From 9482ddfbe3641de32f8399c9c5ed1cea11532c49 Mon Sep 17 00:00:00 2001
From: linsui <2873532-linsui@users.noreply.gitlab.com>
Date: Sun, 1 Sep 2024 01:27:26 +0800
Subject: [PATCH 1/4] scanner: support workspace for lock files

---
 fdroidserver/scanner.py                              | 12 +++++++++---
 .../.dart_tool/flutter_gen}/pubspec.yaml             |  0
 .../{Cargo.lock => flutter/pubspec.lock}             |  0
 .../{Cargo.toml => flutter/pubspec.yaml}             |  0
 .../lockfile.test/{ => javascript}/package.json      |  0
 .../lockfile.test/{ => javascript}/yarn.lock         |  0
 .../lockfile.test/rust/subdir/Cargo.lock             |  0
 .../lockfile.test/rust/subdir/Cargo.toml             |  0
 .../rust/subdir/subdir/subdir/Cargo.toml             |  0
 .../lockfile.test/rust/subdir2/Cargo.toml            |  0
 10 files changed, 9 insertions(+), 3 deletions(-)
 rename tests/source-files/lockfile.test/{ => flutter/.dart_tool/flutter_gen}/pubspec.yaml (100%)
 rename tests/source-files/lockfile.test/{Cargo.lock => flutter/pubspec.lock} (100%)
 rename tests/source-files/lockfile.test/{Cargo.toml => flutter/pubspec.yaml} (100%)
 rename tests/source-files/lockfile.test/{ => javascript}/package.json (100%)
 rename tests/source-files/lockfile.test/{ => javascript}/yarn.lock (100%)
 create mode 100644 tests/source-files/lockfile.test/rust/subdir/Cargo.lock
 create mode 100644 tests/source-files/lockfile.test/rust/subdir/Cargo.toml
 create mode 100644 tests/source-files/lockfile.test/rust/subdir/subdir/subdir/Cargo.toml
 create mode 100644 tests/source-files/lockfile.test/rust/subdir2/Cargo.toml

diff --git a/fdroidserver/scanner.py b/fdroidserver/scanner.py
index d212d811..573df30d 100644
--- a/fdroidserver/scanner.py
+++ b/fdroidserver/scanner.py
@@ -816,9 +816,15 @@ def scan_source(build_dir, build=metadata.Build(), json_per_build=None):
                     )
 
             elif curfile in DEPFILE:
-                for lockfile in DEPFILE[curfile]:
-                    if os.path.isfile(os.path.join(root, lockfile)):
-                        break
+                d = root
+                while d.startswith(build_dir):
+                    for lockfile in DEPFILE[curfile]:
+                        if os.path.isfile(os.path.join(d, lockfile)):
+                            break
+                    else:
+                        d = os.path.dirname(d)
+                        continue
+                    break
                 else:
                     count += handleproblem(
                         _('dependency file without lock'),
diff --git a/tests/source-files/lockfile.test/pubspec.yaml b/tests/source-files/lockfile.test/flutter/.dart_tool/flutter_gen/pubspec.yaml
similarity index 100%
rename from tests/source-files/lockfile.test/pubspec.yaml
rename to tests/source-files/lockfile.test/flutter/.dart_tool/flutter_gen/pubspec.yaml
diff --git a/tests/source-files/lockfile.test/Cargo.lock b/tests/source-files/lockfile.test/flutter/pubspec.lock
similarity index 100%
rename from tests/source-files/lockfile.test/Cargo.lock
rename to tests/source-files/lockfile.test/flutter/pubspec.lock
diff --git a/tests/source-files/lockfile.test/Cargo.toml b/tests/source-files/lockfile.test/flutter/pubspec.yaml
similarity index 100%
rename from tests/source-files/lockfile.test/Cargo.toml
rename to tests/source-files/lockfile.test/flutter/pubspec.yaml
diff --git a/tests/source-files/lockfile.test/package.json b/tests/source-files/lockfile.test/javascript/package.json
similarity index 100%
rename from tests/source-files/lockfile.test/package.json
rename to tests/source-files/lockfile.test/javascript/package.json
diff --git a/tests/source-files/lockfile.test/yarn.lock b/tests/source-files/lockfile.test/javascript/yarn.lock
similarity index 100%
rename from tests/source-files/lockfile.test/yarn.lock
rename to tests/source-files/lockfile.test/javascript/yarn.lock
diff --git a/tests/source-files/lockfile.test/rust/subdir/Cargo.lock b/tests/source-files/lockfile.test/rust/subdir/Cargo.lock
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/source-files/lockfile.test/rust/subdir/Cargo.toml b/tests/source-files/lockfile.test/rust/subdir/Cargo.toml
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/source-files/lockfile.test/rust/subdir/subdir/subdir/Cargo.toml b/tests/source-files/lockfile.test/rust/subdir/subdir/subdir/Cargo.toml
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/source-files/lockfile.test/rust/subdir2/Cargo.toml b/tests/source-files/lockfile.test/rust/subdir2/Cargo.toml
new file mode 100644
index 00000000..e69de29b

From 4e829e2f1951380baac35d3c65adc2f05537263a Mon Sep 17 00:00:00 2001
From: linsui <2873532-linsui@users.noreply.gitlab.com>
Date: Mon, 2 Sep 2024 17:07:53 +0800
Subject: [PATCH 2/4] scanner: fix npm lock file name

---
 fdroidserver/scanner.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fdroidserver/scanner.py b/fdroidserver/scanner.py
index 573df30d..cf586f45 100644
--- a/fdroidserver/scanner.py
+++ b/fdroidserver/scanner.py
@@ -53,7 +53,7 @@ MAVEN_URL_REGEX = re.compile(
 DEPFILE = {
     "Cargo.toml": ["Cargo.lock"],
     "pubspec.yaml": ["pubspec.lock"],
-    "package.json": ["package.lock", "yarn.lock", "pnpm-lock.yaml"],
+    "package.json": ["package-lock.json", "yarn.lock", "pnpm-lock.yaml"],
 }
 
 SCANNER_CACHE_VERSION = 1

From 632959ae350c22446c67146ac1fb299d77dd74e1 Mon Sep 17 00:00:00 2001
From: linsui <2873532-linsui@users.noreply.gitlab.com>
Date: Mon, 2 Sep 2024 17:39:42 +0800
Subject: [PATCH 3/4] scanner: fix test

The suss rule is updated
---
 tests/scanner.TestCase | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/scanner.TestCase b/tests/scanner.TestCase
index 89d60402..3127f023 100755
--- a/tests/scanner.TestCase
+++ b/tests/scanner.TestCase
@@ -54,11 +54,11 @@ class ScannerTest(unittest.TestCase):
             'Zillode': 1,
             'cn.wildfirechat.chat': 4,
             'com.github.shadowsocks': 9,
-            'com.integreight.onesheeld': 16,
+            'com.integreight.onesheeld': 17,
             'com.jens.automation2': 3,
             'firebase-suspect': 1,
             'org.mozilla.rocket': 2,
-            'org.tasks': 2,
+            'org.tasks': 3,
             'realm': 1,
             'se.manyver': 3,
             'lockfile.test': 1,

From 3a4a4190aa3cce8557c6cb35e716ffed296bc94e Mon Sep 17 00:00:00 2001
From: linsui <2873532-linsui@users.noreply.gitlab.com>
Date: Wed, 4 Sep 2024 22:32:38 +0800
Subject: [PATCH 4/4] scanner: add test files into MANIFEST.in

---
 MANIFEST.in | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/MANIFEST.in b/MANIFEST.in
index 8d24dbf2..4022d2e8 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -797,6 +797,14 @@ include tests/source-files/firebase-allowlisted/build.gradle
 include tests/source-files/firebase-suspect/app/build.gradle
 include tests/source-files/firebase-suspect/build.gradle
 include tests/source-files/info.guardianproject.ripple/build.gradle
+include tests/source-files/lockfile.test/flutter/pubspec.lock
+include tests/source-files/lockfile.test/flutter/pubspec.yaml
+include tests/source-files/lockfile.test/javascript/package.json
+include tests/source-files/lockfile.test/javascript/yarn.lock
+include tests/source-files/lockfile.test/rust/subdir2/Cargo.toml
+include tests/source-files/lockfile.test/rust/subdir/Cargo.lock
+include tests/source-files/lockfile.test/rust/subdir/Cargo.toml
+include tests/source-files/lockfile.test/rust/subdir/subdir/subdir/Cargo.toml
 include tests/source-files/open-keychain/open-keychain/build.gradle
 include tests/source-files/open-keychain/open-keychain/OpenKeychain/build.gradle
 include tests/source-files/org.mozilla.rocket/app/build.gradle