tweaks to improve performance, coverage and filtering

Signed-off-by: Alan Pope <alan.pope@anchore.com>
2026-02-12 02:26:42 +01:00 · 2025-08-26 13:07:55 +01:00 · 2025-08-26 13:07:55 +01:00 · dd0e7dc20f
commit dd0e7dc20f
parent e5fd03d2f6
2 changed files with 72 additions and 7 deletions
--- a/syft/pkg/cataloger/dotnet/parse_csproj.go
+++ b/syft/pkg/cataloger/dotnet/parse_csproj.go
@ -98,15 +98,19 @@ func shouldSkipPackageReference(ref csprojPackageReference) bool {

 	// Skip packages that are commonly build-time only
 	lowerName := strings.ToLower(ref.Include)
-	buildTimePackages := []string{
-		"microsoft.net.test.sdk",
-		"stylecop.analyzers",
-		"microsoft.codeanalysis",
-		"coverlet.collector",
-		"xunit.runner.visualstudio",
+	buildTimePackages := map[string]bool{
+		"microsoft.net.test.sdk":      true,
+		"stylecop.analyzers":          true,
+		"microsoft.codeanalysis":      true,
+		"coverlet.collector":          true,
+		"xunit.runner.visualstudio":   true,
+		"nunit":                       true,
+		"nunit3testadapter":           true,
+		"mstest.testadapter":          true,
+		"mstest.testframework":        true,
 	}

-	for _, buildPkg := range buildTimePackages {
+	for buildPkg := range buildTimePackages {
 		if strings.Contains(lowerName, buildPkg) {
 			return true
 		}
--- a/syft/pkg/cataloger/dotnet/parse_csproj_test.go
+++ b/syft/pkg/cataloger/dotnet/parse_csproj_test.go
@ -86,6 +86,33 @@ func TestParseDotnetCsproj(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "complex IncludeAssets and PrivateAssets handling",
+			input: `<Project Sdk="Microsoft.NET.Sdk">
+  <ItemGroup>
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
+    <PackageReference Include="StyleCop.Analyzers" Version="1.2.0" PrivateAssets="all" />
+    <PackageReference Include="Microsoft.ChakraCore" Version="1.11.24" IncludeAssets="runtime; build; native" />
+    <PackageReference Include="NUnit" Version="3.13.3" />
+  </ItemGroup>
+</Project>`,
+			expected: []pkg.Package{
+				{
+					Name:     "Newtonsoft.Json",
+					Version:  "13.0.3",
+					Language: pkg.Dotnet,
+					Type:     pkg.DotnetPkg,
+					PURL:     "pkg:nuget/Newtonsoft.Json@13.0.3",
+				},
+				{
+					Name:     "Microsoft.ChakraCore",
+					Version:  "1.11.24",
+					Language: pkg.Dotnet,
+					Type:     pkg.DotnetPkg,
+					PURL:     "pkg:nuget/Microsoft.ChakraCore@1.11.24",
+				},
+			},
+		},
 		{
 			name: "skip build-time packages",
 			input: `<Project Sdk="Microsoft.NET.Sdk">
@ -291,6 +318,40 @@ func TestShouldSkipPackageReference(t *testing.T) {
 			},
 			expected: true,
 		},
+		{
+			name: "includeAssets runtime only",
+			ref: csprojPackageReference{
+				Include: "Some.Package",
+				Version: "1.0.0",
+				IncludeAssets: "runtime",
+			},
+			expected: false,
+		},
+		{
+			name: "mixed condition with release",
+			ref: csprojPackageReference{
+				Include: "Some.Package",
+				Version: "1.0.0",
+				Condition: "'$(Configuration)' == 'Debug' OR '$(Configuration)' == 'Release'",
+			},
+			expected: false,
+		},
+		{
+			name: "nunit test package",
+			ref: csprojPackageReference{
+				Include: "NUnit",
+				Version: "3.13.3",
+			},
+			expected: true,
+		},
+		{
+			name: "mstest framework",
+			ref: csprojPackageReference{
+				Include: "MSTest.TestFramework",
+				Version: "3.1.1",
+			},
+			expected: true,
+		},
 	}

 	for _, test := range tests {