Option to exclude Poetry dependencies based on group names (#1085)

* Move Poetry test classes to the correct directory

* Option to exclude Poetry dev dependencies

* New property documentation

* More verbose property documentation

* Fix casing in documentation

* Change exluded groups type from list to set for faster lookups

Author: andrian-sevastyanov

detectable/src/main/java/com/synopsys/integration/detectable/detectables/poetry/PoetryDetectable.java

@@ -1,13 +1,15 @@
 package com.synopsys.integration.detectable.detectables.poetry;
 
 import java.io.File;
+import java.util.Set;
 
 import com.synopsys.integration.common.util.finder.FileFinder;
 import com.synopsys.integration.detectable.Detectable;
 import com.synopsys.integration.detectable.DetectableEnvironment;
 import com.synopsys.integration.detectable.detectable.DetectableAccuracyType;
 import com.synopsys.integration.detectable.detectable.annotation.DetectableInfo;
 import com.synopsys.integration.detectable.detectable.result.DetectableResult;
+import com.synopsys.integration.detectable.detectable.result.FileNotFoundDetectableResult;
 import com.synopsys.integration.detectable.detectable.result.FilesNotFoundDetectableResult;
 import com.synopsys.integration.detectable.detectable.result.PassedDetectableResult;
 import com.synopsys.integration.detectable.detectable.result.PoetryLockfileNotFoundDetectableResult;
@@ -25,17 +27,19 @@ public class PoetryDetectable extends Detectable {
     private final FileFinder fileFinder;
     private final PoetryExtractor poetryExtractor;
     private final ToolPoetrySectionParser poetrySectionParser;
+    private final PoetryOptions poetryOptions;
 
     private File pyprojectToml;
     private File poetryLock;
     private ToolPoetrySectionResult toolPoetrySectionResult;
 
-    public PoetryDetectable(DetectableEnvironment environment, FileFinder fileFinder, PoetryExtractor poetryExtractor, ToolPoetrySectionParser tomlPoetrySectionParser) {
+    public PoetryDetectable(DetectableEnvironment environment, FileFinder fileFinder, PoetryExtractor poetryExtractor, ToolPoetrySectionParser tomlPoetrySectionParser, PoetryOptions options) {
         super(environment);
         this.fileFinder = fileFinder;
         this.poetryExtractor = poetryExtractor;
         this.toolPoetrySectionResult = null;
         this.poetrySectionParser = tomlPoetrySectionParser;
+        this.poetryOptions = options;
     }
 
     @Override
@@ -59,11 +63,17 @@ public DetectableResult extractable() {
         if (poetryLock == null && pyprojectToml != null) {
             return new PoetryLockfileNotFoundDetectableResult(environment.getDirectory().getAbsolutePath());
         }
+
+        if (!poetryOptions.getExcludedGroups().isEmpty() && pyprojectToml == null) {
+            return new FileNotFoundDetectableResult(PYPROJECT_TOML_FILE_NAME);
+        }
+
         return new PassedDetectableResult();
     }
 
     @Override
     public Extraction extract(ExtractionEnvironment extractionEnvironment) {
-        return poetryExtractor.extract(poetryLock, toolPoetrySectionResult.getToolPoetrySection().orElse(null));
+        Set<String> rootPackages = poetrySectionParser.parseRootPackages(pyprojectToml, poetryOptions);
+        return poetryExtractor.extract(poetryLock, toolPoetrySectionResult.getToolPoetrySection().orElse(null), rootPackages);
     }
 }

detectable/src/main/java/com/synopsys/integration/detectable/detectables/poetry/PoetryExtractor.java

@@ -2,11 +2,9 @@
 
 import java.io.File;
 import java.io.IOException;
-import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
-import java.util.List;
 import java.util.Optional;
+import java.util.Set;
 
 import org.apache.commons.io.FileUtils;
 import org.jetbrains.annotations.Nullable;
@@ -28,9 +26,12 @@ public PoetryExtractor(PoetryLockParser poetryLockParser) {
         this.poetryLockParser = poetryLockParser;
     }
 
-    public Extraction extract(File poetryLock, @Nullable TomlTable toolDotPoetrySection) {
+    public Extraction extract(File poetryLock, @Nullable TomlTable toolDotPoetrySection, Set<String> rootPackages) {
         try {
-            DependencyGraph graph = poetryLockParser.parseLockFile(FileUtils.readFileToString(poetryLock, StandardCharsets.UTF_8));
+            DependencyGraph graph = poetryLockParser.parseLockFile(
+                FileUtils.readFileToString(poetryLock, StandardCharsets.UTF_8),
+                rootPackages
+            );
             CodeLocation codeLocation = new CodeLocation(graph);
 
             Optional<NameVersion> poetryNameVersion = extractNameVersionFromToolDotPoetrySection(toolDotPoetrySection);
@@ -47,11 +48,6 @@ public Extraction extract(File poetryLock, @Nullable TomlTable toolDotPoetrySect
         }
     }
 
-    private String getFileAsString(File cargoLock, Charset encoding) throws IOException {
-        List<String> goLockAsList = Files.readAllLines(cargoLock.toPath(), encoding);
-        return String.join(System.lineSeparator(), goLockAsList);
-    }
-
     private Optional<NameVersion> extractNameVersionFromToolDotPoetrySection(@Nullable TomlTable toolDotPoetry) {
         if (toolDotPoetry != null) {
             if (toolDotPoetry.get(NAME_KEY) != null && toolDotPoetry.get(VERSION_KEY) != null) {

detectable/src/main/java/com/synopsys/integration/detectable/detectables/poetry/PoetryOptions.java

@@ -0,0 +1,17 @@
+package com.synopsys.integration.detectable.detectables.poetry;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+public class PoetryOptions {
+    private final Set<String> excludedGroups;
+
+    public PoetryOptions(List<String> excludedGroups) {
+        this.excludedGroups = new HashSet<>(excludedGroups);
+    }
+
+    public Set<String> getExcludedGroups() {
+        return excludedGroups;
+    }
+}

detectable/src/main/java/com/synopsys/integration/detectable/detectables/poetry/parser/PoetryLockParser.java

@@ -26,25 +26,26 @@ public class PoetryLockParser {
 
     private final Map<String, Dependency> packageMap = new HashMap<>();
 
-    public DependencyGraph parseLockFile(String lockFile) {
+    public DependencyGraph parseLockFile(String lockFile, Set<String> rootPackages) {
         TomlParseResult result = Toml.parse(lockFile);
         if (result.get(PACKAGE_KEY) != null) {
             TomlArray lockPackages = result.getArray(PACKAGE_KEY);
-            return parseDependencies(lockPackages);
+            return parseDependencies(lockPackages, rootPackages);
         }
 
         return new BasicDependencyGraph();
     }
 
-    private DependencyGraph parseDependencies(TomlArray lockPackages) {
+    private DependencyGraph parseDependencies(TomlArray lockPackages, Set<String> rootPackages) {
         DependencyGraph graph = new BasicDependencyGraph();
 
-        Set<String> rootPackages = determineRootPackages(lockPackages);
-
-        for (String rootPackage : rootPackages) {
-            graph.addChildToRoot(packageMap.get(rootPackage));
+        Set<String> lockFileRootPackages = populatePackageMapAndGetRootPackages(lockPackages);
+        if (rootPackages == null) {
+            rootPackages = lockFileRootPackages;
         }
 
+        populateDirectDependencies(graph, rootPackages);
+
         for (int i = 0; i < lockPackages.size(); i++) {
             TomlTable lockPackage = lockPackages.getTable(i);
             List<String> dependencies = extractFromDependencyList(lockPackage.getTable(DEPENDENCIES_KEY));
@@ -63,7 +64,19 @@ private DependencyGraph parseDependencies(TomlArray lockPackages) {
         return graph;
     }
 
-    private Set<String> determineRootPackages(TomlArray lockPackages) {
+    private void populateDirectDependencies(DependencyGraph graph, Set<String> rootPackages) {
+        for (String rootPackage : rootPackages) {
+            Dependency dependency = packageMap.get(rootPackage);
+            if (dependency == null) {
+                throw new RuntimeException(
+                    "Likely pyproject.toml and poetry.lock mismatch. A root package could not be found in the lockfile: " + rootPackage
+                );
+            }
+            graph.addDirectDependency(dependency);
+        }
+    }
+
+    private Set<String> populatePackageMapAndGetRootPackages(TomlArray lockPackages) {
         Set<String> rootPackages = new HashSet<>();
         Set<String> dependencyPackages = new HashSet<>();
 

detectable/src/main/java/com/synopsys/integration/detectable/detectables/poetry/parser/ToolPoetrySectionParser.java

@@ -2,15 +2,28 @@
 
 import java.io.File;
 import java.io.IOException;
+import java.util.HashSet;
+import java.util.Set;
 
 import org.jetbrains.annotations.Nullable;
 import org.tomlj.TomlParseResult;
 import org.tomlj.TomlTable;
 
 import com.synopsys.integration.detectable.detectable.util.TomlFileUtils;
+import com.synopsys.integration.detectable.detectables.poetry.PoetryOptions;
 
 public class ToolPoetrySectionParser {
     public static final String TOOL_POETRY_KEY = "tool.poetry";
+    public static final String MAIN_DEPENDENCY_GROUP_KEY = "tool.poetry.dependencies";
+
+    public static final String LEGACY_DEV_DEPENDENCY_GROUP_KEY = "tool.poetry.dev-dependencies";
+
+    public static final String DEPENDENCY_GROUP_KEY_PREFIX = "tool.poetry.group.";
+    public static final String DEPENDENCY_GROUP_KEY_SUFFIX = ".dependencies";
+
+    public static final String DEFAULT_DEV_GROUP_NAME = "dev";
+
+    public static final String PYTHON_COMPONENT_NAME = "python";
 
     public ToolPoetrySectionResult parseToolPoetrySection(@Nullable File pyprojectToml) {
         if (pyprojectToml != null) {
@@ -26,4 +39,48 @@ public ToolPoetrySectionResult parseToolPoetrySection(@Nullable File pyprojectTo
         }
         return ToolPoetrySectionResult.NOT_FOUND();
     }
+
+    public Set<String> parseRootPackages(File pyprojectToml, PoetryOptions options) {
+        if (options.getExcludedGroups().isEmpty() || pyprojectToml == null) {
+            return null;
+        }
+
+        Set<String> result = new HashSet<>();
+
+        TomlParseResult parseResult;
+        try {
+            parseResult = TomlFileUtils.parseFile(pyprojectToml);
+        } catch (IOException e) {
+            throw new RuntimeException("Unable to read pyproject.toml file");
+        }
+
+        for (String key : parseResult.dottedKeySet(true)) {
+            if (!parseResult.isTable(key)) {
+                continue;
+            }
+
+            TomlTable table = parseResult.getTable(key);
+
+            if (key.equals(MAIN_DEPENDENCY_GROUP_KEY)) {
+                addAllTableKeysToSet(result, table);
+            } else if (key.equals(LEGACY_DEV_DEPENDENCY_GROUP_KEY)) { // in Poetry 1.0 to 1.2 this was the way of specifying dev dependencies
+                if (!options.getExcludedGroups().contains(DEFAULT_DEV_GROUP_NAME)) {
+                    addAllTableKeysToSet(result, table);
+                }
+            } else if (key.startsWith(DEPENDENCY_GROUP_KEY_PREFIX) && key.endsWith(DEPENDENCY_GROUP_KEY_SUFFIX)) {
+                String group = key.substring(DEPENDENCY_GROUP_KEY_PREFIX.length(), key.length() - DEPENDENCY_GROUP_KEY_SUFFIX.length());
+
+                if (!options.getExcludedGroups().contains(group)) {
+                    addAllTableKeysToSet(result, table);
+                }
+            }
+        }
+
+        result.remove(PYTHON_COMPONENT_NAME);
+        return result;
+    }
+
+    private void addAllTableKeysToSet(Set<String> set, TomlTable table) {
+        set.addAll(table.dottedKeySet());
+    }
 }

detectable/src/main/java/com/synopsys/integration/detectable/factory/DetectableFactory.java

@@ -237,6 +237,7 @@
 import com.synopsys.integration.detectable.detectables.pnpm.lockfile.process.PnpmLockYamlParser;
 import com.synopsys.integration.detectable.detectables.poetry.PoetryDetectable;
 import com.synopsys.integration.detectable.detectables.poetry.PoetryExtractor;
+import com.synopsys.integration.detectable.detectables.poetry.PoetryOptions;
 import com.synopsys.integration.detectable.detectables.poetry.parser.PoetryLockParser;
 import com.synopsys.integration.detectable.detectables.poetry.parser.ToolPoetrySectionParser;
 import com.synopsys.integration.detectable.detectables.projectinspector.ProjectInspectorExtractor;
@@ -628,8 +629,8 @@ public PodlockDetectable createPodLockDetectable(DetectableEnvironment environme
         return new PodlockDetectable(environment, fileFinder, podlockExtractor());
     }
 
-    public PoetryDetectable createPoetryDetectable(DetectableEnvironment environment) {
-        return new PoetryDetectable(environment, fileFinder, poetryExtractor(), toolPoetrySectionParser());
+    public PoetryDetectable createPoetryDetectable(DetectableEnvironment environment, PoetryOptions poetryOptions) {
+        return new PoetryDetectable(environment, fileFinder, poetryExtractor(), toolPoetrySectionParser(), poetryOptions);
     }
 
     public RebarDetectable createRebarDetectable(DetectableEnvironment environment, Rebar3Resolver rebar3Resolver) {