Merge pull request #76 from CycloneDX/71-proper-path-concatenation

Proper path concatenation

.rubocop.yml

@@ -38,3 +38,7 @@ Metrics/MethodLength:
   AllowedMethods: ['parse_options', 'add_to_bom', 'append_all_pod_dependencies']
 Metrics/AbcSize:
   AllowedMethods: ['parse_options', 'add_to_bom', 'source_for_pod']
+
+# Configure StringConcatenation to allow Pathname string concatenation
+Style/StringConcatenation:
+  Mode: conservative

CHANGELOG.md

@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+
+### Fixed
+- Properly concatenate paths to Podfile and Podfile.lock (with unit tests!). ([Issue #71](https://github.com/CycloneDX/cyclonedx-cocoapods/issues/71)) [@macblazer](https://github.com/macblazer).
+
 ## [1.3.0]
 
 ### Added

lib/cyclonedx/cocoapods/podfile_analyzer.rb

@@ -105,13 +105,13 @@ def load_one_plugin(plugin_name)
       def validate_options(project_dir, options)
         raise PodfileParsingError, "#{options[:path]} is not a valid directory." unless File.directory?(project_dir)
 
-        options[:podfile_path] = "#{project_dir}Podfile"
+        options[:podfile_path] = project_dir + 'Podfile'
         unless File.exist?(options[:podfile_path])
           raise PodfileParsingError, "Missing Podfile in #{project_dir}. Please use the --path option if " \
                                      'not running from the CocoaPods project directory.'
         end
 
-        options[:podfile_lock_path] = "#{project_dir}Podfile.lock"
+        options[:podfile_lock_path] = project_dir + 'Podfile.lock'
         return if File.exist?(options[:podfile_lock_path])
 
         raise PodfileParsingError, "Missing Podfile.lock, please run 'pod install' before generating BOM"
@@ -142,6 +142,8 @@ def dependencies_for_pod(podname_array, podfile, lockfile)
       end
 
       def initialize_cocoapods_config(project_dir)
+        # First, reset the ::Pod::Config instance in case we need to use this analyzer on multiple pods
+        ::Pod::Config.instance = nil
         ::Pod::Config.instance.installation_root = project_dir
       end
 

spec/cyclonedx/cocoapods/license_spec.rb

@@ -33,7 +33,7 @@
     context 'with an identifier included in the SPDX license list (regardless of case)' do
       it 'should create a license of type id' do
         existing_license_id = described_class::SPDX_LICENSES.sample
-        mangled_case_id = existing_license_id.chars.map { |c| rand(2) == 0 ? c.upcase : c.downcase }.join
+        mangled_case_id = existing_license_id.chars.map { |c| rand(2).zero? ? c.upcase : c.downcase }.join
 
         license = described_class.new(identifier: mangled_case_id)
 

spec/cyclonedx/cocoapods/podfile_analyzer_spec.rb

@@ -21,6 +21,7 @@
 
 require 'cyclonedx/cocoapods/podfile_analyzer'
 require 'rspec'
+
 RSpec.describe CycloneDX::CocoaPods::PodfileAnalyzer do
   let(:fixtures) { Pathname.new(File.expand_path('../../fixtures', __dir__)) }
   let(:empty_podfile) { 'EmptyPodfile/Podfile' }
@@ -35,6 +36,55 @@
     @logger = Logger.new(@log)
   end
 
+  context 'Calling ensure_podfile_and_lock_are_present' do
+    it 'with bad path should raise an error' do
+      analyzer = CycloneDX::CocoaPods::PodfileAnalyzer.new(logger: @logger)
+
+      options = {
+        path: 'bad_path_that_does_not_exist'
+      }
+      expect do
+        analyzer.ensure_podfile_and_lock_are_present(options)
+      end.to raise_error(CycloneDX::CocoaPods::PodfileParsingError,
+                         'bad_path_that_does_not_exist is not a valid directory.')
+    end
+
+    it 'with SimplePod fixture should succeed' do
+      analyzer = CycloneDX::CocoaPods::PodfileAnalyzer.new(logger: @logger)
+
+      options = {
+        path: fixtures + 'SimplePod/'
+      }
+      podfile, lockfile = analyzer.ensure_podfile_and_lock_are_present(options)
+      expect(podfile).not_to be_nil
+      expect(lockfile).not_to be_nil
+    end
+
+    it 'with EmptyPodfile fixture should raise a "Missing Manifest.lock" error' do
+      analyzer = CycloneDX::CocoaPods::PodfileAnalyzer.new(logger: @logger)
+
+      options = {
+        path: fixtures + 'EmptyPodfile/'
+      }
+      expect do
+        analyzer.ensure_podfile_and_lock_are_present(options)
+      end.to raise_error(CycloneDX::CocoaPods::PodfileParsingError,
+                         "Missing Manifest.lock, please run 'pod install' before generating BOM")
+    end
+
+    it 'with PluginPod fixture should log a warning when trying to load the plugin' do
+      analyzer = CycloneDX::CocoaPods::PodfileAnalyzer.new(logger: @logger)
+
+      options = {
+        path: fixtures + 'PluginPod/'
+      }
+      expect(@logger).to receive(:warn).with(/Failed to load plugin fake_plugin_that_does_not_exist./)
+      podfile, lockfile = analyzer.ensure_podfile_and_lock_are_present(options)
+      expect(podfile).not_to be_nil
+      expect(lockfile).not_to be_nil
+    end
+  end
+
   context 'parsing pods' do
     context 'when created with standard parameters' do
       it 'should handle no pods correctly' do

spec/fixtures/PluginPod/Podfile

@@ -0,0 +1,6 @@
+platform :osx, '11.0'
+
+plugin 'fake_plugin_that_does_not_exist'
+
+target 'SampleProject' do
+end

spec/fixtures/PluginPod/Podfile.lock

@@ -0,0 +1,3 @@
+PODFILE CHECKSUM: ac84235e3de4f55461564bd177c404d01b1c09ee
+
+COCOAPODS: 1.15.2