Merge pull request #7760 from dependabot/deivid-rodriguez/more-swift-…

…fixes More swift requirement parsing fixes
dependabot · Aug 8, 2023 · 64c7c34 · 64c7c34
2 parents 84dfb23 + 28b5b77
commit 64c7c34
Show file tree

Hide file tree

Showing 9 changed files with 128 additions and 5 deletions.
diff --git a/swift/lib/dependabot/swift/file_parser/manifest_parser.rb b/swift/lib/dependabot/swift/file_parser/manifest_parser.rb
@@ -8,18 +8,17 @@ module Swift
     class FileParser < Dependabot::FileParsers::Base
       class ManifestParser
         DEPENDENCY =
-          /(?<declaration>\.package\(\s*(?:name: "[^"]+",\s*)?url: "(?<url>[^"]+)",\s*(?<requirement>.*)\s*\))/
+          /(?<declaration>\.package\(\s*
+            (?:name:\s+"[^"]+",\s*)?url:\s+"(?<url>[^"]+)",\s*(?<requirement>#{NativeRequirement::REGEXP})\s*
+           \))/x
 
         def initialize(manifest, source:)
           @manifest = manifest
           @source = source
         end
 
         def requirements
-          found = manifest.content.scan(DEPENDENCY).find do |_declaration, url, requirement|
-            # TODO: Support pinning to specific revisions
-            next if requirement.start_with?("branch:", ".branch(", "revision:", ".revision(")
-
+          found = manifest.content.scan(DEPENDENCY).find do |_declaration, url, _requirement|
             SharedHelpers.scp_to_standard(url) == source[:url]
           end
 

diff --git a/swift/lib/dependabot/swift/native_requirement.rb b/swift/lib/dependabot/swift/native_requirement.rb
@@ -6,6 +6,9 @@
 module Dependabot
   module Swift
     class NativeRequirement
+      # TODO: Support pinning to specific revisions
+      REGEXP = /(from.*|\.upToNextMajor.*|\.upToNextMinor.*|".*"\s*\.\.[\.<]\s*".*"|exact.*|\.exact.*)/
+
       attr_reader :declaration
 
       def self.map_requirements(requirements)

diff --git a/swift/spec/dependabot/swift/file_parser_spec.rb b/swift/spec/dependabot/swift/file_parser_spec.rb
@@ -249,4 +249,45 @@
 
     it_behaves_like "parse"
   end
+
+  context "with declarations that include multiple spaces after uri" do
+    let(:project_name) { "double_space" }
+
+    let(:expectations) do
+      [
+        {
+          identity: "dummyswiftpackage",
+          name: "github.com/marcoeidinger/dummyswiftpackage",
+          url: "https://github.com/MarcoEidinger/DummySwiftPackage.git",
+          version: "1.0.0",
+          requirement: ">= 1.0.0, < 2.0.0",
+          declaration_string:
+            ".package(url:  \"https://github.com/MarcoEidinger/DummySwiftPackage.git\", from: \"1.0.0\")",
+          requirement_string: "from: \"1.0.0\""
+        }
+      ]
+    end
+
+    it_behaves_like "parse"
+  end
+
+  context "with declarations that end with two parentheses" do
+    let(:project_name) { "double_parentheses" }
+
+    let(:expectations) do
+      [
+        {
+          identity: "swift-crypto",
+          name: "github.com/apple/swift-crypto",
+          url: "https://github.com/apple/swift-crypto.git",
+          version: "2.6.0",
+          requirement: ">= 1.0.0, < 3.0.0",
+          declaration_string: ".package(url: \"https://github.com/apple/swift-crypto.git\", \"1.0.0\"..<\"3.0.0\")",
+          requirement_string: "\"1.0.0\"..<\"3.0.0\""
+        }
+      ]
+    end
+
+    it_behaves_like "parse"
+  end
 end
diff --git a/swift/spec/fixtures/projects/double_parentheses/Package.resolved b/swift/spec/fixtures/projects/double_parentheses/Package.resolved
@@ -0,0 +1,14 @@
+{
+  "pins" : [
+    {
+      "identity" : "swift-crypto",
+      "kind" : "remoteSourceControl",
+      "location" : "https://github.com/apple/swift-crypto.git",
+      "state" : {
+        "revision" : "60f13f60c4d093691934dc6cfdf5f508ada1f894",
+        "version" : "2.6.0"
+      }
+    }
+  ],
+  "version" : 2
+}
diff --git a/swift/spec/fixtures/projects/double_parentheses/Package.swift b/swift/spec/fixtures/projects/double_parentheses/Package.swift
@@ -0,0 +1,24 @@
+// swift-tools-version: 5.8
+// The swift-tools-version declares the minimum version of Swift required to build this package.
+
+import PackageDescription
+
+let package = Package(
+    name: "swift-package-monitored-by-dependabot",
+    products: [
+        // Products define the executables and libraries a package produces, making them visible to other packages.
+        .library(
+            name: "swift-package-monitored-by-dependabot",
+            targets: ["swift-package-monitored-by-dependabot"]),
+    ],
+    dependencies: [],
+    targets: [
+        // Targets are the basic building blocks of a package, defining a module or a test suite.
+        // Targets can depend on other targets in this package and products from dependencies.
+        .target(
+            name: "swift-package-monitored-by-dependabot"
+        )
+    ]
+)
+
+package.dependencies.append(.package(url: "https://github.com/apple/swift-crypto.git", "1.0.0"..<"3.0.0"))
diff --git a/...Sources/swift-package-monitored-by-dependabot/swift_package_monitored_by_dependabot.swift b/...Sources/swift-package-monitored-by-dependabot/swift_package_monitored_by_dependabot.swift
@@ -0,0 +1,2 @@
+// The Swift Programming Language
+// https://docs.swift.org/swift-book
diff --git a/swift/spec/fixtures/projects/double_space/Package.resolved b/swift/spec/fixtures/projects/double_space/Package.resolved
@@ -0,0 +1,14 @@
+{
+  "pins" : [
+    {
+      "identity" : "dummyswiftpackage",
+      "kind" : "remoteSourceControl",
+      "location" : "https://github.com/MarcoEidinger/DummySwiftPackage.git",
+      "state" : {
+        "revision" : "039d607a58040dc8ef3c4e065b4cecfc3d7f95f4",
+        "version" : "1.0.0"
+      }
+    }
+  ],
+  "version" : 2
+}
diff --git a/swift/spec/fixtures/projects/double_space/Package.swift b/swift/spec/fixtures/projects/double_space/Package.swift
@@ -0,0 +1,24 @@
+// swift-tools-version: 5.8
+// The swift-tools-version declares the minimum version of Swift required to build this package.
+
+import PackageDescription
+
+let package = Package(
+    name: "swift-package-monitored-by-dependabot",
+    products: [
+        // Products define the executables and libraries a package produces, making them visible to other packages.
+        .library(
+            name: "swift-package-monitored-by-dependabot",
+            targets: ["swift-package-monitored-by-dependabot"]),
+    ],
+    dependencies: [.package(url:  "https://github.com/MarcoEidinger/DummySwiftPackage.git", from: "1.0.0"),
+    ],
+    targets: [
+        // Targets are the basic building blocks of a package, defining a module or a test suite.
+        // Targets can depend on other targets in this package and products from dependencies.
+        .target(
+            name: "swift-package-monitored-by-dependabot",
+            dependencies: [.product(name: "DummySwiftPackage", package: "DummySwiftPackage")]
+        )
+    ]
+)
diff --git a/...Sources/swift-package-monitored-by-dependabot/swift_package_monitored_by_dependabot.swift b/...Sources/swift-package-monitored-by-dependabot/swift_package_monitored_by_dependabot.swift
@@ -0,0 +1,2 @@
+// The Swift Programming Language
+// https://docs.swift.org/swift-book