Fix panic for empty input to Swift cataloger (#2226)

* survive invalid input in swift parser Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add empty file Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-17 16:33:21 +01:00 · 2023-10-16 11:04:33 -04:00 · 2023-10-16 11:04:33 -04:00 · 31f1d7dbf0
commit 31f1d7dbf0
parent 144ed725a7
4 changed files with 41 additions and 1 deletions
--- a/syft/pkg/cataloger/swift/parse_package_resolved.go
+++ b/syft/pkg/cataloger/swift/parse_package_resolved.go
@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"

+	"github.com/anchore/syft/internal/log"
 	"github.com/anchore/syft/syft/artifact"
 	"github.com/anchore/syft/syft/file"
 	"github.com/anchore/syft/syft/pkg"
@ -67,7 +68,17 @@ func parsePackageResolved(_ file.Resolver, _ *generic.Environment, reader file.L
 		}
 	}

-	var pins, err = pinsForVersion(packageResolvedData, packageResolvedData["version"].(float64))
+	if packageResolvedData["version"] == nil {
+		log.Trace("no version found in Package.resolved file, skipping")
+		return nil, nil, nil
+	}
+
+	version, ok := packageResolvedData["version"].(float64)
+	if !ok {
+		return nil, nil, fmt.Errorf("failed to parse Package.resolved file: version is not a number")
+	}
+
+	var pins, err = pinsForVersion(packageResolvedData, version)
 	if err != nil {
 		return nil, nil, err
 	}
--- a/syft/pkg/cataloger/swift/parse_package_resolved_test.go
+++ b/syft/pkg/cataloger/swift/parse_package_resolved_test.go
@ -1,8 +1,12 @@
 package swift

 import (
+	"os"
+	"path/filepath"
 	"testing"

+	"github.com/stretchr/testify/require"
+
 	"github.com/anchore/syft/syft/artifact"
 	"github.com/anchore/syft/syft/file"
 	"github.com/anchore/syft/syft/pkg"
@ -80,3 +84,24 @@ func TestParsePackageResolved(t *testing.T) {

 	pkgtest.TestFileParser(t, fixture, parsePackageResolved, expectedPkgs, expectedRelationships)
 }
+
+func TestParsePackageResolved_empty(t *testing.T) {
+	// regression for https://github.com/anchore/syft/issues/2225
+	fixture := "test-fixtures/empty-packages.resolved"
+
+	pkgtest.TestFileParser(t, fixture, parsePackageResolved, nil, nil)
+
+	dir := t.TempDir()
+	fixture = filepath.Join(dir, "Package.resolved")
+	_, err := os.Create(fixture)
+	require.NoError(t, err)
+
+	pkgtest.TestFileParser(t, fixture, parsePackageResolved, nil, nil)
+}
+
+func TestParsePackageResolved_versionNotANumber(t *testing.T) {
+	// regression for https://github.com/anchore/syft/issues/2225
+	fixture := "test-fixtures/bad-version-packages.resolved"
+
+	pkgtest.NewCatalogTester().FromFile(t, fixture).WithError().TestParser(t, parsePackageResolved)
+}
--- a/syft/pkg/cataloger/swift/test-fixtures/bad-version-packages.resolved
+++ b/syft/pkg/cataloger/swift/test-fixtures/bad-version-packages.resolved
@ -0,0 +1,3 @@
+{
+  "version" : "2"
+}
--- a/syft/pkg/cataloger/swift/test-fixtures/empty-packages.resolved
+++ b/syft/pkg/cataloger/swift/test-fixtures/empty-packages.resolved
@ -0,0 +1 @@
+{}