Skip to content

Commit f151717

Browse files
valentijnscholtenvalentijnscholten
committed
Compose Metadata Analyzer: Use v2 URL refactor2
Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com>
1 parent 24ed533 commit f151717

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

src/main/java/org/dependencytrack/tasks/repositories/ComposerMetaAnalyzer.java

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -70,11 +70,11 @@ public class ComposerMetaAnalyzer extends AbstractMetaAnalyzer {
7070
*
7171
* - security-advisories: very relevant, but only in a VulnerabilityAnalyzer (or mirrored VulnerabilitySource) context
7272
*
73+
* - providers-lazy-url: old v1 construct for which I haven't seen any example, in v2 the metadata-url is used for this. seems like it's not relevant for DT
7374
* - list: returns only package names, seems like repo.packagist.org (and .com?) are the only ones implementing it
7475
* - providers-api: not relevant
7576
* - notify-batch: not relevant
7677
* - providers-url and provider-includes: only relevant to check hashes, so not relevant for DT currently. Replaced by metadata-url in V2 repositories.
77-
* - providers-lazy-url: not relevant
7878
* - providers-api: not relevant
7979
* - search: not relevant
8080
*/
@@ -105,17 +105,17 @@ public MetaModel analyze(final Component component) {
105105
return new MetaModel(component);
106106
}
107107

108-
final JSONObject repoRoot = getReportRoot();
108+
final JSONObject repoRoot = getRepoRoot();
109109
if (repoRoot == null || !repoRoot.has("metadata-url")) {
110-
// absence of metadat-url implies V2 repository
110+
// absence of metadat-url implies V1 repository
111111
return analyzeFromMetadataUrl(component, PACKAGE_META_DATA_PATH_PATTERN_V1);
112112
}
113113

114114
final String packageMetaDataPathPattern = repoRoot.getString("metadata-url");
115115
return analyzeFromMetadataUrl(component, packageMetaDataPathPattern);
116116
}
117117

118-
private JSONObject getReportRoot() {
118+
private JSONObject getRepoRoot() {
119119
// Code mimicksed from https://github.com/composer/composer/blob/main/src/Composer/Repository/ComposerRepository.php
120120
// Retrieve packages.json file, which must be present even for V1 repositories
121121
final String packageJsonUrl = baseUrl + "/packages.json";

0 commit comments

Comments
 (0)