Class: Dependabot::Maven::FileParser::PropertyValueFinder

Inherits:

Object

• Object
• Dependabot::Maven::FileParser::PropertyValueFinder

Extended by:

T::Sig

Defined in:

lib/dependabot/maven/file_parser/property_value_finder.rb

Constant Summary

DOT_SEPARATOR_REGEX =

%r{\.(?!\d+([.\/_\-]|$)+)}

MAVEN_PROPERTY_REGEX =

/\$\{.+?/

Instance Method Summary

• #initialize(dependency_files:, credentials: []) ⇒ PropertyValueFinder constructor

  A new instance of PropertyValueFinder.

• #property_details(property_name:, callsite_pom:, seen_properties: Set.new) ⇒ Object

Constructor Details

#initialize(dependency_files:, credentials: []) ⇒ PropertyValueFinder

Returns a new instance of PropertyValueFinder.

# File 'lib/dependabot/maven/file_parser/property_value_finder.rb', line 32

def initialize(dependency_files:, credentials: [])
  @dependency_files = dependency_files
  @credentials = credentials
  @pom_fetcher = T.let(
    PomFetcher.new(dependency_files: dependency_files),
    Dependabot::Maven::FileParser::PomFetcher
  )
end

Instance Method Details

#property_details(property_name:, callsite_pom:, seen_properties: Set.new) ⇒ Object

# File 'lib/dependabot/maven/file_parser/property_value_finder.rb', line 49

def property_details(property_name:, callsite_pom:, seen_properties: Set.new)
  pom = callsite_pom
  doc = Nokogiri::XML(pom.content)
  doc.remove_namespaces!

  # Loop through the paths that would satisfy this property name,
  # looking for one that exists in this POM
  nm = sanitize_property_name(property_name)
  node =
    loop do
      candidate_node =
        doc.xpath("/project/#{nm}").last ||
        doc.xpath("/project/properties/#{property_name}").last ||
        doc.xpath("/project/profiles/profile/properties/#{property_name}").last

      break candidate_node if candidate_node
      break unless nm.match?(DOT_SEPARATOR_REGEX)

      nm = nm.sub(DOT_SEPARATOR_REGEX, "/")
    rescue Nokogiri::XML::XPath::SyntaxError => e
      raise DependencyFileNotEvaluatable, e.message
    end

  if node.nil? && parent_pom(pom)
    return property_details(
      property_name: property_name,
      callsite_pom: T.must(parent_pom(pom)),
      seen_properties: seen_properties
    )
  end
  # If the property can’t be resolved for any reason, we return nil which
  # causes Dependabot to skip the dependency.
  # This differs from Maven’s behavior, where an unresolved property would fail the entire build.
  # We intentionally choose this as a compromise so Dependabot can continue parsing the rest of the project,
  # rather than failing completely due to a single unknown property.
  # The trade-off is that some dependencies may not be updated as expected.
  Dependabot.logger.warn "Could not resolve property '#{property_name}'" unless node
  return nil unless node

  content = node.content.strip

  # Detect infinite recursion such as ${property1} where property1=${property1}
  if seen_properties.include?(property_name)
    raise Dependabot::DependencyFileNotParseable.new(
      callsite_pom.name,
      "Error trying to resolve recursive expression '${#{property_name}}'."
    )
  end

  seen_properties << property_name

  # If the content has no placeholders, return it as-is
  return { file: pom.name, node: node, value: content } unless content.match?(MAVEN_PROPERTY_REGEX)

  resolve_property_placeholder(content, callsite_pom, pom, node, seen_properties)
end