Rust: Handle dependencies with multiple sources in file fetcher

lib/dependabot/file_fetchers/rust/cargo.rb

@@ -102,6 +102,8 @@ def fetch_path_dependency_files(
                 previously_fetched_files: previously_fetched_files
               )
             [fetched_file, *grandchild_requirement_files]
+          rescue Dependabot::DependencyFileNotFound
+            raise if required_path?(file, path)
           end.compact
         end
 
@@ -158,6 +160,51 @@ def workspace_dependency_paths_from_file(file)
           end
         end
 
+        # Check whether a path is required or not. It will not be required if
+        # an alternative source (i.e., a git source) is also specified
+        # rubocop:disable Metrics/AbcSize
+        # rubocop:disable Metrics/CyclomaticComplexity
+        # rubocop:disable Metrics/PerceivedComplexity
+        def required_path?(file, path)
+          # Paths specified in dependency declaration
+          FileParsers::Rust::Cargo::DEPENDENCY_TYPES.each do |type|
+            parsed_file(file).fetch(type, {}).each do |_, details|
+              next unless details.is_a?(Hash)
+              next unless details["path"]
+              next unless path == File.join(details["path"], "Cargo.toml")
+
+              return true if details["git"].nil?
+            end
+          end
+
+          # Paths specified for target-specific dependencies
+          parsed_file(file).fetch("target", {}).each do |_, t_details|
+            FileParsers::Rust::Cargo::DEPENDENCY_TYPES.each do |type|
+              t_details.fetch(type, {}).each do |_, details|
+                next unless details.is_a?(Hash)
+                next unless details["path"]
+                next unless path == File.join(details["path"], "Cargo.toml")
+
+                return true if details["git"].nil?
+              end
+            end
+          end
+
+          # Paths specified as replacements
+          parsed_file(file).fetch("replace", {}).each do |_, details|
+            next unless details.is_a?(Hash)
+            next unless details["path"]
+            next unless path == File.join(details["path"], "Cargo.toml")
+
+            return true if details["git"].nil?
+          end
+
+          false
+        end
+        # rubocop:enable Metrics/AbcSize
+        # rubocop:enable Metrics/CyclomaticComplexity
+        # rubocop:enable Metrics/PerceivedComplexity
+
         def expand_workspaces(path)
           path = Pathname.new(path).cleanpath.to_path
           dir = directory.gsub(%r{(^/|/$)}, "")

spec/dependabot/file_fetchers/rust/cargo_spec.rb

@@ -181,6 +181,23 @@
         end
       end
 
+      context "when a git source is also specified" do
+        let(:parent_fixture) do
+          fixture("github", "contents_cargo_manifest_path_deps_alt_source.json")
+        end
+
+        before do
+          stub_request(:get, url + "gen/photoslibrary1/Cargo.toml?ref=sha").
+            with(headers: { "Authorization" => "token token" }).
+            to_return(status: 200, body: path_dep_fixture, headers: json_header)
+        end
+
+        it "fetches the path dependency's Cargo.toml" do
+          expect(file_fetcher_instance.files.map(&:name)).
+            to match_array(%w(Cargo.toml gen/photoslibrary1/Cargo.toml))
+        end
+      end
+
       context "with a directory" do
         let(:source) do
           Dependabot::Source.new(
@@ -258,6 +275,23 @@
             to raise_error(Dependabot::DependencyFileNotFound)
         end
       end
+
+      context "when a git source is also specified" do
+        let(:parent_fixture) do
+          fixture("github", "contents_cargo_manifest_path_deps_alt_source.json")
+        end
+
+        before do
+          stub_request(:get, url + "gen/photoslibrary1/Cargo.toml?ref=sha").
+            with(headers: { "Authorization" => "token token" }).
+            to_return(status: 404, headers: json_header)
+        end
+
+        it "ignores that it can't fetch the path dependency's Cargo.toml" do
+          expect(file_fetcher_instance.files.map(&:name)).
+            to match_array(%w(Cargo.toml))
+        end
+      end
     end
   end
 

spec/fixtures/github/contents_cargo_manifest_path_deps_alt_source.json

@@ -0,0 +1,18 @@
+{
+  "name": "Cargo.toml",
+  "path": "Cargo.toml",
+  "sha": "49cd8299125f9ea1c4c6e22b3ae98c97539f74ae",
+  "size": 1966,
+  "url": "https://api.github.com/repos/rust-lang/crates.io/contents/Cargo.toml?ref=master",
+  "html_url": "https://github.com/rust-lang/crates.io/blob/master/Cargo.toml",
+  "git_url": "https://api.github.com/repos/rust-lang/crates.io/git/blobs/49cd8299125f9ea1c4c6e22b3ae98c97539f74ae",
+  "download_url": "https://raw.githubusercontent.com/rust-lang/crates.io/master/Cargo.toml",
+  "type": "file",
+  "content": "W3BhY2thZ2VdCm5hbWUgPSAicGhvdG9veGlkZSIKdmVyc2lvbiA9ICIwLjEu\nMCIKYXV0aG9ycyA9IFsiR3V5IFRheWxvciA8dGhlYmlnZ3V5LmNvLnVrQGdt\nYWlsLmNvbT4iXQoKW2RlcGVuZGVuY2llc10KZ29vZ2xlLXBob3Rvc2xpYnJh\ncnkxID0geyBnaXQgPSAiaHR0cHM6Ly9naXRodWIuY29tL1RoZUJpZ2dlckd1\neS9nb29nbGUtYXBpcy1ycyIsIHBhdGggPSAiZ2VuL3Bob3Rvc2xpYnJhcnkx\nIiwgYnJhbmNoID0gInBob3Rvc2xpYnJhcnlfc3RyX2ludCIgfQpmdXNlID0g\nIjAuMy4xIgpoeXBlciA9ICJeIDAuMTAiCmh5cGVyLXJ1c3RscyA9ICJeMC42\nIgp5dXAtb2F1dGgyID0gIl4gMS4wIgpzZXJkZSA9ICIqIgpzZXJkZV9qc29u\nID0gIioiCnNlcmRlX2Rlcml2ZSA9ICIqIgp0aW1lID0gIioiCmVudl9sb2dn\nZXIgPSAiKiIKbGliYyA9ICIqIgpsb2cgPSAiKiIKY2hyb25vID0gIjAuNCIK\ndXNlcnMgPSAiMC43IgpzY2hlZHVsZWQtZXhlY3V0b3IgPSAiMC40IgoKW2Rl\ncGVuZGVuY2llcy5ydXNxbGl0ZV0KdmVyc2lvbiA9ICIwLjE0LjAiCmZlYXR1\ncmVzID0gWyJidW5kbGVkIl0K\n",
+  "encoding": "base64",
+  "_links": {
+    "self": "https://api.github.com/repos/rust-lang/crates.io/contents/Cargo.toml?ref=master",
+    "git": "https://api.github.com/repos/rust-lang/crates.io/git/blobs/49cd8299125f9ea1c4c6e22b3ae98c97539f74ae",
+    "html": "https://github.com/rust-lang/crates.io/blob/master/Cargo.toml"
+  }
+}