From 175a6719a946f6bf72056c72e050627f23fe8fb4 Mon Sep 17 00:00:00 2001 From: Laurent Goderre Date: Tue, 13 May 2025 17:51:49 -0400 Subject: [PATCH] Add cataloger for Dart pubspec (#3292) * Add cataloger for Dart pubspec Signed-off-by: Laurent Goderre * capture pubspec specific fields Signed-off-by: Alex Goodman --------- Signed-off-by: Laurent Goderre Signed-off-by: Alex Goodman Co-authored-by: Alex Goodman --- internal/constants.go | 2 +- internal/task/package_tasks.go | 1 + schema/json/schema-16.0.31.json | 3056 +++++++++++++++++ schema/json/schema-latest.json | 48 +- .../helpers/originator_supplier_test.go | 1 + syft/internal/packagemetadata/generated.go | 1 + syft/internal/packagemetadata/names.go | 1 + syft/pkg/cataloger/dart/cataloger.go | 6 + syft/pkg/cataloger/dart/cataloger_test.go | 32 +- syft/pkg/cataloger/dart/package.go | 49 +- syft/pkg/cataloger/dart/parse_pubspec.go | 50 + .../cataloger/dart/parse_pubspec_lock_test.go | 191 +- syft/pkg/cataloger/dart/parse_pubspec_test.go | 70 + .../glob-paths/{ => lock}/src/pubspec.lock | 0 .../glob-paths/spec/pubspec.yaml | 1 + .../test-fixtures/glob-paths/spec/pubspec.yml | 1 + .../{ => pubspec_locks}/pubspec.lock | 0 .../pubspecs/appainter.pubspec.yaml | 75 + .../pubspecs/macros.pubspec.yaml | 16 + syft/pkg/dart.go | 16 + 20 files changed, 3520 insertions(+), 97 deletions(-) create mode 100644 schema/json/schema-16.0.31.json create mode 100644 syft/pkg/cataloger/dart/parse_pubspec.go create mode 100644 syft/pkg/cataloger/dart/parse_pubspec_test.go rename syft/pkg/cataloger/dart/test-fixtures/glob-paths/{ => lock}/src/pubspec.lock (100%) create mode 100644 syft/pkg/cataloger/dart/test-fixtures/glob-paths/spec/pubspec.yaml create mode 100644 syft/pkg/cataloger/dart/test-fixtures/glob-paths/spec/pubspec.yml rename syft/pkg/cataloger/dart/test-fixtures/{ => pubspec_locks}/pubspec.lock (100%) create mode 100644 syft/pkg/cataloger/dart/test-fixtures/pubspecs/appainter.pubspec.yaml create mode 100644 syft/pkg/cataloger/dart/test-fixtures/pubspecs/macros.pubspec.yaml diff --git a/internal/constants.go b/internal/constants.go index 950f06a14..9208bbb69 100644 --- a/internal/constants.go +++ b/internal/constants.go @@ -3,5 +3,5 @@ package internal const ( // JSONSchemaVersion is the current schema version output by the JSON encoder // This is roughly following the "SchemaVer" guidelines for versioning the JSON schema. Please see schema/json/README.md for details on how to increment. - JSONSchemaVersion = "16.0.30" + JSONSchemaVersion = "16.0.31" ) diff --git a/internal/task/package_tasks.go b/internal/task/package_tasks.go index 5b616c452..0fa6e316a 100644 --- a/internal/task/package_tasks.go +++ b/internal/task/package_tasks.go @@ -77,6 +77,7 @@ func DefaultPackageTaskFactories() Factories { // language-specific package declared catalogers /////////////////////////////////////////////////////////////////////////// newSimplePackageTaskFactory(cpp.NewConanCataloger, pkgcataloging.DeclaredTag, pkgcataloging.DirectoryTag, pkgcataloging.LanguageTag, "cpp", "conan"), newSimplePackageTaskFactory(dart.NewPubspecLockCataloger, pkgcataloging.DeclaredTag, pkgcataloging.DirectoryTag, pkgcataloging.LanguageTag, "dart"), + newSimplePackageTaskFactory(dart.NewPubspecCataloger, pkgcataloging.DeclaredTag, pkgcataloging.DirectoryTag, pkgcataloging.LanguageTag, "dart"), newSimplePackageTaskFactory(elixir.NewMixLockCataloger, pkgcataloging.DeclaredTag, pkgcataloging.DirectoryTag, pkgcataloging.LanguageTag, "elixir"), newSimplePackageTaskFactory(erlang.NewRebarLockCataloger, pkgcataloging.DeclaredTag, pkgcataloging.DirectoryTag, pkgcataloging.LanguageTag, "erlang"), newSimplePackageTaskFactory(erlang.NewOTPCataloger, pkgcataloging.DeclaredTag, pkgcataloging.DirectoryTag, pkgcataloging.LanguageTag, "erlang", "otp"), diff --git a/schema/json/schema-16.0.31.json b/schema/json/schema-16.0.31.json new file mode 100644 index 000000000..624bdb51e --- /dev/null +++ b/schema/json/schema-16.0.31.json @@ -0,0 +1,3056 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "anchore.io/schema/syft/json/16.0.31/document", + "$ref": "#/$defs/Document", + "$defs": { + "AlpmDbEntry": { + "properties": { + "basepackage": { + "type": "string" + }, + "package": { + "type": "string" + }, + "version": { + "type": "string" + }, + "description": { + "type": "string" + }, + "architecture": { + "type": "string" + }, + "size": { + "type": "integer" + }, + "packager": { + "type": "string" + }, + "url": { + "type": "string" + }, + "validation": { + "type": "string" + }, + "reason": { + "type": "integer" + }, + "files": { + "items": { + "$ref": "#/$defs/AlpmFileRecord" + }, + "type": "array" + }, + "backup": { + "items": { + "$ref": "#/$defs/AlpmFileRecord" + }, + "type": "array" + }, + "provides": { + "items": { + "type": "string" + }, + "type": "array" + }, + "depends": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "basepackage", + "package", + "version", + "description", + "architecture", + "size", + "packager", + "url", + "validation", + "reason", + "files", + "backup" + ] + }, + "AlpmFileRecord": { + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + }, + "uid": { + "type": "string" + }, + "gid": { + "type": "string" + }, + "time": { + "type": "string", + "format": "date-time" + }, + "size": { + "type": "string" + }, + "link": { + "type": "string" + }, + "digest": { + "items": { + "$ref": "#/$defs/Digest" + }, + "type": "array" + } + }, + "type": "object" + }, + "ApkDbEntry": { + "properties": { + "package": { + "type": "string" + }, + "originPackage": { + "type": "string" + }, + "maintainer": { + "type": "string" + }, + "version": { + "type": "string" + }, + "architecture": { + "type": "string" + }, + "url": { + "type": "string" + }, + "description": { + "type": "string" + }, + "size": { + "type": "integer" + }, + "installedSize": { + "type": "integer" + }, + "pullDependencies": { + "items": { + "type": "string" + }, + "type": "array" + }, + "provides": { + "items": { + "type": "string" + }, + "type": "array" + }, + "pullChecksum": { + "type": "string" + }, + "gitCommitOfApkPort": { + "type": "string" + }, + "files": { + "items": { + "$ref": "#/$defs/ApkFileRecord" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "package", + "originPackage", + "maintainer", + "version", + "architecture", + "url", + "description", + "size", + "installedSize", + "pullDependencies", + "provides", + "pullChecksum", + "gitCommitOfApkPort", + "files" + ] + }, + "ApkFileRecord": { + "properties": { + "path": { + "type": "string" + }, + "ownerUid": { + "type": "string" + }, + "ownerGid": { + "type": "string" + }, + "permissions": { + "type": "string" + }, + "digest": { + "$ref": "#/$defs/Digest" + } + }, + "type": "object", + "required": [ + "path" + ] + }, + "BinarySignature": { + "properties": { + "matches": { + "items": { + "$ref": "#/$defs/ClassifierMatch" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "matches" + ] + }, + "BitnamiSbomEntry": { + "properties": { + "name": { + "type": "string" + }, + "arch": { + "type": "string" + }, + "distro": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "version": { + "type": "string" + }, + "path": { + "type": "string" + }, + "files": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "name", + "arch", + "distro", + "revision", + "version", + "path", + "files" + ] + }, + "CConanFileEntry": { + "properties": { + "ref": { + "type": "string" + } + }, + "type": "object", + "required": [ + "ref" + ] + }, + "CConanInfoEntry": { + "properties": { + "ref": { + "type": "string" + }, + "package_id": { + "type": "string" + } + }, + "type": "object", + "required": [ + "ref" + ] + }, + "CConanLockEntry": { + "properties": { + "ref": { + "type": "string" + }, + "package_id": { + "type": "string" + }, + "prev": { + "type": "string" + }, + "requires": { + "items": { + "type": "string" + }, + "type": "array" + }, + "build_requires": { + "items": { + "type": "string" + }, + "type": "array" + }, + "py_requires": { + "items": { + "type": "string" + }, + "type": "array" + }, + "options": { + "$ref": "#/$defs/KeyValues" + }, + "path": { + "type": "string" + }, + "context": { + "type": "string" + } + }, + "type": "object", + "required": [ + "ref" + ] + }, + "CConanLockV2Entry": { + "properties": { + "ref": { + "type": "string" + }, + "packageID": { + "type": "string" + }, + "username": { + "type": "string" + }, + "channel": { + "type": "string" + }, + "recipeRevision": { + "type": "string" + }, + "packageRevision": { + "type": "string" + }, + "timestamp": { + "type": "string" + } + }, + "type": "object", + "required": [ + "ref" + ] + }, + "CPE": { + "properties": { + "cpe": { + "type": "string" + }, + "source": { + "type": "string" + } + }, + "type": "object", + "required": [ + "cpe" + ] + }, + "ClassifierMatch": { + "properties": { + "classifier": { + "type": "string" + }, + "location": { + "$ref": "#/$defs/Location" + } + }, + "type": "object", + "required": [ + "classifier", + "location" + ] + }, + "CocoaPodfileLockEntry": { + "properties": { + "checksum": { + "type": "string" + } + }, + "type": "object", + "required": [ + "checksum" + ] + }, + "Coordinates": { + "properties": { + "path": { + "type": "string" + }, + "layerID": { + "type": "string" + } + }, + "type": "object", + "required": [ + "path" + ] + }, + "DartPubspec": { + "properties": { + "homepage": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "documentation": { + "type": "string" + }, + "publish_to": { + "type": "string" + }, + "environment": { + "$ref": "#/$defs/DartPubspecEnvironment" + }, + "platforms": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ignored_advisories": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "DartPubspecEnvironment": { + "properties": { + "sdk": { + "type": "string" + }, + "flutter": { + "type": "string" + } + }, + "type": "object" + }, + "DartPubspecLockEntry": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "hosted_url": { + "type": "string" + }, + "vcs_url": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "version" + ] + }, + "Descriptor": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "configuration": true + }, + "type": "object", + "required": [ + "name", + "version" + ] + }, + "Digest": { + "properties": { + "algorithm": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "algorithm", + "value" + ] + }, + "Document": { + "properties": { + "artifacts": { + "items": { + "$ref": "#/$defs/Package" + }, + "type": "array" + }, + "artifactRelationships": { + "items": { + "$ref": "#/$defs/Relationship" + }, + "type": "array" + }, + "files": { + "items": { + "$ref": "#/$defs/File" + }, + "type": "array" + }, + "source": { + "$ref": "#/$defs/Source" + }, + "distro": { + "$ref": "#/$defs/LinuxRelease" + }, + "descriptor": { + "$ref": "#/$defs/Descriptor" + }, + "schema": { + "$ref": "#/$defs/Schema" + } + }, + "type": "object", + "required": [ + "artifacts", + "artifactRelationships", + "source", + "distro", + "descriptor", + "schema" + ] + }, + "DotnetDepsEntry": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "path": { + "type": "string" + }, + "sha512": { + "type": "string" + }, + "hashPath": { + "type": "string" + }, + "executables": { + "patternProperties": { + ".*": { + "$ref": "#/$defs/DotnetPortableExecutableEntry" + } + }, + "type": "object" + } + }, + "type": "object", + "required": [ + "name", + "version", + "path", + "sha512", + "hashPath" + ] + }, + "DotnetPackagesLockEntry": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "contentHash": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "version", + "contentHash", + "type" + ] + }, + "DotnetPortableExecutableEntry": { + "properties": { + "assemblyVersion": { + "type": "string" + }, + "legalCopyright": { + "type": "string" + }, + "comments": { + "type": "string" + }, + "internalName": { + "type": "string" + }, + "companyName": { + "type": "string" + }, + "productName": { + "type": "string" + }, + "productVersion": { + "type": "string" + } + }, + "type": "object", + "required": [ + "assemblyVersion", + "legalCopyright", + "companyName", + "productName", + "productVersion" + ] + }, + "DpkgArchiveEntry": { + "properties": { + "package": { + "type": "string" + }, + "source": { + "type": "string" + }, + "version": { + "type": "string" + }, + "sourceVersion": { + "type": "string" + }, + "architecture": { + "type": "string" + }, + "maintainer": { + "type": "string" + }, + "installedSize": { + "type": "integer" + }, + "provides": { + "items": { + "type": "string" + }, + "type": "array" + }, + "depends": { + "items": { + "type": "string" + }, + "type": "array" + }, + "preDepends": { + "items": { + "type": "string" + }, + "type": "array" + }, + "files": { + "items": { + "$ref": "#/$defs/DpkgFileRecord" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "package", + "source", + "version", + "sourceVersion", + "architecture", + "maintainer", + "installedSize", + "files" + ] + }, + "DpkgDbEntry": { + "properties": { + "package": { + "type": "string" + }, + "source": { + "type": "string" + }, + "version": { + "type": "string" + }, + "sourceVersion": { + "type": "string" + }, + "architecture": { + "type": "string" + }, + "maintainer": { + "type": "string" + }, + "installedSize": { + "type": "integer" + }, + "provides": { + "items": { + "type": "string" + }, + "type": "array" + }, + "depends": { + "items": { + "type": "string" + }, + "type": "array" + }, + "preDepends": { + "items": { + "type": "string" + }, + "type": "array" + }, + "files": { + "items": { + "$ref": "#/$defs/DpkgFileRecord" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "package", + "source", + "version", + "sourceVersion", + "architecture", + "maintainer", + "installedSize", + "files" + ] + }, + "DpkgFileRecord": { + "properties": { + "path": { + "type": "string" + }, + "digest": { + "$ref": "#/$defs/Digest" + }, + "isConfigFile": { + "type": "boolean" + } + }, + "type": "object", + "required": [ + "path", + "isConfigFile" + ] + }, + "ELFSecurityFeatures": { + "properties": { + "symbolTableStripped": { + "type": "boolean" + }, + "stackCanary": { + "type": "boolean" + }, + "nx": { + "type": "boolean" + }, + "relRO": { + "type": "string" + }, + "pie": { + "type": "boolean" + }, + "dso": { + "type": "boolean" + }, + "safeStack": { + "type": "boolean" + }, + "cfi": { + "type": "boolean" + }, + "fortify": { + "type": "boolean" + } + }, + "type": "object", + "required": [ + "symbolTableStripped", + "nx", + "relRO", + "pie", + "dso" + ] + }, + "ElfBinaryPackageNoteJsonPayload": { + "properties": { + "type": { + "type": "string" + }, + "architecture": { + "type": "string" + }, + "osCPE": { + "type": "string" + }, + "os": { + "type": "string" + }, + "osVersion": { + "type": "string" + }, + "system": { + "type": "string" + }, + "vendor": { + "type": "string" + }, + "sourceRepo": { + "type": "string" + }, + "commit": { + "type": "string" + } + }, + "type": "object" + }, + "ElixirMixLockEntry": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "pkgHash": { + "type": "string" + }, + "pkgHashExt": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "version", + "pkgHash", + "pkgHashExt" + ] + }, + "ErlangRebarLockEntry": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "pkgHash": { + "type": "string" + }, + "pkgHashExt": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "version", + "pkgHash", + "pkgHashExt" + ] + }, + "Executable": { + "properties": { + "format": { + "type": "string" + }, + "hasExports": { + "type": "boolean" + }, + "hasEntrypoint": { + "type": "boolean" + }, + "importedLibraries": { + "items": { + "type": "string" + }, + "type": "array" + }, + "elfSecurityFeatures": { + "$ref": "#/$defs/ELFSecurityFeatures" + } + }, + "type": "object", + "required": [ + "format", + "hasExports", + "hasEntrypoint", + "importedLibraries" + ] + }, + "File": { + "properties": { + "id": { + "type": "string" + }, + "location": { + "$ref": "#/$defs/Coordinates" + }, + "metadata": { + "$ref": "#/$defs/FileMetadataEntry" + }, + "contents": { + "type": "string" + }, + "digests": { + "items": { + "$ref": "#/$defs/Digest" + }, + "type": "array" + }, + "licenses": { + "items": { + "$ref": "#/$defs/FileLicense" + }, + "type": "array" + }, + "executable": { + "$ref": "#/$defs/Executable" + }, + "unknowns": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "id", + "location" + ] + }, + "FileLicense": { + "properties": { + "value": { + "type": "string" + }, + "spdxExpression": { + "type": "string" + }, + "type": { + "type": "string" + }, + "evidence": { + "$ref": "#/$defs/FileLicenseEvidence" + } + }, + "type": "object", + "required": [ + "value", + "spdxExpression", + "type" + ] + }, + "FileLicenseEvidence": { + "properties": { + "confidence": { + "type": "integer" + }, + "offset": { + "type": "integer" + }, + "extent": { + "type": "integer" + } + }, + "type": "object", + "required": [ + "confidence", + "offset", + "extent" + ] + }, + "FileMetadataEntry": { + "properties": { + "mode": { + "type": "integer" + }, + "type": { + "type": "string" + }, + "linkDestination": { + "type": "string" + }, + "userID": { + "type": "integer" + }, + "groupID": { + "type": "integer" + }, + "mimeType": { + "type": "string" + }, + "size": { + "type": "integer" + } + }, + "type": "object", + "required": [ + "mode", + "type", + "userID", + "groupID", + "mimeType", + "size" + ] + }, + "GithubActionsUseStatement": { + "properties": { + "value": { + "type": "string" + }, + "comment": { + "type": "string" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "GoModuleBuildinfoEntry": { + "properties": { + "goBuildSettings": { + "$ref": "#/$defs/KeyValues" + }, + "goCompiledVersion": { + "type": "string" + }, + "architecture": { + "type": "string" + }, + "h1Digest": { + "type": "string" + }, + "mainModule": { + "type": "string" + }, + "goCryptoSettings": { + "items": { + "type": "string" + }, + "type": "array" + }, + "goExperiments": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "goCompiledVersion", + "architecture" + ] + }, + "GoModuleEntry": { + "properties": { + "h1Digest": { + "type": "string" + } + }, + "type": "object" + }, + "HaskellHackageStackEntry": { + "properties": { + "pkgHash": { + "type": "string" + } + }, + "type": "object" + }, + "HaskellHackageStackLockEntry": { + "properties": { + "pkgHash": { + "type": "string" + }, + "snapshotURL": { + "type": "string" + } + }, + "type": "object" + }, + "HomebrewFormula": { + "properties": { + "tap": { + "type": "string" + }, + "homepage": { + "type": "string" + }, + "description": { + "type": "string" + } + }, + "type": "object" + }, + "IDLikes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "JavaArchive": { + "properties": { + "virtualPath": { + "type": "string" + }, + "manifest": { + "$ref": "#/$defs/JavaManifest" + }, + "pomProperties": { + "$ref": "#/$defs/JavaPomProperties" + }, + "pomProject": { + "$ref": "#/$defs/JavaPomProject" + }, + "digest": { + "items": { + "$ref": "#/$defs/Digest" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "virtualPath" + ] + }, + "JavaJvmInstallation": { + "properties": { + "release": { + "$ref": "#/$defs/JavaVMRelease" + }, + "files": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "release", + "files" + ] + }, + "JavaManifest": { + "properties": { + "main": { + "$ref": "#/$defs/KeyValues" + }, + "sections": { + "items": { + "$ref": "#/$defs/KeyValues" + }, + "type": "array" + } + }, + "type": "object" + }, + "JavaPomParent": { + "properties": { + "groupId": { + "type": "string" + }, + "artifactId": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object", + "required": [ + "groupId", + "artifactId", + "version" + ] + }, + "JavaPomProject": { + "properties": { + "path": { + "type": "string" + }, + "parent": { + "$ref": "#/$defs/JavaPomParent" + }, + "groupId": { + "type": "string" + }, + "artifactId": { + "type": "string" + }, + "version": { + "type": "string" + }, + "name": { + "type": "string" + }, + "description": { + "type": "string" + }, + "url": { + "type": "string" + } + }, + "type": "object", + "required": [ + "path", + "groupId", + "artifactId", + "version", + "name" + ] + }, + "JavaPomProperties": { + "properties": { + "path": { + "type": "string" + }, + "name": { + "type": "string" + }, + "groupId": { + "type": "string" + }, + "artifactId": { + "type": "string" + }, + "version": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "extraFields": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object", + "required": [ + "path", + "name", + "groupId", + "artifactId", + "version" + ] + }, + "JavaVMRelease": { + "properties": { + "implementor": { + "type": "string" + }, + "implementorVersion": { + "type": "string" + }, + "javaRuntimeVersion": { + "type": "string" + }, + "javaVersion": { + "type": "string" + }, + "javaVersionDate": { + "type": "string" + }, + "libc": { + "type": "string" + }, + "modules": { + "items": { + "type": "string" + }, + "type": "array" + }, + "osArch": { + "type": "string" + }, + "osName": { + "type": "string" + }, + "osVersion": { + "type": "string" + }, + "source": { + "type": "string" + }, + "buildSource": { + "type": "string" + }, + "buildSourceRepo": { + "type": "string" + }, + "sourceRepo": { + "type": "string" + }, + "fullVersion": { + "type": "string" + }, + "semanticVersion": { + "type": "string" + }, + "buildInfo": { + "type": "string" + }, + "jvmVariant": { + "type": "string" + }, + "jvmVersion": { + "type": "string" + }, + "imageType": { + "type": "string" + }, + "buildType": { + "type": "string" + } + }, + "type": "object" + }, + "JavascriptNpmPackage": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "author": { + "type": "string" + }, + "homepage": { + "type": "string" + }, + "description": { + "type": "string" + }, + "url": { + "type": "string" + }, + "private": { + "type": "boolean" + } + }, + "type": "object", + "required": [ + "name", + "version", + "author", + "homepage", + "description", + "url", + "private" + ] + }, + "JavascriptNpmPackageLockEntry": { + "properties": { + "resolved": { + "type": "string" + }, + "integrity": { + "type": "string" + } + }, + "type": "object", + "required": [ + "resolved", + "integrity" + ] + }, + "JavascriptYarnLockEntry": { + "properties": { + "resolved": { + "type": "string" + }, + "integrity": { + "type": "string" + } + }, + "type": "object", + "required": [ + "resolved", + "integrity" + ] + }, + "KeyValue": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "key", + "value" + ] + }, + "KeyValues": { + "items": { + "$ref": "#/$defs/KeyValue" + }, + "type": "array" + }, + "License": { + "properties": { + "value": { + "type": "string" + }, + "fullText": { + "type": "string" + }, + "spdxExpression": { + "type": "string" + }, + "type": { + "type": "string" + }, + "urls": { + "items": { + "type": "string" + }, + "type": "array" + }, + "locations": { + "items": { + "$ref": "#/$defs/Location" + }, + "type": "array" + }, + "contents": { + "type": "string" + } + }, + "type": "object", + "required": [ + "value", + "fullText", + "spdxExpression", + "type", + "urls", + "locations" + ] + }, + "LinuxKernelArchive": { + "properties": { + "name": { + "type": "string" + }, + "architecture": { + "type": "string" + }, + "version": { + "type": "string" + }, + "extendedVersion": { + "type": "string" + }, + "buildTime": { + "type": "string" + }, + "author": { + "type": "string" + }, + "format": { + "type": "string" + }, + "rwRootFS": { + "type": "boolean" + }, + "swapDevice": { + "type": "integer" + }, + "rootDevice": { + "type": "integer" + }, + "videoMode": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "architecture", + "version" + ] + }, + "LinuxKernelModule": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "sourceVersion": { + "type": "string" + }, + "path": { + "type": "string" + }, + "description": { + "type": "string" + }, + "author": { + "type": "string" + }, + "license": { + "type": "string" + }, + "kernelVersion": { + "type": "string" + }, + "versionMagic": { + "type": "string" + }, + "parameters": { + "patternProperties": { + ".*": { + "$ref": "#/$defs/LinuxKernelModuleParameter" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "LinuxKernelModuleParameter": { + "properties": { + "type": { + "type": "string" + }, + "description": { + "type": "string" + } + }, + "type": "object" + }, + "LinuxRelease": { + "properties": { + "prettyName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "id": { + "type": "string" + }, + "idLike": { + "$ref": "#/$defs/IDLikes" + }, + "version": { + "type": "string" + }, + "versionID": { + "type": "string" + }, + "versionCodename": { + "type": "string" + }, + "buildID": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "imageVersion": { + "type": "string" + }, + "variant": { + "type": "string" + }, + "variantID": { + "type": "string" + }, + "homeURL": { + "type": "string" + }, + "supportURL": { + "type": "string" + }, + "bugReportURL": { + "type": "string" + }, + "privacyPolicyURL": { + "type": "string" + }, + "cpeName": { + "type": "string" + }, + "supportEnd": { + "type": "string" + } + }, + "type": "object" + }, + "Location": { + "properties": { + "path": { + "type": "string" + }, + "layerID": { + "type": "string" + }, + "accessPath": { + "type": "string" + }, + "annotations": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object", + "required": [ + "path", + "accessPath" + ] + }, + "LuarocksPackage": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "license": { + "type": "string" + }, + "homepage": { + "type": "string" + }, + "description": { + "type": "string" + }, + "url": { + "type": "string" + }, + "dependencies": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object", + "required": [ + "name", + "version", + "license", + "homepage", + "description", + "url", + "dependencies" + ] + }, + "MicrosoftKbPatch": { + "properties": { + "product_id": { + "type": "string" + }, + "kb": { + "type": "string" + } + }, + "type": "object", + "required": [ + "product_id", + "kb" + ] + }, + "NixDerivation": { + "properties": { + "path": { + "type": "string" + }, + "system": { + "type": "string" + }, + "inputDerivations": { + "items": { + "$ref": "#/$defs/NixDerivationReference" + }, + "type": "array" + }, + "inputSources": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "NixDerivationReference": { + "properties": { + "path": { + "type": "string" + }, + "outputs": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "NixStoreEntry": { + "properties": { + "path": { + "type": "string" + }, + "output": { + "type": "string" + }, + "outputHash": { + "type": "string" + }, + "derivation": { + "$ref": "#/$defs/NixDerivation" + }, + "files": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "outputHash" + ] + }, + "OpamPackage": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "licenses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "url": { + "type": "string" + }, + "checksum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "homepage": { + "type": "string" + }, + "dependencies": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "name", + "version", + "licenses", + "url", + "checksum", + "homepage", + "dependencies" + ] + }, + "Package": { + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "type": { + "type": "string" + }, + "foundBy": { + "type": "string" + }, + "locations": { + "items": { + "$ref": "#/$defs/Location" + }, + "type": "array" + }, + "licenses": { + "$ref": "#/$defs/licenses" + }, + "language": { + "type": "string" + }, + "cpes": { + "$ref": "#/$defs/cpes" + }, + "purl": { + "type": "string" + }, + "metadataType": { + "type": "string" + }, + "metadata": { + "anyOf": [ + { + "type": "null" + }, + { + "$ref": "#/$defs/AlpmDbEntry" + }, + { + "$ref": "#/$defs/ApkDbEntry" + }, + { + "$ref": "#/$defs/BinarySignature" + }, + { + "$ref": "#/$defs/BitnamiSbomEntry" + }, + { + "$ref": "#/$defs/CConanFileEntry" + }, + { + "$ref": "#/$defs/CConanInfoEntry" + }, + { + "$ref": "#/$defs/CConanLockEntry" + }, + { + "$ref": "#/$defs/CConanLockV2Entry" + }, + { + "$ref": "#/$defs/CocoaPodfileLockEntry" + }, + { + "$ref": "#/$defs/DartPubspec" + }, + { + "$ref": "#/$defs/DartPubspecLockEntry" + }, + { + "$ref": "#/$defs/DotnetDepsEntry" + }, + { + "$ref": "#/$defs/DotnetPackagesLockEntry" + }, + { + "$ref": "#/$defs/DotnetPortableExecutableEntry" + }, + { + "$ref": "#/$defs/DpkgArchiveEntry" + }, + { + "$ref": "#/$defs/DpkgDbEntry" + }, + { + "$ref": "#/$defs/ElfBinaryPackageNoteJsonPayload" + }, + { + "$ref": "#/$defs/ElixirMixLockEntry" + }, + { + "$ref": "#/$defs/ErlangRebarLockEntry" + }, + { + "$ref": "#/$defs/GithubActionsUseStatement" + }, + { + "$ref": "#/$defs/GoModuleBuildinfoEntry" + }, + { + "$ref": "#/$defs/GoModuleEntry" + }, + { + "$ref": "#/$defs/HaskellHackageStackEntry" + }, + { + "$ref": "#/$defs/HaskellHackageStackLockEntry" + }, + { + "$ref": "#/$defs/HomebrewFormula" + }, + { + "$ref": "#/$defs/JavaArchive" + }, + { + "$ref": "#/$defs/JavaJvmInstallation" + }, + { + "$ref": "#/$defs/JavascriptNpmPackage" + }, + { + "$ref": "#/$defs/JavascriptNpmPackageLockEntry" + }, + { + "$ref": "#/$defs/JavascriptYarnLockEntry" + }, + { + "$ref": "#/$defs/LinuxKernelArchive" + }, + { + "$ref": "#/$defs/LinuxKernelModule" + }, + { + "$ref": "#/$defs/LuarocksPackage" + }, + { + "$ref": "#/$defs/MicrosoftKbPatch" + }, + { + "$ref": "#/$defs/NixStoreEntry" + }, + { + "$ref": "#/$defs/OpamPackage" + }, + { + "$ref": "#/$defs/PhpComposerInstalledEntry" + }, + { + "$ref": "#/$defs/PhpComposerLockEntry" + }, + { + "$ref": "#/$defs/PhpPearEntry" + }, + { + "$ref": "#/$defs/PhpPeclEntry" + }, + { + "$ref": "#/$defs/PortageDbEntry" + }, + { + "$ref": "#/$defs/PythonPackage" + }, + { + "$ref": "#/$defs/PythonPipRequirementsEntry" + }, + { + "$ref": "#/$defs/PythonPipfileLockEntry" + }, + { + "$ref": "#/$defs/PythonPoetryLockEntry" + }, + { + "$ref": "#/$defs/RDescription" + }, + { + "$ref": "#/$defs/RpmArchive" + }, + { + "$ref": "#/$defs/RpmDbEntry" + }, + { + "$ref": "#/$defs/RubyGemspec" + }, + { + "$ref": "#/$defs/RustCargoAuditEntry" + }, + { + "$ref": "#/$defs/RustCargoLockEntry" + }, + { + "$ref": "#/$defs/SwiftPackageManagerLockEntry" + }, + { + "$ref": "#/$defs/SwiplpackPackage" + }, + { + "$ref": "#/$defs/TerraformLockProviderEntry" + }, + { + "$ref": "#/$defs/WordpressPluginEntry" + } + ] + } + }, + "type": "object", + "required": [ + "id", + "name", + "version", + "type", + "foundBy", + "locations", + "licenses", + "language", + "cpes", + "purl" + ] + }, + "PhpComposerAuthors": { + "properties": { + "name": { + "type": "string" + }, + "email": { + "type": "string" + }, + "homepage": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "PhpComposerExternalReference": { + "properties": { + "type": { + "type": "string" + }, + "url": { + "type": "string" + }, + "reference": { + "type": "string" + }, + "shasum": { + "type": "string" + } + }, + "type": "object", + "required": [ + "type", + "url", + "reference" + ] + }, + "PhpComposerInstalledEntry": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "source": { + "$ref": "#/$defs/PhpComposerExternalReference" + }, + "dist": { + "$ref": "#/$defs/PhpComposerExternalReference" + }, + "require": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "provide": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "require-dev": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "suggest": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "license": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "notification-url": { + "type": "string" + }, + "bin": { + "items": { + "type": "string" + }, + "type": "array" + }, + "authors": { + "items": { + "$ref": "#/$defs/PhpComposerAuthors" + }, + "type": "array" + }, + "description": { + "type": "string" + }, + "homepage": { + "type": "string" + }, + "keywords": { + "items": { + "type": "string" + }, + "type": "array" + }, + "time": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "version", + "source", + "dist" + ] + }, + "PhpComposerLockEntry": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "source": { + "$ref": "#/$defs/PhpComposerExternalReference" + }, + "dist": { + "$ref": "#/$defs/PhpComposerExternalReference" + }, + "require": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "provide": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "require-dev": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "suggest": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "license": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "notification-url": { + "type": "string" + }, + "bin": { + "items": { + "type": "string" + }, + "type": "array" + }, + "authors": { + "items": { + "$ref": "#/$defs/PhpComposerAuthors" + }, + "type": "array" + }, + "description": { + "type": "string" + }, + "homepage": { + "type": "string" + }, + "keywords": { + "items": { + "type": "string" + }, + "type": "array" + }, + "time": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "version", + "source", + "dist" + ] + }, + "PhpPearEntry": { + "properties": { + "name": { + "type": "string" + }, + "channel": { + "type": "string" + }, + "version": { + "type": "string" + }, + "license": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "name", + "version" + ] + }, + "PhpPeclEntry": { + "properties": { + "name": { + "type": "string" + }, + "channel": { + "type": "string" + }, + "version": { + "type": "string" + }, + "license": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "name", + "version" + ] + }, + "PortageDbEntry": { + "properties": { + "installedSize": { + "type": "integer" + }, + "licenses": { + "type": "string" + }, + "files": { + "items": { + "$ref": "#/$defs/PortageFileRecord" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "installedSize", + "files" + ] + }, + "PortageFileRecord": { + "properties": { + "path": { + "type": "string" + }, + "digest": { + "$ref": "#/$defs/Digest" + } + }, + "type": "object", + "required": [ + "path" + ] + }, + "PythonDirectURLOriginInfo": { + "properties": { + "url": { + "type": "string" + }, + "commitId": { + "type": "string" + }, + "vcs": { + "type": "string" + } + }, + "type": "object", + "required": [ + "url" + ] + }, + "PythonFileDigest": { + "properties": { + "algorithm": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "algorithm", + "value" + ] + }, + "PythonFileRecord": { + "properties": { + "path": { + "type": "string" + }, + "digest": { + "$ref": "#/$defs/PythonFileDigest" + }, + "size": { + "type": "string" + } + }, + "type": "object", + "required": [ + "path" + ] + }, + "PythonPackage": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "author": { + "type": "string" + }, + "authorEmail": { + "type": "string" + }, + "platform": { + "type": "string" + }, + "files": { + "items": { + "$ref": "#/$defs/PythonFileRecord" + }, + "type": "array" + }, + "sitePackagesRootPath": { + "type": "string" + }, + "topLevelPackages": { + "items": { + "type": "string" + }, + "type": "array" + }, + "directUrlOrigin": { + "$ref": "#/$defs/PythonDirectURLOriginInfo" + }, + "requiresPython": { + "type": "string" + }, + "requiresDist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "providesExtra": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "name", + "version", + "author", + "authorEmail", + "platform", + "sitePackagesRootPath" + ] + }, + "PythonPipRequirementsEntry": { + "properties": { + "name": { + "type": "string" + }, + "extras": { + "items": { + "type": "string" + }, + "type": "array" + }, + "versionConstraint": { + "type": "string" + }, + "url": { + "type": "string" + }, + "markers": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "versionConstraint" + ] + }, + "PythonPipfileLockEntry": { + "properties": { + "hashes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "index": { + "type": "string" + } + }, + "type": "object", + "required": [ + "hashes", + "index" + ] + }, + "PythonPoetryLockDependencyEntry": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "markers": { + "type": "string" + }, + "extras": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "name", + "version", + "optional" + ] + }, + "PythonPoetryLockEntry": { + "properties": { + "index": { + "type": "string" + }, + "dependencies": { + "items": { + "$ref": "#/$defs/PythonPoetryLockDependencyEntry" + }, + "type": "array" + }, + "extras": { + "items": { + "$ref": "#/$defs/PythonPoetryLockExtraEntry" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "index", + "dependencies" + ] + }, + "PythonPoetryLockExtraEntry": { + "properties": { + "name": { + "type": "string" + }, + "dependencies": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "name", + "dependencies" + ] + }, + "RDescription": { + "properties": { + "title": { + "type": "string" + }, + "description": { + "type": "string" + }, + "author": { + "type": "string" + }, + "maintainer": { + "type": "string" + }, + "url": { + "items": { + "type": "string" + }, + "type": "array" + }, + "repository": { + "type": "string" + }, + "built": { + "type": "string" + }, + "needsCompilation": { + "type": "boolean" + }, + "imports": { + "items": { + "type": "string" + }, + "type": "array" + }, + "depends": { + "items": { + "type": "string" + }, + "type": "array" + }, + "suggests": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "Relationship": { + "properties": { + "parent": { + "type": "string" + }, + "child": { + "type": "string" + }, + "type": { + "type": "string" + }, + "metadata": true + }, + "type": "object", + "required": [ + "parent", + "child", + "type" + ] + }, + "RpmArchive": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "epoch": { + "oneOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ] + }, + "architecture": { + "type": "string" + }, + "release": { + "type": "string" + }, + "sourceRpm": { + "type": "string" + }, + "size": { + "type": "integer" + }, + "vendor": { + "type": "string" + }, + "modularityLabel": { + "type": "string" + }, + "provides": { + "items": { + "type": "string" + }, + "type": "array" + }, + "requires": { + "items": { + "type": "string" + }, + "type": "array" + }, + "files": { + "items": { + "$ref": "#/$defs/RpmFileRecord" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "name", + "version", + "epoch", + "architecture", + "release", + "sourceRpm", + "size", + "vendor", + "files" + ] + }, + "RpmDbEntry": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "epoch": { + "oneOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ] + }, + "architecture": { + "type": "string" + }, + "release": { + "type": "string" + }, + "sourceRpm": { + "type": "string" + }, + "size": { + "type": "integer" + }, + "vendor": { + "type": "string" + }, + "modularityLabel": { + "type": "string" + }, + "provides": { + "items": { + "type": "string" + }, + "type": "array" + }, + "requires": { + "items": { + "type": "string" + }, + "type": "array" + }, + "files": { + "items": { + "$ref": "#/$defs/RpmFileRecord" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "name", + "version", + "epoch", + "architecture", + "release", + "sourceRpm", + "size", + "vendor", + "files" + ] + }, + "RpmFileRecord": { + "properties": { + "path": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "size": { + "type": "integer" + }, + "digest": { + "$ref": "#/$defs/Digest" + }, + "userName": { + "type": "string" + }, + "groupName": { + "type": "string" + }, + "flags": { + "type": "string" + } + }, + "type": "object", + "required": [ + "path", + "mode", + "size", + "digest", + "userName", + "groupName", + "flags" + ] + }, + "RubyGemspec": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "files": { + "items": { + "type": "string" + }, + "type": "array" + }, + "authors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "homepage": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "version" + ] + }, + "RustCargoAuditEntry": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "source": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "version", + "source" + ] + }, + "RustCargoLockEntry": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "source": { + "type": "string" + }, + "checksum": { + "type": "string" + }, + "dependencies": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "name", + "version", + "source", + "checksum", + "dependencies" + ] + }, + "Schema": { + "properties": { + "version": { + "type": "string" + }, + "url": { + "type": "string" + } + }, + "type": "object", + "required": [ + "version", + "url" + ] + }, + "Source": { + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "type": { + "type": "string" + }, + "metadata": true + }, + "type": "object", + "required": [ + "id", + "name", + "version", + "type", + "metadata" + ] + }, + "SwiftPackageManagerLockEntry": { + "properties": { + "revision": { + "type": "string" + } + }, + "type": "object", + "required": [ + "revision" + ] + }, + "SwiplpackPackage": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "author": { + "type": "string" + }, + "authorEmail": { + "type": "string" + }, + "packager": { + "type": "string" + }, + "packagerEmail": { + "type": "string" + }, + "homepage": { + "type": "string" + }, + "dependencies": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "name", + "version", + "author", + "authorEmail", + "packager", + "packagerEmail", + "homepage", + "dependencies" + ] + }, + "TerraformLockProviderEntry": { + "properties": { + "url": { + "type": "string" + }, + "constraints": { + "type": "string" + }, + "version": { + "type": "string" + }, + "hashes": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "url", + "constraints", + "version", + "hashes" + ] + }, + "WordpressPluginEntry": { + "properties": { + "pluginInstallDirectory": { + "type": "string" + }, + "author": { + "type": "string" + }, + "authorUri": { + "type": "string" + } + }, + "type": "object", + "required": [ + "pluginInstallDirectory" + ] + }, + "cpes": { + "items": { + "$ref": "#/$defs/CPE" + }, + "type": "array" + }, + "licenses": { + "items": { + "$ref": "#/$defs/License" + }, + "type": "array" + } + } +} diff --git a/schema/json/schema-latest.json b/schema/json/schema-latest.json index e57d0628d..624bdb51e 100644 --- a/schema/json/schema-latest.json +++ b/schema/json/schema-latest.json @@ -1,6 +1,6 @@ { "$schema": "https://json-schema.org/draft/2020-12/schema", - "$id": "anchore.io/schema/syft/json/16.0.30/document", + "$id": "anchore.io/schema/syft/json/16.0.31/document", "$ref": "#/$defs/Document", "$defs": { "AlpmDbEntry": { @@ -408,6 +408,49 @@ "path" ] }, + "DartPubspec": { + "properties": { + "homepage": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "documentation": { + "type": "string" + }, + "publish_to": { + "type": "string" + }, + "environment": { + "$ref": "#/$defs/DartPubspecEnvironment" + }, + "platforms": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ignored_advisories": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "DartPubspecEnvironment": { + "properties": { + "sdk": { + "type": "string" + }, + "flutter": { + "type": "string" + } + }, + "type": "object" + }, "DartPubspecLockEntry": { "properties": { "name": { @@ -1851,6 +1894,9 @@ { "$ref": "#/$defs/CocoaPodfileLockEntry" }, + { + "$ref": "#/$defs/DartPubspec" + }, { "$ref": "#/$defs/DartPubspecLockEntry" }, diff --git a/syft/format/internal/spdxutil/helpers/originator_supplier_test.go b/syft/format/internal/spdxutil/helpers/originator_supplier_test.go index 26f9ae2d6..572e57768 100644 --- a/syft/format/internal/spdxutil/helpers/originator_supplier_test.go +++ b/syft/format/internal/spdxutil/helpers/originator_supplier_test.go @@ -19,6 +19,7 @@ func Test_OriginatorSupplier(t *testing.T) { pkg.ConanfileEntry{}, pkg.ConaninfoEntry{}, pkg.DartPubspecLockEntry{}, + pkg.DartPubspec{}, pkg.DotnetDepsEntry{}, pkg.DotnetPackagesLockEntry{}, pkg.ELFBinaryPackageNoteJSONPayload{}, diff --git a/syft/internal/packagemetadata/generated.go b/syft/internal/packagemetadata/generated.go index 63d13a993..39735803f 100644 --- a/syft/internal/packagemetadata/generated.go +++ b/syft/internal/packagemetadata/generated.go @@ -16,6 +16,7 @@ func AllTypes() []any { pkg.ConanV2LockEntry{}, pkg.ConanfileEntry{}, pkg.ConaninfoEntry{}, + pkg.DartPubspec{}, pkg.DartPubspecLockEntry{}, pkg.DotnetDepsEntry{}, pkg.DotnetPackagesLockEntry{}, diff --git a/syft/internal/packagemetadata/names.go b/syft/internal/packagemetadata/names.go index 978eb0034..dd640b139 100644 --- a/syft/internal/packagemetadata/names.go +++ b/syft/internal/packagemetadata/names.go @@ -72,6 +72,7 @@ var jsonTypes = makeJSONTypes( jsonNames(pkg.ConanfileEntry{}, "c-conan-file-entry", "ConanMetadataType"), jsonNames(pkg.ConaninfoEntry{}, "c-conan-info-entry"), jsonNames(pkg.DartPubspecLockEntry{}, "dart-pubspec-lock-entry", "DartPubMetadata"), + jsonNames(pkg.DartPubspec{}, "dart-pubspec"), jsonNames(pkg.DotnetDepsEntry{}, "dotnet-deps-entry", "DotnetDepsMetadata"), jsonNames(pkg.DotnetPortableExecutableEntry{}, "dotnet-portable-executable-entry"), jsonNames(pkg.DpkgArchiveEntry{}, "dpkg-archive-entry"), diff --git a/syft/pkg/cataloger/dart/cataloger.go b/syft/pkg/cataloger/dart/cataloger.go index 37c73c479..70d9586a8 100644 --- a/syft/pkg/cataloger/dart/cataloger.go +++ b/syft/pkg/cataloger/dart/cataloger.go @@ -13,3 +13,9 @@ func NewPubspecLockCataloger() pkg.Cataloger { return generic.NewCataloger("dart-pubspec-lock-cataloger"). WithParserByGlobs(parsePubspecLock, "**/pubspec.lock") } + +// NewPubspecCataloger returns a new Dartlang cataloger object base on pubspec files. +func NewPubspecCataloger() pkg.Cataloger { + return generic.NewCataloger("dart-pubspec-cataloger"). + WithParserByGlobs(parsePubspec, "**/pubspec.yml", "**/pubspec.yaml") +} diff --git a/syft/pkg/cataloger/dart/cataloger_test.go b/syft/pkg/cataloger/dart/cataloger_test.go index 94aa8cfa0..6ad9f1518 100644 --- a/syft/pkg/cataloger/dart/cataloger_test.go +++ b/syft/pkg/cataloger/dart/cataloger_test.go @@ -6,15 +6,15 @@ import ( "github.com/anchore/syft/syft/pkg/cataloger/internal/pkgtest" ) -func TestCataloger_Globs(t *testing.T) { +func TestPubspecLockCataloger_Globs(t *testing.T) { tests := []struct { name string fixture string expected []string }{ { - name: "obtain pubspec files", - fixture: "test-fixtures/glob-paths", + name: "obtain pubspec lock files", + fixture: "test-fixtures/glob-paths/lock", expected: []string{ "src/pubspec.lock", }, @@ -30,3 +30,29 @@ func TestCataloger_Globs(t *testing.T) { }) } } + +func TestPubspecCataloger_Globs(t *testing.T) { + tests := []struct { + name string + fixture string + expected []string + }{ + { + name: "obtain pubspec files", + fixture: "test-fixtures/glob-paths/spec", + expected: []string{ + "pubspec.yml", + "pubspec.yaml", + }, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + pkgtest.NewCatalogTester(). + FromDirectory(t, test.fixture). + ExpectsResolverContentQueries(test.expected). + TestCataloger(t, NewPubspecCataloger()) + }) + } +} diff --git a/syft/pkg/cataloger/dart/package.go b/syft/pkg/cataloger/dart/package.go index 99fad4133..ef4648a2b 100644 --- a/syft/pkg/cataloger/dart/package.go +++ b/syft/pkg/cataloger/dart/package.go @@ -18,7 +18,7 @@ func newPubspecLockPackage(name string, raw pubspecLockPackage, locations ...fil Name: name, Version: raw.Version, Locations: file.NewLocationSet(locations...), - PURL: packageURL(metadata), + PURL: packageURLFromPubspecLock(metadata), Language: pkg.Dart, Type: pkg.DartPubPkg, Metadata: metadata, @@ -29,7 +29,39 @@ func newPubspecLockPackage(name string, raw pubspecLockPackage, locations ...fil return p } -func packageURL(m pkg.DartPubspecLockEntry) string { +func newPubspecPackage(raw pubspecPackage, locations ...file.Location) pkg.Package { + var env *pkg.DartPubspecEnvironment + if raw.Environment.SDK != "" || raw.Environment.Flutter != "" { + // this is required only after pubspec v2, but might have been optional before this + env = &pkg.DartPubspecEnvironment{ + SDK: raw.Environment.SDK, + Flutter: raw.Environment.Flutter, + } + } + p := pkg.Package{ + Name: raw.Name, + Version: raw.Version, + Locations: file.NewLocationSet(locations...), + PURL: packageURLFromPubspec(raw.Name, raw.Version), + Language: pkg.Dart, + Type: pkg.DartPubPkg, + Metadata: pkg.DartPubspec{ + Homepage: raw.Homepage, + Repository: raw.Repository, + Documentation: raw.Documentation, + PublishTo: raw.PublishTo, + Environment: env, + Platforms: raw.Platforms, + IgnoredAdvisories: raw.IgnoredAdvisories, + }, + } + + p.SetID() + + return p +} + +func packageURLFromPubspecLock(m pkg.DartPubspecLockEntry) string { var qualifiers packageurl.Qualifiers if m.HostedURL != "" { @@ -53,3 +85,16 @@ func packageURL(m pkg.DartPubspecLockEntry) string { "", ).ToString() } + +func packageURLFromPubspec(name, version string) string { + var qualifiers packageurl.Qualifiers + + return packageurl.NewPackageURL( + packageurl.TypePub, + "", + name, + version, + qualifiers, + "", + ).ToString() +} diff --git a/syft/pkg/cataloger/dart/parse_pubspec.go b/syft/pkg/cataloger/dart/parse_pubspec.go new file mode 100644 index 000000000..03e9bc336 --- /dev/null +++ b/syft/pkg/cataloger/dart/parse_pubspec.go @@ -0,0 +1,50 @@ +package dart + +import ( + "context" + "fmt" + + "gopkg.in/yaml.v3" + + "github.com/anchore/syft/syft/artifact" + "github.com/anchore/syft/syft/file" + "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/pkg/cataloger/generic" +) + +type pubspecPackage struct { + Name string `mapstructure:"name" yaml:"name"` + Version string `mapstructure:"version" yaml:"version"` + Homepage string `mapstructure:"homepage" yaml:"homepage"` + Repository string `mapstructure:"repository" yaml:"repository"` + Documentation string `mapstructure:"documentation" yaml:"documentation"` + PublishTo string `mapstructure:"publish_to" yaml:"publish_to"` + Environment dartPubspecEnvironment `mapstructure:"environment" yaml:"environment"` + Platforms []string `mapstructure:"platforms" yaml:"platforms"` + IgnoredAdvisories []string `mapstructure:"ignored_advisories" yaml:"ignored_advisories"` +} + +type dartPubspecEnvironment struct { + SDK string `mapstructure:"sdk" yaml:"sdk"` + Flutter string `mapstructure:"flutter" yaml:"flutter"` +} + +func parsePubspec(_ context.Context, _ file.Resolver, _ *generic.Environment, reader file.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { + var pkgs []pkg.Package + + dec := yaml.NewDecoder(reader) + + var p pubspecPackage + if err := dec.Decode(&p); err != nil { + return nil, nil, fmt.Errorf("failed to parse pubspec.yml file: %w", err) + } + + pkgs = append(pkgs, + newPubspecPackage( + p, + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + ), + ) + + return pkgs, nil, nil +} diff --git a/syft/pkg/cataloger/dart/parse_pubspec_lock_test.go b/syft/pkg/cataloger/dart/parse_pubspec_lock_test.go index ab843f66a..43fc79b15 100644 --- a/syft/pkg/cataloger/dart/parse_pubspec_lock_test.go +++ b/syft/pkg/cataloger/dart/parse_pubspec_lock_test.go @@ -12,101 +12,112 @@ import ( ) func TestParsePubspecLock(t *testing.T) { - fixture := "test-fixtures/pubspec.lock" - fixtureLocationSet := file.NewLocationSet(file.NewLocation(fixture)) - expected := []pkg.Package{ + tests := []struct { + name string + fixture string + expectedPackages []pkg.Package + expectedRelationships []artifact.Relationship + }{ { - Name: "ale", - Version: "3.3.0", - PURL: "pkg:pub/ale@3.3.0?hosted_url=pub.hosted.org", - Locations: fixtureLocationSet, - Language: pkg.Dart, - Type: pkg.DartPubPkg, - Metadata: pkg.DartPubspecLockEntry{ - Name: "ale", - Version: "3.3.0", - HostedURL: "pub.hosted.org", - }, - }, - { - Name: "analyzer", - Version: "0.40.7", - PURL: "pkg:pub/analyzer@0.40.7", - Locations: fixtureLocationSet, - Language: pkg.Dart, - Type: pkg.DartPubPkg, - Metadata: pkg.DartPubspecLockEntry{ - Name: "analyzer", - Version: "0.40.7", - }, - }, - { - Name: "ansicolor", - Version: "1.1.1", - PURL: "pkg:pub/ansicolor@1.1.1", - Locations: fixtureLocationSet, - Language: pkg.Dart, - Type: pkg.DartPubPkg, - Metadata: pkg.DartPubspecLockEntry{ - Name: "ansicolor", - Version: "1.1.1", - }, - }, - { - Name: "archive", - Version: "2.0.13", - PURL: "pkg:pub/archive@2.0.13", - Locations: fixtureLocationSet, - Language: pkg.Dart, - Type: pkg.DartPubPkg, - Metadata: pkg.DartPubspecLockEntry{ - Name: "archive", - Version: "2.0.13", - }, - }, - { - Name: "args", - Version: "1.6.0", - PURL: "pkg:pub/args@1.6.0", - Locations: fixtureLocationSet, - Language: pkg.Dart, - Type: pkg.DartPubPkg, - Metadata: pkg.DartPubspecLockEntry{ - Name: "args", - Version: "1.6.0", - }, - }, - { - Name: "flutter", - Version: "3.24.5", - PURL: "pkg:pub/flutter@3.24.5", - Locations: fixtureLocationSet, - Language: pkg.Dart, - Type: pkg.DartPubPkg, - Metadata: pkg.DartPubspecLockEntry{ - Name: "flutter", - Version: "3.24.5", - }, - }, - { - Name: "key_binder", - Version: "1.11.20", - PURL: "pkg:pub/key_binder@1.11.20?vcs_url=git%40github.com%3AWorkiva%2Fkey_binder.git%403f7b3a6350e73c7dcac45301c0e18fbd42af02f7", - Locations: fixtureLocationSet, - Language: pkg.Dart, - Type: pkg.DartPubPkg, - Metadata: pkg.DartPubspecLockEntry{ - Name: "key_binder", - Version: "1.11.20", - VcsURL: "git@github.com:Workiva/key_binder.git@3f7b3a6350e73c7dcac45301c0e18fbd42af02f7", + name: "standard pubspec.lock", + fixture: "test-fixtures/pubspec_locks/pubspec.lock", + expectedPackages: []pkg.Package{ + { + Name: "ale", + Version: "3.3.0", + PURL: "pkg:pub/ale@3.3.0?hosted_url=pub.hosted.org", + Locations: file.NewLocationSet(file.NewLocation("test-fixtures/pubspec_locks/pubspec.lock")), + Language: pkg.Dart, + Type: pkg.DartPubPkg, + Metadata: pkg.DartPubspecLockEntry{ + Name: "ale", + Version: "3.3.0", + HostedURL: "pub.hosted.org", + }, + }, + { + Name: "analyzer", + Version: "0.40.7", + PURL: "pkg:pub/analyzer@0.40.7", + Locations: file.NewLocationSet(file.NewLocation("test-fixtures/pubspec_locks/pubspec.lock")), + Language: pkg.Dart, + Type: pkg.DartPubPkg, + Metadata: pkg.DartPubspecLockEntry{ + Name: "analyzer", + Version: "0.40.7", + }, + }, + { + Name: "ansicolor", + Version: "1.1.1", + PURL: "pkg:pub/ansicolor@1.1.1", + Locations: file.NewLocationSet(file.NewLocation("test-fixtures/pubspec_locks/pubspec.lock")), + Language: pkg.Dart, + Type: pkg.DartPubPkg, + Metadata: pkg.DartPubspecLockEntry{ + Name: "ansicolor", + Version: "1.1.1", + }, + }, + { + Name: "archive", + Version: "2.0.13", + PURL: "pkg:pub/archive@2.0.13", + Locations: file.NewLocationSet(file.NewLocation("test-fixtures/pubspec_locks/pubspec.lock")), + Language: pkg.Dart, + Type: pkg.DartPubPkg, + Metadata: pkg.DartPubspecLockEntry{ + Name: "archive", + Version: "2.0.13", + }, + }, + { + Name: "args", + Version: "1.6.0", + PURL: "pkg:pub/args@1.6.0", + Locations: file.NewLocationSet(file.NewLocation("test-fixtures/pubspec_locks/pubspec.lock")), + Language: pkg.Dart, + Type: pkg.DartPubPkg, + Metadata: pkg.DartPubspecLockEntry{ + Name: "args", + Version: "1.6.0", + }, + }, + { + Name: "flutter", + Version: "3.24.5", + PURL: "pkg:pub/flutter@3.24.5", + Locations: file.NewLocationSet(file.NewLocation("test-fixtures/pubspec_locks/pubspec.lock")), + Language: pkg.Dart, + Type: pkg.DartPubPkg, + Metadata: pkg.DartPubspecLockEntry{ + Name: "flutter", + Version: "3.24.5", + }, + }, + { + Name: "key_binder", + Version: "1.11.20", + PURL: "pkg:pub/key_binder@1.11.20?vcs_url=git%40github.com%3AWorkiva%2Fkey_binder.git%403f7b3a6350e73c7dcac45301c0e18fbd42af02f7", + Locations: file.NewLocationSet(file.NewLocation("test-fixtures/pubspec_locks/pubspec.lock")), + Language: pkg.Dart, + Type: pkg.DartPubPkg, + Metadata: pkg.DartPubspecLockEntry{ + Name: "key_binder", + Version: "1.11.20", + VcsURL: "git@github.com:Workiva/key_binder.git@3f7b3a6350e73c7dcac45301c0e18fbd42af02f7", + }, + }, }, + expectedRelationships: nil, }, } - // TODO: relationships are not under test - var expectedRelationships []artifact.Relationship - - pkgtest.TestFileParser(t, fixture, parsePubspecLock, expected, expectedRelationships) + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + pkgtest.TestFileParser(t, test.fixture, parsePubspecLock, test.expectedPackages, test.expectedRelationships) + }) + } } func Test_corruptPubspecLock(t *testing.T) { diff --git a/syft/pkg/cataloger/dart/parse_pubspec_test.go b/syft/pkg/cataloger/dart/parse_pubspec_test.go new file mode 100644 index 000000000..4ba3b5c23 --- /dev/null +++ b/syft/pkg/cataloger/dart/parse_pubspec_test.go @@ -0,0 +1,70 @@ +package dart + +import ( + "testing" + + "github.com/anchore/syft/syft/artifact" + "github.com/anchore/syft/syft/file" + "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/pkg/cataloger/internal/pkgtest" +) + +func TestParsePubspec(t *testing.T) { + tests := []struct { + name string + fixture string + expectedPackages []pkg.Package + expectedRelationships []artifact.Relationship + }{ + { + name: "_macros", + fixture: "test-fixtures/pubspecs/macros.pubspec.yaml", + expectedPackages: []pkg.Package{ + { + Name: "_macros", + Version: "0.3.2", + PURL: "pkg:pub/_macros@0.3.2", + Locations: file.NewLocationSet(file.NewLocation("test-fixtures/pubspecs/macros.pubspec.yaml")), + Language: pkg.Dart, + Type: pkg.DartPubPkg, + Metadata: pkg.DartPubspec{ + Repository: "https://github.com/dart-lang/sdk/tree/main/pkg/_macros", + PublishTo: "none", + Environment: &pkg.DartPubspecEnvironment{ + SDK: "^3.4.0-256.0.dev", + }, + }, + }, + }, + expectedRelationships: nil, + }, + { + name: "_macros", + fixture: "test-fixtures/pubspecs/appainter.pubspec.yaml", + expectedPackages: []pkg.Package{ + { + Name: "appainter", + Version: "2.4.8", + PURL: "pkg:pub/appainter@2.4.8", + Locations: file.NewLocationSet(file.NewLocation("test-fixtures/pubspecs/appainter.pubspec.yaml")), + Language: pkg.Dart, + Type: pkg.DartPubPkg, + Metadata: pkg.DartPubspec{ + PublishTo: "none", + Environment: &pkg.DartPubspecEnvironment{ + SDK: ">=3.0.0 <4.0.0", + Flutter: "3.29.3", + }, + }, + }, + }, + expectedRelationships: nil, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + pkgtest.TestFileParser(t, test.fixture, parsePubspec, test.expectedPackages, test.expectedRelationships) + }) + } +} diff --git a/syft/pkg/cataloger/dart/test-fixtures/glob-paths/src/pubspec.lock b/syft/pkg/cataloger/dart/test-fixtures/glob-paths/lock/src/pubspec.lock similarity index 100% rename from syft/pkg/cataloger/dart/test-fixtures/glob-paths/src/pubspec.lock rename to syft/pkg/cataloger/dart/test-fixtures/glob-paths/lock/src/pubspec.lock diff --git a/syft/pkg/cataloger/dart/test-fixtures/glob-paths/spec/pubspec.yaml b/syft/pkg/cataloger/dart/test-fixtures/glob-paths/spec/pubspec.yaml new file mode 100644 index 000000000..e0b21b30f --- /dev/null +++ b/syft/pkg/cataloger/dart/test-fixtures/glob-paths/spec/pubspec.yaml @@ -0,0 +1 @@ +bogus pubspec.yml \ No newline at end of file diff --git a/syft/pkg/cataloger/dart/test-fixtures/glob-paths/spec/pubspec.yml b/syft/pkg/cataloger/dart/test-fixtures/glob-paths/spec/pubspec.yml new file mode 100644 index 000000000..e0b21b30f --- /dev/null +++ b/syft/pkg/cataloger/dart/test-fixtures/glob-paths/spec/pubspec.yml @@ -0,0 +1 @@ +bogus pubspec.yml \ No newline at end of file diff --git a/syft/pkg/cataloger/dart/test-fixtures/pubspec.lock b/syft/pkg/cataloger/dart/test-fixtures/pubspec_locks/pubspec.lock similarity index 100% rename from syft/pkg/cataloger/dart/test-fixtures/pubspec.lock rename to syft/pkg/cataloger/dart/test-fixtures/pubspec_locks/pubspec.lock diff --git a/syft/pkg/cataloger/dart/test-fixtures/pubspecs/appainter.pubspec.yaml b/syft/pkg/cataloger/dart/test-fixtures/pubspecs/appainter.pubspec.yaml new file mode 100644 index 000000000..805c25730 --- /dev/null +++ b/syft/pkg/cataloger/dart/test-fixtures/pubspecs/appainter.pubspec.yaml @@ -0,0 +1,75 @@ +name: appainter +description: A material theme editor and generator for Flutter to configure and + preview the overall visual theme of your material app +publish_to: "none" +version: 2.4.8 + +environment: + sdk: ">=3.0.0 <4.0.0" + flutter: 3.29.3 + +dependencies: + appainter_annotations: + path: packages/annotations + bloc: 9.0.0 + collection: ^1.17.2 + copy_with_extension: 6.0.1 + cupertino_icons: 1.0.8 + device_preview_plus: 2.3.5 + dio: 5.8.0+1 + dropdown_search: 6.0.2 + enum_to_string: 2.2.1 + equatable: 2.0.7 + expandable: 5.0.1 + file_picker: 10.1.2 + firebase_analytics: 11.4.5 + firebase_auth: 5.5.3 + firebase_core: 3.13.0 + flex_color_picker: 3.7.1 + flutter: + sdk: flutter + flutter_bloc: 9.1.1 + flutter_markdown: 0.7.7 + google_fonts: 6.2.1 + intl: 0.19.0 + json_theme: 8.0.0 + material_color_utilities: ^0.11.1 + material_design_icons_flutter: 7.0.7296 + ndialog: 4.4.1+1 + path_provider: 2.1.5 + pretty_json: 2.0.0 + random_color_scheme: 0.1.4 + sentry_flutter: 8.14.2 + shared_preferences: 2.5.3 + universal_html: 2.2.4 + universal_io: 2.2.2 + url_launcher: 6.3.1 + window_manager: 0.4.3 + +# have comments! +dev_dependencies: + appainter_builder: + path: packages/builder + bloc_test: 10.0.0 + build_runner: 2.4.15 + copy_with_extension_gen: 6.0.1 + flutter_lints: 5.0.0 + flutter_test: + sdk: flutter + integration_test: + sdk: flutter + mocktail: 1.0.4 + path_provider_platform_interface: 2.1.2 + remove_from_coverage: 2.0.0 + sentry_dart_plugin: 2.4.1 + +flutter: + uses-material-design: true + assets: + - assets/icon.png + +sentry: + upload_native_symbols: true + upload_source_maps: true + include_native_sources: true + commits: false diff --git a/syft/pkg/cataloger/dart/test-fixtures/pubspecs/macros.pubspec.yaml b/syft/pkg/cataloger/dart/test-fixtures/pubspecs/macros.pubspec.yaml new file mode 100644 index 000000000..ac3cbfa0d --- /dev/null +++ b/syft/pkg/cataloger/dart/test-fixtures/pubspecs/macros.pubspec.yaml @@ -0,0 +1,16 @@ +name: _macros +version: 0.3.2 +description: >- + This is a private SDK vendored package, which is re-exported by the public + `macros` package, which is a pub package. Every change to this package is + treated as a release, see CONTRIBUTING.md for full instructions. +publish_to: none +repository: https://github.com/dart-lang/sdk/tree/main/pkg/_macros + +environment: + sdk: ^3.4.0-256.0.dev + +# Note that as an SDK vendored package, pub package dependencies are only +# allowed in the dev_dependencies section. +dev_dependencies: + test: any diff --git a/syft/pkg/dart.go b/syft/pkg/dart.go index 496741268..cff51c421 100644 --- a/syft/pkg/dart.go +++ b/syft/pkg/dart.go @@ -7,3 +7,19 @@ type DartPubspecLockEntry struct { HostedURL string `mapstructure:"hosted_url" json:"hosted_url,omitempty"` VcsURL string `mapstructure:"vcs_url" json:"vcs_url,omitempty"` } + +// DartPubspec is a struct that represents a package described in a pubspec.yaml file +type DartPubspec struct { + Homepage string `mapstructure:"homepage" json:"homepage,omitempty"` + Repository string `mapstructure:"repository" json:"repository,omitempty"` + Documentation string `mapstructure:"documentation" json:"documentation,omitempty"` + PublishTo string `mapstructure:"publish_to" json:"publish_to,omitempty"` + Environment *DartPubspecEnvironment `mapstructure:"environment" json:"environment,omitempty"` + Platforms []string `mapstructure:"platforms" json:"platforms,omitempty"` + IgnoredAdvisories []string `mapstructure:"ignored_advisories" json:"ignored_advisories,omitempty"` +} + +type DartPubspecEnvironment struct { + SDK string `mapstructure:"sdk" json:"sdk,omitempty"` + Flutter string `mapstructure:"flutter" json:"flutter,omitempty"` +}