloneDX/Services/PackagesFileService.cs index fe528602..f6eb8175 100644 --- a/CycloneDX/Services/PackagesFileService.cs +++ b/CycloneDX/Services/PackagesFileService.cs @@ -67,6 +67,10 @@ public async Task> GetDotnetDependencysAsync(string pa Scope = Component.ComponentScope.Required }; await Console.Out.WriteLineAsync($"\tFound Package:{newPackage.Name}"); + if(newPackage.IsDevDependency) + { + newPackage.Scope = Component.ComponentScope.Excluded; + } packages.Add(newPackage); } } diff --git a/CycloneDX/Services/ProjectAssetsFileService.cs b/CycloneDX/Services/ProjectAssetsFileService.cs index 9748cab7..8384f47e 100644 --- a/CycloneDX/Services/ProjectAssetsFileService.cs +++ b/CycloneDX/Services/ProjectAssetsFileService.cs @@ -83,7 +83,7 @@ public HashSet GetDotnetDependencys(string projectFilePath, st }; // is this a test project dependency or only a development dependency - if ( isTestProject) + if ( isTestProject || package.IsDevDependency ) { package.Scope = Component.ComponentScope.Excluded; }