From f60574c9b0f2477d4452e4e662a0a64268aea308 Mon Sep 17 00:00:00 2001
From: Arlo Siemsen <arkixml@gmail.com>
Date: Wed, 9 Aug 2023 12:37:05 -0500
Subject: [PATCH] Fix Rust detector exception for non-source dependency (#668)

---
 .../rust/RustCrateDetector.cs                 |  9 +----
 .../RustCrateDetectorTests.cs                 | 39 ++++++++++++++++++-
 2 files changed, 40 insertions(+), 8 deletions(-)

diff --git a/src/Microsoft.ComponentDetection.Detectors/rust/RustCrateDetector.cs b/src/Microsoft.ComponentDetection.Detectors/rust/RustCrateDetector.cs
index ecc5c6cef..2483a189f 100644
--- a/src/Microsoft.ComponentDetection.Detectors/rust/RustCrateDetector.cs
+++ b/src/Microsoft.ComponentDetection.Detectors/rust/RustCrateDetector.cs
@@ -1,4 +1,4 @@
-namespace Microsoft.ComponentDetection.Detectors.Rust;
+namespace Microsoft.ComponentDetection.Detectors.Rust;
 
 using System;
 using System.Collections.Generic;
@@ -213,12 +213,7 @@ private void ProcessDependency(
 
             if (IsLocalPackage(childPackage))
             {
-                if (!IsLocalPackage(parentPackage))
-                {
-                    throw new FormatException($"In package with source '{parentComponent.Id}' found non-source dependency string: '{dependency}'");
-                }
-
-                // This is a dependency between packages without source
+                // This is a dependency on a package without a source
                 return;
             }
 
diff --git a/test/Microsoft.ComponentDetection.Detectors.Tests/RustCrateDetectorTests.cs b/test/Microsoft.ComponentDetection.Detectors.Tests/RustCrateDetectorTests.cs
index ec5ce6e9e..ea5403a1d 100644
--- a/test/Microsoft.ComponentDetection.Detectors.Tests/RustCrateDetectorTests.cs
+++ b/test/Microsoft.ComponentDetection.Detectors.Tests/RustCrateDetectorTests.cs
@@ -1,4 +1,4 @@
-namespace Microsoft.ComponentDetection.Detectors.Tests;
+namespace Microsoft.ComponentDetection.Detectors.Tests;
 
 using System;
 using System.Collections.Generic;
@@ -850,4 +850,41 @@ public async Task TestRustDetector_MultipleRegistriesAsync()
 
         componentIds.ForEach(componentId => dependencyGraph.Contains(componentId).Should().BeTrue());
     }
+
+    [TestMethod]
+    public async Task TestRustV2Detector_StdWorkspaceDependencyAsync()
+    {
+        var testCargoLock = @"
+[[package]]
+name = ""addr2line""
+version = ""0.17.0""
+source = ""registry+https://github.com/rust-lang/crates.io-index""
+checksum = ""b9ecd88a8c8378ca913a680cd98f0f13ac67383d35993f86c90a70e3f137816b""
+dependencies = [
+ ""rustc-std-workspace-alloc"",
+]
+
+[[package]]
+name = ""rustc-std-workspace-alloc""
+version = ""1.99.0""
+dependencies = []
+";
+
+        var (result, componentRecorder) = await this.DetectorTestUtility
+            .WithFile("Cargo.lock", testCargoLock)
+            .ExecuteDetectorAsync();
+
+        Assert.AreEqual(ProcessingResultCode.Success, result.ResultCode);
+        Assert.AreEqual(1, componentRecorder.GetDetectedComponents().Count());
+
+        var graph = componentRecorder.GetDependencyGraphsByLocation().Values.First(); // There should only be 1
+
+        // Verify explicitly referenced roots
+        var rootComponents = new List<string>
+        {
+            "addr2line 0.17.0 - Cargo",
+        };
+
+        rootComponents.ForEach(rootComponentId => graph.IsComponentExplicitlyReferenced(rootComponentId).Should().BeTrue());
+    }
 }