Merge pull request #1408 from blackducksoftware/uv-lockfile-detector

UV Lockfile Detector

Author: devmehtabd

detectable/src/main/java/com/blackduck/integration/detectable/detectable/result/UVLockfileNotFoundDetectableResult.java

@@ -0,0 +1,17 @@
+package com.blackduck.integration.detectable.detectable.result;
+
+public class UVLockfileNotFoundDetectableResult extends FailedDetectableResult {
+    private final String directoryPath;
+
+    public UVLockfileNotFoundDetectableResult(String directoryPath) {
+        this.directoryPath = directoryPath;
+    }
+
+    @Override
+    public String toDescription() {
+        return String.format(
+                "A pyproject.toml was located in %s, but the uv.lock or requirements.txt file was NOT located. Please check your configuration and try again.",
+                directoryPath
+        );
+    }
+}

detectable/src/main/java/com/blackduck/integration/detectable/detectables/uv/UVDetectorOptions.java

@@ -1,8 +1,8 @@
 package com.blackduck.integration.detectable.detectables.uv;
 
 
-import java.util.List;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Set;
 import java.util.stream.Collectors;
 

detectable/src/main/java/com/blackduck/integration/detectable/detectables/uv/buildexe/UVBuildDetectable.java

@@ -18,14 +18,8 @@
 import com.blackduck.integration.detectable.extraction.Extraction;
 import com.blackduck.integration.detectable.extraction.ExtractionEnvironment;
 import com.blackduck.integration.executable.ExecutableRunnerException;
-import org.apache.commons.io.FileUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.tomlj.internal.TomlParser;
 
 import java.io.File;
-import java.nio.charset.StandardCharsets;
-import java.util.List;
 
 @DetectableInfo(name = "UV Build", language = "Python", forge = "PyPI", accuracy = DetectableAccuracyType.HIGH, requirementsMarkdown = "File: pyproject.toml file. Executable: uv.")
 public class UVBuildDetectable extends Detectable {

detectable/src/main/java/com/blackduck/integration/detectable/detectables/uv/buildexe/UVBuildExtractor.java

@@ -11,12 +11,10 @@
 import com.blackduck.integration.executable.ExecutableOutput;
 import com.blackduck.integration.executable.ExecutableRunnerException;
 import com.blackduck.integration.util.NameVersion;
-import org.apache.commons.io.FileUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.io.File;
-import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;

detectable/src/main/java/com/blackduck/integration/detectable/detectables/uv/lockfile/UVLockFileDetectable.java

@@ -0,0 +1,79 @@
+package com.blackduck.integration.detectable.detectables.uv.lockfile;
+
+import com.blackduck.integration.common.util.finder.FileFinder;
+import com.blackduck.integration.detectable.Detectable;
+import com.blackduck.integration.detectable.DetectableEnvironment;
+import com.blackduck.integration.detectable.detectable.DetectableAccuracyType;
+import com.blackduck.integration.detectable.detectable.Requirements;
+import com.blackduck.integration.detectable.detectable.annotation.DetectableInfo;
+import com.blackduck.integration.detectable.detectable.exception.DetectableException;
+import com.blackduck.integration.detectable.detectable.result.DetectableResult;
+import com.blackduck.integration.detectable.detectable.result.FailedDetectableResult;
+import com.blackduck.integration.detectable.detectable.result.PassedDetectableResult;
+import com.blackduck.integration.detectable.detectable.result.UVLockfileNotFoundDetectableResult;
+import com.blackduck.integration.detectable.detectables.uv.UVDetectorOptions;
+import com.blackduck.integration.detectable.detectables.uv.parse.UVTomlParser;
+import com.blackduck.integration.detectable.extraction.Extraction;
+import com.blackduck.integration.detectable.extraction.ExtractionEnvironment;
+import com.blackduck.integration.executable.ExecutableRunnerException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.IOException;
+
+@DetectableInfo(name = "UV Lockfile", language = "Python", forge = "PyPi", accuracy = DetectableAccuracyType.HIGH, requirementsMarkdown = "File: pyproject.toml file. Lock File: uv.lock or requirements.txt file.")
+public class UVLockFileDetectable extends Detectable {
+
+    private final Logger logger = LoggerFactory.getLogger(this.getClass());
+    private static final String PYPROJECT_TOML = "pyproject.toml";
+    private static final String UV_LOCK_FILE = "uv.lock";
+    private static final String REQUIREMENTS_TXT = "requirements.txt";
+    private final FileFinder fileFinder;
+    private final UVDetectorOptions uvDetectorOptions;
+    private File uvLockFile;
+    private File requirementsTxtFile;
+    private File uvTomlFile;
+    private UVTomlParser uvTomlParser;
+    private final UVLockfileExtractor uvLockfileExtractor;
+
+    public UVLockFileDetectable(DetectableEnvironment environment, FileFinder fileFinder, UVDetectorOptions uvDetectorOptions, UVLockfileExtractor uvLockfileExtractor) {
+        super(environment);
+        this.fileFinder = fileFinder;
+        this.uvDetectorOptions = uvDetectorOptions;
+        this.uvLockfileExtractor = uvLockfileExtractor;
+    }
+
+    @Override
+    public DetectableResult applicable() {
+        Requirements requirements = new Requirements(fileFinder, environment);
+        uvTomlFile = requirements.file(PYPROJECT_TOML);
+
+        uvLockFile = fileFinder.findFile(environment.getDirectory(), UV_LOCK_FILE);
+        requirementsTxtFile = fileFinder.findFile(environment.getDirectory(), REQUIREMENTS_TXT);
+
+        // check [tool.uv] managed setting and if set to false, skip this detector
+        if(uvTomlFile != null) {
+            uvTomlParser = new UVTomlParser(uvTomlFile);
+            if(!uvTomlParser.parseManagedKey()) {
+                return new FailedDetectableResult();
+            }
+        }
+
+        return requirements.result();
+    }
+
+    @Override
+    public DetectableResult extractable() throws DetectableException {
+        if(uvLockFile == null && requirementsTxtFile == null && uvTomlFile != null) {
+            return new UVLockfileNotFoundDetectableResult(environment.getDirectory().getAbsolutePath());
+        }
+
+        return new PassedDetectableResult();
+    }
+
+    @Override
+    public Extraction extract(ExtractionEnvironment extractionEnvironment) throws ExecutableRunnerException, IOException {
+        return uvLockfileExtractor.extract(uvDetectorOptions, uvTomlParser, uvLockFile, requirementsTxtFile);
+    }
+}

detectable/src/main/java/com/blackduck/integration/detectable/detectables/uv/lockfile/UVLockfileExtractor.java

@@ -0,0 +1,63 @@
+package com.blackduck.integration.detectable.detectables.uv.lockfile;
+
+import com.blackduck.integration.bdio.graph.DependencyGraph;
+import com.blackduck.integration.detectable.detectable.codelocation.CodeLocation;
+import com.blackduck.integration.detectable.detectables.pip.parser.RequirementsFileDependencyTransformer;
+import com.blackduck.integration.detectable.detectables.uv.UVDetectorOptions;
+import com.blackduck.integration.detectable.detectables.uv.parse.UVTomlParser;
+import com.blackduck.integration.detectable.detectables.uv.transform.UVLockParser;
+import com.blackduck.integration.detectable.extraction.Extraction;
+import com.blackduck.integration.detectable.python.util.PythonDependency;
+import com.blackduck.integration.detectable.python.util.PythonDependencyTransformer;
+import com.blackduck.integration.executable.ExecutableRunnerException;
+import com.blackduck.integration.util.NameVersion;
+import org.apache.commons.io.FileUtils;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Optional;
+
+public class UVLockfileExtractor {
+
+    private final UVLockParser uvLockParser;
+    private final PythonDependencyTransformer requirementsFileTransformer;
+    private final RequirementsFileDependencyTransformer requirementsFileDependencyTransformer;
+
+    public UVLockfileExtractor(UVLockParser uvLockParser, PythonDependencyTransformer requirementsFileTransformer, RequirementsFileDependencyTransformer requirementsFileDependencyTransformer) {
+        this.uvLockParser = uvLockParser;
+        this.requirementsFileTransformer = requirementsFileTransformer;
+        this.requirementsFileDependencyTransformer = requirementsFileDependencyTransformer;
+    }
+
+    public Extraction extract(UVDetectorOptions uvDetectorOptions, UVTomlParser uvTomlParser, File uvLockFile, File requirementsTxtFile) throws ExecutableRunnerException, IOException {
+        try {
+            Optional<NameVersion> projectNameVersion = uvTomlParser.parseNameVersion();
+            String projectName = uvTomlParser.getProjectName(); // get just project name in case version doesn't exist
+
+            List<CodeLocation> codeLocations = new ArrayList<>();
+            if (uvLockFile != null) {
+                String uvLockContents = FileUtils.readFileToString(uvLockFile, StandardCharsets.UTF_8);
+                codeLocations = uvLockParser.parseLockFile(uvLockContents, projectName, uvDetectorOptions);
+            }
+
+            if (requirementsTxtFile != null) {
+                List<PythonDependency> dependencies = requirementsFileTransformer.transform(requirementsTxtFile);
+                DependencyGraph dependencyGraph = requirementsFileDependencyTransformer.transform(dependencies);
+                CodeLocation codeLocation = new CodeLocation(dependencyGraph);
+                codeLocations.add(codeLocation);
+            }
+
+
+            return new Extraction.Builder()
+                    .success(codeLocations)
+                    .nameVersionIfPresent(projectNameVersion)
+                    .build();
+        } catch (Exception e) {
+            return new Extraction.Builder().exception(e).build();
+        }
+    }
+
+}

detectable/src/main/java/com/blackduck/integration/detectable/detectables/uv/parse/UVTomlParser.java

@@ -1,18 +1,17 @@
 package com.blackduck.integration.detectable.detectables.uv.parse;
 
-import java.io.File;
-import java.nio.charset.StandardCharsets;
-import java.util.Optional;
-
+import com.blackduck.integration.util.NameVersion;
 import org.apache.commons.io.FileUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.tomlj.Toml;
 import org.tomlj.TomlParseResult;
-
-import com.blackduck.integration.util.NameVersion;
 import org.tomlj.TomlTable;
 
+import java.io.File;
+import java.nio.charset.StandardCharsets;
+import java.util.Optional;
+
 public class UVTomlParser {
 
     private final Logger logger = LoggerFactory.getLogger(this.getClass());
@@ -24,26 +23,40 @@ public class UVTomlParser {
     private static final String MANAGED_KEY = "managed";
     private static final String UV_TOOL_KEY = "tool.uv";
 
+    private String projectName = "uvProject";
+
+    private final File uvTomlFile;
     private TomlParseResult uvToml;
 
     public UVTomlParser(File uvTomlFile) {
-        parseUVToml(uvTomlFile);
+        this.uvTomlFile = uvTomlFile;
     }
 
     public Optional<NameVersion> parseNameVersion() {
-        if (uvToml.contains(PROJECT_KEY)) {
-            return Optional.ofNullable(uvToml.getTable(PROJECT_KEY))
-                    .filter(info -> info.contains(NAME_KEY))
-                    .filter(info -> info.contains(VERSION_KEY))
-                    .map(info -> new NameVersion(info.getString(NAME_KEY), info.getString(VERSION_KEY)));
+        if (uvToml != null && uvToml.contains(PROJECT_KEY)) {
+
+            TomlTable projectTable = uvToml.getTable(PROJECT_KEY);
+            if(projectTable.contains(NAME_KEY)) {
+                projectName = projectTable.getString(NAME_KEY);
+            } else {
+                return Optional.empty();
+            }
+
+            if(projectTable.contains(VERSION_KEY)) {
+                String version = projectTable.getString(VERSION_KEY);
+                return Optional.of(new NameVersion(projectName, version));
+            } else {
+                return Optional.empty();
+            }
         }
         return Optional.empty();
     }
 
 
     // check [tool.uv] managed setting
     public boolean parseManagedKey() {
-        if (uvToml.contains(UV_TOOL_KEY)) {
+        parseUVToml();
+        if (uvToml != null && uvToml.contains(UV_TOOL_KEY)) {
             TomlTable uvToolTable = uvToml.getTable(UV_TOOL_KEY);
             if (uvToolTable.contains(MANAGED_KEY)) {
                 return uvToolTable.getBoolean(MANAGED_KEY);
@@ -53,7 +66,7 @@ public boolean parseManagedKey() {
         return true;
     }
 
-    public void parseUVToml(File uvTomlFile) {
+    public void parseUVToml() {
         try {
             String uvTomlContents = FileUtils.readFileToString(uvTomlFile, StandardCharsets.UTF_8);
             uvToml = Toml.parse(uvTomlContents);
@@ -62,4 +75,7 @@ public void parseUVToml(File uvTomlFile) {
         }
     }
 
+    public String getProjectName() {
+        return projectName;
+    }
 }