Merge pull request #16661 from tamasvajk/buildless/nuget-path-space

C#: Quote packages.config paths
2026-04-24 16:25:15 +02:00 · 2024-06-04 11:53:55 +02:00
parent c06df5552b 9af6cb8e4b
commit a1415e2b6d
9 changed files with 53 additions and 8 deletions
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetExeWrapper.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetExeWrapper.cs
@@ -153,12 +153,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
        private bool RunWithMono => !Win32.IsWindows() && !string.IsNullOrEmpty(Path.GetExtension(nugetExe));

        /// <summary>
-        /// Restore all files in a specified package.
+        /// Restore all packages in the specified packages.config file.
        /// </summary>
-        /// <param name="package">The package file.</param>
-        private bool TryRestoreNugetPackage(string package)
+        /// <param name="packagesConfig">The packages.config file.</param>
+        private bool TryRestoreNugetPackage(string packagesConfig)
        {
-            logger.LogInfo($"Restoring file {package}...");
+            logger.LogInfo($"Restoring file \"{packagesConfig}\"...");

            /* Use nuget.exe to install a package.
             * Note that there is a clutch of NuGet assemblies which could be used to
@@ -170,12 +170,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
            if (RunWithMono)
            {
                exe = "mono";
-                args = $"{nugetExe} install -OutputDirectory {packageDirectory} {package}";
+                args = $"{nugetExe} install -OutputDirectory \"{packageDirectory}\" \"{packagesConfig}\"";
            }
            else
            {
                exe = nugetExe!;
-                args = $"install -OutputDirectory {packageDirectory} {package}";
+                args = $"install -OutputDirectory \"{packageDirectory}\" \"{packagesConfig}\"";
            }

            var pi = new ProcessStartInfo(exe, args)
@@ -196,7 +196,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
            }
            else
            {
-                logger.LogInfo($"Restored file {package}");
+                logger.LogInfo($"Restored file \"{packagesConfig}\"");
                return true;
            }
        }
@@ -206,7 +206,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
        /// </summary>
        public int InstallPackages()
        {
-            return fileProvider.PackagesConfigs.Count(package => TryRestoreNugetPackage(package));
+            return fileProvider.PackagesConfigs.Count(TryRestoreNugetPackage);
        }

        private bool HasNoPackageSource()
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget
@@ -0,0 +1 @@
+| [...]/Newtonsoft.Json.6.0.4/lib/portable-net45+wp80+win8+wpa81/Newtonsoft.Json.dll |
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget
@@ -0,0 +1,15 @@
+import csharp
+
+private string getPath(Assembly a) {
+  not a.getCompilation().getOutputAssembly() = a and
+  exists(string s | s = a.getFile().getAbsolutePath() |
+    result =
+      "[...]" +
+        s.substring(s.indexOf("test-db/working/") + "test-db/working/".length() + 16 +
+            "/legacypackages".length(), s.length())
+    // TODO: include all other assemblies from the test results. Initially disable because mono installations were problematic on ARM runners.
+  )
+}
+
+from Assembly a
+select getPath(a)
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget
@@ -0,0 +1,6 @@
+class Program
+{
+    static void Main(string[] args)
+    {
+    }
+}
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget
@@ -0,0 +1,5 @@
+{
+    "sdk": {
+        "version": "8.0.101"
+    }
+}
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="utf-8"?>
+<packages>
+  <package id="Newtonsoft.Json" version="6.0.4" targetFramework="net461" />
+  <package id="NUnit.ConsoleRunner" version="3.12.0" />
+</packages>
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget
@@ -0,0 +1 @@
+Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget.
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
+</Project>
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget
@@ -0,0 +1,8 @@
+from create_database_utils import *
+import os
+
+# making sure we're not doing any fallback restore:
+os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_TIMEOUT"] = "1"
+os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_LIMIT"] = "1"
+
+run_codeql_database_create([], lang="csharp", extra_args=["--build-mode=none"])
				`@@ -0,0 +1 @@`
				`\| [...]/Newtonsoft.Json.6.0.4/lib/portable-net45+wp80+win8+wpa81/Newtonsoft.Json.dll \|`
				`@@ -0,0 +1 @@`
				`Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget.`