fix: validate if npm has lock file

ruromero · ruromero · commit 2a04e5efae63 · 2025-04-10T21:39:41.000+02:00
Signed-off-by: Ruben Romero Montes &lt;rromerom@redhat.com&gt;
diff --git a/src/main/java/com/redhat/exhort/Provider.java b/src/main/java/com/redhat/exhort/Provider.java
@@ -70,7 +70,12 @@ protected Provider(Ecosystem.Type ecosystem, Path manifest) {
    */
   public abstract Content provideComponent() throws IOException;
 
-  public boolean validateLockFile(Path lockFile) {
-    return true;
+  /**
+   * If a package manager requires having a lock file it must exist in the provided path
+   *
+   * @param lockFileDir Path to the directory where the lock file must exist
+   */
+  public void validateLockFile(Path lockFileDir) {
+    // Default implementation. Do not require a lock file.
   }
 }
diff --git a/src/main/java/com/redhat/exhort/providers/JavaScriptNpmProvider.java b/src/main/java/com/redhat/exhort/providers/JavaScriptNpmProvider.java
@@ -232,4 +232,12 @@ Map<String, String> getNpmExecEnv() {
     }
     return null;
   }
+
+  @Override
+  public void validateLockFile(Path lockFileDir) {
+    if (!Files.isRegularFile(lockFileDir.resolve("package-lock.json"))) {
+      throw new IllegalStateException(
+          "Lock file does not exist or is not supported. Execute 'npm install' to generate it.");
+    }
+  }
 }
diff --git a/src/main/java/com/redhat/exhort/tools/Ecosystem.java b/src/main/java/com/redhat/exhort/tools/Ecosystem.java
@@ -56,10 +56,7 @@ private Ecosystem() {
    */
   public static Provider getProvider(final Path manifestPath) {
     var provider = resolveProvider(manifestPath);
-    if (!provider.validateLockFile(manifestPath)) {
-      throw new IllegalStateException(
-          "Missing lock file for manifest file: " + manifestPath.toString());
-    }
+    provider.validateLockFile(manifestPath.getParent());
     return provider;
   }
 
diff --git a/src/test/java/com/redhat/exhort/providers/Golang_Modules_Provider_Test.java b/src/test/java/com/redhat/exhort/providers/Golang_Modules_Provider_Test.java
@@ -149,7 +149,8 @@ void Test_Golang_Modules_with_Match_Manifest_Version(boolean MatchManifestVersio
       String actualSbomWithTSStripped = dropIgnoredKeepFormat(sbomString);
 
       assertEquals(
-          getStringFromFile("msc/golang/expected_sbom_ca.json").trim(), actualSbomWithTSStripped);
+          dropIgnored(getStringFromFile("msc/golang/expected_sbom_ca.json")).trim(),
+          dropIgnored(actualSbomWithTSStripped));
     }
   }
 
@@ -188,10 +189,13 @@ void Test_Golang_MvS_Logic_Enabled() throws IOException {
   }
 
   private String dropIgnored(String s) {
-    return s.replaceAll("\\s+", "").replaceAll("\"timestamp\":\"[a-zA-Z0-9\\-\\:]+\",", "");
+    return s.replaceAll("goarch=\\w+&goos=\\w+&", "")
+        .replaceAll("\\s+", "")
+        .replaceAll("\"timestamp\":\"[a-zA-Z0-9\\-\\:]+\",", "");
   }
 
   private String dropIgnoredKeepFormat(String s) {
-    return s.replaceAll("\"timestamp\" : \"[a-zA-Z0-9\\-\\:]+\",\n    ", "");
+    return s.replaceAll("goarch=\\w+&goos=\\w+&", "")
+        .replaceAll("\"timestamp\" : \"[a-zA-Z0-9\\-\\:]+\",\n    ", "");
   }
 }
diff --git a/src/test/java/com/redhat/exhort/tools/Ecosystem_Test.java b/src/test/java/com/redhat/exhort/tools/Ecosystem_Test.java
@@ -17,6 +17,7 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import com.redhat.exhort.providers.JavaMavenProvider;
 import java.nio.file.Path;
@@ -36,4 +37,10 @@ void get_a_provider_for_a_pom_xml_file_should_return_java_maven_manifest() {
     var manifestPath = Path.of("/supported/manifest/pom.xml");
     assertThat(Ecosystem.getProvider(manifestPath)).isInstanceOf(JavaMavenProvider.class);
   }
+
+  @Test
+  void get_a_provider_with_missing_lock_file() {
+    var manifestPath = Path.of("src/test/resources/tst_manifests/npm/empty/package.json");
+    assertThrows(IllegalStateException.class, () -> Ecosystem.getProvider(manifestPath));
+  }
 }

Original file line number	Diff line number	Diff line change
`@@ -70,7 +70,12 @@ protected Provider(Ecosystem.Type ecosystem, Path manifest) {`
`70`	`70`	`*/`
`71`	`71`	`public abstract Content provideComponent() throws IOException;`
`72`	`72`
`73`		`- public boolean validateLockFile(Path lockFile) {`
`74`		`- return true;`
	`73`	`+ /**`
	`74`	`+ * If a package manager requires having a lock file it must exist in the provided path`
	`75`	`+ *`
	`76`	`+ * @param lockFileDir Path to the directory where the lock file must exist`
	`77`	`+ */`
	`78`	`+ public void validateLockFile(Path lockFileDir) {`
	`79`	`+ // Default implementation. Do not require a lock file.`
`75`	`80`	`}`
`76`	`81`	`}`
Original file line number	Diff line number	Diff line change
`@@ -232,4 +232,12 @@ Map<String, String> getNpmExecEnv() {`
`232`	`232`	`}`
`233`	`233`	`return null;`
`234`	`234`	`}`
	`235`	`+`
	`236`	`+ @Override`
	`237`	`+ public void validateLockFile(Path lockFileDir) {`
	`238`	`+ if (!Files.isRegularFile(lockFileDir.resolve("package-lock.json"))) {`
	`239`	`+ throw new IllegalStateException(`
	`240`	`+ "Lock file does not exist or is not supported. Execute 'npm install' to generate it.");`
	`241`	`+ }`
	`242`	`+ }`
`235`	`243`	`}`
Original file line number	Diff line number	Diff line change
`@@ -149,7 +149,8 @@ void Test_Golang_Modules_with_Match_Manifest_Version(boolean MatchManifestVersio`
`149`	`149`	`String actualSbomWithTSStripped = dropIgnoredKeepFormat(sbomString);`
`150`	`150`
`151`	`151`	`assertEquals(`
`152`		`- getStringFromFile("msc/golang/expected_sbom_ca.json").trim(), actualSbomWithTSStripped);`
	`152`	`+ dropIgnored(getStringFromFile("msc/golang/expected_sbom_ca.json")).trim(),`
	`153`	`+ dropIgnored(actualSbomWithTSStripped));`
`153`	`154`	`}`
`154`	`155`	`}`
`155`	`156`
`@@ -188,10 +189,13 @@ void Test_Golang_MvS_Logic_Enabled() throws IOException {`
`188`	`189`	`}`
`189`	`190`
`190`	`191`	`private String dropIgnored(String s) {`
`191`		`- return s.replaceAll("\\s+", "").replaceAll("\"timestamp\":\"[a-zA-Z0-9\\-\\:]+\",", "");`
	`192`	`+ return s.replaceAll("goarch=\\w+&goos=\\w+&", "")`
	`193`	`+ .replaceAll("\\s+", "")`
	`194`	`+ .replaceAll("\"timestamp\":\"[a-zA-Z0-9\\-\\:]+\",", "");`
`192`	`195`	`}`
`193`	`196`
`194`	`197`	`private String dropIgnoredKeepFormat(String s) {`
`195`		`- return s.replaceAll("\"timestamp\" : \"[a-zA-Z0-9\\-\\:]+\",\n ", "");`
	`198`	`+ return s.replaceAll("goarch=\\w+&goos=\\w+&", "")`
	`199`	`+ .replaceAll("\"timestamp\" : \"[a-zA-Z0-9\\-\\:]+\",\n ", "");`
`196`	`200`	`}`
`197`	`201`	`}`