Skip to content

Commit 4d47630

Browse files
Monal-ReddyMonal-Reddy
committed
Fix #1791: Ignore NuGet metadata files in extracted .nupkg archives
Fixes #1791 Fix #1791: Ignore NuGet metadata files in extracted .nupkg archives
1 parent 6f46783 commit 4d47630

4 files changed

Lines changed: 38 additions & 1 deletion

File tree

scanpipe/pipelines/__init__.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,7 @@ def flag_ignored_resources(self):
7777
if isinstance(ignored_patterns, str):
7878
ignored_patterns = ignored_patterns.splitlines()
7979
ignored_patterns.extend(flag.DEFAULT_IGNORED_PATTERNS)
80+
ignored_patterns.extend(flag.NUGET_IGNORED_PATTERNS)
8081

8182
flag.flag_ignored_patterns(
8283
codebaseresources=self.project.codebaseresources.no_status(),

scanpipe/pipes/flag.py

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,19 @@
7777
"*/policies.yml",
7878
"*/__MACOSX*", # macOS metadata folder
7979
]
80+
# NuGet ecosystem files that are not useful for analysis when found inside
81+
# extracted .nupkg archives.
82+
NUGET_IGNORED_PATTERNS = [
83+
"*_rels/.rels",
84+
"*Content_Types*.xml",
85+
"*package/services/metadata*",
86+
"*.signature.p7s",
87+
"*.runtimeconfig.json",
88+
"*.dll.config",
89+
"*.exe.config",
90+
"*.shasum",
91+
"*.png",
92+
]
8093

8194

8295
def flag_empty_files(project):

scanpipe/tests/pipes/test_flag.py

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,8 @@
2020
# ScanCode.io is a free software code scanning tool from nexB Inc. and others.
2121
# Visit https://github.com/nexB/scancode.io for support and download.
2222

23+
from fnmatch import fnmatch
24+
2325
from django.test import TestCase
2426

2527
from scanpipe import pipes
@@ -137,3 +139,20 @@ def test_scanpipe_pipes_flag_flag_mapped_resources(self):
137139
self.resource2.refresh_from_db()
138140
self.assertEqual("mapped", self.resource1.status)
139141
self.assertEqual("mapped", self.resource2.status)
142+
143+
def test_nuget_ignored_patterns_match_expected_files(self):
144+
paths = [
145+
"package/_rels/.rels",
146+
"package/[Content_Types].xml",
147+
"package/services/metadata/core-properties",
148+
"foo.runtimeconfig.json",
149+
"bar.dll.config",
150+
"baz.exe.config",
151+
"test.shasum",
152+
"image.png",
153+
]
154+
for path in paths:
155+
matched = any(
156+
fnmatch(path, pattern) for pattern in flag.NUGET_IGNORED_PATTERNS
157+
)
158+
self.assertTrue(matched, path)

scanpipe/tests/test_pipelines.py

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -427,7 +427,11 @@ def test_scanpipe_pipeline_class_flag_ignored_resources(self):
427427
pipeline.flag_ignored_resources()
428428

429429
mock_flag.assert_called_once()
430-
patterns_args = ["*.ext", *flag.DEFAULT_IGNORED_PATTERNS]
430+
patterns_args = [
431+
"*.ext",
432+
*flag.DEFAULT_IGNORED_PATTERNS,
433+
*flag.NUGET_IGNORED_PATTERNS,
434+
]
431435
self.assertEqual(mock_flag.mock_calls[0].kwargs["patterns"], patterns_args)
432436
self.assertEqual(mock_flag.mock_calls[0].kwargs["codebaseresources"].count(), 0)
433437

0 commit comments

Comments
 (0)