Skip to content

Commit

Permalink
Do not add constraints inside version J.MethodInvocations part of the…
Browse files Browse the repository at this point in the history 
… constraint itself. (#4229)

* Added test to showcase issue

#4228

* Do not update version method in constraints with a new constraint

Closes #4228

---------

Co-authored-by: Jente Sondervorst <[email protected]>
  • Loading branch information
@Jenson3210
Jenson3210 and Jente Sondervorst authored Jun 6, 2024
1 parent 5581192 commit 5cd5675
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 0 deletions.
6 changes: 6 additions & 0 deletions rewrite-gradle/src/main/java/org/openrewrite/gradle/UpgradeTransitiveDependencyVersion.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -366,6 +366,9 @@ private static class CreateConstraintVisitor extends GroovyIsoVisitor<ExecutionC
String because;
@Override
public J.MethodInvocation visitMethodInvocation(J.MethodInvocation method, ExecutionContext ctx) {
if ("version".equals(method.getSimpleName())) {
return method;
}
J.MethodInvocation m = super.visitMethodInvocation(method, ctx);
Optional<G.CompilationUnit> withConstraint = GradleParser.builder().build().parse(String.format(
"plugins {\n" +
Expand Down Expand Up @@ -419,6 +422,9 @@ private static class UpdateConstraintVersionVisitor extends GroovyIsoVisitor<Exe

@Override
public J.MethodInvocation visitMethodInvocation(J.MethodInvocation method, ExecutionContext ctx) {
if ("version".equals(method.getSimpleName())) {
return method;
}
J.MethodInvocation m = super.visitMethodInvocation(method, ctx);
if(existingConstraint.isScope(m)) {
AtomicBoolean updatedBecause = new AtomicBoolean(false);
Expand Down
56 changes: 56 additions & 0 deletions ...e-gradle/src/test/java/org/openrewrite/gradle/UpgradeTransitiveDependencyVersionTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@

import org.junit.jupiter.api.Test;
import org.openrewrite.DocumentExample;
import org.openrewrite.Issue;
import org.openrewrite.test.RecipeSpec;
import org.openrewrite.test.RewriteTest;

Expand Down Expand Up @@ -447,4 +448,59 @@ void constraintDoesNotGetAddedToNonTransitiveNonExtendingConfiguration() {
)
);
}

@Test
@Issue("https://github.com/openrewrite/rewrite/issues/4228")
void constraintDoesNotGetAddedInsideConstraint() {
rewriteRun(
spec -> spec
.beforeRecipe(withToolingApi())
.recipe(new UpgradeTransitiveDependencyVersion("com.fasterxml.jackson.core", "jackson-core","2.12.5", null, "CVE-2024-BAD")),
//language=groovy
buildGradle(
"""
plugins {
id 'java'
}
repositories {
mavenCentral()
}
dependencies {
implementation 'org.openrewrite:rewrite-java:7.0.0'
constraints {
implementation("org.apache.logging.log4j:log4j-core") {
version {
strictly("2.17.0")
}
because 'security'
}
}
}
""", """
plugins {
id 'java'
}
repositories {
mavenCentral()
}
dependencies {
implementation 'org.openrewrite:rewrite-java:7.0.0'
constraints {
implementation('com.fasterxml.jackson.core:jackson-core:2.12.5') {
because 'CVE-2024-BAD'
}
implementation("org.apache.logging.log4j:log4j-core") {
version {
strictly("2.17.0")
}
because 'security'
}
}
}
"""
)
);
}
}

0 comments on commit 5cd5675

Please sign in to comment.