Address feedback

ericstj · ericstj · commit a62326844cc2 · 2025-03-03T14:16:15.000-08:00
diff --git a/src/Microsoft.ComponentDetection.Contracts/TypedComponent/DotNetComponent.cs b/src/Microsoft.ComponentDetection.Contracts/TypedComponent/DotNetComponent.cs
@@ -1,10 +1,6 @@
 namespace Microsoft.ComponentDetection.Contracts.TypedComponent;
 
-using System.Text;
-
-#nullable enable
-
-using PackageUrl;
+using System;
 
 public class DotNetComponent : TypedComponent
 {
@@ -13,52 +9,37 @@ private DotNetComponent()
         /* Reserved for deserialization */
     }
 
-    public DotNetComponent(string? sdkVersion, string? targetFramework = null, string? projectType = null)
+    public DotNetComponent(string sdkVersion, string targetFramework = null, string projectType = null)
     {
-        this.SdkVersion = sdkVersion;
-        this.TargetFramework = targetFramework;
-        this.ProjectType = projectType;  // application, library, or null
+        if (string.IsNullOrWhiteSpace(sdkVersion) && string.IsNullOrWhiteSpace(targetFramework))
+        {
+            throw new ArgumentNullException(nameof(sdkVersion), $"Either {nameof(sdkVersion)} or {nameof(targetFramework)} of component type {nameof(DotNetComponent)} must be specified.");
+        }
+
+        this.SdkVersion = string.IsNullOrWhiteSpace(sdkVersion) ? "unknown" : sdkVersion;
+        this.TargetFramework = string.IsNullOrWhiteSpace(targetFramework) ? "unknown" : targetFramework;
+        this.ProjectType = string.IsNullOrWhiteSpace(projectType) ? "unknown" : projectType;
     }
 
     /// <summary>
     /// SDK Version detected, could be null if no global.json exists and no dotnet is on the path.
     /// </summary>
-    public string? SdkVersion { get; set; }
+    public string SdkVersion { get; set; }
 
     /// <summary>
     /// Target framework for this instance.  Null in the case of global.json.
     /// </summary>
-    public string? TargetFramework { get; set; }
+    public string TargetFramework { get; set; }
 
     /// <summary>
     /// Project type: application, library.  Null in the case of global.json or if no project output could be discovered.
     /// </summary>
-    public string? ProjectType { get; set; }
+    public string ProjectType { get; set; }
 
     public override ComponentType Type => ComponentType.DotNet;
 
     /// <summary>
-    /// Provides an id like `dotnet {SdkVersion} - {TargetFramework} - {ProjectType}` where targetFramework and projectType are only present if not null.
+    /// Provides an id like `{SdkVersion} - {TargetFramework} - {ProjectType} - dotnet` where unspecified values are represented as 'unknown'.
     /// </summary>
-    public override string Id
-    {
-        get
-        {
-            var builder = new StringBuilder($"dotnet {this.SdkVersion ?? "unknown"}");
-            if (this.TargetFramework is not null)
-            {
-                builder.Append($" - {this.TargetFramework}");
-
-                if (this.ProjectType is not null)
-                {
-                    builder.Append($" - {this.ProjectType}");
-                }
-            }
-
-            return builder.ToString();
-        }
-    }
-
-    // TODO - do we need to add a type to prul https://github.com/package-url/purl-spec/blob/main/PURL-TYPES.rst
-    public override PackageURL PackageUrl => new PackageURL("generic", null, "dotnet-sdk", this.SdkVersion ?? "unknown", null, null);
+    public override string Id => $"{this.SdkVersion} {this.TargetFramework} {this.ProjectType} - {this.Type}";
 }
diff --git a/src/Microsoft.ComponentDetection.Detectors/dotnet/DotNetComponentDetector.cs b/src/Microsoft.ComponentDetection.Detectors/dotnet/DotNetComponentDetector.cs
@@ -2,6 +2,7 @@ namespace Microsoft.ComponentDetection.Detectors.DotNet;
 
 #nullable enable
 using System;
+using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
@@ -23,7 +24,7 @@ public class DotNetComponentDetector : FileComponentDetector, IExperimentalDetec
     private readonly IFileUtilityService fileUtilityService;
     private readonly IPathUtilityService pathUtilityService;
     private readonly LockFileFormat lockFileFormat = new();
-    private readonly Dictionary<string, string?> sdkVersionCache = [];
+    private readonly ConcurrentDictionary<string, string?> sdkVersionCache = [];
     private string? sourceDirectory;
     private string? sourceFileRootDirectory;
 
@@ -60,7 +61,15 @@ public DotNetComponentDetector(
         var workingDirectory = new DirectoryInfo(workingDirectoryPath);
 
         var process = await this.commandLineInvocationService.ExecuteCommandAsync("dotnet", ["dotnet.exe"], workingDirectory, cancellationToken, "--version").ConfigureAwait(false);
-        return process.ExitCode == 0 ? process.StdOut.Trim() : null;
+
+        if (process.ExitCode != 0)
+        {
+            // debug only - it could be that dotnet is not actually on the path and specified directly by the build scripts.
+            this.Logger.LogDebug("Failed to invoke 'dotnet --version'. Return: {Return} StdErr: {StdErr} StdOut: {StdOut}.", process.ExitCode, process.StdErr, process.StdOut);
+            return null;
+        }
+
+        return process.StdOut.Trim();
     }
 
     public override Task<IndividualDetectorScanResult> ExecuteDetectorAsync(ScanRequest request, CancellationToken cancellationToken = default)
@@ -76,11 +85,24 @@ protected override async Task OnFileFoundAsync(ProcessRequest processRequest, ID
         var lockFile = this.lockFileFormat.Read(processRequest.ComponentStream.Stream, processRequest.ComponentStream.Location);
 
         var projectPath = lockFile.PackageSpec.RestoreMetadata.ProjectPath;
+
+        if (!this.fileUtilityService.Exists(projectPath))
+        {
+            // Could be the assets file was not actually from this build
+            this.Logger.LogWarning("Project path {ProjectPath} specified by {ProjectAssetsPath} does not exist.", projectPath, processRequest.ComponentStream.Location);
+        }
+
         var projectDirectory = this.pathUtilityService.GetParentDirectory(projectPath);
         var sdkVersion = await this.GetSdkVersionAsync(projectDirectory, cancellationToken);
 
         var projectName = lockFile.PackageSpec.RestoreMetadata.ProjectName;
         var projectOutputPath = lockFile.PackageSpec.RestoreMetadata.OutputPath;
+
+        if (!this.directoryUtilityService.Exists(projectOutputPath))
+        {
+            this.Logger.LogWarning("Project output path {ProjectOutputPath} specified by {ProjectAssetsPath} does not exist.", projectOutputPath, processRequest.ComponentStream.Location);
+        }
+
         var targetType = this.GetProjectType(projectOutputPath, projectName, cancellationToken);
 
         var componentReporter = this.ComponentRecorder.CreateSingleFileComponentRecorder(projectPath);
@@ -126,8 +148,9 @@ private bool IsApplication(string assemblyPath)
             // despite the name `IsExe` this is actually based of the CoffHeader Characteristics
             return peReader.PEHeaders.IsExe;
         }
-        catch (Exception)
+        catch (Exception e)
         {
+            this.Logger.LogWarning("Failed to open output assembly {AssemblyPath} error {Message}.", assemblyPath, e.Message);
             return false;
         }
     }
@@ -140,6 +163,12 @@ private bool IsApplication(string assemblyPath)
     /// <returns>Sdk version found, or null if no version can be detected.</returns>
     private async Task<string?> GetSdkVersionAsync(string projectDirectory, CancellationToken cancellationToken)
     {
+        if (string.IsNullOrWhiteSpace(projectDirectory))
+        {
+            // not expected
+            return null;
+        }
+
         // normalize since we need to use as a key
         projectDirectory = this.pathUtilityService.NormalizePath(projectDirectory);
         if (this.sdkVersionCache.TryGetValue(projectDirectory, out var sdkVersion))
@@ -152,17 +181,23 @@ private bool IsApplication(string assemblyPath)
 
         if (this.fileUtilityService.Exists(globalJsonPath))
         {
-            var globalJson = await JsonDocument.ParseAsync(this.fileUtilityService.MakeFileStream(globalJsonPath), cancellationToken: cancellationToken);
-            if (globalJson.RootElement.TryGetProperty("sdk", out var sdk))
+            sdkVersion = await this.RunDotNetVersionAsync(projectDirectory, cancellationToken);
+
+            if (string.IsNullOrWhiteSpace(sdkVersion))
             {
-                if (sdk.TryGetProperty("version", out var version))
+                var globalJson = await JsonDocument.ParseAsync(this.fileUtilityService.MakeFileStream(globalJsonPath), cancellationToken: cancellationToken);
+                if (globalJson.RootElement.TryGetProperty("sdk", out var sdk))
                 {
-                    sdkVersion = version.GetString();
-                    var globalJsonComponent = new DetectedComponent(new DotNetComponent(sdkVersion));
-                    var recorder = this.ComponentRecorder.CreateSingleFileComponentRecorder(globalJsonPath);
-                    recorder.RegisterUsage(globalJsonComponent, isExplicitReferencedDependency: true);
+                    if (sdk.TryGetProperty("version", out var version))
+                    {
+                        sdkVersion = version.GetString();
+                    }
                 }
             }
+
+            var globalJsonComponent = new DetectedComponent(new DotNetComponent(sdkVersion));
+            var recorder = this.ComponentRecorder.CreateSingleFileComponentRecorder(globalJsonPath);
+            recorder.RegisterUsage(globalJsonComponent, isExplicitReferencedDependency: true);
         }
         else if (projectDirectory.Equals(this.sourceDirectory, StringComparison.OrdinalIgnoreCase) ||
                  projectDirectory.Equals(this.sourceFileRootDirectory, StringComparison.OrdinalIgnoreCase) ||
diff --git a/test/Microsoft.ComponentDetection.Detectors.Tests/DotNetComponentDetectorTests.cs b/test/Microsoft.ComponentDetection.Detectors.Tests/DotNetComponentDetectorTests.cs
@@ -1,5 +1,6 @@
 namespace Microsoft.ComponentDetection.Detectors.Tests;
 
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
@@ -43,6 +44,8 @@ public class DotNetComponentDetectorTests : BaseDetectorTest<DotNetComponentDete
     // uses GetParentDirectory, NormalizePath
     private readonly Mock<IPathUtilityService> mockPathUtilityService = new();
 
+    private Func<string, DirectoryInfo, CommandLineExecutionResult> commandLineCallback;
+
     /// <summary>
     /// Initializes a new instance of the <see cref="DotNetComponentDetectorTests"/> class.
     /// </summary>
@@ -64,7 +67,8 @@ public DotNetComponentDetectorTests()
         this.mockPathUtilityService.Setup(x => x.NormalizePath(It.IsAny<string>())).Returns((string p) => p);  // don't do normalization
         this.mockPathUtilityService.Setup(x => x.GetParentDirectory(It.IsAny<string>())).Returns((string p) => Path.GetDirectoryName(p));
 
-        this.mockCommandLineInvocationService.Setup(x => x.ExecuteCommandAsync(It.IsAny<string>(), It.IsAny<IEnumerable<string>>(), It.IsAny<DirectoryInfo>(), It.IsAny<CancellationToken>(), It.IsAny<string[]>())).Returns(Task.FromResult(this.commandLineExecutionResult));
+        this.mockCommandLineInvocationService.Setup(x => x.ExecuteCommandAsync(It.IsAny<string>(), It.IsAny<IEnumerable<string>>(), It.IsAny<DirectoryInfo>(), It.IsAny<CancellationToken>(), It.IsAny<string[]>()))
+            .Returns((string c, IEnumerable<string> ac, DirectoryInfo d, CancellationToken ct, string[] args) => Task.FromResult(this.CommandResult(c, d)));
     }
 
     private bool FileExists(string path)
@@ -147,11 +151,20 @@ private void AddDirectory(string path, string subDirectory = null)
 
     private void SetCommandResult(int exitCode, string stdOut = null, string stdErr = null)
     {
+        this.commandLineCallback = null;
         this.commandLineExecutionResult.ExitCode = exitCode;
         this.commandLineExecutionResult.StdOut = stdOut;
         this.commandLineExecutionResult.StdErr = stdErr;
     }
 
+    private void SetCommandResult(Func<string, DirectoryInfo, CommandLineExecutionResult> callback)
+    {
+        this.commandLineCallback = callback;
+    }
+
+    private CommandLineExecutionResult CommandResult(string command, DirectoryInfo directory) =>
+        (this.commandLineCallback != null) ? this.commandLineCallback(command, directory) : this.commandLineExecutionResult;
+
     [TestCleanup]
     public void ClearMocks()
     {
@@ -214,6 +227,31 @@ public async Task TestDotNetDetectorGlobalJson_ReturnsSDKVersion()
         var globalJson = GlobalJson("42.0.800");
         this.AddFile(projectPath, null);
         this.AddFile(Path.Combine(RootDir, "path", "global.json"), globalJson);
+        this.SetCommandResult(-1);
+
+        var (scanResult, componentRecorder) = await this.DetectorTestUtility
+            .WithFile("project.assets.json", projectAssets)
+            .ExecuteDetectorAsync();
+
+        scanResult.ResultCode.Should().Be(ProcessingResultCode.Success);
+
+        var detectedComponents = componentRecorder.GetDetectedComponents();
+        detectedComponents.Should().HaveCount(2);
+
+        var discoveredComponents = detectedComponents.ToArray();
+        discoveredComponents.Where(component => component.Component.Id == "42.0.800 unknown unknown - DotNet").Should().ContainSingle();
+        discoveredComponents.Where(component => component.Component.Id == "42.0.800 net8.0 unknown - DotNet").Should().ContainSingle();
+    }
+
+    [TestMethod]
+    public async Task TestDotNetDetectorGlobalJsonRollForward_ReturnsSDKVersion()
+    {
+        var projectPath = Path.Combine(RootDir, "path", "to", "project");
+        var projectAssets = ProjectAssets("projectName", "does-not-exist", projectPath, "net8.0");
+        var globalJson = GlobalJson("8.0.100");
+        this.AddFile(projectPath, null);
+        this.AddFile(Path.Combine(RootDir, "path", "global.json"), globalJson);
+        this.SetCommandResult(0, "8.0.808");
 
         var (scanResult, componentRecorder) = await this.DetectorTestUtility
             .WithFile("project.assets.json", projectAssets)
@@ -225,8 +263,8 @@ public async Task TestDotNetDetectorGlobalJson_ReturnsSDKVersion()
         detectedComponents.Should().HaveCount(2);
 
         var discoveredComponents = detectedComponents.ToArray();
-        discoveredComponents.Where(component => component.Component.Id == "dotnet 42.0.800").Should().ContainSingle();
-        discoveredComponents.Where(component => component.Component.Id == "dotnet 42.0.800 - net8.0").Should().ContainSingle();
+        discoveredComponents.Where(component => component.Component.Id == "8.0.808 unknown unknown - DotNet").Should().ContainSingle();
+        discoveredComponents.Where(component => component.Component.Id == "8.0.808 net8.0 unknown - DotNet").Should().ContainSingle();
     }
 
     [TestMethod]
@@ -247,7 +285,7 @@ public async Task TestDotNetDetectorNoGlobalJson_ReturnsDotNetVersion()
         detectedComponents.Should().ContainSingle();
 
         var discoveredComponents = detectedComponents.ToArray();
-        discoveredComponents.Where(component => component.Component.Id == "dotnet 86.75.309 - net8.0").Should().ContainSingle();
+        discoveredComponents.Where(component => component.Component.Id == "86.75.309 net8.0 unknown - DotNet").Should().ContainSingle();
     }
 
     [TestMethod]
@@ -268,7 +306,7 @@ public async Task TestDotNetDetectorNoGlobalJsonNoDotnet_ReturnsUnknownVersion()
         detectedComponents.Should().ContainSingle();
 
         var discoveredComponents = detectedComponents.ToArray();
-        discoveredComponents.Where(component => component.Component.Id == "dotnet unknown - net8.0").Should().ContainSingle();
+        discoveredComponents.Where(component => component.Component.Id == "unknown net8.0 unknown - DotNet").Should().ContainSingle();
     }
 
     [TestMethod]
@@ -289,20 +327,24 @@ public async Task TestDotNetDetectorMultipleTargetFrameworks()
         detectedComponents.Should().HaveCount(3);
 
         var discoveredComponents = detectedComponents.ToArray();
-        discoveredComponents.Where(component => component.Component.Id == "dotnet 1.2.3 - net8.0").Should().ContainSingle();
-        discoveredComponents.Where(component => component.Component.Id == "dotnet 1.2.3 - net6.0").Should().ContainSingle();
-        discoveredComponents.Where(component => component.Component.Id == "dotnet 1.2.3 - netstandard2.0").Should().ContainSingle();
+        discoveredComponents.Where(component => component.Component.Id == "1.2.3 net8.0 unknown - DotNet").Should().ContainSingle();
+        discoveredComponents.Where(component => component.Component.Id == "1.2.3 net6.0 unknown - DotNet").Should().ContainSingle();
+        discoveredComponents.Where(component => component.Component.Id == "1.2.3 netstandard2.0 unknown - DotNet").Should().ContainSingle();
     }
 
     [TestMethod]
     public async Task TestDotNetDetectorMultipleProjectsWithDifferentOutputTypeAndSdkVersion()
     {
-        // dotnet on the path with be version 1.2.3
-        this.SetCommandResult(0, "1.2.3");
-
         // dotnet from global.json will be 4.5.6
         var globalJson = GlobalJson("4.5.6");
-        this.AddFile(Path.Combine(RootDir, "path", "global.json"), globalJson);
+        var globalJsonDir = Path.Combine(RootDir, "path");
+        this.AddFile(Path.Combine(globalJsonDir, "global.json"), globalJson);
+
+        this.SetCommandResult((c, d) => new CommandLineExecutionResult()
+        {
+            ExitCode = 0,
+            StdOut = d.FullName == globalJsonDir ? "4.5.6" : "1.2.3",
+        });
 
         // set up a library project - under global.json
         var libraryProjectName = "library";
@@ -338,11 +380,11 @@ public async Task TestDotNetDetectorMultipleProjectsWithDifferentOutputTypeAndSd
         detectedComponents.Should().HaveCount(6);
 
         var discoveredComponents = detectedComponents.ToArray();
-        discoveredComponents.Where(component => component.Component.Id == "dotnet 4.5.6").Should().ContainSingle();
-        discoveredComponents.Where(component => component.Component.Id == "dotnet 4.5.6 - net8.0 - library").Should().ContainSingle();
-        discoveredComponents.Where(component => component.Component.Id == "dotnet 4.5.6 - net6.0 - library").Should().ContainSingle();
-        discoveredComponents.Where(component => component.Component.Id == "dotnet 4.5.6 - netstandard2.0 - library").Should().ContainSingle();
-        discoveredComponents.Where(component => component.Component.Id == "dotnet 1.2.3 - net8.0 - application").Should().ContainSingle();
-        discoveredComponents.Where(component => component.Component.Id == "dotnet 1.2.3 - net48 - application").Should().ContainSingle();
+        discoveredComponents.Where(component => component.Component.Id == "4.5.6 unknown unknown - DotNet").Should().ContainSingle();
+        discoveredComponents.Where(component => component.Component.Id == "4.5.6 net8.0 library - DotNet").Should().ContainSingle();
+        discoveredComponents.Where(component => component.Component.Id == "4.5.6 net6.0 library - DotNet").Should().ContainSingle();
+        discoveredComponents.Where(component => component.Component.Id == "4.5.6 netstandard2.0 library - DotNet").Should().ContainSingle();
+        discoveredComponents.Where(component => component.Component.Id == "1.2.3 net8.0 application - DotNet").Should().ContainSingle();
+        discoveredComponents.Where(component => component.Component.Id == "1.2.3 net48 application - DotNet").Should().ContainSingle();
     }
 }
