Refine NuGet nuspec dependency extraction

Factor out common code in function, also include framework
and set dependency flags accordingly.

Reference: #2308
Reference: #648
Signed-off-by: Philippe Ombredanne <[email protected]>

Author: pombredanne

src/packagedcode/nuget.py

@@ -8,96 +8,75 @@
 #
 
 import xmltodict
+from packageurl import PackageURL
 
 from packagedcode import models
 from packagedcode.utils import build_description
 
-
 """
 Handle NuGet packages and their manifests.
 """
 
-# TODO: Add section to handle dependencies of dependencies
-
 
 def get_dependencies(nuspec):
     """
-    Return a list of Dependent package objects found in a NuGet `nuspec` object.
+    Yield DependentPackage found in a NuGet ``nuspec`` object.
+    """
+    # This is either a list of dependency or a list of group/dependency
+    # or a single dep or a single group mapping
+
+    dependencies = nuspec.get('dependencies') or []
+    if isinstance(dependencies, dict):
+        # wrap the mapping in a list if we have more than one dependencies
+        dependencies = [dependencies]
+
+    for depends in dependencies:
+        groups = depends.get('group') or []
+        if groups:
+            if isinstance(groups, dict):
+                # wrap the mapping in a list
+                groups = [groups]
+
+            for group in groups:
+                extra_data = dict(framework=group['@targetFramework'])
+                deps = group.get('dependency') or []
+                yield from _get_dep_packs(deps, extra_data)
+        else:
+            # {'dependency': {'@id': 'jQuery', '@version': '1.9.1'}}
+            deps = depends.get('dependency') or []
+            yield from _get_dep_packs(deps, extra_data={})
+
+
+def _get_dep_packs(deps, extra_data):
     """
-    dependencies = []
-    try:
-        if "dependencies" in nuspec:
-            if "group" in nuspec["dependencies"]:
-                for group in nuspec["dependencies"]["group"]:
-                    if "dependency" in group:
-                        for dependency in group["dependency"]:
-                            #dependencies.append(dependency)
-                            dpurl = models.PackageURL(
-                            type='nuget',
-                            namespace=None,
-                            name=dependency.get("@id"),
-                            version=dependency.get("@version"),
-                            qualifiers=None
-                        )
-                            dep_pack = models.DependentPackage(
-                            purl=str(dpurl),
-                            extracted_requirement=dependency.get("@version"),
-                            scope="dependency",
-                            is_runtime=False,
-                            is_optional=False,
-                            is_resolved=True,
-                        )
-
-                            dependencies.append(dep_pack)
-                            
-            if "dependency" in nuspec.get("dependencies"):
-                if "@id" and "@version" in nuspec.get("dependencies").get("dependency"):
-                    dpurl = models.PackageURL(
-                        type='nuget',
-                        namespace=None,
-                        name=nuspec.get("dependencies").get(
-                            "dependency").get("@id"),
-                        version=nuspec.get("dependencies").get(
-                            "dependency").get("@version"),
-                        qualifiers=None
-                    )
-                    dep_pack = models.DependentPackage(
-                        purl=str(dpurl),
-                        extracted_requirement=nuspec.get("dependencies").get(
-                            "dependency").get("@version"),
-                        scope="dependency",
-                        is_runtime=False,
-                        is_optional=False,
-                        is_resolved=True,
-                    )
-
-                    dependencies.append(dep_pack)
-
-                else:
-                    for dependency in nuspec.get("dependencies").get("dependency"):
-                        dpurl = models.PackageURL(
-                            type='nuget',
-                            namespace=None,
-                            name=dependency.get("@id"),
-                            version=dependency.get("@version"),
-                            qualifiers=None
-                        )
-                        dep_pack = models.DependentPackage(
-                            purl=str(dpurl),
-                            extracted_requirement=dependency.get(
-                                "@version"),
-                            scope="dependency",
-                            is_runtime=False,
-                            is_optional=False,
-                            is_resolved=True,
-                        )
-                        dependencies.append(dep_pack)
-
-        return dependencies
-
-    except Exception as e:
-        print(e)
-        return dependencies
+    Yield DependentPackage found in a NuGet ``deps`` mapping or list of mappings.
+    """
+    if not deps:
+        return
+
+    if isinstance(deps, dict):
+        # wrap the mapping in a list
+        deps = [deps]
+
+    for dep in deps:
+        extra = dict(extra_data) or {}
+        include = dep.get('@include')
+        if include:
+            extra['include'] = include
+        exclude = dep.get('@exclude')
+        if exclude:
+            extra['exclude'] = exclude
+
+        yield models.DependentPackage(
+            purl=str(PackageURL(type='nuget', name=dep.get('@id'))),
+            # this is a range, not a version
+            extracted_requirement=dep.get('@version'),
+            scope='dependency',
+            is_runtime=True,
+            is_optional=False,
+            is_resolved=False,
+            extra_data=extra,
+        )
 
 
 def get_urls(name, version, **kwargs):
@@ -144,15 +123,14 @@ def parse(cls, location):
 
         # Summary: A short description of the package for UI display. If omitted, a
         # truncated version of description is used.
-        description = build_description(
-            nuspec.get('summary'), nuspec.get('description'))
+        description = build_description(nuspec.get('summary'), nuspec.get('description'))
 
         # title: A human-friendly title of the package, typically used in UI
         # displays as on nuget.org and the Package Manager in Visual Studio. If not
         # specified, the package ID is used.
         title = nuspec.get('title')
         if title and title != name:
-            description = build_description(nuspec.get('title'), description)
+            description = build_description(title, description)
 
         parties = []
         authors = nuspec.get('authors')
@@ -181,11 +159,10 @@ def parse(cls, location):
         # This is a SPDX license expression
         if 'license' in nuspec:
             extracted_license_statement = nuspec.get('license')
-            # TODO: try to convert to normal license expression
         # Deprecated and not a license expression, just a URL
         elif 'licenseUrl' in nuspec:
             extracted_license_statement = nuspec.get('licenseUrl')
- 
+
         yield models.PackageData(
             datasource_id=cls.datasource_id,
             type=cls.default_package_type,
@@ -194,7 +171,7 @@ def parse(cls, location):
             description=description or None,
             homepage_url=nuspec.get('projectUrl') or None,
             parties=parties,
-            dependencies=get_dependencies(nuspec),
+            dependencies=list(get_dependencies(nuspec)),
             extracted_license_statement=extracted_license_statement,
             copyright=nuspec.get('copyright') or None,
             vcs_url=vcs_url,