fix: only use Reference as the commit if it does not have a dot for Packagist packages (#342)

Author: G-Rath

pkg/lockfile/parse-composer-lock.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
+	"strings"
 )
 
 type ComposerPackage struct {
@@ -21,6 +22,17 @@ type ComposerLock struct {
 
 const ComposerEcosystem Ecosystem = "Packagist"
 
+func extractCommit(pkg ComposerPackage) string {
+	commit := pkg.Dist.Reference
+
+	// a dot means the reference is likely a tag, rather than a commit
+	if strings.Contains(commit, ".") {
+		commit = ""
+	}
+
+	return commit
+}
+
 func ParseComposerLock(pathToLockfile string) ([]PackageDetails, error) {
 	var parsedLockfile *ComposerLock
 
@@ -47,7 +59,7 @@ func ParseComposerLock(pathToLockfile string) ([]PackageDetails, error) {
 		packages = append(packages, PackageDetails{
 			Name:      composerPackage.Name,
 			Version:   composerPackage.Version,
-			Commit:    composerPackage.Dist.Reference,
+			Commit:    extractCommit(composerPackage),
 			Ecosystem: ComposerEcosystem,
 			CompareAs: ComposerEcosystem,
 		})
@@ -57,7 +69,7 @@ func ParseComposerLock(pathToLockfile string) ([]PackageDetails, error) {
 		packages = append(packages, PackageDetails{
 			Name:      composerPackage.Name,
 			Version:   composerPackage.Version,
-			Commit:    composerPackage.Dist.Reference,
+			Commit:    extractCommit(composerPackage),
 			Ecosystem: ComposerEcosystem,
 			CompareAs: ComposerEcosystem,
 		})

pkg/lockfile/parse-composer-lock_test.go

@@ -133,3 +133,44 @@ func TestParseComposerLock_TwoPackagesAlt(t *testing.T) {
 		},
 	})
 }
+
+func TestParseComposerLock_DrupalPackages(t *testing.T) {
+	t.Parallel()
+
+	packages, err := lockfile.ParseComposerLock("testdata/composer/drupal-packages.json")
+
+	if err != nil {
+		t.Errorf("Got unexpected error: %v", err)
+	}
+
+	expectPackages(t, packages, []lockfile.PackageDetails{
+		{
+			Name:      "drupal/core",
+			Version:   "10.4.5",
+			Ecosystem: lockfile.ComposerEcosystem,
+			CompareAs: lockfile.ComposerEcosystem,
+			Commit:    "5247dbaa65b42b601058555f4a8b2bd541f5611f",
+		},
+		{
+			Name:      "drupal/tfa",
+			Version:   "2.0.0-alpha4",
+			Ecosystem: lockfile.ComposerEcosystem,
+			CompareAs: lockfile.ComposerEcosystem,
+			Commit:    "",
+		},
+		{
+			Name:      "drupal/field_time",
+			Version:   "1.0.0-beta5",
+			Ecosystem: lockfile.ComposerEcosystem,
+			CompareAs: lockfile.ComposerEcosystem,
+			Commit:    "",
+		},
+		{
+			Name:      "theseer/tokenizer",
+			Version:   "1.1.3",
+			Ecosystem: lockfile.ComposerEcosystem,
+			CompareAs: lockfile.ComposerEcosystem,
+			Commit:    "11336f6f84e16a720dae9d8e6ed5019efa85a0f9",
+		},
+	})
+}