From 84c39bac24699d4c347deb380be93edcea9aa29a Mon Sep 17 00:00:00 2001 From: Noy Shabtay Date: Thu, 9 Nov 2023 17:57:23 +0200 Subject: [PATCH] :bug: - fixed issue regarding Yarn1 impact tree --- .../common/nodes/subentities/ImpactTree.java | 9 +++--- .../ide/common/yarn/YarnTreeBuilder.java | 31 +++++++++++-------- 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/src/main/java/com/jfrog/ide/common/nodes/subentities/ImpactTree.java b/src/main/java/com/jfrog/ide/common/nodes/subentities/ImpactTree.java index 6546a4cb..499a824f 100644 --- a/src/main/java/com/jfrog/ide/common/nodes/subentities/ImpactTree.java +++ b/src/main/java/com/jfrog/ide/common/nodes/subentities/ImpactTree.java @@ -1,8 +1,13 @@ package com.jfrog.ide.common.nodes.subentities; import com.fasterxml.jackson.annotation.JsonProperty; +import lombok.Getter; public class ImpactTree { + + public static final int IMPACT_PATHS_LIMIT = 50; + + @Getter @JsonProperty private ImpactTreeNode root; @JsonProperty @@ -21,10 +26,6 @@ public boolean contains(String name) { return root.contains(name); } - public ImpactTreeNode getRoot() { - return root; - } - @SuppressWarnings("unused") public int getImpactPathsCount() { return impactPathsCount; diff --git a/src/main/java/com/jfrog/ide/common/yarn/YarnTreeBuilder.java b/src/main/java/com/jfrog/ide/common/yarn/YarnTreeBuilder.java index 04e355bf..6042726a 100644 --- a/src/main/java/com/jfrog/ide/common/yarn/YarnTreeBuilder.java +++ b/src/main/java/com/jfrog/ide/common/yarn/YarnTreeBuilder.java @@ -4,6 +4,7 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.jfrog.ide.common.deptree.DepTree; import com.jfrog.ide.common.deptree.DepTreeNode; +import com.jfrog.ide.common.nodes.subentities.ImpactTree; import org.apache.commons.lang3.StringUtils; import org.jfrog.build.api.util.Log; @@ -95,14 +96,15 @@ private void addDepTreeNodes(Map nodes, JsonNode jsonDep, D /** * Extracts a single dependency path from a raw dependency string. * - * @param rawDependencyPath - The raw dependency path string. + * @param rawDependencyPaths - The raw dependency path string. * @return The extracted dependency path. */ - private List> extractMultiplePaths(String packageFullName, List rawDependencyPath) { + private List> extractMultiplePaths(String projectRootId, String packageFullName, List rawDependencyPaths) { List> paths = new ArrayList<>(); - for (String rawDependency : rawDependencyPath) { - List path = extractSinglePath(packageFullName, rawDependency); + int limit = rawDependencyPaths.size() < ImpactTree.IMPACT_PATHS_LIMIT ? rawDependencyPaths.size() : 50; + for (int i = 0; i < limit; i++) { + List path = extractSinglePath(projectRootId, packageFullName, rawDependencyPaths.get(i)); if (path != null) { paths.add(path); } @@ -110,10 +112,13 @@ private List> extractMultiplePaths(String packageFullName, List extractSinglePath(String packageFullName, String rawDependency) { + private List extractSinglePath(String projectRootId, String packageFullName, String rawDependency) { + List pathResult = new ArrayList<>(); + pathResult.add(projectRootId); if (StringUtils.contains(rawDependency, "Specified in")) { - // return the package name - return Collections.singletonList(packageFullName); + // This is a direct dependency + pathResult.add(packageFullName); + return pathResult; } int startIndex = StringUtils.indexOf(rawDependency, '"'); int endIndex = StringUtils.indexOf(rawDependency, '"', startIndex + 1); @@ -127,7 +132,8 @@ private List extractSinglePath(String packageFullName, String rawDepende splitPath = Arrays.copyOf(splitPath, splitPath.length + 1); } splitPath[splitPath.length - 1] = packageFullName; - return Arrays.asList(splitPath); + pathResult.addAll(Arrays.asList(splitPath)); + return pathResult; } return null; } @@ -148,7 +154,7 @@ private List extractSinglePath(String packageFullName, String rawDepende * @param packageVersions - The package versions. * @return A list of vulnerable dependency chains to the root. */ - public DepTree findDependencyPath(Log logger, String packageName, Set packageVersions) throws IOException { + public Map>> findDependencyImpactPaths(Log logger, String projectRootId, String packageName, Set packageVersions) throws IOException { JsonNode[] yarnWhyItem = yarnDriver.why(projectDir.toFile(), packageName); if (yarnWhyItem[0].has("problems")) { logger.warn("Errors occurred during building the yarn dependency tree. " + @@ -170,7 +176,7 @@ public DepTree findDependencyPath(Log logger, String packageName, Set pa yarnWhyVersion = StringUtils.substringAfter(yarnWhyPackage, "@"); packageFullName = packageName + ":" + yarnWhyVersion; } else if (dataNodeAsText.contains("This module exists because") && packageVersions.contains(yarnWhyVersion)) { - packageImpactPaths.put(packageFullName, extractMultiplePaths(packageFullName, Collections.singletonList(dataNodeAsText))); + packageImpactPaths.put(packageFullName, extractMultiplePaths(projectRootId, packageFullName, Collections.singletonList(dataNodeAsText))); } break; case "list": @@ -178,13 +184,12 @@ public DepTree findDependencyPath(Log logger, String packageName, Set pa JsonNode itemsNode = getJsonField(dataNode, "items"); List items = new ArrayList<>(); itemsNode.elements().forEachRemaining(item -> items.add(item.asText())); - packageImpactPaths.put(packageFullName, extractMultiplePaths(packageFullName, items)); + packageImpactPaths.put(packageFullName, extractMultiplePaths(projectRootId, packageFullName, items)); } break; } } - System.out.println(packageImpactPaths); - return new DepTree("123", new HashMap<>()); + return packageImpactPaths; } /** * Convert Yarn's package name (e.g. @scope/comp@1.0.0) to Xray's component ID (e.g. @scope/comp:1.0.0).