yarn.lock files sometimes have quotes around keys

We've observed examples of yarn.lock files that wrap their keys in quotes (#281)
eclipse-dash · Nov 11, 2023 · 65decbd · 65decbd
1 parent 9f224aa
commit 65decbd
Show file tree

Hide file tree

Showing 3 changed files with 615 additions and 1 deletion.
diff --git a/core/src/main/java/org/eclipse/dash/licenses/cli/YarnLockFileReader.java b/core/src/main/java/org/eclipse/dash/licenses/cli/YarnLockFileReader.java
@@ -47,6 +47,15 @@
  *   resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.12.7.tgz#9329b4782a7d6bbd7eef57e11addf91ee3ef1e41"
  *   integrity sha512-YaxPMGs/XIWtYqrdEOZOCPsVWfEoriXopnsz3/i7apYPXQ3698UFhS6dVT1KN5qOsWmVgw/FOrmQgpRaZayGsw==
  * </pre>
+ * 
+ * It appears that, in some cases, the keys are surrounded by quotes (#281).
+ * We've observed this in "v1" lock files. For example:
+ * 
+ * <pre>
+ * "[email protected]": "integrity"
+ * "sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA=="
+ * "resolved" "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz"
+ * "version" "4.1.1" </pre
  *
  * The implementation is only as sophisticated as it needs to be and only
  * provides the behaviour that I require to determine a ClearlyDefined ID from
@@ -223,10 +232,12 @@ private String getHeader() {
 		 * 
 		 * FIXME Validate that we can assume that the version is surrounded by quotes.
 		 * 
+		 * 2023-11-10 sometimes the key is surrounded by quotes (#281)
+		 * 
 		 * @return
 		 */
 		public String getVersion() {
-			var pattern = Pattern.compile("version \"(?<version>[^\"]+)\"");
+			var pattern = Pattern.compile("(?:version|\"version\") \"(?<version>[^\"]+)\"");
 			for (Record child : nested) {
 				var matcher = pattern.matcher(child.value);
 				if (matcher.matches()) {

diff --git a/core/src/test/java/org/eclipse/dash/licenses/tests/YarnLockFileReaderTests.java b/core/src/test/java/org/eclipse/dash/licenses/tests/YarnLockFileReaderTests.java
@@ -20,6 +20,7 @@
 
 import org.eclipse.dash.licenses.IContentId;
 import org.eclipse.dash.licenses.cli.YarnLockFileReader;
+import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 
 class YarnLockFileReaderTests {
@@ -146,4 +147,19 @@ void testInvalidEntry() throws IOException {
 
 		assertFalse(id.isValid());
 	}
+
+	@Nested
+	class Yarn2Tests {
+
+		@Test
+		void test() throws IOException {
+			try (InputStream input = this.getClass().getResourceAsStream("/test_data_yarn2.lock")) {
+				var ids = new YarnLockFileReader(new InputStreamReader(input)).getContentIds();
+				assertEquals("npm/npmjs/-/ansi-colors/4.1.1", ids.get(0).toString());
+				assertEquals("npm/npmjs/-/ansi-regex/5.0.1", ids.get(1).toString());
+				assertEquals("npm/npmjs/-/ansi-styles/4.3.0", ids.get(2).toString());
+				assertEquals("npm/npmjs/-/anymatch/3.1.3", ids.get(3).toString());
+			}
+		}
+	}
 }