oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-18 17:03:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

Include vendored modules in Go Module package list (#883)

Browse Source 
* include vendored modules in package slice

Signed-off-by: Frankie Gallina-Jones <frankieg@vmware.com>

* add explanatory comments

Signed-off-by: Frankie Gallina-Jones <frankieg@vmware.com>
This commit is contained in:
Frankie G-J 2022-03-11 12:57:33 -05:00 committed by GitHub
parent 6c8102bf28
commit 44a6e00f7a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 57 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
syft/pkg/cataloger/golang/parse_go_bin.go
View File

@ -70,18 +70,26 @@ func buildGoPkgInfo(location source.Location, mod, goVersion, arch string) []pkg
for scanner.Scan() { for scanner.Scan() {
fields := strings.Fields(scanner.Text()) fields := strings.Fields(scanner.Text())
// must have dep, name, version, sha // must have dep, name, version
if len(fields) < 4 { if len(fields) < 3 {
continue continue
} }
if fields[0] == packageIdentifier || fields[0] == replaceIdentifier { name := fields[1]
name := fields[1] version := fields[2]
version := fields[2] h1Digest := ""
h1Digest := fields[3] // if dep is *not* vendored, it'll also have h1digest
if len(fields) >= 4 {
h1Digest = fields[3]
}
if fields[0] == packageIdentifier {
pkgsSlice = append(pkgsSlice, newGoBinaryPackage(name, version, h1Digest, goVersion, arch, location)) pkgsSlice = append(pkgsSlice, newGoBinaryPackage(name, version, h1Digest, goVersion, arch, location))
} }
if fields[0] == replaceIdentifier {
// replace the previous entry in the package slice
pkgsSlice[len(pkgsSlice)-1] = newGoBinaryPackage(name, version, h1Digest, goVersion, arch, location)
}
} }
return pkgsSlice return pkgsSlice
} }

44
syft/pkg/cataloger/golang/parse_go_bin_test.go
View File

@ -28,7 +28,8 @@ func TestBuildGoPkgInfo(t *testing.T) {
name: "buildGoPkgInfo parses a populated mod string and returns packages but no source info", name: "buildGoPkgInfo parses a populated mod string and returns packages but no source info",
mod: `path github.com/anchore/syft mod github.com/anchore/syft (devel) mod: `path github.com/anchore/syft mod github.com/anchore/syft (devel)
dep github.com/adrg/xdg v0.2.1 h1:VSVdnH7cQ7V+B33qSJHTCRlNgra1607Q8PzEmnvb2Ic= dep github.com/adrg/xdg v0.2.1 h1:VSVdnH7cQ7V+B33qSJHTCRlNgra1607Q8PzEmnvb2Ic=
dep github.com/anchore/client-go v0.0.0-20210222170800-9c70f9b80bcf h1:DYssiUV1pBmKqzKsm4mqXx8artqC0Q8HgZsVI3lMsAg=`, dep github.com/anchore/client-go v0.0.0-20210222170800-9c70f9b80bcf h1:DYssiUV1pBmKqzKsm4mqXx8artqC0Q8HgZsVI3lMsAg=
dep github.com/anchore/client-go v1.2.3`,
expected: []pkg.Package{ expected: []pkg.Package{
{ {
Name: "github.com/adrg/xdg", Name: "github.com/adrg/xdg",
@ -70,6 +71,25 @@ func TestBuildGoPkgInfo(t *testing.T) {
H1Digest: "h1:DYssiUV1pBmKqzKsm4mqXx8artqC0Q8HgZsVI3lMsAg=", H1Digest: "h1:DYssiUV1pBmKqzKsm4mqXx8artqC0Q8HgZsVI3lMsAg=",
}, },
}, },
{
Name: "github.com/anchore/client-go",
Version: "v1.2.3",
Language: pkg.Go,
Type: pkg.GoModulePkg,
Locations: []source.Location{
{
Coordinates: source.Coordinates{
RealPath: "/a-path",
FileSystemID: "layer-id",
},
},
},
MetadataType: pkg.GolangBinMetadataType,
Metadata: pkg.GolangBinMetadata{
GoCompiledVersion: goCompiledVersion,
Architecture: archDetails,
},
},
}, },
}, },
{ {
@ -79,7 +99,8 @@ func TestBuildGoPkgInfo(t *testing.T) {
dep golang.org/x/net v0.0.0-20211006190231-62292e806868 h1:KlOXYy8wQWTUJYFgkUI40Lzr06ofg5IRXUK5C7qZt1k= dep golang.org/x/net v0.0.0-20211006190231-62292e806868 h1:KlOXYy8wQWTUJYFgkUI40Lzr06ofg5IRXUK5C7qZt1k=
dep golang.org/x/sys v0.0.0-20211006194710-c8a6f5223071 h1:PjhxBct4MZii8FFR8+oeS7QOvxKOTZXgk63EU2XpfJE= dep golang.org/x/sys v0.0.0-20211006194710-c8a6f5223071 h1:PjhxBct4MZii8FFR8+oeS7QOvxKOTZXgk63EU2XpfJE=
dep golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 dep golang.org/x/term v0.0.0-20210927222741-03fcf44c2211
=> golang.org/x/term v0.0.0-20210916214954-140adaaadfaf h1:Ihq/mm/suC88gF8WFcVwk+OV6Tq+wyA1O0E5UEvDglI=`, => golang.org/x/term v0.0.0-20210916214954-140adaaadfaf h1:Ihq/mm/suC88gF8WFcVwk+OV6Tq+wyA1O0E5UEvDglI=
dep github.com/anchore/client-go v1.2.3`,
expected: []pkg.Package{ expected: []pkg.Package{
{ {
Name: "golang.org/x/net", Name: "golang.org/x/net",
@ -141,6 +162,25 @@ func TestBuildGoPkgInfo(t *testing.T) {
H1Digest: "h1:Ihq/mm/suC88gF8WFcVwk+OV6Tq+wyA1O0E5UEvDglI=", H1Digest: "h1:Ihq/mm/suC88gF8WFcVwk+OV6Tq+wyA1O0E5UEvDglI=",
}, },
}, },
{
Name: "github.com/anchore/client-go",
Version: "v1.2.3",
Language: pkg.Go,
Type: pkg.GoModulePkg,
Locations: []source.Location{
{
Coordinates: source.Coordinates{
RealPath: "/a-path",
FileSystemID: "layer-id",
},
},
},
MetadataType: pkg.GolangBinMetadataType,
Metadata: pkg.GolangBinMetadata{
GoCompiledVersion: goCompiledVersion,
Architecture: archDetails,
},
},
}, },
}, },
} }