Merge branch 'main' into copilot/refactor-docker-reference-to-container-image-refer

Author: jpinz

Directory.Packages.props

@@ -17,7 +17,7 @@
     <PackageVersion Include="Microsoft.Extensions.Logging" Version="8.0.1" />
     <PackageVersion Include="Microsoft.SourceLink.GitHub" Version="8.0.0" />
     <PackageVersion Include="Microsoft.VisualStudio.Threading.Analyzers" Version="17.14.15" />
-    <PackageVersion Include="DotNet.Glob" Version="2.1.1" />
+    <PackageVersion Include="Microsoft.Extensions.FileSystemGlobbing" Version="8.0.0" />
     <PackageVersion Include="MinVer" Version="7.0.0" />
     <PackageVersion Include="Moq" Version="4.18.4" />
     <PackageVersion Include="morelinq" Version="4.4.0" />

src/Microsoft.ComponentDetection.Common/DependencyGraph/ComponentRecorder.cs

@@ -34,56 +34,142 @@ public TypedComponent GetComponent(string componentId)
 
     public IEnumerable<DetectedComponent> GetDetectedComponents()
     {
-        IEnumerable<DetectedComponent> detectedComponents;
         if (this.singleFileRecorders == null)
         {
             return [];
         }
 
-        detectedComponents = this.singleFileRecorders.Values
-            .SelectMany(singleFileRecorder => singleFileRecorder.GetDetectedComponents().Values)
-            .GroupBy(x => x.Component.Id)
-            .Select(grouping =>
-            {
-                // We pick a winner here -- any stateful props could get lost at this point.
-                var winningDetectedComponent = grouping.First();
+        var allComponents = this.singleFileRecorders.Values
+            .SelectMany(singleFileRecorder => singleFileRecorder.GetDetectedComponents().Values);
 
-                HashSet<string> mergedLicenses = null;
-                HashSet<ActorInfo> mergedSuppliers = null;
+        // When both rich and bare entries exist for the same BaseId, rich entries are used as merge targets for bare entries.
+        var reconciledComponents = new List<DetectedComponent>();
 
-                foreach (var component in grouping.Skip(1))
-                {
-                    winningDetectedComponent.ContainerDetailIds.UnionWith(component.ContainerDetailIds);
+        foreach (var baseIdGroup in allComponents.GroupBy(x => x.Component.BaseId))
+        {
+            var richEntries = new List<DetectedComponent>();
+            var bareEntries = new List<DetectedComponent>();
 
-                    // Defensive: merge in case different file recorders set different values for the same component.
-                    if (component.LicensesConcluded != null)
-                    {
-                        mergedLicenses ??= new HashSet<string>(winningDetectedComponent.LicensesConcluded ?? [], StringComparer.OrdinalIgnoreCase);
-                        mergedLicenses.UnionWith(component.LicensesConcluded);
-                    }
+            // Sub-group by full Id first: merge duplicates of the same Id (existing behavior).
+            foreach (var idGroup in baseIdGroup.GroupBy(x => x.Component.Id))
+            {
+                var merged = MergeDetectedComponentGroup(idGroup);
 
-                    if (component.Suppliers != null)
-                    {
-                        mergedSuppliers ??= new HashSet<ActorInfo>(winningDetectedComponent.Suppliers ?? []);
-                        mergedSuppliers.UnionWith(component.Suppliers);
-                    }
+                if (merged.Component.Id == merged.Component.BaseId)
+                {
+                    bareEntries.Add(merged);
                 }
-
-                if (mergedLicenses != null)
+                else
                 {
-                    winningDetectedComponent.LicensesConcluded = mergedLicenses.Where(x => x != null).OrderBy(x => x, StringComparer.OrdinalIgnoreCase).ToList();
+                    richEntries.Add(merged);
                 }
+            }
 
-                if (mergedSuppliers != null)
+            if (richEntries.Count > 0 && bareEntries.Count > 0)
+            {
+                // Merge each bare entry's metadata into every rich entry, then drop the bare.
+                foreach (var bare in bareEntries)
                 {
-                    winningDetectedComponent.Suppliers = mergedSuppliers.Where(s => s != null).OrderBy(s => s.Name).ThenBy(s => s.Type).ToList();
+                    foreach (var rich in richEntries)
+                    {
+                        MergeComponentMetadata(source: bare, target: rich);
+                    }
                 }
 
-                return winningDetectedComponent;
-            })
-            .ToArray();
+                reconciledComponents.AddRange(richEntries);
+            }
+            else
+            {
+                // No conflict: either all rich (different Ids kept separate) or all bare.
+                reconciledComponents.AddRange(richEntries);
+                reconciledComponents.AddRange(bareEntries);
+            }
+        }
+
+        return reconciledComponents.ToArray();
+    }
+
+    /// <summary>
+    /// Merges component-level metadata from <paramref name="source"/> into <paramref name="target"/>.
+    /// </summary>
+    private static void MergeComponentMetadata(DetectedComponent source, DetectedComponent target)
+    {
+        target.ContainerDetailIds.UnionWith(source.ContainerDetailIds);
+
+        foreach (var kvp in source.ContainerLayerIds)
+        {
+            if (target.ContainerLayerIds.TryGetValue(kvp.Key, out var existingLayers))
+            {
+                target.ContainerLayerIds[kvp.Key] = existingLayers.Union(kvp.Value).ToList();
+            }
+            else
+            {
+                target.ContainerLayerIds[kvp.Key] = kvp.Value.ToList();
+            }
+        }
+
+        target.LicensesConcluded = MergeAndNormalizeLicenses(target.LicensesConcluded, source.LicensesConcluded);
+        target.Suppliers = MergeAndNormalizeSuppliers(target.Suppliers, source.Suppliers);
+    }
+
+    private static IList<string> MergeAndNormalizeLicenses(IList<string> target, IList<string> source)
+    {
+        if (target == null && source == null)
+        {
+            return null;
+        }
+
+        var merged = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
+
+        if (target != null)
+        {
+            merged.UnionWith(target.Where(x => x != null));
+        }
+
+        if (source != null)
+        {
+            merged.UnionWith(source.Where(x => x != null));
+        }
+
+        return merged.OrderBy(x => x, StringComparer.OrdinalIgnoreCase).ToList();
+    }
+
+    private static IList<ActorInfo> MergeAndNormalizeSuppliers(IList<ActorInfo> target, IList<ActorInfo> source)
+    {
+        if (target == null && source == null)
+        {
+            return null;
+        }
+
+        var merged = new HashSet<ActorInfo>();
+
+        if (target != null)
+        {
+            merged.UnionWith(target.Where(s => s != null));
+        }
+
+        if (source != null)
+        {
+            merged.UnionWith(source.Where(s => s != null));
+        }
+
+        return merged.OrderBy(s => s.Name).ThenBy(s => s.Type).ToList();
+    }
+
+    /// <summary>
+    /// Merges a group of <see cref="DetectedComponent"/>s that share the same <see cref="TypedComponent.Id"/>
+    /// into a single entry.
+    /// </summary>
+    private static DetectedComponent MergeDetectedComponentGroup(IEnumerable<DetectedComponent> grouping)
+    {
+        var winner = grouping.First();
+
+        foreach (var component in grouping.Skip(1))
+        {
+            MergeComponentMetadata(source: component, target: winner);
+        }
 
-        return detectedComponents;
+        return winner;
     }
 
     public IEnumerable<string> GetSkippedComponents()

src/Microsoft.ComponentDetection.Common/DockerService.cs

@@ -216,8 +216,22 @@ public async Task<ContainerDetails> InspectImageAsync(string image, Cancellation
         }
         finally
         {
-            // Best-effort container cleanup; RemoveContainerAsync already handles not-found.
-            await RemoveContainerAsync(container.ID, CancellationToken.None);
+            // Best-effort container cleanup with a bounded timeout.
+            // RemoveContainerAsync already handles not-found, but we must guard against
+            // the Docker daemon hanging on container removal (e.g. when the container
+            // process is stuck), which would block the detector indefinitely.
+            using var removeCts = new CancellationTokenSource(TimeSpan.FromSeconds(30));
+            try
+            {
+                await RemoveContainerAsync(container.ID, removeCts.Token);
+            }
+            catch (Exception ex)
+            {
+                this.logger.LogWarning(
+                    ex,
+                    "Failed to remove container {ContainerId}; abandoning cleanup",
+                    container.ID);
+            }
         }
     }
 

src/Microsoft.ComponentDetection.Common/FastDirectoryWalkerFactory.cs

@@ -39,15 +39,12 @@ public IObservable<FileSystemInfo> GetDirectoryScanner(DirectoryInfo root, Concu
                 return Task.CompletedTask;
             }
 
-            PatternMatchingUtility.FilePatternMatcher fileIsMatch = null;
+            PatternMatchingUtility.CompiledMatcher fileIsMatch = null;
+            var patternsArray = filePatterns?.ToArray();
 
-            if (filePatterns == null || !filePatterns.Any())
+            if (patternsArray is { Length: > 0 })
             {
-                fileIsMatch = span => true;
-            }
-            else
-            {
-                fileIsMatch = PatternMatchingUtility.GetFilePatternMatcher(filePatterns);
+                fileIsMatch = PatternMatchingUtility.Compile(patternsArray);
             }
 
             var sw = Stopwatch.StartNew();
@@ -100,7 +97,7 @@ public IObservable<FileSystemInfo> GetDirectoryScanner(DirectoryInfo root, Concu
             {
                 ShouldIncludePredicate = (ref FileSystemEntry entry) =>
                 {
-                    if (!entry.IsDirectory && fileIsMatch(entry.FileName))
+                    if (!entry.IsDirectory && (fileIsMatch == null || fileIsMatch.IsMatch(entry.FileName)))
                     {
                         return true;
                     }
@@ -210,46 +207,26 @@ public void Initialize(DirectoryInfo root, ExcludeDirectoryPredicate directoryEx
 
     public IObservable<FileSystemInfo> Subscribe(DirectoryInfo root, IEnumerable<string> patterns)
     {
-        var patternArray = patterns.ToArray();
-
-        if (this.pendingScans.TryGetValue(root, out var scannerObservable))
-        {
-            this.logger.LogDebug("Logging patterns {Patterns} for {Root}", string.Join(":", patterns), root.FullName);
-
-            var inner = scannerObservable.Value.Where(fsi =>
-            {
-                if (fsi is FileInfo fi)
-                {
-                    return this.MatchesAnyPattern(fi, patternArray);
-                }
-                else
-                {
-                    return true;
-                }
-            });
-
-            return inner;
-        }
-
-        throw new InvalidOperationException("Subscribe called without initializing scanner");
+        var patternsArray = patterns as string[] ?? patterns.ToArray();
+        var compiled = PatternMatchingUtility.Compile(patternsArray);
+        return this.Subscribe(root, patternsArray, compiled);
     }
 
     public IObservable<ProcessRequest> GetFilteredComponentStreamObservable(DirectoryInfo root, IEnumerable<string> patterns, IComponentRecorder componentRecorder)
     {
-        var observable = this.Subscribe(root, patterns).OfType<FileInfo>().SelectMany(f => patterns.Select(sp => new
-        {
-            SearchPattern = sp,
-            File = f,
-        })).Where(x =>
-            {
-                var searchPattern = x.SearchPattern;
-                var fileName = x.File.Name;
+        var patternsArray = patterns as string[] ?? patterns.ToArray();
+        var compiled = PatternMatchingUtility.Compile(patternsArray);
 
-                return this.pathUtilityService.MatchesPattern(searchPattern, fileName);
-            }).Where(x => x.File.Exists)
+        var observable = this.Subscribe(root, patternsArray, compiled).OfType<FileInfo>()
+            .Select(f => new
+            {
+                File = f,
+                MatchedPattern = compiled.GetMatchingPattern(f.Name),
+            })
+            .Where(x => x.MatchedPattern != null && x.File.Exists)
             .Select(x =>
             {
-                var lazyComponentStream = new LazyComponentStream(x.File, x.SearchPattern, this.logger);
+                var lazyComponentStream = new LazyComponentStream(x.File, x.MatchedPattern, this.logger);
                 return new ProcessRequest
                 {
                     ComponentStream = lazyComponentStream,
@@ -280,14 +257,31 @@ private FileSystemInfo Transform(ref FileSystemEntry entry)
         return entry.ToFileSystemInfo();
     }
 
-    private IObservable<FileSystemInfo> CreateDirectoryWalker(DirectoryInfo di, ExcludeDirectoryPredicate directoryExclusionPredicate, int minimumConnectionCount, IEnumerable<string> filePatterns)
+    private IObservable<FileSystemInfo> Subscribe(DirectoryInfo root, string[] patterns, PatternMatchingUtility.CompiledMatcher compiled)
     {
-        return this.GetDirectoryScanner(di, new ConcurrentDictionary<string, bool>(), directoryExclusionPredicate, filePatterns, true).Replay() // Returns a replay subject which will republish anything found to new subscribers.
-            .AutoConnect(minimumConnectionCount); // Specifies that this connectable observable should start when minimumConnectionCount subscribe.
+        if (this.pendingScans.TryGetValue(root, out var scannerObservable))
+        {
+            this.logger.LogDebug("Logging patterns {Patterns} for {Root}", string.Join(":", patterns), root.FullName);
+
+            var inner = scannerObservable.Value.Where(fsi =>
+            {
+                if (fsi is FileInfo fi)
+                {
+                    return compiled.IsMatch(fi.Name.AsSpan());
+                }
+
+                return true;
+            });
+
+            return inner;
+        }
+
+        throw new InvalidOperationException("Subscribe called without initializing scanner");
     }
 
-    private bool MatchesAnyPattern(FileInfo fi, params string[] searchPatterns)
+    private IObservable<FileSystemInfo> CreateDirectoryWalker(DirectoryInfo di, ExcludeDirectoryPredicate directoryExclusionPredicate, int minimumConnectionCount, IEnumerable<string> filePatterns)
     {
-        return searchPatterns != null && searchPatterns.Any(sp => this.pathUtilityService.MatchesPattern(sp, fi.Name));
+        return this.GetDirectoryScanner(di, new ConcurrentDictionary<string, bool>(), directoryExclusionPredicate, filePatterns, true).Replay() // Returns a replay subject which will republish anything found to new subscribers.
+            .AutoConnect(minimumConnectionCount); // Specifies that this connectable observable should start when minimumConnectionCount subscribe.
     }
 }

src/Microsoft.ComponentDetection.Common/PathUtilityService.cs

@@ -3,7 +3,6 @@ namespace Microsoft.ComponentDetection.Common;
 
 using System;
 using System.IO;
-using System.IO.Enumeration;
 using Microsoft.ComponentDetection.Contracts;
 using Microsoft.Extensions.Logging;
 
@@ -22,21 +21,6 @@ internal class PathUtilityService : IPathUtilityService
 
     public PathUtilityService(ILogger<PathUtilityService> logger) => this.logger = logger;
 
-    public static bool MatchesPattern(string searchPattern, ref FileSystemEntry fse)
-    {
-        if (searchPattern.StartsWith('*') && fse.FileName.EndsWith(searchPattern.AsSpan()[1..], StringComparison.OrdinalIgnoreCase))
-        {
-            return true;
-        }
-
-        if (searchPattern.EndsWith('*') && fse.FileName.StartsWith(searchPattern.AsSpan()[..^1], StringComparison.OrdinalIgnoreCase))
-        {
-            return true;
-        }
-
-        return fse.FileName.Equals(searchPattern.AsSpan(), StringComparison.OrdinalIgnoreCase);
-    }
-
     public string GetParentDirectory(string path) => Path.GetDirectoryName(path);
 
     public bool IsFileBelowAnother(string aboveFilePath, string belowFilePath)
@@ -48,21 +32,6 @@ public bool IsFileBelowAnother(string aboveFilePath, string belowFilePath)
         return (aboveDirectoryPath.Length != belowDirectoryPath.Length) && belowDirectoryPath.StartsWith(aboveDirectoryPath);
     }
 
-    public bool MatchesPattern(string searchPattern, string fileName)
-    {
-        if (searchPattern.StartsWith('*') && fileName.EndsWith(searchPattern[1..], StringComparison.OrdinalIgnoreCase))
-        {
-            return true;
-        }
-
-        if (searchPattern.EndsWith('*') && fileName.StartsWith(searchPattern[..^1], StringComparison.OrdinalIgnoreCase))
-        {
-            return true;
-        }
-
-        return searchPattern.Equals(fileName, StringComparison.OrdinalIgnoreCase);
-    }
-
     public string ResolvePhysicalPath(string path)
     {
         var directoryInfo = new DirectoryInfo(path);
@@ -75,6 +44,9 @@ public string ResolvePhysicalPath(string path)
         return fileInfo.Exists ? this.ResolvePathFromInfo(fileInfo) : null;
     }
 
+    [Obsolete("Use PatternMatchingUtility.MatchesPattern instead.")]
+    public bool MatchesPattern(string pattern, string fileName) => PatternMatchingUtility.MatchesPattern(pattern, fileName);
+
     private string ResolvePathFromInfo(FileSystemInfo info) => info.LinkTarget ?? info.FullName;
 
     public string NormalizePath(string path)