diff --git a/src/Microsoft.ComponentDetection.Detectors/nuget/NuGetComponentDetector.cs b/src/Microsoft.ComponentDetection.Detectors/nuget/NuGetComponentDetector.cs index d93dc9911..7c654b4f9 100644 --- a/src/Microsoft.ComponentDetection.Detectors/nuget/NuGetComponentDetector.cs +++ b/src/Microsoft.ComponentDetection.Detectors/nuget/NuGetComponentDetector.cs @@ -31,11 +31,13 @@ public class NuGetComponentDetector : FileComponentDetector private readonly IList repositoryPathKeyNames = new List { "repositorypath", "globalpackagesfolder" }; + private static readonly IEnumerable LowConfidencePackages = new[] { "Newtonsoft.Json" }; + protected override async Task OnFileFound(ProcessRequest processRequest, IDictionary detectorArgs) { var stream = processRequest.ComponentStream; bool ignoreNugetConfig = detectorArgs.TryGetValue("NuGet.IncludeRepositoryPaths", out string includeRepositoryPathsValue) && includeRepositoryPathsValue.Equals(bool.FalseString, StringComparison.OrdinalIgnoreCase); - + if (NugetConfigFileName.Equals(stream.Pattern, StringComparison.OrdinalIgnoreCase)) { await ProcessAdditionalDirectory(processRequest, ignoreNugetConfig); @@ -50,7 +52,7 @@ private async Task ProcessAdditionalDirectory(ProcessRequest processRequest, boo { var singleFileComponentRecorder = processRequest.SingleFileComponentRecorder; var stream = processRequest.ComponentStream; - + if (!ignoreNugetConfig) { var additionalPaths = GetRepositoryPathsFromNugetConfig(stream); @@ -106,7 +108,7 @@ private async Task ProcessFile(ProcessRequest processRequest) string name = metadataNode["id"].InnerText; string version = metadataNode["version"].InnerText; - string[] authors = metadataNode["authors"]?.InnerText.Split(",").Select(author => author.Trim()).ToArray(); + string[] authors = metadataNode["authors"]?.InnerText.Split(",").Select(author => author.Trim()).ToArray(); if (!NuGetVersion.TryParse(version, out NuGetVersion parsedVer)) { @@ -116,7 +118,10 @@ private async Task ProcessFile(ProcessRequest processRequest) } NuGetComponent component = new NuGetComponent(name, version, authors); - singleFileComponentRecorder.RegisterUsage(new DetectedComponent(component)); + if (!LowConfidencePackages.Contains(name, StringComparer.OrdinalIgnoreCase)) + { + singleFileComponentRecorder.RegisterUsage(new DetectedComponent(component)); + } } catch (Exception e) { diff --git a/test/Microsoft.ComponentDetection.Detectors.Tests/NuGetComponentDetectorTests.cs b/test/Microsoft.ComponentDetection.Detectors.Tests/NuGetComponentDetectorTests.cs index a88b0238f..79a962b03 100644 --- a/test/Microsoft.ComponentDetection.Detectors.Tests/NuGetComponentDetectorTests.cs +++ b/test/Microsoft.ComponentDetection.Detectors.Tests/NuGetComponentDetectorTests.cs @@ -15,6 +15,8 @@ namespace Microsoft.ComponentDetection.Detectors.Tests { + using FluentAssertions; + [TestClass] [TestCategory("Governance/All")] [TestCategory("Governance/ComponentDetection")] @@ -207,6 +209,20 @@ public async Task TestNugetDetector_AdditionalDirectories() Assert.AreEqual(1, componentRecorder.GetDetectedComponents().Count()); } + [TestMethod] + public async Task TestNugetDetector_LowConfidencePackages() + { + var nupkg = await NugetTestUtilities.ZipNupkgComponent("Newtonsoft.Json.nupkg", NugetTestUtilities.GetValidNuspec("Newtonsoft.Json", "9.0.1", new []{ "JamesNK"})); + + var (scanResult, componentRecorder) = await this.detectorTestUtility + .WithFile("Newtonsoft.Json.nupkg", nupkg) + .ExecuteDetector(); + + scanResult.ResultCode.Should().Be(ProcessingResultCode.Success); + componentRecorder.GetDetectedComponents().Should().BeEmpty() + .And.HaveCount(0); + } + private string CreateTemporaryDirectory() { string path;