Skip to content

Log warning when PROC_MACRO exclusion is used with Cargo Lockfile Detector #1573

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Log warning when PROC_MACRO exclusion is used with Cargo Lockfile Detector #1573

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b0077aa
add log warning for PROC_MACRO exclusion not supported for Cargo Lock…
zahidblackduck Oct 10, 2025
7c0a2b1
add entry in current release notes
zahidblackduck Oct 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions ...n/java/com/blackduck/integration/detectable/detectables/cargo/CargoLockfileExtractor.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,11 @@
import com.blackduck.integration.detectable.detectables.cargo.transform.CargoLockPackageTransformer;
import com.blackduck.integration.detectable.extraction.Extraction;
import com.blackduck.integration.util.NameVersion;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class CargoLockfileExtractor {
private static final Logger logger = LoggerFactory.getLogger(CargoLockfileExtractor.class);
private final CargoTomlParser cargoTomlParser;
private final CargoLockPackageDataTransformer cargoLockPackageDataTransformer;
private final CargoLockPackageTransformer cargoLockPackageTransformer;
Expand All @@ -55,6 +58,15 @@ public Extraction extract(File cargoLockFile, @Nullable File cargoTomlFile, Carg
List<CargoLockPackageData> filteredPackages = new ArrayList<>(cargoLockPackageDataList);
List<CargoLockPackageData> unfilteredPackages = new ArrayList<>(cargoLockPackageDataList);
boolean exclusionEnabled = isDependencyExclusionEnabled(cargoDetectableOptions);

// if exclusion is enabled, and cargoDetectableOptions contains PROC_MACRO, warn that it will be ignored for the Lockfile Detector
if (exclusionEnabled && cargoDetectableOptions.getDependencyTypeFilter().shouldExclude(CargoDependencyType.PROC_MACRO)) {
logger.warn(
"PROC_MACRO exclusion is not supported by the Cargo Lockfile Detector and will be ignored. " +
"Supported exclusions for Cargo Lockfile Detector: [NORMAL, BUILD, DEV]. "
);
}

String cargoTomlContents = null;

Set<NameVersion> allRootDependencies = new HashSet<>();
Expand Down
1 change: 1 addition & 0 deletions documentation/src/main/markdown/currentreleasenotes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@
* (IDETECT-4813) Fix Gradle Native Inspector to correctly identify projects with only `settings.gradle` or `settings.gradle.kts` file in the root directory.
* (IDETECT-4812) Gradle Native Inspector now supports configuration cache (refactored `init-detect.gradle` to add support for configuration cache in Gradle projects).
* (IDETECT-4845) With added support for extracting Python package versions from direct references [PEP 508 URIs](https://packaging.python.org/en/latest/specifications/dependency-specifiers/#environment-markers) in `pyproject.toml` files, [detect_product_short] now correctly parses versions from wheel and archive URLs and VCS references for impacted detectors (Setuptools CLI, Setuptools Parse, and UV Lock detectors). When data is missing or badly formatted, detectors gracefully switch back to reporting only the package name.
* (IDETECT-4850) Log warning when `PROC_MACRO` dependency exclusion is used with the Cargo Lockfile Detector.

### Dependency updates