feat(nuget): add dependency check for inside group tags

bloodhoundGit · bloodhoundGit · commit 6049c36b99aa · 2022-11-18T13:32:20.000+10:00
1. update code to look for dependencies in a group as well
    2. update nuget test data with dependency data

Signed-off-by: Abedin Poonawala &lt;abedinp@securestack.com&gt;
diff --git a/src/packagedcode/nuget.py b/src/packagedcode/nuget.py
@@ -27,6 +27,29 @@ def get_dependencies(nuspec):
     dependencies = []
     try:
         if "dependencies" in nuspec:
+            if "group" in nuspec["dependencies"]:
+                for group in nuspec["dependencies"]["group"]:
+                    if "dependency" in group:
+                        for dependency in group["dependency"]:
+                            #dependencies.append(dependency)
+                            dpurl = models.PackageURL(
+                            type='nuget',
+                            namespace=None,
+                            name=dependency.get("@id"),
+                            version=dependency.get("@version"),
+                            qualifiers=None
+                        )
+                            dep_pack = models.DependentPackage(
+                            purl=str(dpurl),
+                            extracted_requirement=dependency.get("@version"),
+                            scope="dependency",
+                            is_runtime=False,
+                            is_optional=False,
+                            is_resolved=True,
+                        )
+
+                            dependencies.append(dep_pack)
+                            
             if "dependency" in nuspec.get("dependencies"):
                 if "@id" and "@version" in nuspec.get("dependencies").get("dependency"):
                     dpurl = models.PackageURL(
diff --git a/tests/packagedcode/data/nuget/Castle.Core.nuspec.json.expected b/tests/packagedcode/data/nuget/Castle.Core.nuspec.json.expected
@@ -43,7 +43,108 @@
     "source_packages": [],
     "file_references": [],
     "extra_data": {},
-    "dependencies": [],
+    "dependencies": [
+                  {
+              "purl": "pkg:nuget/NETStandard.Library@1.6.1",
+              "extracted_requirement": "1.6.1",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/System.Diagnostics.TraceSource@4.3.0",
+              "extracted_requirement": "4.3.0",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/System.Reflection.TypeExtensions@4.3.0",
+              "extracted_requirement": "4.3.0",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/System.Xml.XmlDocument@4.3.0",
+              "extracted_requirement": "4.3.0",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/System.Dynamic.Runtime@4.3.0",
+              "extracted_requirement": "4.3.0",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/System.Reflection@4.3.0",
+              "extracted_requirement": "4.3.0",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/System.Reflection.Emit@4.3.0",
+              "extracted_requirement": "4.3.0",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/System.Collections.Specialized@4.3.0",
+              "extracted_requirement": "4.3.0",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/System.ComponentModel@4.3.0",
+              "extracted_requirement": "4.3.0",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/System.ComponentModel.TypeConverter@4.3.0",
+              "extracted_requirement": "4.3.0",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            }
+    ],
     "repository_homepage_url": "https://www.nuget.org/packages/Castle.Core/4.2.1",
     "repository_download_url": "https://www.nuget.org/api/v2/package/Castle.Core/4.2.1",
     "api_data_url": "https://api.nuget.org/v3/registration3/castle.core/4.2.1.json",
diff --git a/tests/packagedcode/data/nuget/Microsoft.AspNet.Mvc.nuspec.json.expected b/tests/packagedcode/data/nuget/Microsoft.AspNet.Mvc.nuspec.json.expected
@@ -43,7 +43,188 @@
     "source_packages": [],
     "file_references": [],
     "extra_data": {},
-    "dependencies": [],
+    "dependencies": [
+                  {
+              "purl": "pkg:nuget/Microsoft.AspNet.Mvc.ApiExplorer@6.0.0-beta7",
+              "extracted_requirement": "6.0.0-beta7",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/Microsoft.AspNet.Mvc.Cors@6.0.0-beta7",
+              "extracted_requirement": "6.0.0-beta7",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/Microsoft.AspNet.Mvc.DataAnnotations@6.0.0-beta7",
+              "extracted_requirement": "6.0.0-beta7",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/Microsoft.AspNet.Mvc.Formatters.Json@6.0.0-beta7",
+              "extracted_requirement": "6.0.0-beta7",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/Microsoft.AspNet.Mvc.Localization@6.0.0-beta7",
+              "extracted_requirement": "6.0.0-beta7",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/Microsoft.AspNet.Mvc.Razor@6.0.0-beta7",
+              "extracted_requirement": "6.0.0-beta7",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/Microsoft.AspNet.Mvc.ViewFeatures@6.0.0-beta7",
+              "extracted_requirement": "6.0.0-beta7",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/Microsoft.Framework.Caching.Memory@1.0.0-beta7",
+              "extracted_requirement": "1.0.0-beta7",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/Microsoft.Framework.DependencyInjection@1.0.0-beta7",
+              "extracted_requirement": "1.0.0-beta7",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/Microsoft.AspNet.Mvc.ApiExplorer@6.0.0-beta7",
+              "extracted_requirement": "6.0.0-beta7",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/Microsoft.AspNet.Mvc.Cors@6.0.0-beta7",
+              "extracted_requirement": "6.0.0-beta7",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/Microsoft.AspNet.Mvc.DataAnnotations@6.0.0-beta7",
+              "extracted_requirement": "6.0.0-beta7",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/Microsoft.AspNet.Mvc.Formatters.Json@6.0.0-beta7",
+              "extracted_requirement": "6.0.0-beta7",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/Microsoft.AspNet.Mvc.Localization@6.0.0-beta7",
+              "extracted_requirement": "6.0.0-beta7",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/Microsoft.AspNet.Mvc.Razor@6.0.0-beta7",
+              "extracted_requirement": "6.0.0-beta7",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/Microsoft.AspNet.Mvc.ViewFeatures@6.0.0-beta7",
+              "extracted_requirement": "6.0.0-beta7",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/Microsoft.Framework.Caching.Memory@1.0.0-beta7",
+              "extracted_requirement": "1.0.0-beta7",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/Microsoft.Framework.DependencyInjection@1.0.0-beta7",
+              "extracted_requirement": "1.0.0-beta7",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            }
+    ],
     "repository_homepage_url": "https://www.nuget.org/packages/Microsoft.AspNet.Mvc/6.0.0-beta7",
     "repository_download_url": "https://www.nuget.org/api/v2/package/Microsoft.AspNet.Mvc/6.0.0-beta7",
     "api_data_url": "https://api.nuget.org/v3/registration3/microsoft.aspnet.mvc/6.0.0-beta7.json",
diff --git a/tests/packagedcode/data/nuget/Microsoft.Net.Http.nuspec.json.expected b/tests/packagedcode/data/nuget/Microsoft.Net.Http.nuspec.json.expected
@@ -43,7 +43,28 @@
     "source_packages": [],
     "file_references": [],
     "extra_data": {},
-    "dependencies": [],
+    "dependencies": [
+            {
+              "purl": "pkg:nuget/Microsoft.Bcl@1.1.10",
+              "extracted_requirement": "1.1.10",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            },
+            {
+              "purl": "pkg:nuget/Microsoft.Bcl.Build@1.0.14",
+              "extracted_requirement": "1.0.14",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+            }
+    ],
     "repository_homepage_url": "https://www.nuget.org/packages/Microsoft.Net.Http/2.2.29",
     "repository_download_url": "https://www.nuget.org/api/v2/package/Microsoft.Net.Http/2.2.29",
     "api_data_url": "https://api.nuget.org/v3/registration3/microsoft.net.http/2.2.29.json",
diff --git a/tests/packagedcode/data/nuget/bootstrap.nuspec.json.expected b/tests/packagedcode/data/nuget/bootstrap.nuspec.json.expected
@@ -43,7 +43,18 @@
     "source_packages": [],
     "file_references": [],
     "extra_data": {},
-    "dependencies": [],
+    "dependencies": [
+       {
+              "purl": "pkg:nuget/jQuery@1.9.1",
+              "extracted_requirement": "1.9.1",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+         }
+    ],
     "repository_homepage_url": "https://www.nuget.org/packages/bootstrap/4.0.0-alpha",
     "repository_download_url": "https://www.nuget.org/api/v2/package/bootstrap/4.0.0-alpha",
     "api_data_url": "https://api.nuget.org/v3/registration3/bootstrap/4.0.0-alpha.json",
diff --git a/tests/packagedcode/data/nuget/jQuery.UI.Combined.nuspec.json.expected b/tests/packagedcode/data/nuget/jQuery.UI.Combined.nuspec.json.expected
@@ -43,7 +43,18 @@
     "source_packages": [],
     "file_references": [],
     "extra_data": {},
-    "dependencies": [],
+    "dependencies": [
+      {
+              "purl": "pkg:nuget/jQuery@1.6.4",
+              "extracted_requirement": "1.6.4",
+              "scope": "dependency",
+              "is_runtime": false,
+              "is_optional": false,
+              "is_resolved": true,
+              "resolved_package": {},
+              "extra_data": {}
+        }
+    ],
     "repository_homepage_url": "https://www.nuget.org/packages/jQuery.UI.Combined/1.11.4",
     "repository_download_url": "https://www.nuget.org/api/v2/package/jQuery.UI.Combined/1.11.4",
     "api_data_url": "https://api.nuget.org/v3/registration3/jquery.ui.combined/1.11.4.json",
