From 5cd5675b9865c45e65c3cafc33cf8f437b13b140 Mon Sep 17 00:00:00 2001 From: Jente Sondervorst <jentesondervorst@gmail.com> Date: Thu, 6 Jun 2024 21:43:22 +0200 Subject: [PATCH] Do not add constraints inside version J.MethodInvocations part of the constraint itself. (#4229) * Added test to showcase issue #4228 * Do not update version method in constraints with a new constraint Closes #4228 --------- Co-authored-by: Jente Sondervorst <jente.sondervorst@colruytgroup.com> --- .../UpgradeTransitiveDependencyVersion.java | 6 ++ ...pgradeTransitiveDependencyVersionTest.java | 56 +++++++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/rewrite-gradle/src/main/java/org/openrewrite/gradle/UpgradeTransitiveDependencyVersion.java b/rewrite-gradle/src/main/java/org/openrewrite/gradle/UpgradeTransitiveDependencyVersion.java index 720f80e5809..420b46f3241 100644 --- a/rewrite-gradle/src/main/java/org/openrewrite/gradle/UpgradeTransitiveDependencyVersion.java +++ b/rewrite-gradle/src/main/java/org/openrewrite/gradle/UpgradeTransitiveDependencyVersion.java @@ -366,6 +366,9 @@ private static class CreateConstraintVisitor extends GroovyIsoVisitor<ExecutionC String because; @Override public J.MethodInvocation visitMethodInvocation(J.MethodInvocation method, ExecutionContext ctx) { + if ("version".equals(method.getSimpleName())) { + return method; + } J.MethodInvocation m = super.visitMethodInvocation(method, ctx); Optional<G.CompilationUnit> withConstraint = GradleParser.builder().build().parse(String.format( "plugins {\n" + @@ -419,6 +422,9 @@ private static class UpdateConstraintVersionVisitor extends GroovyIsoVisitor<Exe @Override public J.MethodInvocation visitMethodInvocation(J.MethodInvocation method, ExecutionContext ctx) { + if ("version".equals(method.getSimpleName())) { + return method; + } J.MethodInvocation m = super.visitMethodInvocation(method, ctx); if(existingConstraint.isScope(m)) { AtomicBoolean updatedBecause = new AtomicBoolean(false); diff --git a/rewrite-gradle/src/test/java/org/openrewrite/gradle/UpgradeTransitiveDependencyVersionTest.java b/rewrite-gradle/src/test/java/org/openrewrite/gradle/UpgradeTransitiveDependencyVersionTest.java index 6567e3aecbe..7405c5bbb39 100644 --- a/rewrite-gradle/src/test/java/org/openrewrite/gradle/UpgradeTransitiveDependencyVersionTest.java +++ b/rewrite-gradle/src/test/java/org/openrewrite/gradle/UpgradeTransitiveDependencyVersionTest.java @@ -17,6 +17,7 @@ import org.junit.jupiter.api.Test; import org.openrewrite.DocumentExample; +import org.openrewrite.Issue; import org.openrewrite.test.RecipeSpec; import org.openrewrite.test.RewriteTest; @@ -447,4 +448,59 @@ void constraintDoesNotGetAddedToNonTransitiveNonExtendingConfiguration() { ) ); } + + @Test + @Issue("https://github.com/openrewrite/rewrite/issues/4228") + void constraintDoesNotGetAddedInsideConstraint() { + rewriteRun( + spec -> spec + .beforeRecipe(withToolingApi()) + .recipe(new UpgradeTransitiveDependencyVersion("com.fasterxml.jackson.core", "jackson-core","2.12.5", null, "CVE-2024-BAD")), + //language=groovy + buildGradle( + """ + plugins { + id 'java' + } + repositories { + mavenCentral() + } + dependencies { + implementation 'org.openrewrite:rewrite-java:7.0.0' + + constraints { + implementation("org.apache.logging.log4j:log4j-core") { + version { + strictly("2.17.0") + } + because 'security' + } + } + } + """, """ + plugins { + id 'java' + } + repositories { + mavenCentral() + } + dependencies { + implementation 'org.openrewrite:rewrite-java:7.0.0' + + constraints { + implementation('com.fasterxml.jackson.core:jackson-core:2.12.5') { + because 'CVE-2024-BAD' + } + implementation("org.apache.logging.log4j:log4j-core") { + version { + strictly("2.17.0") + } + because 'security' + } + } + } + """ + ) + ); + } }