Fix panic for empty input to Swift cataloger (#2226)

* survive invalid input in swift parser Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add empty file Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-17 16:33:21 +01:00 · 2023-10-16 11:04:33 -04:00 · 2023-10-16 11:04:33 -04:00 · 31f1d7dbf0
commit 31f1d7dbf0
parent 144ed725a7
4 changed files with 41 additions and 1 deletions
--- a/syft/pkg/cataloger/swift/parse_package_resolved.go
+++ b/syft/pkg/cataloger/swift/parse_package_resolved.go
@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 	"github.com/anchore/syft/internal/log"
 	"github.com/anchore/syft/syft/artifact"
 	"github.com/anchore/syft/syft/file"
 	"github.com/anchore/syft/syft/pkg"
@ -67,7 +68,17 @@ func parsePackageResolved(_ file.Resolver, _ *generic.Environment, reader file.L
 		}
 	}
-	var pins, err = pinsForVersion(packageResolvedData, packageResolvedData["version"].(float64))
+	if packageResolvedData["version"] == nil {
 		log.Trace("no version found in Package.resolved file, skipping")
 		return nil, nil, nil
 	}
 	version, ok := packageResolvedData["version"].(float64)
 	if !ok {
 		return nil, nil, fmt.Errorf("failed to parse Package.resolved file: version is not a number")
 	}
 	var pins, err = pinsForVersion(packageResolvedData, version)
 	if err != nil {
 		return nil, nil, err
 	}
--- a/syft/pkg/cataloger/swift/parse_package_resolved_test.go
+++ b/syft/pkg/cataloger/swift/parse_package_resolved_test.go
@ -1,8 +1,12 @@
 package swift
 import (
 	"os"
 	"path/filepath"
 	"testing"
 	"github.com/stretchr/testify/require"
 	"github.com/anchore/syft/syft/artifact"
 	"github.com/anchore/syft/syft/file"
 	"github.com/anchore/syft/syft/pkg"
@ -80,3 +84,24 @@ func TestParsePackageResolved(t *testing.T) {
 	pkgtest.TestFileParser(t, fixture, parsePackageResolved, expectedPkgs, expectedRelationships)
 }
 func TestParsePackageResolved_empty(t *testing.T) {
 	// regression for https://github.com/anchore/syft/issues/2225
 	fixture := "test-fixtures/empty-packages.resolved"
 	pkgtest.TestFileParser(t, fixture, parsePackageResolved, nil, nil)
 	dir := t.TempDir()
 	fixture = filepath.Join(dir, "Package.resolved")
 	_, err := os.Create(fixture)
 	require.NoError(t, err)
 	pkgtest.TestFileParser(t, fixture, parsePackageResolved, nil, nil)
 }
 func TestParsePackageResolved_versionNotANumber(t *testing.T) {
 	// regression for https://github.com/anchore/syft/issues/2225
 	fixture := "test-fixtures/bad-version-packages.resolved"
 	pkgtest.NewCatalogTester().FromFile(t, fixture).WithError().TestParser(t, parsePackageResolved)
 }
--- a/syft/pkg/cataloger/swift/test-fixtures/bad-version-packages.resolved
+++ b/syft/pkg/cataloger/swift/test-fixtures/bad-version-packages.resolved
@ -0,0 +1,3 @@
 {
  "version" : "2"
 }
--- a/syft/pkg/cataloger/swift/test-fixtures/empty-packages.resolved
+++ b/syft/pkg/cataloger/swift/test-fixtures/empty-packages.resolved
@ -0,0 +1 @@
 {}