only report dependencies from project files that have a target framework

dependabot · Mar 26, 2024 · 171d06c · 171d06c
1 parent 5d769a9
commit 171d06c
Show file tree

Hide file tree

Showing 3 changed files with 256 additions and 228 deletions.
diff --git a/nuget/lib/dependabot/nuget/file_parser.rb b/nuget/lib/dependabot/nuget/file_parser.rb
@@ -63,9 +63,18 @@ def parse
       def project_file_dependencies
         dependency_set = DependencySet.new
 
-        (project_files + project_import_files).each do |file|
-          parser = project_file_parser
-          dependency_set += parser.dependency_set(project_file: file)
+        project_files.each do |project_file|
+          tfms = project_file_parser.target_frameworks(project_file: project_file)
+          unless tfms.any?
+            Dependabot.logger.warn "Excluding project file '#{project_file.name}' due to unresolvable target framework"
+            next
+          end
+
+          dependency_set += project_file_parser.dependency_set(project_file: project_file)
+        end
+
+        proj_files.each do |proj_file|
+          dependency_set += project_file_parser.dependency_set(project_file: proj_file)
         end
 
         dependency_set
@@ -109,14 +118,21 @@ def project_file_parser
         )
       end
 
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def proj_files
+        projfile = /\.proj$/
+
+        dependency_files.select do |df|
+          df.name.match?(projfile)
+        end
+      end
+
       sig { returns(T::Array[Dependabot::DependencyFile]) }
       def project_files
-        projfile = /\.([a-z]{2})?proj$/
-        packageprops = /[Dd]irectory.[Pp]ackages.props/
+        projectfile = /\.(cs|vb|fs)proj$/
 
         dependency_files.select do |df|
-          df.name.match?(projfile) ||
-            df.name.match?(packageprops)
+          df.name.match?(projectfile)
         end
       end
 
@@ -144,19 +160,24 @@ def nuget_configs
 
       sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def global_json
-        dependency_files.find { |f| f.name.casecmp("global.json")&.zero? }
+        dependency_files.find { |f| f.name.casecmp?("global.json") }
       end
 
       sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def dotnet_tools_json
-        dependency_files.find { |f| f.name.casecmp(".config/dotnet-tools.json")&.zero? }
+        dependency_files.find { |f| f.name.casecmp?(".config/dotnet-tools.json") }
       end
 
       sig { override.void }
       def check_required_files
-        return if project_files.any? || packages_config_files.any?
+        if project_files.any? || proj_files.any? || packages_config_files.any? || global_json || dotnet_tools_json
+          return
+        end
 
-        raise "No project file or packages.config!"
+        raise Dependabot::DependencyFileNotFound.new(
+          "*.(cs|vb|fs)proj, *.proj, packages.config, global.json, dotnet-tools.json",
+          "No project file, *.proj, packages.config, global.json, or dotnet-tools.json!"
+        )
       end
     end
   end