Added author detection for Npm and Nuget Component #51
Conversation
|
👋 Hi! It looks like you modified some files in the
If none of the above scenarios apply, feel free to ignore this comment 🙂 |
RushabhBhansali
changed the title
| // for e.g. "author": "John Doe <johnDoe@outlook.com> (https://jd.com)" | ||
| else | ||
| { | ||
| bool isEmailPresent = authorString.Contains("<"); |
There was a problem hiding this comment.
I would be wary of such a simple validation here. Expecting the data to be well formed may not always be accurate and trying to exact match may lead to unexpected errors getting thrown.
There was a problem hiding this comment.
introduced JSON and regex-based verification of author.
|
|
||
| string name = metadataNode["id"].InnerText; | ||
| string version = metadataNode["version"].InnerText; | ||
| string[] authors = metadataNode["authors"]?.InnerText.Split(",").Select(email => email.Trim()).ToArray(); |
There was a problem hiding this comment.
nit: not an email form your .Select
| } | ||
|
|
||
| var detectedComponent = new DetectedComponent(new NpmComponent(name, version)); | ||
| var npmComponent = new NpmComponent(name, version); |
There was a problem hiding this comment.
Can you update the class to have a constructor that takes in an optional NpmAuthor parameter? Having to create it and then do .Author on the next line seems unnecessary.
There was a problem hiding this comment.
Alternatively, for an optional parameter, something like
var npmComponent = new NpmComponent(name, version)
{
Author = GetAuthor(authorToken, name, filePath),
};But it's a style choice between those two options
There was a problem hiding this comment.
going with Coby's recommendation of introducing optional parameter in constructors, since I see that being used elsewhere in the code base.
| return ("package.json", packageJsonTemplate, Path.Combine(Path.GetTempPath(), "package.json")); | ||
| } | ||
|
|
||
| public static (string, string, string) GetPackageJsonNoDependenciesForNameAndVersion(string packageName, string packageVersion) |
There was a problem hiding this comment.
General testing comment: try to introduce some cases with malformed data that shouldn't exist, but we should cover this scenario without throwing exceptions up the stack
There was a problem hiding this comment.
added test for malformed values.
src/Microsoft.ComponentDetection.Detectors/npm/NpmComponentDetector.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.ComponentDetection.Detectors/npm/NpmComponentDetector.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.ComponentDetection.Detectors/npm/NpmComponentDetector.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.ComponentDetection.Detectors/npm/NpmComponentDetector.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.ComponentDetection.Detectors/npm/NpmComponentDetector.cs
Outdated
Show resolved
Hide resolved
src/Microsoft.ComponentDetection.Detectors/nuget/NuGetComponentDetector.cs
Show resolved
Hide resolved
src/Microsoft.ComponentDetection.Detectors/npm/NpmComponentDetector.cs
Outdated
Show resolved
Hide resolved
JamieMagee
added
detector:npm
RushabhBhansali
force-pushed
the
users/rbhansali/provenance-npmComponent
branch
from
91fd379 to
ab4b156
Compare
Added author detection for npmComponents and NugetComponents
RushabhBhansali
force-pushed
the
users/rbhansali/provenance-npmComponent
branch
from
ab4b156 to
8f68abf
Compare
| } else if (authorMatch.Success) | ||
| { |
There was a problem hiding this comment.
| } else if (authorMatch.Success) | |
| { | |
| } | |
| else if (authorMatch.Success) | |
| { |
| } else | ||
| { |
There was a problem hiding this comment.
| } else | |
| { | |
| } | |
| else | |
| { |
| authorEmail = authorMatch.Groups["email"].ToString().Trim(); | ||
| } else | ||
| { | ||
| Logger.LogWarning("Unable to parse author:[{authorString}] for package:[{packageName}] found at path:[{filePath}]. This may indicate an invalid npm package author, and author will not be registered."); |
There was a problem hiding this comment.
This needs $ to make sure the strings are interpolated.
| Logger.LogWarning("Unable to parse author:[{authorString}] for package:[{packageName}] found at path:[{filePath}]. This may indicate an invalid npm package author, and author will not be registered."); | |
| Logger.LogWarning($"Unable to parse author:[{authorString}] for package:[{packageName}] found at path:[{filePath}]. This may indicate an invalid npm package author, and author will not be registered."); |
|
|
||
| if (string.IsNullOrEmpty(authorName)) | ||
| { | ||
| Logger.LogWarning("Unable to parse author:[{authorString}] for package:[{packageName}] found at path:[{filePath}]. This may indicate an invalid npm package author, and author will not be registered."); |
There was a problem hiding this comment.
Same here
| Logger.LogWarning("Unable to parse author:[{authorString}] for package:[{packageName}] found at path:[{filePath}]. This may indicate an invalid npm package author, and author will not be registered."); | |
| Logger.LogWarning($"Unable to parse author:[{authorString}] for package:[{packageName}] found at path:[{filePath}]. This may indicate an invalid npm package author, and author will not be registered."); |
JamieMagee
left a comment
JamieMagee
left a comment
There was a problem hiding this comment.
Couple of small comments. Fixes provided inline. Approving so as not to block.
Added author Detection for NpmComponents and NugetComponent
Executive Order requirements 4. e.x. and 4.e.vi. require provenance (origination) information of both open-source software and software code and components.
This change enables component detection to extract author information for NPM packages from
package.jsonfiles and for Nuget Component from.nuspecfile.