Fix Windows Gradle manifests incorrectly retained (#1553)

This change fixes a bug that is specific to Windows systems. When legacy
Gradle (prior to v7.0.0) lockfiles exist (e.g.,
`gradle/dependency-locks/*.lockfile`) along with a manifest at a higher
level, the manifest is meant to be ignored when finding dependency files
to analyze. However, on Windows systems this was not the case before
this change. Instead, both the manifest and the lockfiles were retained.
After this change, only the lockfiles are retained when both are
present.

A failing test was added first to confirm the incorrect behavior. Then,
a change was made to handle paths as `Path` objects instead of strings.
That way, the generic `/` path separator character will be used
correctly regardless of the runtime system.

Additionally, an error message was updated to reflect the correct
dependency file language for Gradle parsing errors.

Author: maxrake

CHANGELOG.md

@@ -13,6 +13,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Support for C#'s `packages.*.config` lockfile type
 - `phylum firewall log` command to browse firewall activity log
 
+### Fixed
+
+- Gradle manifests incorrectly retained on Windows
+
 ## 7.1.5 - 2024-11-26
 
 ### Fixed

lockfile/src/java.rs

@@ -26,7 +26,7 @@ impl Parse for GradleLock {
         let (_, entries) = gradle_dep::parse(data)
             .finish()
             .map_err(|e| anyhow!(convert_error(data, e)))
-            .context("Failed to parse requirements file")?;
+            .context("Failed to parse gradle lockfile")?;
         Ok(entries)
     }
 

lockfile/src/lib.rs

@@ -372,9 +372,8 @@ pub fn find_depfiles_at(root: impl AsRef<Path>) -> Vec<(PathBuf, LockfileFormat)
             // Legacy Gradle (before v7) lockfiles are in a subdirectory,
             // so we truncate these directories to get the effective
             // directory these lockfiles were created for.
-            let dir_str = lockfile_dir.to_string_lossy();
             if lockfile_format == &LockfileFormat::Gradle
-                && dir_str.ends_with("/gradle/dependency-locks")
+                && lockfile_dir.ends_with("gradle/dependency-locks")
             {
                 lockfile_dir = lockfile_dir.parent().unwrap().parent().unwrap();
             }
@@ -764,4 +763,42 @@ mod tests {
         let expected = vec![(tempdir.path().join("go.mod"), LockfileFormat::GoMod)];
         assert_eq!(lockable_files, expected);
     }
+
+    #[test]
+    fn skip_build_gradle_with_legacy_lockfiles() {
+        // Create desired directory structure.
+        let tempdir = tempfile::tempdir().unwrap();
+        let files = [
+            tempdir.path().join("build.gradle"),
+            tempdir.path().join("gradle/dependency-locks/compile.lockfile"),
+            tempdir.path().join("gradle/dependency-locks/default.lockfile"),
+            tempdir.path().join("gradle/dependency-locks/runtime.lockfile"),
+        ];
+        for file in &files {
+            let dir = file.parent().unwrap();
+            fs::create_dir_all(dir).unwrap();
+            File::create(file).unwrap();
+        }
+
+        // Find lockfiles.
+        let mut lockfiles = find_depfiles_at(tempdir.path());
+
+        // Compare results.
+        lockfiles.sort_unstable();
+        let expected = vec![
+            (
+                tempdir.path().join("gradle/dependency-locks/compile.lockfile"),
+                LockfileFormat::Gradle,
+            ),
+            (
+                tempdir.path().join("gradle/dependency-locks/default.lockfile"),
+                LockfileFormat::Gradle,
+            ),
+            (
+                tempdir.path().join("gradle/dependency-locks/runtime.lockfile"),
+                LockfileFormat::Gradle,
+            ),
+        ];
+        assert_eq!(lockfiles, expected);
+    }
 }