Detect property to exclude Cargo dependencies

detectable/src/main/java/com/blackduck/integration/detectable/detectables/cargo/CargoCliDetectable.java

@@ -36,15 +36,17 @@ public class CargoCliDetectable extends Detectable {
     private final CargoResolver cargoResolver;
     private final CargoCliExtractor cargoCliExtractor;
     private final DetectableExecutableRunner executableRunner;
+    private final CargoDetectableOptions cargoDetectableOptions;
     private ExecutableTarget cargoExe;
     private File cargoToml;
 
-    public CargoCliDetectable(DetectableEnvironment environment, FileFinder fileFinder, CargoResolver cargoResolver, CargoCliExtractor cargoCliExtractor, DetectableExecutableRunner executableRunner) {
+    public CargoCliDetectable(DetectableEnvironment environment, FileFinder fileFinder, CargoResolver cargoResolver, CargoCliExtractor cargoCliExtractor, DetectableExecutableRunner executableRunner, CargoDetectableOptions cargoDetectableOptions) {
         super(environment);
         this.fileFinder = fileFinder;
         this.cargoResolver = cargoResolver;
         this.cargoCliExtractor = cargoCliExtractor;
         this.executableRunner = executableRunner;
+        this.cargoDetectableOptions = cargoDetectableOptions;
     }
 
     @Override
@@ -72,7 +74,7 @@ public DetectableResult extractable() throws DetectableException {
     @Override
     public Extraction extract(ExtractionEnvironment extractionEnvironment) throws IOException, DetectableException, MissingExternalIdException, ExecutableRunnerException {
         try {
-            return cargoCliExtractor.extract(environment.getDirectory(), cargoExe, cargoToml);
+            return cargoCliExtractor.extract(environment.getDirectory(), cargoExe, cargoToml, cargoDetectableOptions);
         } catch (Exception e) {
             logger.error("Failed to extract Cargo dependencies.", e);
             return new Extraction.Builder().failure("Cargo extraction failed due to an exception: " + e.getMessage()).build();

detectable/src/main/java/com/blackduck/integration/detectable/detectables/cargo/CargoCliExtractor.java

@@ -18,7 +18,10 @@
 import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.List;
+import java.util.ArrayList;
 import java.util.Optional;
+import java.util.Map;
+import java.util.EnumMap;
 
 public class CargoCliExtractor {
     private static final List<String> CARGO_TREE_COMMAND = Arrays.asList("tree", "--no-dedupe", "--prefix", "depth");
@@ -32,8 +35,12 @@ public CargoCliExtractor(DetectableExecutableRunner executableRunner, CargoDepen
         this.cargoTomlParser = cargoTomlParser;
     }
 
-    public Extraction extract(File directory, ExecutableTarget cargoExe, File cargoTomlFile) throws ExecutableFailedException, IOException {
-        ExecutableOutput cargoOutput = executableRunner.executeSuccessfully(ExecutableUtils.createFromTarget(directory, cargoExe, CARGO_TREE_COMMAND));
+    public Extraction extract(File directory, ExecutableTarget cargoExe, File cargoTomlFile, CargoDetectableOptions cargoDetectableOptions) throws ExecutableFailedException, IOException {
+        List<String> cargoTreeCommand = new ArrayList<>(CARGO_TREE_COMMAND);
+
+        addEdgeExclusions(cargoTreeCommand, cargoDetectableOptions);
+
+        ExecutableOutput cargoOutput = executableRunner.executeSuccessfully(ExecutableUtils.createFromTarget(directory, cargoExe, cargoTreeCommand));
         List<String> cargoTreeOutput = cargoOutput.getStandardOutputAsList();
 
         DependencyGraph graph = cargoDependencyTransformer.transform(cargoTreeOutput);
@@ -51,4 +58,24 @@ public Extraction extract(File directory, ExecutableTarget cargoExe, File cargoT
             .nameVersionIfPresent(projectNameVersion)
             .build();
     }
+
+    private void addEdgeExclusions(List<String> cargoTreeCommand, CargoDetectableOptions options) {
+        Map<CargoDependencyType, String> exclusionMap = new EnumMap<>(CargoDependencyType.class);
+        exclusionMap.put(CargoDependencyType.NORMAL, "no-normal");
+        exclusionMap.put(CargoDependencyType.BUILD, "no-build");
+        exclusionMap.put(CargoDependencyType.DEV, "no-dev");
+        exclusionMap.put(CargoDependencyType.PROC_MACRO, "no-proc-macro");
+
+        List<String> exclusions = new ArrayList<>();
+        for (Map.Entry<CargoDependencyType, String> entry : exclusionMap.entrySet()) {
+            if (options.getDependencyTypeFilter().shouldExclude(entry.getKey())) {
+                exclusions.add(entry.getValue());
+            }
+        }
+
+        if (!exclusions.isEmpty()) {
+            cargoTreeCommand.add("--edges");
+            cargoTreeCommand.add(String.join(",", exclusions));
+        }
+    }
 }

detectable/src/main/java/com/blackduck/integration/detectable/detectables/cargo/CargoDependencyType.java

@@ -0,0 +1,8 @@
+package com.blackduck.integration.detectable.detectables.cargo;
+
+public enum CargoDependencyType {
+    NORMAL,
+    BUILD,
+    DEV,
+    PROC_MACRO
+}

detectable/src/main/java/com/blackduck/integration/detectable/detectables/cargo/CargoDetectableOptions.java

@@ -0,0 +1,15 @@
+package com.blackduck.integration.detectable.detectables.cargo;
+
+import com.blackduck.integration.detectable.detectable.util.EnumListFilter;
+
+public class CargoDetectableOptions {
+    private final EnumListFilter<CargoDependencyType> dependencyTypeFilter;
+
+    public CargoDetectableOptions(EnumListFilter<CargoDependencyType> dependencyTypeFilter) {
+        this.dependencyTypeFilter = dependencyTypeFilter;
+    }
+
+    public EnumListFilter<CargoDependencyType> getDependencyTypeFilter() {
+        return dependencyTypeFilter;
+    }
+}

detectable/src/main/java/com/blackduck/integration/detectable/detectables/cargo/CargoExtractor.java

@@ -5,9 +5,13 @@
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.Map;
 import java.util.Optional;
 import java.util.stream.Collectors;
 
+import com.blackduck.integration.detectable.detectables.cargo.data.CargoLockPackageData;
 import org.apache.commons.io.FileUtils;
 import org.jetbrains.annotations.Nullable;
 
@@ -39,26 +43,72 @@ public CargoExtractor(
         this.cargoLockPackageTransformer = cargoLockPackageTransformer;
     }
 
-    public Extraction extract(File cargoLockFile, @Nullable File cargoTomlFile) throws IOException, DetectableException, MissingExternalIdException {
+    public Extraction extract(File cargoLockFile, @Nullable File cargoTomlFile, CargoDetectableOptions cargoDetectableOptions) throws IOException, DetectableException, MissingExternalIdException {
         CargoLockData cargoLockData = new Toml().read(cargoLockFile).to(CargoLockData.class);
-        List<CargoLockPackage> packages = cargoLockData.getPackages()
-            .orElse(new ArrayList<>()).stream()
+        List<CargoLockPackageData> cargoLockPackageDataList = cargoLockData.getPackages().orElse(new ArrayList<>());
+        List<CargoLockPackageData> filteredPackages = cargoLockPackageDataList;
+        String cargoTomlContents = FileUtils.readFileToString(cargoTomlFile, StandardCharsets.UTF_8);
+
+        if (cargoDetectableOptions != null) {
+            Map<String, String> excludableDependencyMap = cargoTomlParser.parseDependenciesToExclude(cargoTomlContents, cargoDetectableOptions);
+            filteredPackages = excludeDependencies(cargoLockPackageDataList, excludableDependencyMap);
+        }
+
+        List<CargoLockPackage> packages = filteredPackages.stream()
             .map(cargoLockPackageDataTransformer::transform)
             .collect(Collectors.toList());
 
         DependencyGraph graph = cargoLockPackageTransformer.transformToGraph(packages);
 
         Optional<NameVersion> projectNameVersion = Optional.empty();
         if (cargoTomlFile != null) {
-            String cargoTomlContents = FileUtils.readFileToString(cargoTomlFile, StandardCharsets.UTF_8);
             projectNameVersion = cargoTomlParser.parseNameVersionFromCargoToml(cargoTomlContents);
         }
-
         CodeLocation codeLocation = new CodeLocation(graph); //TODO: Consider for producing a ProjectDependencyGraph
 
         return new Extraction.Builder()
             .success(codeLocation)
             .nameVersionIfPresent(projectNameVersion)
             .build();
     }
+
+    private List<CargoLockPackageData> excludeDependencies(
+        List<CargoLockPackageData> packages,
+        Map<String, String> excludableDependencyMap
+    ) {
+        Set<String> excludedNames = new HashSet<>();
+
+        List<CargoLockPackageData> filtered = packages.stream()
+            .filter(pkg -> {
+                String name = pkg.getName().orElse(null);
+                String version = pkg.getVersion().orElse(null);
+                if (name == null || version == null) return true;
+
+                if (excludableDependencyMap.containsKey(name)) {
+                    String constraint = excludableDependencyMap.get(name);
+                    boolean matches = constraint == null || VersionUtils.versionMatches(constraint, version);
+                    if (matches) {
+                        excludedNames.add(name);
+                        return false;
+                    }
+                }
+
+                return true;
+            })
+            .collect(Collectors.toList());
+
+        return filtered.stream()
+            .map(pkg -> new CargoLockPackageData(
+                pkg.getName().orElse(null),
+                pkg.getVersion().orElse(null),
+                pkg.getSource().orElse(null),
+                pkg.getChecksum().orElse(null),
+                pkg.getDependencies()
+                    .orElse(new ArrayList<>())
+                    .stream()
+                    .filter(dep -> !excludedNames.contains(dep))
+                    .collect(Collectors.toList())
+            ))
+            .collect(Collectors.toList());
+    }
 }

detectable/src/main/java/com/blackduck/integration/detectable/detectables/cargo/CargoLockDetectable.java

@@ -25,14 +25,15 @@ public class CargoLockDetectable extends Detectable {
 
     private final FileFinder fileFinder;
     private final CargoExtractor cargoExtractor;
-
+    private final CargoDetectableOptions cargoDetectableOptions;
     private File cargoLock;
     private File cargoToml;
 
-    public CargoLockDetectable(DetectableEnvironment environment, FileFinder fileFinder, CargoExtractor cargoExtractor) {
+    public CargoLockDetectable(DetectableEnvironment environment, FileFinder fileFinder, CargoExtractor cargoExtractor, CargoDetectableOptions cargoDetectableOptions) {
         super(environment);
         this.fileFinder = fileFinder;
         this.cargoExtractor = cargoExtractor;
+        this.cargoDetectableOptions = cargoDetectableOptions;
     }
 
     @Override
@@ -52,6 +53,6 @@ public DetectableResult extractable() {
 
     @Override
     public Extraction extract(ExtractionEnvironment extractionEnvironment) throws IOException, DetectableException, MissingExternalIdException {
-        return cargoExtractor.extract(cargoLock, cargoToml);
+        return cargoExtractor.extract(cargoLock, cargoToml, cargoDetectableOptions);
     }
 }

detectable/src/main/java/com/blackduck/integration/detectable/detectables/cargo/VersionUtils.java

@@ -14,4 +14,91 @@ public static int compareVersions(String version1, String version2) {
         }
         return 0;
     }
+
+    public static boolean versionMatches(String constraint, String actualVersion) {
+        if (constraint == null || actualVersion == null) {
+            return false;
+        }
+
+        String normalizedActual = normalizeVersion(actualVersion);
+        String normalizedConstraintVersion;
+
+        if (constraint.startsWith(">=")) {
+            normalizedConstraintVersion = normalizeVersion(constraint.substring(2));
+            return compareVersions(normalizedActual, normalizedConstraintVersion) >= 0;
+        } else if (constraint.startsWith(">")) {
+            normalizedConstraintVersion = normalizeVersion(constraint.substring(1));
+            return compareVersions(normalizedActual, normalizedConstraintVersion) > 0;
+        } else if (constraint.startsWith("<=")) {
+            normalizedConstraintVersion = normalizeVersion(constraint.substring(2));
+            return compareVersions(normalizedActual, normalizedConstraintVersion) <= 0;
+        } else if (constraint.startsWith("<")) {
+            normalizedConstraintVersion = normalizeVersion(constraint.substring(1));
+            return compareVersions(normalizedActual, normalizedConstraintVersion) < 0;
+        } else if (constraint.startsWith("=")) {
+            normalizedConstraintVersion = normalizeVersion(constraint.substring(1));
+            return compareVersions(normalizedActual, normalizedConstraintVersion) == 0;
+        } else {
+            return versionCompatible(constraint, actualVersion);
+        }
+    }
+
+    private static String normalizeVersion(String version) {
+        String[] parts = version.split("\\.");
+        StringBuilder normalized = new StringBuilder();
+        for (int i = 0; i < 3; i++) {
+            if (i < parts.length) {
+                normalized.append(parts[i]);
+            } else {
+                normalized.append("0");
+            }
+            if (i < 2) {
+                normalized.append(".");
+            }
+        }
+        return normalized.toString();
+    }
+
+    public static boolean versionCompatible(String declaredVersion, String actualVersion) {
+        if (declaredVersion == null || actualVersion == null) {
+            return false;
+        }
+
+        String[] declaredParts = declaredVersion.split("\\.");
+        String[] actualParts = actualVersion.split("\\.");
+
+        // Fill both arrays to length 3 with "0" if needed
+        String[] normalizedDeclared = new String[] {
+            declaredParts.length > 0 ? declaredParts[0] : "0",
+            declaredParts.length > 1 ? declaredParts[1] : "0",
+            declaredParts.length > 2 ? declaredParts[2] : "0"
+        };
+        String[] normalizedActual = new String[] {
+            actualParts.length > 0 ? actualParts[0] : "0",
+            actualParts.length > 1 ? actualParts[1] : "0",
+            actualParts.length > 2 ? actualParts[2] : "0"
+        };
+
+        int declaredMajor = Integer.parseInt(normalizedDeclared[0]);
+        int declaredMinor = Integer.parseInt(normalizedDeclared[1]);
+        int declaredPatch = Integer.parseInt(normalizedDeclared[2]);
+
+        int actualMajor = Integer.parseInt(normalizedActual[0]);
+        int actualMinor = Integer.parseInt(normalizedActual[1]);
+        int actualPatch = Integer.parseInt(normalizedActual[2]);
+
+        // Cargo behavior:
+        // - if 0.x.y: treat minor as the compatibility boundary
+        // - if >=1.0.0: treat major as the compatibility boundary
+        if (declaredMajor == 0) {
+            return actualMajor == 0 &&
+                actualMinor == declaredMinor &&
+                actualPatch >= declaredPatch;
+        } else {
+            return actualMajor == declaredMajor &&
+                (actualMinor > declaredMinor ||
+                    (actualMinor == declaredMinor && actualPatch >= declaredPatch));
+        }
+    }
+
 }