Add Supplier/License info to RustCli Cargo Components. (#940)

* Add Supplier/License info to RustCli Cargo Components. * Address feedback. * Fix input for test * Add extra check for empty array of authors. --------- Co-authored-by: Sebastian Gomez <segomez@microsoft.com>
microsoft · Jan 10, 2024 · 2b824d2 · 2b824d2
1 parent 0923d09
commit 2b824d2
Show file tree

Hide file tree

Showing 3 changed files with 428 additions and 4 deletions.
diff --git a/src/Microsoft.ComponentDetection.Contracts/TypedComponent/CargoComponent.cs b/src/Microsoft.ComponentDetection.Contracts/TypedComponent/CargoComponent.cs
@@ -1,5 +1,6 @@
 namespace Microsoft.ComponentDetection.Contracts.TypedComponent;
 
+using Newtonsoft.Json;
 using PackageUrl;
 
 public class CargoComponent : TypedComponent
@@ -9,16 +10,26 @@ private CargoComponent()
         // reserved for deserialization
     }
 
-    public CargoComponent(string name, string version)
+    public CargoComponent(string name, string version, string author = null, string license = null)
     {
         this.Name = this.ValidateRequiredInput(name, nameof(this.Name), nameof(ComponentType.Cargo));
         this.Version = this.ValidateRequiredInput(version, nameof(this.Version), nameof(ComponentType.Cargo));
+        this.Author = author;
+        this.License = license;
     }
 
     public string Name { get; set; }
 
     public string Version { get; set; }
 
+#nullable enable
+    [JsonProperty(NullValueHandling = NullValueHandling.Ignore)]
+    public string? Author { get; set; }
+
+    [JsonProperty(NullValueHandling = NullValueHandling.Ignore)]
+    public string? License { get; set; }
+#nullable disable
+
     public override ComponentType Type => ComponentType.Cargo;
 
     public override string Id => $"{this.Name} {this.Version} - {this.Type}";

diff --git a/src/Microsoft.ComponentDetection.Detectors/rust/RustCliDetector.cs b/src/Microsoft.ComponentDetection.Detectors/rust/RustCliDetector.cs
@@ -84,6 +84,13 @@ protected override async Task OnFileFoundAsync(ProcessRequest processRequest, ID
 
             var metadata = CargoMetadata.FromJson(cliResult.StdOut);
             var graph = BuildGraph(metadata);
+
+            var packages = metadata.Packages.ToDictionary(
+                x => $"{x.Name} {x.Version}",
+                x => (
+                    (x.Authors == null || x.Authors.Any(a => string.IsNullOrWhiteSpace(a)) || !x.Authors.Any()) ? null : string.Join(", ", x.Authors),
+                    string.IsNullOrWhiteSpace(x.License) ? null : x.License));
+
             var root = metadata.Resolve.Root;
 
             // A cargo.toml can be used to declare a workspace and not a package (A Virtual Manifest).
@@ -95,7 +102,7 @@ protected override async Task OnFileFoundAsync(ProcessRequest processRequest, ID
                 return;
             }
 
-            this.TraverseAndRecordComponents(processRequest.SingleFileComponentRecorder, componentStream.Location, graph, root, null, null);
+            this.TraverseAndRecordComponents(processRequest.SingleFileComponentRecorder, componentStream.Location, graph, root, null, null, packages);
         }
         catch (InvalidOperationException e)
         {
@@ -118,13 +125,19 @@ private void TraverseAndRecordComponents(
         string id,
         DetectedComponent parent,
         Dep depInfo,
+        IReadOnlyDictionary<string, (string Authors, string License)> packagesMetadata,
         bool explicitlyReferencedDependency = false)
     {
         try
         {
             var isDevelopmentDependency = depInfo?.DepKinds.Any(x => x.Kind is Kind.Dev) ?? false;
             var (name, version) = ParseNameAndVersion(id);
-            var detectedComponent = new DetectedComponent(new CargoComponent(name, version));
+
+            var (authors, license) = packagesMetadata.TryGetValue($"{name} {version}", out var package)
+                ? package
+                : (null, null);
+
+            var detectedComponent = new DetectedComponent(new CargoComponent(name, version, authors, license));
 
             recorder.RegisterUsage(
                 detectedComponent,
@@ -140,7 +153,7 @@ private void TraverseAndRecordComponents(
 
             foreach (var dep in node.Deps)
             {
-                this.TraverseAndRecordComponents(recorder, location, graph, dep.Pkg, detectedComponent, dep, parent == null);
+                this.TraverseAndRecordComponents(recorder, location, graph, dep.Pkg, detectedComponent, dep, packagesMetadata, parent == null);
             }
         }
         catch (IndexOutOfRangeException e)