Fix reliability issues seen in DotNet experiment (#1382)

Author: ericstj

src/Microsoft.ComponentDetection.Detectors/dotnet/DotNetComponentDetector.cs

@@ -26,6 +26,7 @@ public class DotNetComponentDetector : FileComponentDetector, IExperimentalDetec
     private readonly IPathUtilityService pathUtilityService;
     private readonly LockFileFormat lockFileFormat = new();
     private readonly ConcurrentDictionary<string, string?> sdkVersionCache = [];
+    private readonly JsonDocumentOptions jsonDocumentOptions = new() { CommentHandling = JsonCommentHandling.Skip };
     private string? sourceDirectory;
     private string? sourceFileRootDirectory;
 
@@ -137,6 +138,12 @@ protected override async Task OnFileFoundAsync(ProcessRequest processRequest, ID
     {
         var lockFile = this.lockFileFormat.Read(processRequest.ComponentStream.Stream, processRequest.ComponentStream.Location);
 
+        if (lockFile.PackageSpec is null)
+        {
+            this.Logger.LogWarning("Lock file {LockFilePath} does not contain a PackageSpec.", processRequest.ComponentStream.Location);
+            return;
+        }
+
         var projectAssetsDirectory = this.pathUtilityService.GetParentDirectory(processRequest.ComponentStream.Location);
         var projectPath = lockFile.PackageSpec.RestoreMetadata.ProjectPath;
         var projectOutputPath = lockFile.PackageSpec.RestoreMetadata.OutputPath;
@@ -184,24 +191,31 @@ protected override async Task OnFileFoundAsync(ProcessRequest processRequest, ID
 
     private string? GetProjectType(string projectOutputPath, string projectName, CancellationToken cancellationToken)
     {
-        if (this.directoryUtilityService.Exists(projectOutputPath))
+        if (this.directoryUtilityService.Exists(projectOutputPath) &&
+            projectName is not null &&
+            projectName.IndexOfAny(Path.GetInvalidFileNameChars()) == -1)
         {
-            var namePattern = projectName ?? "*";
-
-            // look for the compiled output, first as dll then as exe.
-            var candidates = this.directoryUtilityService.EnumerateFiles(projectOutputPath, namePattern + ".dll", SearchOption.AllDirectories)
-                     .Concat(this.directoryUtilityService.EnumerateFiles(projectOutputPath, namePattern + ".exe", SearchOption.AllDirectories));
-            foreach (var candidate in candidates)
+            try
             {
-                try
+                // look for the compiled output, first as dll then as exe.
+                var candidates = this.directoryUtilityService.EnumerateFiles(projectOutputPath, projectName + ".dll", SearchOption.AllDirectories)
+                        .Concat(this.directoryUtilityService.EnumerateFiles(projectOutputPath, projectName + ".exe", SearchOption.AllDirectories));
+                foreach (var candidate in candidates)
                 {
-                    return this.IsApplication(candidate) ? "application" : "library";
-                }
-                catch (Exception e)
-                {
-                    this.Logger.LogWarning("Failed to open output assembly {AssemblyPath} error {Message}.", candidate, e.Message);
+                    try
+                    {
+                        return this.IsApplication(candidate) ? "application" : "library";
+                    }
+                    catch (Exception e)
+                    {
+                        this.Logger.LogWarning("Failed to open output assembly {AssemblyPath} error {Message}.", candidate, e.Message);
+                    }
                 }
             }
+            catch (IOException e)
+            {
+                this.Logger.LogWarning("Failed to enumerate output directory {OutputPath} error {Message}.", projectOutputPath, e.Message);
+            }
         }
 
         return null;
@@ -246,7 +260,7 @@ private bool IsApplication(string assemblyPath)
 
             if (string.IsNullOrWhiteSpace(sdkVersion))
             {
-                var globalJson = await JsonDocument.ParseAsync(this.fileUtilityService.MakeFileStream(globalJsonPath), cancellationToken: cancellationToken);
+                var globalJson = await JsonDocument.ParseAsync(this.fileUtilityService.MakeFileStream(globalJsonPath), cancellationToken: cancellationToken, options: this.jsonDocumentOptions).ConfigureAwait(false);
                 if (globalJson.RootElement.TryGetProperty("sdk", out var sdk))
                 {
                     if (sdk.TryGetProperty("version", out var version))
@@ -256,14 +270,21 @@ private bool IsApplication(string assemblyPath)
                 }
             }
 
-            var globalJsonComponent = new DetectedComponent(new DotNetComponent(sdkVersion));
-            var recorder = this.ComponentRecorder.CreateSingleFileComponentRecorder(globalJsonPath);
-            recorder.RegisterUsage(globalJsonComponent, isExplicitReferencedDependency: true);
+            if (!string.IsNullOrWhiteSpace(sdkVersion))
+            {
+                var globalJsonComponent = new DetectedComponent(new DotNetComponent(sdkVersion));
+                var recorder = this.ComponentRecorder.CreateSingleFileComponentRecorder(globalJsonPath);
+                recorder.RegisterUsage(globalJsonComponent, isExplicitReferencedDependency: true);
+                return sdkVersion;
+            }
+
+            // global.json may be malformed, or the sdk version may not be specified.
         }
-        else if (projectDirectory.Equals(this.sourceDirectory, StringComparison.OrdinalIgnoreCase) ||
-                 projectDirectory.Equals(this.sourceFileRootDirectory, StringComparison.OrdinalIgnoreCase) ||
-                 string.IsNullOrEmpty(parentDirectory) ||
-                 projectDirectory.Equals(parentDirectory, StringComparison.OrdinalIgnoreCase))
+
+        if (projectDirectory.Equals(this.sourceDirectory, StringComparison.OrdinalIgnoreCase) ||
+            projectDirectory.Equals(this.sourceFileRootDirectory, StringComparison.OrdinalIgnoreCase) ||
+            string.IsNullOrEmpty(parentDirectory) ||
+            projectDirectory.Equals(parentDirectory, StringComparison.OrdinalIgnoreCase))
         {
             // if we are at the source directory, source file root, or have reached a root directory, run `dotnet --version`
             // this could fail if dotnet is not on the path, or if the global.json is malformed

src/Microsoft.ComponentDetection.Detectors/nuget/NuGetProjectModelProjectCentricComponentDetector.cs

@@ -92,7 +92,8 @@ protected override Task OnFileFoundAsync(ProcessRequest processRequest, IDiction
 
             if (lockFile.PackageSpec == null)
             {
-                throw new FormatException("Lockfile did not contain a PackageSpec");
+                this.Logger.LogWarning("Lock file {LockFilePath} does not contain a PackageSpec.", processRequest.ComponentStream.Location);
+                return Task.CompletedTask;
             }
 
             var explicitReferencedDependencies = this.GetTopLevelLibraries(lockFile)

test/Microsoft.ComponentDetection.Detectors.Tests/DotNetComponentDetectorTests.cs

@@ -223,6 +223,19 @@ private static Stream GlobalJson(string sdkVersion)
         return stream;
     }
 
+    private static Stream StreamFromString(string content)
+    {
+        var stream = new MemoryStream();
+        using (var writer = new StreamWriter(stream, leaveOpen: true))
+        {
+            writer.Write(content);
+            writer.Flush();
+            stream.Position = 0;
+        }
+
+        return stream;
+    }
+
     [TestMethod]
     public async Task TestDotNetDetectorWithNoFiles_ReturnsSuccessfullyAsync()
     {
@@ -256,6 +269,70 @@ public async Task TestDotNetDetectorGlobalJson_ReturnsSDKVersion()
         discoveredComponents.Where(component => component.Component.Id == "42.0.800 net8.0 unknown - DotNet").Should().ContainSingle();
     }
 
+    [TestMethod]
+    public async Task TestDotNetDetectorGlobalJsonWithComments_ReturnsSDKVersion()
+    {
+        var projectPath = Path.Combine(RootDir, "path", "to", "project");
+        var projectAssets = ProjectAssets("projectName", "does-not-exist", projectPath, "net8.0");
+
+        var globalJson = StreamFromString("""
+        // comment
+        {
+            // comment
+            "sdk": {
+                // comment
+                "version": "8.2.100"
+            }
+        }
+        """);
+        this.AddFile(projectPath, null);
+        this.AddFile(Path.Combine(RootDir, "path", "global.json"), globalJson);
+        this.SetCommandResult(-1);
+
+        var (scanResult, componentRecorder) = await this.DetectorTestUtility
+            .WithFile("project.assets.json", projectAssets)
+            .ExecuteDetectorAsync();
+
+        scanResult.ResultCode.Should().Be(ProcessingResultCode.Success);
+
+        var detectedComponents = componentRecorder.GetDetectedComponents();
+        detectedComponents.Should().HaveCount(2);
+
+        var discoveredComponents = detectedComponents.ToArray();
+        discoveredComponents.Where(component => component.Component.Id == "8.2.100 unknown unknown - DotNet").Should().ContainSingle();
+        discoveredComponents.Where(component => component.Component.Id == "8.2.100 net8.0 unknown - DotNet").Should().ContainSingle();
+    }
+
+    [TestMethod]
+    public async Task TestDotNetDetectorGlobalJsonWithoutVersion()
+    {
+        var projectPath = Path.Combine(RootDir, "path", "to", "project");
+        var projectAssets = ProjectAssets("projectName", "does-not-exist", projectPath, "net8.0");
+        var globalJson = StreamFromString("""
+        {
+            "msbuild-sdks": {
+                "Microsoft.Build.NoTargets": "3.5.0",
+                "Microsoft.DotNet.Arcade.Sdk": "10.0.0-beta.25206.1"
+            }
+        }
+        """);
+        this.AddFile(projectPath, null);
+        this.AddFile(Path.Combine(RootDir, "path", "global.json"), globalJson);
+        this.SetCommandResult(-1);
+
+        var (scanResult, componentRecorder) = await this.DetectorTestUtility
+            .WithFile("project.assets.json", projectAssets)
+            .ExecuteDetectorAsync();
+
+        scanResult.ResultCode.Should().Be(ProcessingResultCode.Success);
+
+        var detectedComponents = componentRecorder.GetDetectedComponents();
+        detectedComponents.Should().ContainSingle();
+
+        var discoveredComponents = detectedComponents.ToArray();
+        discoveredComponents.Where(component => component.Component.Id == "unknown net8.0 unknown - DotNet").Should().ContainSingle();
+    }
+
     [TestMethod]
     public async Task TestDotNetDetectorGlobalJsonRollForward_ReturnsSDKVersion()
     {
@@ -370,6 +447,29 @@ public async Task TestDotNetDetectorNoGlobalJsonNoDotnet_ReturnsUnknownVersion()
         discoveredComponents.Where(component => component.Component.Id == "unknown net8.0 unknown - DotNet").Should().ContainSingle();
     }
 
+    [TestMethod]
+    public async Task TestDotNetDetectorInvalidProjectName_ReturnsUnknownVersion()
+    {
+        var projectPath = Path.Combine(RootDir, "path", "to", "project");
+        var outputPath = Path.Combine(projectPath, "obj");
+        var projectAssets = ProjectAssets("/foo/bar/projectName", outputPath, projectPath, "net8.0");
+        this.AddFile(projectPath, null);
+        this.AddDirectory(outputPath);
+        this.SetCommandResult(-1);
+
+        var (scanResult, componentRecorder) = await this.DetectorTestUtility
+            .WithFile("project.assets.json", projectAssets)
+            .ExecuteDetectorAsync();
+
+        scanResult.ResultCode.Should().Be(ProcessingResultCode.Success);
+
+        var detectedComponents = componentRecorder.GetDetectedComponents();
+        detectedComponents.Should().ContainSingle();
+
+        var discoveredComponents = detectedComponents.ToArray();
+        discoveredComponents.Where(component => component.Component.Id == "unknown net8.0 unknown - DotNet").Should().ContainSingle();
+    }
+
     [TestMethod]
     public async Task TestDotNetDetectorMultipleTargetFrameworks()
     {