Adding discrepency log.

blackducksoftware · Nov 16, 2017 · c14676a · c14676a
1 parent 6763c0e
commit c14676a
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/...ovy/com/blackducksoftware/integration/hub/detect/bomtool/packagist/PackagistParser.groovy b/...ovy/com/blackducksoftware/integration/hub/detect/bomtool/packagist/PackagistParser.groovy
@@ -22,6 +22,8 @@
  */
 package com.blackducksoftware.integration.hub.detect.bomtool.packagist
 
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.stereotype.Component
 
@@ -42,6 +44,7 @@ import groovy.transform.TypeChecked
 @Component
 @TypeChecked
 class PackagistParser {
+    private final Logger logger = LoggerFactory.getLogger(PackagistParser.class)
 
     @Autowired
     ExternalIdFactory externalIdFactory
@@ -60,6 +63,20 @@ class PackagistParser {
         List<PackagistDependency> packagistPackages = parsePackages(packagesJson, includeDev)
         addToGraph(graph, null, projectPackages, packagistPackages, true)
 
+        List<String> allLockPackageNames = packagistPackages.collect { it.name }
+        projectPackages.each {
+            if (!allLockPackageNames.contains(it)){
+                logger.warn("A discrepency exists between the composer.json and the composer.lock - the package '${it}' was in the json but not the lock.");
+            }
+        }
+        packagistPackages.each {
+            Dependency dependency = convertToDependency(it);
+            if (!graph.hasDependency(dependency)){
+                logger.warn("A discrepency exists between the composer.json and the composer.lock - the package '${it.name}' was in the lock but was not included in the json dependency tree.");
+            }
+        }
+
+
         ExternalId projectExternalId;
         if (projectName == null || projectVersion == null){
             projectExternalId = externalIdFactory.createPathExternalId(Forge.PACKAGIST, sourcePath);