feat: add Maven native dependency client

cuixq · Aug 23, 2024 · 54d3829 · 54d3829
1 parent 35b36a3
commit 54d3829
Show file tree

Hide file tree

Showing 13 changed files with 451 additions and 36 deletions.
diff --git a/cmd/osv-scanner/fix/main.go b/cmd/osv-scanner/fix/main.go
@@ -12,6 +12,7 @@ import (
 	"github.com/google/osv-scanner/internal/remediation"
 	"github.com/google/osv-scanner/internal/remediation/upgrade"
 	"github.com/google/osv-scanner/internal/resolution/client"
+	"github.com/google/osv-scanner/internal/resolution/datasource"
 	"github.com/google/osv-scanner/internal/resolution/lockfile"
 	"github.com/google/osv-scanner/internal/resolution/manifest"
 	"github.com/google/osv-scanner/pkg/depsdev"
@@ -292,8 +293,11 @@ func action(ctx *cli.Context, stdout, stderr io.Writer) (reporter.Reporter, erro
 			}
 			opts.Client.DependencyClient = cl
 		case resolve.Maven:
-			// TODO: MavenRegistryClient
-			fallthrough
+			cl, err := client.NewMavenRegistryClient(datasource.MavenCentral)
+			if err != nil {
+				return nil, err
+			}
+			opts.Client.DependencyClient = cl
 		case resolve.UnknownSystem:
 			fallthrough
 		default:

diff --git a/go.mod b/go.mod
@@ -4,7 +4,7 @@ go 1.21.12
 
 require (
 	deps.dev/api/v3 v3.0.0-20240730004939-e80e6658c33b
-	deps.dev/util/maven v0.0.0-20240730004939-e80e6658c33b
+	deps.dev/util/maven v0.0.0-20240807013505-16da96fe8b66
 	deps.dev/util/resolve v0.0.0-20240730004939-e80e6658c33b
 	deps.dev/util/semver v0.0.0-20240730004939-e80e6658c33b
 	github.com/BurntSushi/toml v1.4.0

diff --git a/go.sum b/go.sum
@@ -4,6 +4,8 @@ deps.dev/api/v3 v3.0.0-20240730004939-e80e6658c33b h1:uWv66hsFIMA+4mfvYroVOpJ4+t
 deps.dev/api/v3 v3.0.0-20240730004939-e80e6658c33b/go.mod h1:DyBY3wNVqRCwvb4tLvz6LL/FupH3FMflEROyQAv2Vi0=
 deps.dev/util/maven v0.0.0-20240730004939-e80e6658c33b h1:4/2szyn/8mZhaI3PW/JkRRDpv0aVMILL/R0rICgAA50=
 deps.dev/util/maven v0.0.0-20240730004939-e80e6658c33b/go.mod h1:SBW3EribdkZYk6zxi5oVn/ZECvi4ixb7EGgEWfSimNk=
+deps.dev/util/maven v0.0.0-20240807013505-16da96fe8b66 h1:Lms2UF1xl3hkZQk+Z0SXQoOfVm7voROYqio+h97fiFs=
+deps.dev/util/maven v0.0.0-20240807013505-16da96fe8b66/go.mod h1:SBW3EribdkZYk6zxi5oVn/ZECvi4ixb7EGgEWfSimNk=
 deps.dev/util/resolve v0.0.0-20240730004939-e80e6658c33b h1:MTE07TVpmsX13qjSHiVxLPR2u52R7w8m0TBlk7rNvF8=
 deps.dev/util/resolve v0.0.0-20240730004939-e80e6658c33b/go.mod h1:XXi6yRYqhtxw5DvGX/mbG6fHSLn8OgoPowNd8EAxDgk=
 deps.dev/util/semver v0.0.0-20240730004939-e80e6658c33b h1:kGG4/rm/slq+X/SfMVS7JnDBWeJhX2u2EudaPJeHyHI=

diff --git a/internal/manifest/maven.go b/internal/manifest/maven.go
@@ -20,7 +20,7 @@ import (
 
 type MavenResolverExtractor struct {
 	client.DependencyClient
-	datasource.MavenRegistryAPIClient
+	*datasource.MavenRegistryAPIClient
 }
 
 func (e MavenResolverExtractor) ShouldExtract(path string) bool {
@@ -125,12 +125,15 @@ func (e MavenResolverExtractor) Extract(f lockfile.DepFile) ([]lockfile.PackageD
 	return maps.Values(details), nil
 }
 
-func ParseMavenWithResolver(depClient client.DependencyClient, mavenClient datasource.MavenRegistryAPIClient, pathToLockfile string) ([]lockfile.PackageDetails, error) {
+func ParseMavenWithResolver(depClient client.DependencyClient, mavenClient *datasource.MavenRegistryAPIClient, pathToLockfile string) ([]lockfile.PackageDetails, error) {
 	f, err := lockfile.OpenLocalDepFile(pathToLockfile)
 	if err != nil {
 		return []lockfile.PackageDetails{}, err
 	}
 	defer f.Close()
 
-	return MavenResolverExtractor{DependencyClient: depClient, MavenRegistryAPIClient: mavenClient}.Extract(f)
+	return MavenResolverExtractor{
+		DependencyClient:       depClient,
+		MavenRegistryAPIClient: mavenClient,
+	}.Extract(f)
 }
diff --git a/internal/manifest/maven_test.go b/internal/manifest/maven_test.go
@@ -66,7 +66,7 @@ func TestMavenResolverExtractor_ShouldExtract(t *testing.T) {
 func TestParseMavenWithResolver_FileDoesNotExist(t *testing.T) {
 	t.Parallel()
 
-	packages, err := manifest.ParseMavenWithResolver(nil, datasource.MavenRegistryAPIClient{}, "fixtures/maven/does-not-exist")
+	packages, err := manifest.ParseMavenWithResolver(nil, nil, "fixtures/maven/does-not-exist")
 
 	expectErrIs(t, err, fs.ErrNotExist)
 	expectPackages(t, packages, []lockfile.PackageDetails{})
@@ -75,7 +75,7 @@ func TestParseMavenWithResolver_FileDoesNotExist(t *testing.T) {
 func TestParseMavenWithResolver_Invalid(t *testing.T) {
 	t.Parallel()
 
-	packages, err := manifest.ParseMavenWithResolver(nil, datasource.MavenRegistryAPIClient{}, "fixtures/maven/not-pom.txt")
+	packages, err := manifest.ParseMavenWithResolver(nil, nil, "fixtures/maven/not-pom.txt")
 
 	expectErrContaining(t, err, "could not extract from")
 	expectPackages(t, packages, []lockfile.PackageDetails{})
@@ -84,7 +84,7 @@ func TestParseMavenWithResolver_Invalid(t *testing.T) {
 func TestParseMavenWithResolver_InvalidSyntax(t *testing.T) {
 	t.Parallel()
 
-	packages, err := manifest.ParseMavenWithResolver(nil, datasource.MavenRegistryAPIClient{}, "fixtures/maven/invalid-syntax.xml")
+	packages, err := manifest.ParseMavenWithResolver(nil, nil, "fixtures/maven/invalid-syntax.xml")
 
 	expectErrContaining(t, err, "XML syntax error")
 	expectPackages(t, packages, []lockfile.PackageDetails{})
@@ -93,7 +93,7 @@ func TestParseMavenWithResolver_InvalidSyntax(t *testing.T) {
 func TestParseMavenWithResolver_NoPackages(t *testing.T) {
 	t.Parallel()
 
-	packages, err := manifest.ParseMavenWithResolver(nil, datasource.MavenRegistryAPIClient{}, "fixtures/maven/empty.xml")
+	packages, err := manifest.ParseMavenWithResolver(nil, nil, "fixtures/maven/empty.xml")
 	if err != nil {
 		t.Errorf("Got unexpected error: %v", err)
 	}
@@ -105,7 +105,7 @@ func TestParseMavenWithResolver_OnePackage(t *testing.T) {
 	t.Parallel()
 
 	resolutionClient := clienttest.NewMockResolutionClient(t, "fixtures/universe/basic-universe.yaml")
-	packages, err := manifest.ParseMavenWithResolver(resolutionClient, datasource.MavenRegistryAPIClient{}, "fixtures/maven/one-package.xml")
+	packages, err := manifest.ParseMavenWithResolver(resolutionClient, nil, "fixtures/maven/one-package.xml")
 	if err != nil {
 		t.Errorf("Got unexpected error: %v", err)
 	}
@@ -124,7 +124,7 @@ func TestParseMavenWithResolver_TwoPackages(t *testing.T) {
 	t.Parallel()
 
 	resolutionClient := clienttest.NewMockResolutionClient(t, "fixtures/universe/basic-universe.yaml")
-	packages, err := manifest.ParseMavenWithResolver(resolutionClient, datasource.MavenRegistryAPIClient{}, "fixtures/maven/two-packages.xml")
+	packages, err := manifest.ParseMavenWithResolver(resolutionClient, nil, "fixtures/maven/two-packages.xml")
 	if err != nil {
 		t.Errorf("Got unexpected error: %v", err)
 	}
@@ -149,7 +149,7 @@ func TestParseMavenWithResolver_WithDependencyManagement(t *testing.T) {
 	t.Parallel()
 
 	resolutionClient := clienttest.NewMockResolutionClient(t, "fixtures/universe/basic-universe.yaml")
-	packages, err := manifest.ParseMavenWithResolver(resolutionClient, datasource.MavenRegistryAPIClient{}, "fixtures/maven/with-dependency-management.xml")
+	packages, err := manifest.ParseMavenWithResolver(resolutionClient, nil, "fixtures/maven/with-dependency-management.xml")
 	if err != nil {
 		t.Errorf("Got unexpected error: %v", err)
 	}
@@ -174,7 +174,7 @@ func TestParseMavenWithResolver_Interpolation(t *testing.T) {
 	t.Parallel()
 
 	resolutionClient := clienttest.NewMockResolutionClient(t, "fixtures/universe/basic-universe.yaml")
-	packages, err := manifest.ParseMavenWithResolver(resolutionClient, datasource.MavenRegistryAPIClient{}, "fixtures/maven/interpolation.xml")
+	packages, err := manifest.ParseMavenWithResolver(resolutionClient, nil, "fixtures/maven/interpolation.xml")
 	if err != nil {
 		t.Errorf("Got unexpected error: %v", err)
 	}
@@ -205,7 +205,7 @@ func TestParseMavenWithResolver_WithScope(t *testing.T) {
 	t.Parallel()
 
 	resolutionClient := clienttest.NewMockResolutionClient(t, "fixtures/universe/basic-universe.yaml")
-	packages, err := manifest.ParseMavenWithResolver(resolutionClient, datasource.MavenRegistryAPIClient{}, "fixtures/maven/with-scope.xml")
+	packages, err := manifest.ParseMavenWithResolver(resolutionClient, nil, "fixtures/maven/with-scope.xml")
 	if err != nil {
 		t.Errorf("Got unexpected error: %v", err)
 	}
@@ -259,7 +259,7 @@ func TestParseMavenWithResolver_WithParent(t *testing.T) {
 	`))
 
 	resolutionClient := clienttest.NewMockResolutionClient(t, "fixtures/universe/basic-universe.yaml")
-	packages, err := manifest.ParseMavenWithResolver(resolutionClient, *datasource.NewMavenRegistryAPIClient(srv.URL), "fixtures/maven/with-parent.xml")
+	packages, err := manifest.ParseMavenWithResolver(resolutionClient, datasource.NewMavenRegistryAPIClient(srv.URL), "fixtures/maven/with-parent.xml")
 	if err != nil {
 		t.Errorf("Got unexpected error: %v", err)
 	}
@@ -308,7 +308,7 @@ func TestParseMavenWithResolver_Transitive(t *testing.T) {
 	t.Parallel()
 
 	resolutionClient := clienttest.NewMockResolutionClient(t, "fixtures/universe/basic-universe.yaml")
-	packages, err := manifest.ParseMavenWithResolver(resolutionClient, datasource.MavenRegistryAPIClient{}, "fixtures/maven/transitive.xml")
+	packages, err := manifest.ParseMavenWithResolver(resolutionClient, nil, "fixtures/maven/transitive.xml")
 	if err != nil {
 		t.Errorf("Got unexpected error: %v", err)
 	}