C#: Disregard _._ dependencies and only default to use an entire framework in case the compile section is empty.

2026-04-26 09:15:12 +02:00 · 2023-11-13 13:11:31 +01:00
parent e89fe8ddde
commit 890cba6e95
2 changed files with 19 additions and 12 deletions
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Assets.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Assets.cs
@@ -100,16 +100,18 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
                        return;
                    }

-                    // If this is a .NET framework reference then include everything.
-                    if (FrameworkPackageNames.AllFrameworks.Any(framework => name.StartsWith(framework)))
+                    if (info.Compile is null || !info.Compile.Any())
                    {
-                        dependencies.AddFramework(name);
-                    }
-                    else
-                    {
-                        info.Compile?
-                            .ForEach(r => dependencies.Add(name, r.Key));
+                        // If this is a framework reference then include everything.
+                        if (FrameworkPackageNames.AllFrameworks.Any(framework => name.StartsWith(framework)))
+                        {
+                            dependencies.AddFramework(name);
+                        }
+                        return;
                    }
+
+                    info.Compile
+                        .ForEach(r => dependencies.Add(name, r.Key));
                });

            return;
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyContainer.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyContainer.cs
@@ -20,10 +20,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
        public HashSet<string> Packages { get; } = new();

        /// <summary>
-        /// In most cases paths in asset files point to dll's or the empty _._ file, which
-        /// is sometimes there to avoid the directory being empty.
-        /// That is, if the path specifically adds a .dll we use that, otherwise we as a fallback
-        /// add the entire directory (which should be fine in case of _._ as well).
+        /// If the path specifically adds a .dll we use that, otherwise we as a fallback
+        /// add the entire directory.
        /// </summary>
        private static string ParseFilePath(string path)
        {
@@ -47,6 +45,13 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
            var p = package.Replace('/', Path.DirectorySeparatorChar);
            var d = dependency.Replace('/', Path.DirectorySeparatorChar);

+            // In most cases paths in asset files point to dll's or the empty _._ file.
+            // That is, for _._ we don't need to add anything.
+            if (Path.GetFileName(d) == "_._")
+            {
+                return;
+            }
+
            var path = Path.Combine(p, ParseFilePath(d));
            Paths.Add(path);
            Packages.Add(GetPackageName(p));