Fix single-file package assembly bugs

Fix assemble functions for many ecosystems so we correctly return
top-level packages even on single package manifest file scans.

Signed-off-by: Ayan Sinha Mahapatra <asmahapatra@aboutcode.org>

Author: AyanSinhaMahapatra

src/packagedcode/cargo.py

@@ -69,11 +69,11 @@ def assemble(cls, package_data, resource, codebase, package_adder):
 
         datafile_path_patterns = CargoTomlHandler.path_patterns + CargoLockHandler.path_patterns
 
-        workspace_root = resource.parent(codebase)
-        if workspace_root and workspace_package_data and workspace_members:
+        root_resource = resource.parent(codebase)
+        if root_resource and workspace_package_data and workspace_members:
             # TODO: support glob patterns found in cargo workspaces
             for workspace_member_path in workspace_members:
-                workspace_directory_path = os.path.join(workspace_root.path, workspace_member_path)
+                workspace_directory_path = os.path.join(root_resource.path, workspace_member_path)
                 workspace_directory = codebase.get_resource(path=workspace_directory_path)
                 if not workspace_directory:
                     continue
@@ -104,9 +104,12 @@ def assemble(cls, package_data, resource, codebase, package_adder):
                     package_adder=package_adder,
                 )
         else:
+            if not root_resource:
+                root_resource = resource
+
             yield from cls.assemble_from_many_datafiles(
                 datafile_path_patterns=datafile_path_patterns,
-                resource=workspace_root,
+                resource=root_resource,
                 codebase=codebase,
                 package_adder=package_adder,
             )

src/packagedcode/chef.py

@@ -150,9 +150,12 @@ def assemble(cls, package_data, resource, codebase, package_adder):
             ChefMetadataRbHandler.path_patterns +
             ChefMetadataJsonHandler.path_patterns
         )
+        root_resource = resource.parent(codebase)
+        if not root_resource:
+            root_resource = resource
         yield from cls.assemble_from_many_datafiles(
             datafile_path_patterns=datafile_path_patterns,
-            resource=resource.parent(codebase),
+            resource=root_resource,
             codebase=codebase,
             package_adder=package_adder,
         )

src/packagedcode/cocoapods.py

@@ -139,70 +139,71 @@ def assemble(cls, package_data, resource, codebase, package_adder):
         """
         if codebase.has_single_resource:
             yield from models.DatafileHandler.assemble(package_data, resource, codebase)
-        else:
-            # do we have more than one podspec?
-            parent = resource.parent(codebase)
-            sibling_podspecs = [
-                r for r in parent.children(codebase)
-                if r.name.endswith('.podspec')
-            ]
-
-            siblings_counts = len(sibling_podspecs)
-            has_single_podspec = siblings_counts == 1
-            has_multiple_podspec = siblings_counts > 1
-
-            datafile_path_patterns = (
-                PodfileLockHandler.path_patterns +
-                PodfileHandler.path_patterns
+            return
+
+        # do we have more than one podspec?
+        parent = resource.parent(codebase)
+        sibling_podspecs = [
+            r for r in parent.children(codebase)
+            if r.name.endswith('.podspec')
+        ]
+
+        siblings_counts = len(sibling_podspecs)
+        has_single_podspec = siblings_counts == 1
+        has_multiple_podspec = siblings_counts > 1
+
+        datafile_path_patterns = (
+            PodfileLockHandler.path_patterns +
+            PodfileHandler.path_patterns
+        )
+        if has_single_podspec:
+            # we can treat all podfile/spec as being for one package
+            podspec_path_patterns = (f"*{sibling_podspecs[0].name}",)
+            yield from cls.assemble_from_many_datafiles(
+                datafile_path_patterns=podspec_path_patterns + datafile_path_patterns,
+                resource=parent,
+                codebase=codebase,
+                package_adder=package_adder,
             )
-            if has_single_podspec:
-                # we can treat all podfile/spec as being for one package
-                podspec_path_patterns = (f"*{sibling_podspecs[0].name}",)
-                yield from cls.assemble_from_many_datafiles(
-                    datafile_path_patterns=podspec_path_patterns + datafile_path_patterns,
-                    resource=parent,
-                    codebase=codebase,
-                    package_adder=package_adder,
-                )
 
-            elif has_multiple_podspec:
-                # treat each of podspec and podfile alone without meraging
-                # as we cannot determine easily which podfile is for which
-                # podspec
-                podspec = sibling_podspecs.pop()
-                podspec_path_patterns = (f"*{podspec.name}",)
-                yield from cls.assemble_from_many_datafiles(
-                    datafile_path_patterns=podspec_path_patterns + datafile_path_patterns,
-                    resource=parent,
-                    codebase=codebase,
-                    package_adder=package_adder,
-                )
+        elif has_multiple_podspec:
+            # treat each of podspec and podfile alone without meraging
+            # as we cannot determine easily which podfile is for which
+            # podspec
+            podspec = sibling_podspecs.pop()
+            podspec_path_patterns = (f"*{podspec.name}",)
+            yield from cls.assemble_from_many_datafiles(
+                datafile_path_patterns=podspec_path_patterns + datafile_path_patterns,
+                resource=parent,
+                codebase=codebase,
+                package_adder=package_adder,
+            )
 
-                for resource in sibling_podspecs:
-                    datafile_path = resource.path
-                    for package_data in resource.package_data:
-                        package_data = models.PackageData.from_dict(package_data)
-                        package = models.Package.from_package_data(
-                            package_data=package_data,
-                            datafile_path=datafile_path,
-                        )
-                        cls.assign_package_to_resources(
-                            package=package,
-                            resource=resource,
-                            codebase=codebase,
-                            package_adder=package_adder,
-                        )
-                        yield package
-                    yield resource
+            for resource in sibling_podspecs:
+                datafile_path = resource.path
+                for package_data in resource.package_data:
+                    package_data = models.PackageData.from_dict(package_data)
+                    package = models.Package.from_package_data(
+                        package_data=package_data,
+                        datafile_path=datafile_path,
+                    )
+                    cls.assign_package_to_resources(
+                        package=package,
+                        resource=resource,
+                        codebase=codebase,
+                        package_adder=package_adder,
+                    )
+                    yield package
+                yield resource
 
-            else:
-                # has_no_podspec:
-                yield from cls.assemble_from_many_datafiles(
-                    datafile_path_patterns=datafile_path_patterns,
-                    resource=parent,
-                    codebase=codebase,
-                    package_adder=package_adder,
-                )
+        else:
+            # has_no_podspec:
+            yield from cls.assemble_from_many_datafiles(
+                datafile_path_patterns=datafile_path_patterns,
+                resource=parent,
+                codebase=codebase,
+                package_adder=package_adder,
+            )
 
 
 class PodspecHandler(BasePodHandler):

src/packagedcode/golang.py

@@ -35,9 +35,12 @@ def assemble(cls, package_data, resource, codebase, package_adder):
         datafile_path_patterns = (
             GoModHandler.path_patterns + GoSumHandler.path_patterns
         )
+        root_resource = resource.parent(codebase)
+        if not root_resource:
+            root_resource = resource
         yield from cls.assemble_from_many_datafiles(
             datafile_path_patterns=datafile_path_patterns,
-            resource=resource.parent(codebase),
+            resource=root_resource,
             codebase=codebase,
             package_adder=package_adder,
         )

src/packagedcode/models.py

@@ -1397,7 +1397,7 @@ def assemble_from_many_datafiles(
         # we iterate on datafile_name_patterns because their order matters
         for path_pattern in datafile_path_patterns:
             for sibling in siblings:
-                if fnmatchcase(sibling.path, path_pattern):
+                if fnmatchcase(sibling.location, path_pattern):
                     for package_data in sibling.package_data:
                         package_data = PackageData.from_dict(package_data)
                         pkgdata_resources.append((package_data, sibling,))

src/packagedcode/pypi.py

@@ -166,6 +166,10 @@ class BaseExtractedPythonLayout(models.DatafileHandler):
 
     @classmethod
     def assemble(cls, package_data, resource, codebase, package_adder):
+        if codebase.has_single_resource:
+            yield from models.DatafileHandler.assemble(package_data, resource, codebase)
+            return
+
         # a source distribution can have many manifests
         datafile_name_patterns = (
             PipfileHandler.path_patterns + PipfileLockHandler.path_patterns
@@ -555,7 +559,7 @@ def assemble(cls, package_data, resource, codebase, package_adder):
         if codebase.has_single_resource:
             yield from models.DatafileHandler.assemble(package_data, resource, codebase, package_adder)
             return
-
+ 
         assert len(package_resource.package_data) == 1, f'Invalid pyproject.toml for {package_resource.path}'
         pkg_data = package_resource.package_data[0]
         pkg_data = models.PackageData.from_dict(pkg_data)

src/packagedcode/rubygems.py

@@ -64,6 +64,8 @@ def assemble_extracted_gem(cls, package_data, resource, codebase, package_adder)
     )
 
     gemroot = get_ancestor(levels_up=2, resource=resource, codebase=codebase)
+    if not gemroot:
+        gemroot == resource
 
     yield from cls.assemble_from_many_datafiles(
         datafile_path_patterns=datafile_path_patterns,
@@ -109,10 +111,12 @@ def assemble(cls, package_data, resource, codebase, package_adder):
             GemfileHandler.path_patterns +
             GemfileLockHandler.path_patterns
         )
-
+        root_resource = resource.parent(codebase)
+        if not root_resource:
+            root_resource = resource
         yield from cls.assemble_from_many_datafiles(
             datafile_path_patterns=datafile_path_patterns,
-            resource=resource.parent(codebase),
+            resource=root_resource,
             codebase=codebase,
             package_adder=package_adder,
         )

tests/packagedcode/data/cargo/cargo_toml/single-file-scan/Cargo.toml.expected

@@ -1,6 +1,131 @@
 {
-  "packages": [],
-  "dependencies": [],
+  "packages": [
+    {
+      "type": "cargo",
+      "namespace": null,
+      "name": "constant_time_eq",
+      "version": "0.4.2",
+      "qualifiers": {},
+      "subpath": null,
+      "primary_language": "Rust",
+      "description": "Compares two equal-sized byte strings in constant time.",
+      "release_date": null,
+      "parties": [
+        {
+          "type": "person",
+          "role": "author",
+          "name": "Cesar Eduardo Barros",
+          "email": "cesarb@cesarb.eti.br",
+          "url": null
+        }
+      ],
+      "keywords": [
+        "constant_time",
+        "cryptography",
+        "no-std"
+      ],
+      "homepage_url": null,
+      "download_url": null,
+      "size": null,
+      "sha1": null,
+      "md5": null,
+      "sha256": null,
+      "sha512": null,
+      "bug_tracking_url": null,
+      "code_view_url": null,
+      "vcs_url": "https://github.com/cesarb/constant_time_eq",
+      "copyright": null,
+      "holder": null,
+      "declared_license_expression": "cc0-1.0 OR mit-0 OR apache-2.0",
+      "declared_license_expression_spdx": "CC0-1.0 OR MIT-0 OR Apache-2.0",
+      "license_detections": [
+        {
+          "license_expression": "cc0-1.0 OR mit-0 OR apache-2.0",
+          "license_expression_spdx": "CC0-1.0 OR MIT-0 OR Apache-2.0",
+          "matches": [
+            {
+              "license_expression": "cc0-1.0 OR mit-0 OR apache-2.0",
+              "license_expression_spdx": "CC0-1.0 OR MIT-0 OR Apache-2.0",
+              "from_file": "Cargo.toml",
+              "start_line": 1,
+              "end_line": 1,
+              "matcher": "1-spdx-id",
+              "score": 100.0,
+              "matched_length": 10,
+              "match_coverage": 100.0,
+              "rule_relevance": 100,
+              "rule_identifier": "spdx-license-identifier-cc0_1_0_or_mit_0_or_apache_2_0-f44a2ec174eb034bd3c662f728664281e507b20d",
+              "rule_url": null,
+              "matched_text": "CC0-1.0 OR MIT-0 OR Apache-2.0"
+            }
+          ],
+          "identifier": "cc0_1_0_or_mit_0_or_apache_2_0-3f14dd48-7cd8-cf28-d4e1-3b0174a587ee"
+        }
+      ],
+      "other_license_expression": null,
+      "other_license_expression_spdx": null,
+      "other_license_detections": [],
+      "extracted_license_statement": "CC0-1.0 OR MIT-0 OR Apache-2.0",
+      "notice_text": null,
+      "source_packages": [],
+      "is_private": false,
+      "is_virtual": false,
+      "extra_data": {
+        "documentation_url": "https://docs.rs/constant_time_eq",
+        "rust_version": "1.85.0",
+        "rust_edition": "2024"
+      },
+      "repository_homepage_url": "https://crates.io/crates/constant_time_eq",
+      "repository_download_url": "https://crates.io/api/v1/crates/constant_time_eq/0.4.2/download",
+      "api_data_url": "https://crates.io/api/v1/crates/constant_time_eq",
+      "package_uid": "pkg:cargo/constant_time_eq@0.4.2?uuid=fixed-uid-done-for-testing-5642512d1758",
+      "datafile_paths": [
+        "Cargo.toml"
+      ],
+      "datasource_ids": [
+        "cargo_toml"
+      ],
+      "purl": "pkg:cargo/constant_time_eq@0.4.2"
+    }
+  ],
+  "dependencies": [
+    {
+      "purl": "pkg:cargo/criterion",
+      "extracted_requirement": "0.5.1",
+      "scope": "dev-dependencies",
+      "is_runtime": false,
+      "is_optional": false,
+      "is_pinned": false,
+      "is_direct": true,
+      "resolved_package": {},
+      "extra_data": {
+        "version": "0.5.1",
+        "features": [
+          "cargo_bench_support",
+          "html_reports"
+        ]
+      },
+      "dependency_uid": "pkg:cargo/criterion?uuid=fixed-uid-done-for-testing-5642512d1758",
+      "for_package_uid": "pkg:cargo/constant_time_eq@0.4.2?uuid=fixed-uid-done-for-testing-5642512d1758",
+      "datafile_path": "Cargo.toml",
+      "datasource_id": "cargo_toml"
+    },
+    {
+      "purl": "pkg:cargo/count_instructions",
+      "extracted_requirement": "0.2.0",
+      "scope": "dev-dependencies",
+      "is_runtime": false,
+      "is_optional": false,
+      "is_pinned": false,
+      "is_direct": true,
+      "resolved_package": {},
+      "extra_data": {},
+      "dependency_uid": "pkg:cargo/count_instructions?uuid=fixed-uid-done-for-testing-5642512d1758",
+      "for_package_uid": "pkg:cargo/constant_time_eq@0.4.2?uuid=fixed-uid-done-for-testing-5642512d1758",
+      "datafile_path": "Cargo.toml",
+      "datasource_id": "cargo_toml"
+    }
+  ],
   "files": [
     {
       "path": "Cargo.toml",
@@ -119,8 +244,10 @@
           "purl": "pkg:cargo/constant_time_eq@0.4.2"
         }
       ],
-      "for_packages": [],
+      "for_packages": [
+        "pkg:cargo/constant_time_eq@0.4.2?uuid=fixed-uid-done-for-testing-5642512d1758"
+      ],
       "scan_errors": []
     }
   ]
-}
+}