Added dependencyScope detection for maven components (#87)

* Added "DependencyScope" for scanned component. Currently detection is only active for maven components.
* Added telemetry to keep track of each recorded component.

Author: RushabhBhansali

Directory.Packages.props

@@ -41,5 +41,6 @@
         <PackageVersion Include="System.Runtime.Loader" Version="4.3.0"/>
         <PackageVersion Include="System.Threading.Tasks.Dataflow" Version="4.9.0"/>
         <PackageVersion Include="yamldotnet" Version="11.2.1"/>
+        <PackageVersion Include="Faker.net" Version="2.0.154"/>
     </ItemGroup>
 </Project>

src/Microsoft.ComponentDetection.Common/DependencyGraph/ComponentRecorder.cs

@@ -5,6 +5,7 @@
 using System.Linq;
 using System.Runtime.CompilerServices;
 using Microsoft.ComponentDetection.Contracts;
+using Microsoft.ComponentDetection.Contracts.BcdeModels;
 using Microsoft.ComponentDetection.Contracts.TypedComponent;
 
 [assembly: InternalsVisibleTo("Microsoft.ComponentDetection.Common.Tests")]
@@ -133,7 +134,8 @@ public void RegisterUsage(
                 DetectedComponent detectedComponent,
                 bool isExplicitReferencedDependency = false,
                 string parentComponentId = null,
-                bool? isDevelopmentDependency = null)
+                bool? isDevelopmentDependency = null,
+                DependencyScope? dependencyScope = null)
             {
                 if (detectedComponent == null)
                 {
@@ -167,7 +169,7 @@ public void RegisterUsage(
                 lock (registerUsageLock)
                 {
                     storedComponent = detectedComponentsInternal.GetOrAdd(componentId, detectedComponent);
-                    AddComponentToGraph(ManifestFileLocation, detectedComponent, isExplicitReferencedDependency, parentComponentId, isDevelopmentDependency);
+                    AddComponentToGraph(ManifestFileLocation, detectedComponent, isExplicitReferencedDependency, parentComponentId, isDevelopmentDependency, dependencyScope);
                 }
             }
 
@@ -186,13 +188,20 @@ public IComponentRecorder GetParentComponentRecorder()
                 return recorder;
             }
 
-            private void AddComponentToGraph(string location, DetectedComponent detectedComponent, bool isExplicitReferencedDependency, string parentComponentId, bool? isDevelopmentDependency)
+            private void AddComponentToGraph(
+                string location,
+                DetectedComponent detectedComponent,
+                bool isExplicitReferencedDependency,
+                string parentComponentId,
+                bool? isDevelopmentDependency,
+                DependencyScope? dependencyScope)
             {
                 var componentNode = new DependencyGraph.ComponentRefNode
                 {
                     Id = detectedComponent.Component.Id,
                     IsExplicitReferencedDependency = isExplicitReferencedDependency,
                     IsDevelopmentDependency = isDevelopmentDependency,
+                    DependencyScope = dependencyScope,
                 };
 
                 DependencyGraph.AddComponent(componentNode, parentComponentId);

src/Microsoft.ComponentDetection.Common/DependencyGraph/DependencyGraph.cs

@@ -5,6 +5,7 @@
 using System.Linq;
 using System.Runtime.CompilerServices;
 using Microsoft.ComponentDetection.Contracts;
+using Microsoft.ComponentDetection.Contracts.BcdeModels;
 
 [assembly: InternalsVisibleTo("Microsoft.ComponentDetection.Common.Tests")]
 
@@ -46,6 +47,11 @@ public void AddComponent(ComponentRefNode componentNode, string parentComponentI
                     currentNode.IsDevelopmentDependency = currentNode.IsDevelopmentDependency.GetValueOrDefault(true) && componentNode.IsDevelopmentDependency.Value;
                 }
 
+                if (componentNode.DependencyScope.HasValue)
+                {
+                    currentNode.DependencyScope = DependencyScopeComparer.GetMergedDependencyScope(currentNode.DependencyScope, componentNode.DependencyScope);
+                }
+
                 return currentNode;
             });
 
@@ -101,6 +107,11 @@ public bool HasComponents()
             return componentNodes[componentId].IsDevelopmentDependency;
         }
 
+        public DependencyScope? GetDependencyScope(string componentId)
+        {
+            return componentNodes[componentId].DependencyScope;
+        }
+
         public IEnumerable<string> GetAllExplicitlyReferencedComponents()
         {
             return componentNodes.Values
@@ -175,6 +186,8 @@ internal class ComponentRefNode
 
             internal bool? IsDevelopmentDependency { get; set; }
 
+            internal DependencyScope? DependencyScope { get; set; }
+
             internal ComponentRefNode()
             {
                 DependencyIds = new HashSet<string>();

src/Microsoft.ComponentDetection.Common/DependencyScopeComparer.cs

@@ -0,0 +1,27 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+using Microsoft.ComponentDetection.Contracts.BcdeModels;
+
+namespace Microsoft.ComponentDetection.Common
+{
+    /// <summary>
+    /// Merges dependnecy Scope in their order of Priority. 
+    /// Higher priority scope, as indicated by its lower enum value is given precendence. 
+    /// </summary>
+    public class DependencyScopeComparer
+    {
+        public static DependencyScope? GetMergedDependencyScope(DependencyScope? scope1, DependencyScope? scope2) {
+            if (!scope1.HasValue)
+            {
+                return scope2;
+            }
+            else if (!scope2.HasValue)
+            {
+                return scope1;
+            }
+
+            return (int)scope1 < (int)scope2 ? scope1 : scope2;
+        }
+    }
+}

src/Microsoft.ComponentDetection.Common/Telemetry/Records/DetectedComponentScopeRecord.cs

@@ -0,0 +1,17 @@
+using System.Runtime.CompilerServices;
+
+namespace Microsoft.ComponentDetection.Common.Telemetry.Records
+{
+    public class DetectedComponentScopeRecord : BaseDetectionTelemetryRecord
+    {
+        public override string RecordName => "ComponentScopeRecord";
+
+        public int? MavenProvidedScopeCount { get; set; } = 0;
+
+        [MethodImpl(MethodImplOptions.Synchronized)]
+        public void IncrementProvidedScopeCount()
+        { 
+            MavenProvidedScopeCount++;
+        }
+    }
+}

src/Microsoft.ComponentDetection.Contracts/BcdeModels/DependencyScope.cs

@@ -0,0 +1,28 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+
+namespace Microsoft.ComponentDetection.Contracts.BcdeModels
+{
+    /// <summary>Used to communicate Dependency Scope of Component. 
+    /// Currently only populated for Maven component. 
+    /// The values are ordered in terms of priority, which is used to resolve the scope for duplicate component while merging them.
+    /// </summary>
+    public enum DependencyScope
+    {
+        /// <summary>default scope. dependencies are available in the project during all build tasks. propogated to dependent projects. </summary>
+        MavenCompile = 0,
+
+        /// <summary> Required at Runtime, but not at compile time.</summary>
+        MavenRuntime = 1,
+
+        /// <summary>Dependencies are available only at compile time and in the test classpath of the project. These dependencies are also not transitive.</summary>
+        MavenProvided = 2,
+
+        /// <summary>Similar to provided scope. Requires explicit reference to Jar. </summary>
+        MavenSystem = 3,
+
+        /// <summary>Used only at runtime.</summary>
+        MavenTest = 4,
+    }
+}

src/Microsoft.ComponentDetection.Contracts/BcdeModels/ScannedComponent.cs

@@ -1,5 +1,6 @@
 using System.Collections.Generic;
 using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
 using Newtonsoft.Json.Serialization;
 
 namespace Microsoft.ComponentDetection.Contracts.BcdeModels
@@ -15,6 +16,9 @@ public class ScannedComponent
 
         public bool? IsDevelopmentDependency { get; set; }
 
+        [JsonConverter(typeof(StringEnumConverter))]
+        public DependencyScope? DependencyScope { get; set; }
+
         public IEnumerable<TypedComponent.TypedComponent> TopLevelReferrers { get; set; }
 
         public IEnumerable<int> ContainerDetailIds { get; set; }

src/Microsoft.ComponentDetection.Contracts/DetectedComponent.cs

@@ -1,5 +1,6 @@
 using System.Collections.Generic;
 using System.Diagnostics;
+using Microsoft.ComponentDetection.Contracts.BcdeModels;
 
 namespace Microsoft.ComponentDetection.Contracts
 {
@@ -56,6 +57,9 @@ public DetectedComponent(TypedComponent.TypedComponent component, IComponentDete
 
         /// <summary> Gets or sets the layer within a container where this component was found.</summary>
         public IDictionary<int, IEnumerable<int>> ContainerLayerIds { get; set; }
+        
+        /// <summary> Gets or sets Dependency Scope of the component.</summary>
+        public DependencyScope? DependencyScope { get; set; }
 
         /// <summary>Adds a filepath to the FilePaths hashset for this detected component.</summary>
         /// <param name="filePath">The file path to add to the hashset.</param>

src/Microsoft.ComponentDetection.Contracts/IComponentRecorder.cs

@@ -1,4 +1,5 @@
 using System.Collections.Generic;
+using Microsoft.ComponentDetection.Contracts.BcdeModels;
 
 namespace Microsoft.ComponentDetection.Contracts
 {
@@ -25,12 +26,14 @@ public interface ISingleFileComponentRecorder
         /// <param name="isExplicitReferencedDependency">The value define if the component was referenced manually by the user in the location where the scanning is taking place.</param>
         /// <param name="parentComponentId">Id of the parent component.</param>
         /// <param name="isDevelopmentDependency">Boolean value indicating whether or not a component is a development-time dependency. Null implies that the value is unknown.</param>
+        /// <param name="dependencyScope">Enum value indicating scope of the component. </param>
         /// <returns>DetectedComponent added or updated.</returns>
         void RegisterUsage(
             DetectedComponent detectedComponent,
             bool isExplicitReferencedDependency = false,
             string parentComponentId = null,
-            bool? isDevelopmentDependency = null);
+            bool? isDevelopmentDependency = null,
+            DependencyScope? dependencyScope = null);
 
         DetectedComponent GetComponent(string componentId);
 
@@ -82,6 +85,13 @@ public interface IDependencyGraph
         /// <returns>True if a development dependency, false if not. Null when unknown.</returns>
         bool? IsDevelopmentDependency(string componentId);
 
+        /// <summary>
+        /// Returns DepedencyScope for the given componentId.
+        /// Null can be returned if a detector doesn't have the scope infromation.
+        /// </summary>
+        /// <param name="componentId">The componentId to check.</param>
+        DependencyScope? GetDependencyScope(string componentId);
+
         /// <summary>
         /// Gets the component IDs of all explicitly referenced components.
         /// </summary>

src/Microsoft.ComponentDetection.Detectors/ivy/IvyDetector.cs

@@ -9,6 +9,7 @@
 using Microsoft.ComponentDetection.Contracts;
 using Microsoft.ComponentDetection.Contracts.Internal;
 using Microsoft.ComponentDetection.Contracts.TypedComponent;
+using Microsoft.ComponentDetection.Contracts.BcdeModels;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.ComponentDetection.Detectors.Ivy
@@ -33,7 +34,7 @@ namespace Microsoft.ComponentDetection.Detectors.Ivy
     /// in the project's build.xml, or if they use any file inclusion mechanism, it will fail.
     ///
     /// The file written out by the custom Ant task is a simple JSON file representing a series of calls to be made to
-    /// the <see cref="ISingleFileComponentRecorder.RegisterUsage(DetectedComponent, bool, string, bool?)"/> method.
+    /// the <see cref="ISingleFileComponentRecorder.RegisterUsage(DetectedComponent, bool, string, bool?, DependencyScope?)"/> method.
     /// </remarks>
     [Export(typeof(IComponentDetector))]
     public class IvyDetector : FileComponentDetector, IExperimentalDetector