From cf09a3bc4eae0342237e43c9edbe039d8b29376c Mon Sep 17 00:00:00 2001
From: Kyle Hammond <kyle.hammond@snowmintcs.com>
Date: Mon, 14 Oct 2024 10:29:01 -0500
Subject: [PATCH 1/2] Fixes #71.  Properly concatenate the Podfile and
 Podfile.lock paths and add unit tests.

Signed-off-by: Kyle Hammond <kyle.hammond@snowmintcs.com>
---
 lib/cyclonedx/cocoapods/podfile_analyzer.rb   |  6 ++-
 .../cocoapods/podfile_analyzer_spec.rb        | 49 +++++++++++++++++++
 spec/fixtures/PluginPod/Podfile               |  6 +++
 spec/fixtures/PluginPod/Podfile.lock          |  3 ++
 spec/fixtures/PluginPod/Pods/Manifest.lock    |  3 ++
 spec/fixtures/SimplePod/Pods/Manifest.lock    | 22 +++++++++
 6 files changed, 87 insertions(+), 2 deletions(-)
 create mode 100644 spec/fixtures/PluginPod/Podfile
 create mode 100644 spec/fixtures/PluginPod/Podfile.lock
 create mode 100644 spec/fixtures/PluginPod/Pods/Manifest.lock
 create mode 100644 spec/fixtures/SimplePod/Pods/Manifest.lock

diff --git a/lib/cyclonedx/cocoapods/podfile_analyzer.rb b/lib/cyclonedx/cocoapods/podfile_analyzer.rb
index 74738c6..d0b168e 100644
--- a/lib/cyclonedx/cocoapods/podfile_analyzer.rb
+++ b/lib/cyclonedx/cocoapods/podfile_analyzer.rb
@@ -105,13 +105,13 @@ def load_one_plugin(plugin_name)
       def validate_options(project_dir, options)
         raise PodfileParsingError, "#{options[:path]} is not a valid directory." unless File.directory?(project_dir)
 
-        options[:podfile_path] = "#{project_dir}Podfile"
+        options[:podfile_path] = project_dir + 'Podfile'
         unless File.exist?(options[:podfile_path])
           raise PodfileParsingError, "Missing Podfile in #{project_dir}. Please use the --path option if " \
                                      'not running from the CocoaPods project directory.'
         end
 
-        options[:podfile_lock_path] = "#{project_dir}Podfile.lock"
+        options[:podfile_lock_path] = project_dir + 'Podfile.lock'
         return if File.exist?(options[:podfile_lock_path])
 
         raise PodfileParsingError, "Missing Podfile.lock, please run 'pod install' before generating BOM"
@@ -142,6 +142,8 @@ def dependencies_for_pod(podname_array, podfile, lockfile)
       end
 
       def initialize_cocoapods_config(project_dir)
+        # First, reset the ::Pod::Config instance in case we need to use this analyzer on multiple pods
+        ::Pod::Config.instance = nil
         ::Pod::Config.instance.installation_root = project_dir
       end
 
diff --git a/spec/cyclonedx/cocoapods/podfile_analyzer_spec.rb b/spec/cyclonedx/cocoapods/podfile_analyzer_spec.rb
index 55a39e2..42479fd 100644
--- a/spec/cyclonedx/cocoapods/podfile_analyzer_spec.rb
+++ b/spec/cyclonedx/cocoapods/podfile_analyzer_spec.rb
@@ -35,6 +35,55 @@
     @logger = Logger.new(@log)
   end
 
+  context 'Calling ensure_podfile_and_lock_are_present' do
+    it 'with bad path should raise an error' do
+      analyzer = CycloneDX::CocoaPods::PodfileAnalyzer.new(logger: @logger)
+
+      options = {
+        path: 'bad_path_that_does_not_exist'
+      }
+      expect do
+        analyzer.ensure_podfile_and_lock_are_present(options)
+      end.to raise_error(CycloneDX::CocoaPods::PodfileParsingError,
+                         'bad_path_that_does_not_exist is not a valid directory.')
+    end
+
+    it 'with SimplePod fixture should succeed' do
+      analyzer = CycloneDX::CocoaPods::PodfileAnalyzer.new(logger: @logger)
+
+      options = {
+        path: fixtures + 'SimplePod/'
+      }
+      podfile, lockfile = analyzer.ensure_podfile_and_lock_are_present(options)
+      expect(podfile).not_to be_nil
+      expect(lockfile).not_to be_nil
+    end
+
+    it 'with EmptyPodfile fixture should raise a "Missing Manifest.lock" error' do
+      analyzer = CycloneDX::CocoaPods::PodfileAnalyzer.new(logger: @logger)
+
+      options = {
+        path: fixtures + 'EmptyPodfile/'
+      }
+      expect do
+        analyzer.ensure_podfile_and_lock_are_present(options)
+      end.to raise_error(CycloneDX::CocoaPods::PodfileParsingError,
+                         "Missing Manifest.lock, please run 'pod install' before generating BOM")
+    end
+
+    it 'with PluginPod fixture should log a warning when trying to load the plugin' do
+      analyzer = CycloneDX::CocoaPods::PodfileAnalyzer.new(logger: @logger)
+
+      options = {
+        path: fixtures + 'PluginPod/'
+      }
+      expect(@logger).to receive(:warn).with(/Failed to load plugin fake_plugin_that_does_not_exist./)
+      podfile, lockfile = analyzer.ensure_podfile_and_lock_are_present(options)
+      expect(podfile).not_to be_nil
+      expect(lockfile).not_to be_nil
+    end
+  end
+
   context 'parsing pods' do
     context 'when created with standard parameters' do
       it 'should handle no pods correctly' do
diff --git a/spec/fixtures/PluginPod/Podfile b/spec/fixtures/PluginPod/Podfile
new file mode 100644
index 0000000..d7d68f7
--- /dev/null
+++ b/spec/fixtures/PluginPod/Podfile
@@ -0,0 +1,6 @@
+platform :osx, '11.0'
+
+plugin 'fake_plugin_that_does_not_exist'
+
+target 'SampleProject' do
+end
diff --git a/spec/fixtures/PluginPod/Podfile.lock b/spec/fixtures/PluginPod/Podfile.lock
new file mode 100644
index 0000000..57d1f30
--- /dev/null
+++ b/spec/fixtures/PluginPod/Podfile.lock
@@ -0,0 +1,3 @@
+PODFILE CHECKSUM: ac84235e3de4f55461564bd177c404d01b1c09ee
+
+COCOAPODS: 1.15.2
diff --git a/spec/fixtures/PluginPod/Pods/Manifest.lock b/spec/fixtures/PluginPod/Pods/Manifest.lock
new file mode 100644
index 0000000..57d1f30
--- /dev/null
+++ b/spec/fixtures/PluginPod/Pods/Manifest.lock
@@ -0,0 +1,3 @@
+PODFILE CHECKSUM: ac84235e3de4f55461564bd177c404d01b1c09ee
+
+COCOAPODS: 1.15.2
diff --git a/spec/fixtures/SimplePod/Pods/Manifest.lock b/spec/fixtures/SimplePod/Pods/Manifest.lock
new file mode 100644
index 0000000..8d01b43
--- /dev/null
+++ b/spec/fixtures/SimplePod/Pods/Manifest.lock
@@ -0,0 +1,22 @@
+PODS:
+  - Alamofire (5.6.2)
+  - MSAL (1.2.1):
+    - MSAL/app-lib (= 1.2.1)
+  - MSAL/app-lib (1.2.1)
+
+DEPENDENCIES:
+  - Alamofire
+  - MSAL
+
+SPEC REPOS:
+  trunk:
+    - Alamofire
+    - MSAL
+
+SPEC CHECKSUMS:
+  Alamofire: d368e1ff8a298e6dde360e35a3e68e6c610e7204
+  MSAL: 460571f34a9062c501841d099f8e51fc30557deb
+
+PODFILE CHECKSUM: 16ff6ee7c76cb41d37b9b663e99aabeec75048fd
+
+COCOAPODS: 1.10.1

From d39516b6eedd4aaa1e0c9566afca9c0bb2153225 Mon Sep 17 00:00:00 2001
From: Kyle Hammond <kyle.hammond@snowmintcs.com>
Date: Mon, 14 Oct 2024 10:30:10 -0500
Subject: [PATCH 2/2] Keep Rubocop happy about the string concatenation.  Add a
 note to the CHANGELOG.md file.

Signed-off-by: Kyle Hammond <kyle.hammond@snowmintcs.com>
---
 .rubocop.yml                                      | 4 ++++
 CHANGELOG.md                                      | 5 +++++
 spec/cyclonedx/cocoapods/license_spec.rb          | 2 +-
 spec/cyclonedx/cocoapods/podfile_analyzer_spec.rb | 1 +
 4 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/.rubocop.yml b/.rubocop.yml
index 93ca7fa..f851cda 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -38,3 +38,7 @@ Metrics/MethodLength:
   AllowedMethods: ['parse_options', 'add_to_bom', 'append_all_pod_dependencies']
 Metrics/AbcSize:
   AllowedMethods: ['parse_options', 'add_to_bom', 'source_for_pod']
+
+# Configure StringConcatenation to allow Pathname string concatenation
+Style/StringConcatenation:
+  Mode: conservative
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 896ee3e..fd01f1e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+
+### Fixed
+- Properly concatenate paths to Podfile and Podfile.lock (with unit tests!). ([Issue #71](https://github.com/CycloneDX/cyclonedx-cocoapods/issues/71)) [@macblazer](https://github.com/macblazer).
+
 ## [1.3.0]
 
 ### Added
diff --git a/spec/cyclonedx/cocoapods/license_spec.rb b/spec/cyclonedx/cocoapods/license_spec.rb
index 0b0fdfa..0bbe984 100644
--- a/spec/cyclonedx/cocoapods/license_spec.rb
+++ b/spec/cyclonedx/cocoapods/license_spec.rb
@@ -33,7 +33,7 @@
     context 'with an identifier included in the SPDX license list (regardless of case)' do
       it 'should create a license of type id' do
         existing_license_id = described_class::SPDX_LICENSES.sample
-        mangled_case_id = existing_license_id.chars.map { |c| rand(2) == 0 ? c.upcase : c.downcase }.join
+        mangled_case_id = existing_license_id.chars.map { |c| rand(2).zero? ? c.upcase : c.downcase }.join
 
         license = described_class.new(identifier: mangled_case_id)
 
diff --git a/spec/cyclonedx/cocoapods/podfile_analyzer_spec.rb b/spec/cyclonedx/cocoapods/podfile_analyzer_spec.rb
index 42479fd..b79ec4b 100644
--- a/spec/cyclonedx/cocoapods/podfile_analyzer_spec.rb
+++ b/spec/cyclonedx/cocoapods/podfile_analyzer_spec.rb
@@ -21,6 +21,7 @@
 
 require 'cyclonedx/cocoapods/podfile_analyzer'
 require 'rspec'
+
 RSpec.describe CycloneDX::CocoaPods::PodfileAnalyzer do
   let(:fixtures) { Pathname.new(File.expand_path('../../fixtures', __dir__)) }
   let(:empty_podfile) { 'EmptyPodfile/Podfile' }