Fixed pnpm detector failing parsing link dependencies (#129)

When the detector found a link dependency it failed the detection and the rest of components where not scanned. This change ignore the link dependencies and allow the dectector to continue parsing the rest of the file.

Author: jcfiorenzano

docs/detectors/pnpm.md

@@ -0,0 +1,23 @@
+# Pnpm detection
+
+## Known limitations
+
+The Pnpm detector doesn't support the resolution of local dependencies
+like:
+
+- Link dependencies
+```
+dependencies:
+      '@learningclient/common': link:../common
+```
+
+- File dependencies
+```
+dependencies:
+    file:./projects/gmc-bootstrapper.tgz
+```
+These kind of components are ignored by the Pnpm detector.
+
+In the case of `link` dependencies that refer to a folder with a `package.json` file
+the component is then going to be detected by the `NpmComponentDetector`. This is going to happen
+only if the folder is inside the path that is been use for scanning.

src/Microsoft.ComponentDetection.Detectors/pnpm/PnpmComponentDetector.cs

@@ -20,7 +20,7 @@ public class PnpmComponentDetector : FileComponentDetector
 
         public override IEnumerable<ComponentType> SupportedComponentTypes { get; } = new[] { ComponentType.Npm };
 
-        public override int Version { get; } = 4;
+        public override int Version { get; } = 5;
 
         /// <inheritdoc />
         protected override IList<string> SkippedFolders => new List<string> { "node_modules", "pnpm-store" };
@@ -72,8 +72,8 @@ private void RecordDependencyGraphFromFile(PnpmYaml yaml, ISingleFileComponentRe
                 {
                     foreach (var dependency in packageKeyValue.Value.dependencies)
                     {
-                        // Ignore file: as these are local packages.
-                        if (dependency.Key.StartsWith("file:"))
+                        // Ignore local packages.
+                        if (IsLocalDependency(dependency))
                         {
                             continue;
                         }
@@ -98,6 +98,13 @@ private void RecordDependencyGraphFromFile(PnpmYaml yaml, ISingleFileComponentRe
             }
         }
 
+        private bool IsLocalDependency(KeyValuePair<string, string> dependency)
+        {
+            // Local dependencies are dependencies that live in the file system
+            // this requires an extra parsing that is not supported yet
+            return dependency.Key.StartsWith("file:") || dependency.Value.StartsWith("file:") || dependency.Value.StartsWith("link:");
+        }
+
         private string CreatePnpmPackagePathFromDependency(string dependencyName, string dependencyVersion)
         {
             return dependencyVersion.Contains('/') ? dependencyVersion : $"/{dependencyName}/{dependencyVersion}";

test/Microsoft.ComponentDetection.Detectors.Tests/PnpmDetectorTests.cs

@@ -350,5 +350,43 @@ public async Task TestPnpmDetector_DependencyGraphIsCreated()
             var testDependencies = dependencyGraph.GetDependenciesForComponent(testComponentId);
             Assert.AreEqual(0, testDependencies.Count());
         }
+
+        [TestMethod]
+        public async Task TestPnpmDetector_DependenciesRefeToLocalPaths_DependenciesAreIgnored()
+        {
+            var yamlFile = @"
+dependencies:
+  'query-string': 4.3.4,
+  '@rush-temp/file-annotation-bar': file:projects/file-annotation-bar.tgz_node-sass@4.14.1
+
+packages:
+  file:projects/file-annotation-bar.tgz_node-sass@4.14.1:
+     resolution: {integrity: sha1-G7T22scAcvwxPoyc0UF7UHTAoSU=} 
+  /query-string/4.3.4:
+    dependencies:
+      '@learningclient/common': link:../common
+      nth-check: 2.0.0
+  /nth-check/2.0.0:
+    resolution: {integrity: sha1-G7T22scAcvwxPoyc0UF7UHTAoSU=} ";
+
+            var (scanResult, componentRecorder) = await detectorTestUtility
+                                                    .WithFile("shrinkwrap1.yaml", yamlFile)
+                                                    .ExecuteDetector();
+
+            scanResult.ResultCode.Should().Be(ProcessingResultCode.Success);
+            componentRecorder.GetDetectedComponents().Should().HaveCount(2, "Components that comes from a file (file:* or link:*) should be ignored.");
+
+            var queryStringComponentId = PnpmParsingUtilities.CreateDetectedComponentFromPnpmPath("/query-string/4.3.4").Component.Id;
+            var nthcheck = PnpmParsingUtilities.CreateDetectedComponentFromPnpmPath("/nth-check/2.0.0").Component.Id;
+
+            var dependencyGraph = componentRecorder.GetDependencyGraphsByLocation().Values.First();
+
+            var queryStringDependencies = dependencyGraph.GetDependenciesForComponent(queryStringComponentId);
+            queryStringDependencies.Should().HaveCount(1);
+            queryStringDependencies.Should().Contain(nthcheck);
+
+            var nthCheckDependencies = dependencyGraph.GetDependenciesForComponent(nthcheck);
+            nthCheckDependencies.Should().HaveCount(0);
+        }
     }
 }