diff --git a/syft/cataloger/common/generic_cataloger_test.go b/syft/cataloger/common/generic_cataloger_test.go deleted file mode 100644 index e390525d1..000000000 --- a/syft/cataloger/common/generic_cataloger_test.go +++ /dev/null @@ -1,118 +0,0 @@ -package common - -import ( - "fmt" - "io" - "io/ioutil" - "strings" - "testing" - - "github.com/anchore/syft/syft/pkg" - "github.com/anchore/syft/syft/source" -) - -type testResolverMock struct { - contents map[source.Location]io.ReadCloser -} - -func newTestResolver() *testResolverMock { - return &testResolverMock{ - contents: make(map[source.Location]io.ReadCloser), - } -} - -func (r testResolverMock) HasPath(path string) bool { - panic("not implemented") -} - -func (r *testResolverMock) FileContentsByLocation(_ source.Location) (io.ReadCloser, error) { - return nil, fmt.Errorf("not implemented") -} - -func (r *testResolverMock) MultipleFileContentsByLocation([]source.Location) (map[source.Location]io.ReadCloser, error) { - return r.contents, nil -} - -func (r *testResolverMock) FilesByPath(paths ...string) ([]source.Location, error) { - results := make([]source.Location, len(paths)) - - for idx, p := range paths { - results[idx] = source.NewLocation(p) - r.contents[results[idx]] = ioutil.NopCloser(strings.NewReader(fmt.Sprintf("%s file contents!", p))) - } - - return results, nil -} - -func (r *testResolverMock) FilesByGlob(_ ...string) ([]source.Location, error) { - path := "/a-path.txt" - location := source.NewLocation(path) - r.contents[location] = ioutil.NopCloser(strings.NewReader(fmt.Sprintf("%s file contents!", path))) - return []source.Location{location}, nil -} - -func (r *testResolverMock) RelativeFileByPath(_ source.Location, _ string) *source.Location { - panic(fmt.Errorf("not implemented")) - return nil -} - -func parser(_ string, reader io.Reader) ([]pkg.Package, error) { - contents, err := ioutil.ReadAll(reader) - if err != nil { - panic(err) - } - return []pkg.Package{ - { - Name: string(contents), - }, - }, nil -} - -func TestGenericCataloger(t *testing.T) { - - globParsers := map[string]ParserFn{ - "**a-path.txt": parser, - } - pathParsers := map[string]ParserFn{ - "/another-path.txt": parser, - "/last/path.txt": parser, - } - upstream := "some-other-cataloger" - resolver := newTestResolver() - cataloger := NewGenericCataloger(pathParsers, globParsers, upstream) - - expectedSelection := []string{"/last/path.txt", "/another-path.txt", "/a-path.txt"} - expectedPkgs := make(map[string]pkg.Package) - for _, path := range expectedSelection { - expectedPkgs[path] = pkg.Package{ - FoundBy: upstream, - Name: fmt.Sprintf("%s file contents!", path), - } - } - - actualPkgs, err := cataloger.Catalog(resolver) - if err != nil { - t.Fatalf("cataloger catalog action failed: %+v", err) - } - - if len(actualPkgs) != len(expectedPkgs) { - t.Fatalf("unexpected packages len: %d", len(actualPkgs)) - } - - for _, p := range actualPkgs { - ref := p.Locations[0] - exP, ok := expectedPkgs[ref.RealPath] - if !ok { - t.Errorf("missing expected pkg: ref=%+v", ref) - continue - } - - if p.FoundBy != exP.FoundBy { - t.Errorf("bad upstream: %s", p.FoundBy) - } - - if exP.Name != p.Name { - t.Errorf("bad contents mapping: %+v", p.Locations) - } - } -} diff --git a/syft/cataloger/deb/cataloger.go b/syft/cataloger/deb/cataloger.go deleted file mode 100644 index 49694fb38..000000000 --- a/syft/cataloger/deb/cataloger.go +++ /dev/null @@ -1,190 +0,0 @@ -/* -Package dpkg provides a concrete Cataloger implementation for Debian package DB status files. -*/ -package deb - -import ( - "fmt" - "io" - "path" - "path/filepath" - - "github.com/anchore/syft/syft/pkg" - "github.com/anchore/syft/syft/source" -) - -const ( - md5sumsExt = ".md5sums" - docsPath = "/usr/share/doc" -) - -type Cataloger struct{} - -// NewDpkgdbCataloger returns a new Deb package cataloger object. -func NewDpkgdbCataloger() *Cataloger { - return &Cataloger{} -} - -// Name returns a string that uniquely describes a cataloger -func (c *Cataloger) Name() string { - return "dpkgdb-cataloger" -} - -// Catalog is given an object to resolve file references and content, this function returns any discovered Packages after analyzing dpkg support files. -// nolint:funlen -func (c *Cataloger) Catalog(resolver source.Resolver) ([]pkg.Package, error) { - dbFileMatches, err := resolver.FilesByGlob(pkg.DpkgDbGlob) - if err != nil { - return nil, fmt.Errorf("failed to find dpkg status files's by glob: %w", err) - } - - var results []pkg.Package - var pkgs []pkg.Package - for _, dbLocation := range dbFileMatches { - dbContents, err := resolver.FileContentsByLocation(dbLocation) - if err != nil { - return nil, err - } - - pkgs, err = parseDpkgStatus(dbContents) - if err != nil { - return nil, fmt.Errorf("unable to catalog dpkg package=%+v: %w", dbLocation.RealPath, err) - } - - md5ContentsByName, md5RefsByName, err := fetchMd5Contents(resolver, dbLocation, pkgs) - if err != nil { - return nil, fmt.Errorf("unable to find dpkg md5 contents: %w", err) - } - - copyrightContentsByName, copyrightLocationByName, err := fetchCopyrightContents(resolver, dbLocation, pkgs) - if err != nil { - return nil, fmt.Errorf("unable to find dpkg copyright contents: %w", err) - } - - for i := range pkgs { - p := &pkgs[i] - p.FoundBy = c.Name() - p.Locations = []source.Location{dbLocation} - - metadata := p.Metadata.(pkg.DpkgMetadata) - - if md5Reader, ok := md5ContentsByName[md5Key(*p)]; ok { - // attach the file list - metadata.Files = parseDpkgMD5Info(md5Reader) - - // keep a record of the file where this was discovered - if ref, ok := md5RefsByName[md5Key(*p)]; ok { - p.Locations = append(p.Locations, ref) - } - } else { - // ensure the file list is an empty collection (not nil) - metadata.Files = make([]pkg.DpkgFileRecord, 0) - } - - // persist alterations - p.Metadata = metadata - - copyrightReader, ok := copyrightContentsByName[p.Name] - if ok { - // attach the licenses - p.Licenses = parseLicensesFromCopyright(copyrightReader) - - // keep a record of the file where this was discovered - if ref, ok := copyrightLocationByName[p.Name]; ok { - p.Locations = append(p.Locations, ref) - } - } - } - - results = append(results, pkgs...) - } - return results, nil -} - -func fetchMd5Contents(resolver source.Resolver, dbLocation source.Location, pkgs []pkg.Package) (map[string]io.Reader, map[string]source.Location, error) { - // fetch all MD5 file contents. This approach is more efficient than fetching each MD5 file one at a time - - var md5FileMatches []source.Location - var nameByRef = make(map[source.Location]string) - parentPath := filepath.Dir(dbLocation.RealPath) - - for _, p := range pkgs { - // look for /var/lib/dpkg/info/NAME:ARCH.md5sums - name := md5Key(p) - md5SumLocation := resolver.RelativeFileByPath(dbLocation, path.Join(parentPath, "info", name+md5sumsExt)) - - if md5SumLocation == nil { - // the most specific key did not work, fallback to just the name - // look for /var/lib/dpkg/info/NAME.md5sums - md5SumLocation = resolver.RelativeFileByPath(dbLocation, path.Join(parentPath, "info", p.Name+md5sumsExt)) - } - // we should have at least one reference - if md5SumLocation != nil { - md5FileMatches = append(md5FileMatches, *md5SumLocation) - nameByRef[*md5SumLocation] = name - } - } - - // fetch the md5 contents - md5ContentsByLocation, err := resolver.MultipleFileContentsByLocation(md5FileMatches) - if err != nil { - return nil, nil, err - } - - // organize content results and refs by a combination of name and architecture - var contentsByName = make(map[string]io.Reader) - var locationByName = make(map[string]source.Location) - for location, contents := range md5ContentsByLocation { - name := nameByRef[location] - contentsByName[name] = contents - locationByName[name] = location - } - - return contentsByName, locationByName, nil -} - -func fetchCopyrightContents(resolver source.Resolver, dbLocation source.Location, pkgs []pkg.Package) (map[string]io.Reader, map[string]source.Location, error) { - // fetch all copyright file contents. This approach is more efficient than fetching each copyright file one at a time - - var copyrightFileMatches []source.Location - var nameByLocation = make(map[source.Location]string) - for _, p := range pkgs { - // look for /usr/share/docs/NAME/copyright files - name := p.Name - copyrightPath := path.Join(docsPath, name, "copyright") - copyrightLocation := resolver.RelativeFileByPath(dbLocation, copyrightPath) - - // we may not have a copyright file for each package, ignore missing files - if copyrightLocation != nil { - copyrightFileMatches = append(copyrightFileMatches, *copyrightLocation) - nameByLocation[*copyrightLocation] = name - } - } - - // fetch the copyright contents - copyrightContentsByLocation, err := resolver.MultipleFileContentsByLocation(copyrightFileMatches) - if err != nil { - return nil, nil, err - } - - // organize content results and refs by package name - var contentsByName = make(map[string]io.Reader) - var refsByName = make(map[string]source.Location) - for location, contents := range copyrightContentsByLocation { - name := nameByLocation[location] - contentsByName[name] = contents - refsByName[name] = location - } - - return contentsByName, refsByName, nil -} - -func md5Key(p pkg.Package) string { - metadata := p.Metadata.(pkg.DpkgMetadata) - - contentKey := p.Name - if metadata.Architecture != "" && metadata.Architecture != "all" { - contentKey = contentKey + ":" + metadata.Architecture - } - return contentKey -} diff --git a/syft/cataloger/java/test-fixtures/pom/colon-delimited-with-equals.pom.properties b/syft/cataloger/java/test-fixtures/pom/colon-delimited-with-equals.pom.properties deleted file mode 100644 index a189c75a6..000000000 --- a/syft/cataloger/java/test-fixtures/pom/colon-delimited-with-equals.pom.properties +++ /dev/null @@ -1,5 +0,0 @@ -#Generated by Maven -#Tue Jul 07 18:59:56 GMT 2020 -groupId:org.anchore -artifactId: example-java=app-maven -version: 0.1.0=something diff --git a/syft/cataloger/java/test-fixtures/pom/colon-delimited.pom.properties b/syft/cataloger/java/test-fixtures/pom/colon-delimited.pom.properties deleted file mode 100644 index 4069b275c..000000000 --- a/syft/cataloger/java/test-fixtures/pom/colon-delimited.pom.properties +++ /dev/null @@ -1,5 +0,0 @@ -#Generated by Maven -#Tue Jul 07 18:59:56 GMT 2020 -groupId:org.anchore -artifactId: example-java-app-maven -version: 0.1.0 diff --git a/syft/cataloger/java/test-fixtures/pom/equals-delimited-with-colons.pom.properties b/syft/cataloger/java/test-fixtures/pom/equals-delimited-with-colons.pom.properties deleted file mode 100644 index 7cea7ae6a..000000000 --- a/syft/cataloger/java/test-fixtures/pom/equals-delimited-with-colons.pom.properties +++ /dev/null @@ -1,5 +0,0 @@ -#Generated by Maven -#Tue Jul 07 18:59:56 GMT 2020 -groupId=org.anchore -artifactId= example-java:app-maven -version= 0.1.0:something diff --git a/syft/cataloger/python/package_entry.go b/syft/cataloger/python/package_entry.go deleted file mode 100644 index f27aabae8..000000000 --- a/syft/cataloger/python/package_entry.go +++ /dev/null @@ -1,49 +0,0 @@ -package python - -import ( - "path/filepath" - - "github.com/anchore/syft/syft/source" -) - -type packageEntry struct { - Metadata source.FileData - FileRecord *source.FileData - TopPackage *source.FileData -} - -// newPackageEntry returns a new packageEntry to be processed relative to what information is available in the given FileResolver. -func newPackageEntry(resolver source.FileResolver, metadataLocation source.Location) *packageEntry { - // we've been given a file reference to a specific wheel METADATA file. note: this may be for a directory - // or for an image... for an image the METADATA file may be present within multiple layers, so it is important - // to reconcile the RECORD path to the same layer (or a lower layer). The same is true with the top_level.txt file. - - // lets find the RECORD file relative to the directory where the METADATA file resides (in path AND layer structure) - recordPath := filepath.Join(filepath.Dir(metadataLocation.RealPath), "RECORD") - recordLocation := resolver.RelativeFileByPath(metadataLocation, recordPath) - - // a top_level.txt file specifies the python top-level packages (provided by this python package) installed into site-packages - parentDir := filepath.Dir(metadataLocation.RealPath) - topLevelPath := filepath.Join(parentDir, "top_level.txt") - topLevelLocation := resolver.RelativeFileByPath(metadataLocation, topLevelPath) - - // build an entry that will later be populated with contents when the request is executed - entry := &packageEntry{ - Metadata: source.FileData{ - Location: metadataLocation, - }, - } - - if recordLocation != nil { - entry.FileRecord = &source.FileData{ - Location: *recordLocation, - } - } - - if topLevelLocation != nil { - entry.TopPackage = &source.FileData{ - Location: *topLevelLocation, - } - } - return entry -} diff --git a/syft/cataloger/apkdb/cataloger.go b/syft/pkg/cataloger/apkdb/cataloger.go similarity index 88% rename from syft/cataloger/apkdb/cataloger.go rename to syft/pkg/cataloger/apkdb/cataloger.go index 51ab165f7..6219eaaf7 100644 --- a/syft/cataloger/apkdb/cataloger.go +++ b/syft/pkg/cataloger/apkdb/cataloger.go @@ -4,8 +4,8 @@ Package apkdb provides a concrete Cataloger implementation for Alpine DB files. package apkdb import ( - "github.com/anchore/syft/syft/cataloger/common" "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/pkg/cataloger/common" ) // NewApkdbCataloger returns a new Alpine DB cataloger object. diff --git a/syft/cataloger/apkdb/parse_apk_db.go b/syft/pkg/cataloger/apkdb/parse_apk_db.go similarity index 98% rename from syft/cataloger/apkdb/parse_apk_db.go rename to syft/pkg/cataloger/apkdb/parse_apk_db.go index 98c5d7c07..695553630 100644 --- a/syft/cataloger/apkdb/parse_apk_db.go +++ b/syft/pkg/cataloger/apkdb/parse_apk_db.go @@ -9,8 +9,8 @@ import ( "strings" "github.com/anchore/syft/internal/log" - "github.com/anchore/syft/syft/cataloger/common" "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/pkg/cataloger/common" "github.com/mitchellh/mapstructure" ) diff --git a/syft/cataloger/apkdb/parse_apk_db_test.go b/syft/pkg/cataloger/apkdb/parse_apk_db_test.go similarity index 100% rename from syft/cataloger/apkdb/parse_apk_db_test.go rename to syft/pkg/cataloger/apkdb/parse_apk_db_test.go diff --git a/syft/cataloger/apkdb/test-fixtures/base b/syft/pkg/cataloger/apkdb/test-fixtures/base similarity index 100% rename from syft/cataloger/apkdb/test-fixtures/base rename to syft/pkg/cataloger/apkdb/test-fixtures/base diff --git a/syft/cataloger/apkdb/test-fixtures/extra-file-attributes b/syft/pkg/cataloger/apkdb/test-fixtures/extra-file-attributes similarity index 100% rename from syft/cataloger/apkdb/test-fixtures/extra-file-attributes rename to syft/pkg/cataloger/apkdb/test-fixtures/extra-file-attributes diff --git a/syft/cataloger/apkdb/test-fixtures/multiple b/syft/pkg/cataloger/apkdb/test-fixtures/multiple similarity index 100% rename from syft/cataloger/apkdb/test-fixtures/multiple rename to syft/pkg/cataloger/apkdb/test-fixtures/multiple diff --git a/syft/cataloger/apkdb/test-fixtures/single b/syft/pkg/cataloger/apkdb/test-fixtures/single similarity index 100% rename from syft/cataloger/apkdb/test-fixtures/single rename to syft/pkg/cataloger/apkdb/test-fixtures/single diff --git a/syft/cataloger/catalog.go b/syft/pkg/cataloger/catalog.go similarity index 92% rename from syft/cataloger/catalog.go rename to syft/pkg/cataloger/catalog.go index 27c10556d..962388844 100644 --- a/syft/cataloger/catalog.go +++ b/syft/pkg/cataloger/catalog.go @@ -18,13 +18,13 @@ type Monitor struct { PackagesDiscovered progress.Monitorable // the number of packages discovered from all registered catalogers } -// newMonitor creates a new Monitor object and publishes the object on the bus as a CatalogerStarted event. +// newMonitor creates a new Monitor object and publishes the object on the bus as a PackageCatalogerStarted event. func newMonitor() (*progress.Manual, *progress.Manual) { filesProcessed := progress.Manual{} packagesDiscovered := progress.Manual{} bus.Publish(partybus.Event{ - Type: event.CatalogerStarted, + Type: event.PackageCatalogerStarted, Value: Monitor{ FilesProcessed: progress.Monitorable(&filesProcessed), PackagesDiscovered: progress.Monitorable(&packagesDiscovered), @@ -37,7 +37,7 @@ func newMonitor() (*progress.Manual, *progress.Manual) { // In order to efficiently retrieve contents from a underlying container image the content fetch requests are // done in bulk. Specifically, all files of interest are collected from each catalogers and accumulated into a single // request. -func Catalog(resolver source.Resolver, theDistro *distro.Distro, catalogers ...Cataloger) (*pkg.Catalog, error) { +func Catalog(resolver source.FileResolver, theDistro *distro.Distro, catalogers ...Cataloger) (*pkg.Catalog, error) { catalog := pkg.NewCatalog() filesProcessed, packagesDiscovered := newMonitor() diff --git a/syft/cataloger/cataloger.go b/syft/pkg/cataloger/cataloger.go similarity index 78% rename from syft/cataloger/cataloger.go rename to syft/pkg/cataloger/cataloger.go index 28a418270..29eb9b933 100644 --- a/syft/cataloger/cataloger.go +++ b/syft/pkg/cataloger/cataloger.go @@ -6,16 +6,16 @@ catalogers defined in child packages as well as the interface definition to impl package cataloger import ( - "github.com/anchore/syft/syft/cataloger/apkdb" - "github.com/anchore/syft/syft/cataloger/deb" - "github.com/anchore/syft/syft/cataloger/golang" - "github.com/anchore/syft/syft/cataloger/java" - "github.com/anchore/syft/syft/cataloger/javascript" - "github.com/anchore/syft/syft/cataloger/python" - "github.com/anchore/syft/syft/cataloger/rpmdb" - "github.com/anchore/syft/syft/cataloger/ruby" - "github.com/anchore/syft/syft/cataloger/rust" "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/pkg/cataloger/apkdb" + "github.com/anchore/syft/syft/pkg/cataloger/deb" + "github.com/anchore/syft/syft/pkg/cataloger/golang" + "github.com/anchore/syft/syft/pkg/cataloger/java" + "github.com/anchore/syft/syft/pkg/cataloger/javascript" + "github.com/anchore/syft/syft/pkg/cataloger/python" + "github.com/anchore/syft/syft/pkg/cataloger/rpmdb" + "github.com/anchore/syft/syft/pkg/cataloger/ruby" + "github.com/anchore/syft/syft/pkg/cataloger/rust" "github.com/anchore/syft/syft/source" ) @@ -26,7 +26,7 @@ type Cataloger interface { // Name returns a string that uniquely describes a cataloger Name() string // Catalog is given an object to resolve file references and content, this function returns any discovered Packages after analyzing the catalog source. - Catalog(resolver source.Resolver) ([]pkg.Package, error) + Catalog(resolver source.FileResolver) ([]pkg.Package, error) } // ImageCatalogers returns a slice of locally implemented catalogers that are fit for detecting installations of packages. diff --git a/syft/cataloger/common/generic_cataloger.go b/syft/pkg/cataloger/common/generic_cataloger.go similarity index 54% rename from syft/cataloger/common/generic_cataloger.go rename to syft/pkg/cataloger/common/generic_cataloger.go index c4783b176..5471a9129 100644 --- a/syft/cataloger/common/generic_cataloger.go +++ b/syft/pkg/cataloger/common/generic_cataloger.go @@ -4,7 +4,7 @@ Package common provides generic utilities used by multiple catalogers. package common import ( - "io" + "fmt" "github.com/anchore/syft/internal/log" "github.com/anchore/syft/syft/pkg" @@ -16,8 +16,6 @@ import ( type GenericCataloger struct { globParsers map[string]ParserFn pathParsers map[string]ParserFn - selectedFiles []source.Location - parsers map[source.Location]ParserFn upstreamCataloger string } @@ -26,8 +24,6 @@ func NewGenericCataloger(pathParsers map[string]ParserFn, globParsers map[string return &GenericCataloger{ globParsers: globParsers, pathParsers: pathParsers, - selectedFiles: make([]source.Location, 0), - parsers: make(map[source.Location]ParserFn), upstreamCataloger: upstreamCataloger, } } @@ -37,74 +33,22 @@ func (c *GenericCataloger) Name() string { return c.upstreamCataloger } -// register pairs a set of file references with a parser function for future cataloging (when the file contents are resolved) -func (c *GenericCataloger) register(files []source.Location, parser ParserFn) { - c.selectedFiles = append(c.selectedFiles, files...) - for _, f := range files { - c.parsers[f] = parser - } -} - -// clear deletes all registered file-reference-to-parser-function pairings from former SelectFiles() and register() calls -func (c *GenericCataloger) clear() { - c.selectedFiles = make([]source.Location, 0) - c.parsers = make(map[source.Location]ParserFn) -} - // Catalog is given an object to resolve file references and content, this function returns any discovered Packages after analyzing the catalog source. -func (c *GenericCataloger) Catalog(resolver source.Resolver) ([]pkg.Package, error) { - fileSelection := c.selectFiles(resolver) - contents, err := resolver.MultipleFileContentsByLocation(fileSelection) - if err != nil { - return nil, err - } - return c.catalog(contents) -} +func (c *GenericCataloger) Catalog(resolver source.FileResolver) ([]pkg.Package, error) { + var packages []pkg.Package + parserByLocation := c.selectFiles(resolver) -// SelectFiles takes a set of file trees and resolves and file references of interest for future cataloging -func (c *GenericCataloger) selectFiles(resolver source.FileResolver) []source.Location { - // select by exact path - for path, parser := range c.pathParsers { - files, err := resolver.FilesByPath(path) + for location, parser := range parserByLocation { + content, err := resolver.FileContentsByLocation(location) if err != nil { - log.Warnf("cataloger failed to select files by path: %+v", err) - } - if files != nil { - c.register(files, parser) - } - } - - // select by glob pattern - for globPattern, parser := range c.globParsers { - fileMatches, err := resolver.FilesByGlob(globPattern) - if err != nil { - log.Warnf("failed to find files by glob: %s", globPattern) - } - if fileMatches != nil { - c.register(fileMatches, parser) - } - } - - return c.selectedFiles -} - -// catalog takes a set of file contents and uses any configured parser functions to resolve and return discovered packages -func (c *GenericCataloger) catalog(contents map[source.Location]io.ReadCloser) ([]pkg.Package, error) { - defer c.clear() - - packages := make([]pkg.Package, 0) - - for location, parser := range c.parsers { - content, ok := contents[location] - if !ok { - log.Warnf("cataloger '%s' missing file content: %+v", c.upstreamCataloger, location) - continue + // TODO: fail or log? + return nil, fmt.Errorf("unable to fetch contents for location=%v : %w", location, err) } entries, err := parser(location.RealPath, content) if err != nil { // TODO: should we fail? or only log? - log.Warnf("cataloger '%s' failed to parse entries (%+v): %+v", c.upstreamCataloger, location, err) + log.Warnf("cataloger '%s' failed to parse entries (location=%+v): %+v", c.upstreamCataloger, location, err) continue } @@ -115,6 +59,34 @@ func (c *GenericCataloger) catalog(contents map[source.Location]io.ReadCloser) ( packages = append(packages, entry) } } - return packages, nil } + +// SelectFiles takes a set of file trees and resolves and file references of interest for future cataloging +func (c *GenericCataloger) selectFiles(resolver source.FilePathResolver) map[source.Location]ParserFn { + var parserByLocation = make(map[source.Location]ParserFn) + + // select by exact path + for path, parser := range c.pathParsers { + files, err := resolver.FilesByPath(path) + if err != nil { + log.Warnf("cataloger failed to select files by path: %+v", err) + } + for _, f := range files { + parserByLocation[f] = parser + } + } + + // select by glob pattern + for globPattern, parser := range c.globParsers { + fileMatches, err := resolver.FilesByGlob(globPattern) + if err != nil { + log.Warnf("failed to find files by glob: %s", globPattern) + } + for _, f := range fileMatches { + parserByLocation[f] = parser + } + } + + return parserByLocation +} diff --git a/syft/pkg/cataloger/common/generic_cataloger_test.go b/syft/pkg/cataloger/common/generic_cataloger_test.go new file mode 100644 index 000000000..8c1f4215c --- /dev/null +++ b/syft/pkg/cataloger/common/generic_cataloger_test.go @@ -0,0 +1,73 @@ +package common + +import ( + "fmt" + "io" + "io/ioutil" + "testing" + + "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/source" +) + +func parser(_ string, reader io.Reader) ([]pkg.Package, error) { + contents, err := ioutil.ReadAll(reader) + if err != nil { + panic(err) + } + return []pkg.Package{ + { + Name: string(contents), + }, + }, nil +} + +func TestGenericCataloger(t *testing.T) { + + globParsers := map[string]ParserFn{ + "**a-path.txt": parser, + } + pathParsers := map[string]ParserFn{ + "test-fixtures/another-path.txt": parser, + "test-fixtures/last/path.txt": parser, + } + upstream := "some-other-cataloger" + + expectedSelection := []string{"test-fixtures/last/path.txt", "test-fixtures/another-path.txt", "test-fixtures/a-path.txt"} + resolver := source.NewMockResolverForPaths(expectedSelection...) + cataloger := NewGenericCataloger(pathParsers, globParsers, upstream) + + expectedPkgs := make(map[string]pkg.Package) + for _, path := range expectedSelection { + expectedPkgs[path] = pkg.Package{ + FoundBy: upstream, + Name: fmt.Sprintf("%s file contents!", path), + } + } + + actualPkgs, err := cataloger.Catalog(resolver) + if err != nil { + t.Fatalf("cataloger catalog action failed: %+v", err) + } + + if len(actualPkgs) != len(expectedPkgs) { + t.Fatalf("unexpected packages len: %d", len(actualPkgs)) + } + + for _, p := range actualPkgs { + ref := p.Locations[0] + exP, ok := expectedPkgs[ref.RealPath] + if !ok { + t.Errorf("missing expected pkg: ref=%+v", ref) + continue + } + + if p.FoundBy != exP.FoundBy { + t.Errorf("bad upstream: %s", p.FoundBy) + } + + if exP.Name != p.Name { + t.Errorf("bad contents mapping: %+v", p.Locations) + } + } +} diff --git a/syft/cataloger/common/parser.go b/syft/pkg/cataloger/common/parser.go similarity index 100% rename from syft/cataloger/common/parser.go rename to syft/pkg/cataloger/common/parser.go diff --git a/syft/pkg/cataloger/common/test-fixtures/a-path.txt b/syft/pkg/cataloger/common/test-fixtures/a-path.txt new file mode 100644 index 000000000..67e954034 --- /dev/null +++ b/syft/pkg/cataloger/common/test-fixtures/a-path.txt @@ -0,0 +1 @@ +test-fixtures/a-path.txt file contents! \ No newline at end of file diff --git a/syft/pkg/cataloger/common/test-fixtures/another-path.txt b/syft/pkg/cataloger/common/test-fixtures/another-path.txt new file mode 100644 index 000000000..0d654f8fe --- /dev/null +++ b/syft/pkg/cataloger/common/test-fixtures/another-path.txt @@ -0,0 +1 @@ +test-fixtures/another-path.txt file contents! \ No newline at end of file diff --git a/syft/pkg/cataloger/common/test-fixtures/last/path.txt b/syft/pkg/cataloger/common/test-fixtures/last/path.txt new file mode 100644 index 000000000..3d4a165ab --- /dev/null +++ b/syft/pkg/cataloger/common/test-fixtures/last/path.txt @@ -0,0 +1 @@ +test-fixtures/last/path.txt file contents! \ No newline at end of file diff --git a/syft/cataloger/cpe.go b/syft/pkg/cataloger/cpe.go similarity index 100% rename from syft/cataloger/cpe.go rename to syft/pkg/cataloger/cpe.go diff --git a/syft/cataloger/cpe_specificity.go b/syft/pkg/cataloger/cpe_specificity.go similarity index 100% rename from syft/cataloger/cpe_specificity.go rename to syft/pkg/cataloger/cpe_specificity.go diff --git a/syft/cataloger/cpe_test.go b/syft/pkg/cataloger/cpe_test.go similarity index 100% rename from syft/cataloger/cpe_test.go rename to syft/pkg/cataloger/cpe_test.go diff --git a/syft/pkg/cataloger/deb/cataloger.go b/syft/pkg/cataloger/deb/cataloger.go new file mode 100644 index 000000000..34c3df3ac --- /dev/null +++ b/syft/pkg/cataloger/deb/cataloger.go @@ -0,0 +1,156 @@ +/* +Package dpkg provides a concrete Cataloger implementation for Debian package DB status files. +*/ +package deb + +import ( + "fmt" + "io" + "path" + "path/filepath" + + "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/source" +) + +const ( + md5sumsExt = ".md5sums" + docsPath = "/usr/share/doc" +) + +type Cataloger struct{} + +// NewDpkgdbCataloger returns a new Deb package cataloger object. +func NewDpkgdbCataloger() *Cataloger { + return &Cataloger{} +} + +// Name returns a string that uniquely describes a cataloger +func (c *Cataloger) Name() string { + return "dpkgdb-cataloger" +} + +// Catalog is given an object to resolve file references and content, this function returns any discovered Packages after analyzing dpkg support files. +// nolint:funlen +func (c *Cataloger) Catalog(resolver source.FileResolver) ([]pkg.Package, error) { + dbFileMatches, err := resolver.FilesByGlob(pkg.DpkgDbGlob) + if err != nil { + return nil, fmt.Errorf("failed to find dpkg status files's by glob: %w", err) + } + + var results []pkg.Package + var pkgs []pkg.Package + for _, dbLocation := range dbFileMatches { + dbContents, err := resolver.FileContentsByLocation(dbLocation) + if err != nil { + return nil, err + } + + pkgs, err = parseDpkgStatus(dbContents) + if err != nil { + return nil, fmt.Errorf("unable to catalog dpkg package=%+v: %w", dbLocation.RealPath, err) + } + + for i := range pkgs { + p := &pkgs[i] + p.FoundBy = c.Name() + p.Locations = []source.Location{dbLocation} + + metadata := p.Metadata.(pkg.DpkgMetadata) + + md5Reader, md5Location, err := fetchMd5Contents(resolver, dbLocation, p) + if err != nil { + return nil, fmt.Errorf("unable to find dpkg md5 contents: %w", err) + } + + if md5Reader != nil { + // attach the file list + metadata.Files = parseDpkgMD5Info(md5Reader) + + // keep a record of the file where this was discovered + if md5Location != nil { + p.Locations = append(p.Locations, *md5Location) + } + } else { + // ensure the file list is an empty collection (not nil) + metadata.Files = make([]pkg.DpkgFileRecord, 0) + } + + // persist alterations + p.Metadata = metadata + + // get license information from the copyright file + copyrightReader, copyrightLocation, err := fetchCopyrightContents(resolver, dbLocation, p) + if err != nil { + return nil, fmt.Errorf("unable to find dpkg copyright contents: %w", err) + } + + if copyrightReader != nil { + // attach the licenses + p.Licenses = parseLicensesFromCopyright(copyrightReader) + + // keep a record of the file where this was discovered + if copyrightLocation != nil { + p.Locations = append(p.Locations, *copyrightLocation) + } + } + } + + results = append(results, pkgs...) + } + return results, nil +} + +func fetchMd5Contents(resolver source.FileResolver, dbLocation source.Location, p *pkg.Package) (io.Reader, *source.Location, error) { + parentPath := filepath.Dir(dbLocation.RealPath) + + // look for /var/lib/dpkg/info/NAME:ARCH.md5sums + name := md5Key(p) + md5SumLocation := resolver.RelativeFileByPath(dbLocation, path.Join(parentPath, "info", name+md5sumsExt)) + + if md5SumLocation == nil { + // the most specific key did not work, fallback to just the name + // look for /var/lib/dpkg/info/NAME.md5sums + md5SumLocation = resolver.RelativeFileByPath(dbLocation, path.Join(parentPath, "info", p.Name+md5sumsExt)) + } + + // this is unexpected, but not a show-stopper + if md5SumLocation == nil { + return nil, nil, nil + } + + reader, err := resolver.FileContentsByLocation(*md5SumLocation) + if err != nil { + return nil, nil, fmt.Errorf("failed to fetch deb md5 contents (%+v): %w", p, err) + } + return reader, md5SumLocation, nil +} + +func fetchCopyrightContents(resolver source.FileResolver, dbLocation source.Location, p *pkg.Package) (io.Reader, *source.Location, error) { + // look for /usr/share/docs/NAME/copyright files + name := p.Name + copyrightPath := path.Join(docsPath, name, "copyright") + copyrightLocation := resolver.RelativeFileByPath(dbLocation, copyrightPath) + + // we may not have a copyright file for each package, ignore missing files + if copyrightLocation == nil { + return nil, nil, nil + } + + reader, err := resolver.FileContentsByLocation(*copyrightLocation) + if err != nil { + return nil, nil, fmt.Errorf("failed to fetch deb copyright contents (%+v): %w", p, err) + } + + return reader, copyrightLocation, nil +} + +func md5Key(p *pkg.Package) string { + metadata := p.Metadata.(pkg.DpkgMetadata) + + contentKey := p.Name + if metadata.Architecture != "" && metadata.Architecture != "all" { + contentKey = contentKey + ":" + metadata.Architecture + } + return contentKey +} diff --git a/syft/cataloger/deb/cataloger_test.go b/syft/pkg/cataloger/deb/cataloger_test.go similarity index 89% rename from syft/cataloger/deb/cataloger_test.go rename to syft/pkg/cataloger/deb/cataloger_test.go index d7e9079b5..b856a0cb9 100644 --- a/syft/cataloger/deb/cataloger_test.go +++ b/syft/pkg/cataloger/deb/cataloger_test.go @@ -51,17 +51,21 @@ func TestDpkgCataloger(t *testing.T) { for _, test := range tests { t.Run(test.name, func(t *testing.T) { - img, cleanup := imagetest.GetFixtureImage(t, "docker-archive", "image-dpkg") - defer cleanup() + img := imagetest.GetFixtureImage(t, "docker-archive", "image-dpkg") - s, err := source.NewFromImage(img, source.SquashedScope, "") + s, err := source.NewFromImage(img, "") if err != nil { t.Fatal(err) } c := NewDpkgdbCataloger() - actual, err := c.Catalog(s.Resolver) + resolver, err := s.FileResolver(source.SquashedScope) + if err != nil { + t.Errorf("could not get resolver error: %+v", err) + } + + actual, err := c.Catalog(resolver) if err != nil { t.Fatalf("failed to catalog: %+v", err) } diff --git a/syft/cataloger/deb/parse_copyright.go b/syft/pkg/cataloger/deb/parse_copyright.go similarity index 100% rename from syft/cataloger/deb/parse_copyright.go rename to syft/pkg/cataloger/deb/parse_copyright.go diff --git a/syft/cataloger/deb/parse_copyright_test.go b/syft/pkg/cataloger/deb/parse_copyright_test.go similarity index 100% rename from syft/cataloger/deb/parse_copyright_test.go rename to syft/pkg/cataloger/deb/parse_copyright_test.go diff --git a/syft/cataloger/deb/parse_dpkg_info_files.go b/syft/pkg/cataloger/deb/parse_dpkg_info_files.go similarity index 100% rename from syft/cataloger/deb/parse_dpkg_info_files.go rename to syft/pkg/cataloger/deb/parse_dpkg_info_files.go diff --git a/syft/cataloger/deb/parse_dpkg_info_files_test.go b/syft/pkg/cataloger/deb/parse_dpkg_info_files_test.go similarity index 100% rename from syft/cataloger/deb/parse_dpkg_info_files_test.go rename to syft/pkg/cataloger/deb/parse_dpkg_info_files_test.go diff --git a/syft/cataloger/deb/parse_dpkg_status.go b/syft/pkg/cataloger/deb/parse_dpkg_status.go similarity index 100% rename from syft/cataloger/deb/parse_dpkg_status.go rename to syft/pkg/cataloger/deb/parse_dpkg_status.go diff --git a/syft/cataloger/deb/parse_dpkg_status_test.go b/syft/pkg/cataloger/deb/parse_dpkg_status_test.go similarity index 100% rename from syft/cataloger/deb/parse_dpkg_status_test.go rename to syft/pkg/cataloger/deb/parse_dpkg_status_test.go diff --git a/syft/cataloger/deb/test-fixtures/copyright/libaudit-common b/syft/pkg/cataloger/deb/test-fixtures/copyright/libaudit-common similarity index 100% rename from syft/cataloger/deb/test-fixtures/copyright/libaudit-common rename to syft/pkg/cataloger/deb/test-fixtures/copyright/libaudit-common diff --git a/syft/cataloger/deb/test-fixtures/copyright/liblzma5 b/syft/pkg/cataloger/deb/test-fixtures/copyright/liblzma5 similarity index 100% rename from syft/cataloger/deb/test-fixtures/copyright/liblzma5 rename to syft/pkg/cataloger/deb/test-fixtures/copyright/liblzma5 diff --git a/syft/cataloger/deb/test-fixtures/copyright/python b/syft/pkg/cataloger/deb/test-fixtures/copyright/python similarity index 100% rename from syft/cataloger/deb/test-fixtures/copyright/python rename to syft/pkg/cataloger/deb/test-fixtures/copyright/python diff --git a/syft/cataloger/deb/test-fixtures/copyright/trilicense b/syft/pkg/cataloger/deb/test-fixtures/copyright/trilicense similarity index 100% rename from syft/cataloger/deb/test-fixtures/copyright/trilicense rename to syft/pkg/cataloger/deb/test-fixtures/copyright/trilicense diff --git a/syft/cataloger/deb/test-fixtures/image-dpkg/Dockerfile b/syft/pkg/cataloger/deb/test-fixtures/image-dpkg/Dockerfile similarity index 100% rename from syft/cataloger/deb/test-fixtures/image-dpkg/Dockerfile rename to syft/pkg/cataloger/deb/test-fixtures/image-dpkg/Dockerfile diff --git a/syft/cataloger/deb/test-fixtures/image-dpkg/usr/share/doc/libpam-runtime/copyright b/syft/pkg/cataloger/deb/test-fixtures/image-dpkg/usr/share/doc/libpam-runtime/copyright similarity index 100% rename from syft/cataloger/deb/test-fixtures/image-dpkg/usr/share/doc/libpam-runtime/copyright rename to syft/pkg/cataloger/deb/test-fixtures/image-dpkg/usr/share/doc/libpam-runtime/copyright diff --git a/syft/cataloger/deb/test-fixtures/image-dpkg/var/lib/dpkg/info/libpam-runtime.md5sums b/syft/pkg/cataloger/deb/test-fixtures/image-dpkg/var/lib/dpkg/info/libpam-runtime.md5sums similarity index 100% rename from syft/cataloger/deb/test-fixtures/image-dpkg/var/lib/dpkg/info/libpam-runtime.md5sums rename to syft/pkg/cataloger/deb/test-fixtures/image-dpkg/var/lib/dpkg/info/libpam-runtime.md5sums diff --git a/syft/cataloger/deb/test-fixtures/image-dpkg/var/lib/dpkg/status b/syft/pkg/cataloger/deb/test-fixtures/image-dpkg/var/lib/dpkg/status similarity index 100% rename from syft/cataloger/deb/test-fixtures/image-dpkg/var/lib/dpkg/status rename to syft/pkg/cataloger/deb/test-fixtures/image-dpkg/var/lib/dpkg/status diff --git a/syft/cataloger/deb/test-fixtures/info/zlib1g.md5sums b/syft/pkg/cataloger/deb/test-fixtures/info/zlib1g.md5sums similarity index 100% rename from syft/cataloger/deb/test-fixtures/info/zlib1g.md5sums rename to syft/pkg/cataloger/deb/test-fixtures/info/zlib1g.md5sums diff --git a/syft/cataloger/deb/test-fixtures/status/multiple b/syft/pkg/cataloger/deb/test-fixtures/status/multiple similarity index 100% rename from syft/cataloger/deb/test-fixtures/status/multiple rename to syft/pkg/cataloger/deb/test-fixtures/status/multiple diff --git a/syft/cataloger/deb/test-fixtures/status/single b/syft/pkg/cataloger/deb/test-fixtures/status/single similarity index 100% rename from syft/cataloger/deb/test-fixtures/status/single rename to syft/pkg/cataloger/deb/test-fixtures/status/single diff --git a/syft/cataloger/golang/cataloger.go b/syft/pkg/cataloger/golang/cataloger.go similarity index 87% rename from syft/cataloger/golang/cataloger.go rename to syft/pkg/cataloger/golang/cataloger.go index 268bc1cd0..34f33a595 100644 --- a/syft/cataloger/golang/cataloger.go +++ b/syft/pkg/cataloger/golang/cataloger.go @@ -4,7 +4,7 @@ Package golang provides a concrete Cataloger implementation for go.mod files. package golang import ( - "github.com/anchore/syft/syft/cataloger/common" + "github.com/anchore/syft/syft/pkg/cataloger/common" ) // NewGoModCataloger returns a new Go module cataloger object. diff --git a/syft/cataloger/golang/parse_go_mod.go b/syft/pkg/cataloger/golang/parse_go_mod.go similarity index 100% rename from syft/cataloger/golang/parse_go_mod.go rename to syft/pkg/cataloger/golang/parse_go_mod.go diff --git a/syft/cataloger/golang/parse_go_mod_test.go b/syft/pkg/cataloger/golang/parse_go_mod_test.go similarity index 100% rename from syft/cataloger/golang/parse_go_mod_test.go rename to syft/pkg/cataloger/golang/parse_go_mod_test.go diff --git a/syft/cataloger/golang/test-fixtures/many-packages b/syft/pkg/cataloger/golang/test-fixtures/many-packages similarity index 100% rename from syft/cataloger/golang/test-fixtures/many-packages rename to syft/pkg/cataloger/golang/test-fixtures/many-packages diff --git a/syft/cataloger/golang/test-fixtures/one-package b/syft/pkg/cataloger/golang/test-fixtures/one-package similarity index 100% rename from syft/cataloger/golang/test-fixtures/one-package rename to syft/pkg/cataloger/golang/test-fixtures/one-package diff --git a/syft/cataloger/java/archive_filename.go b/syft/pkg/cataloger/java/archive_filename.go similarity index 100% rename from syft/cataloger/java/archive_filename.go rename to syft/pkg/cataloger/java/archive_filename.go diff --git a/syft/cataloger/java/archive_filename_test.go b/syft/pkg/cataloger/java/archive_filename_test.go similarity index 100% rename from syft/cataloger/java/archive_filename_test.go rename to syft/pkg/cataloger/java/archive_filename_test.go diff --git a/syft/cataloger/java/archive_parser.go b/syft/pkg/cataloger/java/archive_parser.go similarity index 99% rename from syft/cataloger/java/archive_parser.go rename to syft/pkg/cataloger/java/archive_parser.go index 05446ae08..711ca0d1b 100644 --- a/syft/cataloger/java/archive_parser.go +++ b/syft/pkg/cataloger/java/archive_parser.go @@ -9,8 +9,8 @@ import ( "github.com/anchore/syft/internal" "github.com/anchore/syft/internal/file" - "github.com/anchore/syft/syft/cataloger/common" "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/pkg/cataloger/common" ) // integrity check diff --git a/syft/cataloger/java/archive_parser_test.go b/syft/pkg/cataloger/java/archive_parser_test.go similarity index 100% rename from syft/cataloger/java/archive_parser_test.go rename to syft/pkg/cataloger/java/archive_parser_test.go diff --git a/syft/cataloger/java/cataloger.go b/syft/pkg/cataloger/java/cataloger.go similarity index 89% rename from syft/cataloger/java/cataloger.go rename to syft/pkg/cataloger/java/cataloger.go index 35d776e93..2285c6474 100644 --- a/syft/cataloger/java/cataloger.go +++ b/syft/pkg/cataloger/java/cataloger.go @@ -4,7 +4,7 @@ Package java provides a concrete Cataloger implementation for Java archives (jar package java import ( - "github.com/anchore/syft/syft/cataloger/common" + "github.com/anchore/syft/syft/pkg/cataloger/common" ) // NewJavaCataloger returns a new Java archive cataloger object. diff --git a/syft/cataloger/java/java_manifest.go b/syft/pkg/cataloger/java/java_manifest.go similarity index 100% rename from syft/cataloger/java/java_manifest.go rename to syft/pkg/cataloger/java/java_manifest.go diff --git a/syft/cataloger/java/java_manifest_test.go b/syft/pkg/cataloger/java/java_manifest_test.go similarity index 100% rename from syft/cataloger/java/java_manifest_test.go rename to syft/pkg/cataloger/java/java_manifest_test.go diff --git a/syft/cataloger/java/pom_properties.go b/syft/pkg/cataloger/java/pom_properties.go similarity index 100% rename from syft/cataloger/java/pom_properties.go rename to syft/pkg/cataloger/java/pom_properties.go diff --git a/syft/cataloger/java/pom_properties_test.go b/syft/pkg/cataloger/java/pom_properties_test.go similarity index 100% rename from syft/cataloger/java/pom_properties_test.go rename to syft/pkg/cataloger/java/pom_properties_test.go diff --git a/syft/cataloger/java/save_archive_to_tmp.go b/syft/pkg/cataloger/java/save_archive_to_tmp.go similarity index 100% rename from syft/cataloger/java/save_archive_to_tmp.go rename to syft/pkg/cataloger/java/save_archive_to_tmp.go diff --git a/syft/cataloger/java/test-fixtures/java-builds/.gitignore b/syft/pkg/cataloger/java/test-fixtures/java-builds/.gitignore similarity index 87% rename from syft/cataloger/java/test-fixtures/java-builds/.gitignore rename to syft/pkg/cataloger/java/test-fixtures/java-builds/.gitignore index 1685225cc..b954422b0 100644 --- a/syft/cataloger/java/test-fixtures/java-builds/.gitignore +++ b/syft/pkg/cataloger/java/test-fixtures/java-builds/.gitignore @@ -1,4 +1,4 @@ -/packages/* +/packages/sb *.fingerprint # maven when running in a volume may spit out directories like this **/\?/ diff --git a/syft/cataloger/java/test-fixtures/java-builds/Makefile b/syft/pkg/cataloger/java/test-fixtures/java-builds/Makefile similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/Makefile rename to syft/pkg/cataloger/java/test-fixtures/java-builds/Makefile diff --git a/syft/cataloger/java/test-fixtures/java-builds/build-example-java-app-gradle.sh b/syft/pkg/cataloger/java/test-fixtures/java-builds/build-example-java-app-gradle.sh similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/build-example-java-app-gradle.sh rename to syft/pkg/cataloger/java/test-fixtures/java-builds/build-example-java-app-gradle.sh diff --git a/syft/cataloger/java/test-fixtures/java-builds/build-example-java-app-maven.sh b/syft/pkg/cataloger/java/test-fixtures/java-builds/build-example-java-app-maven.sh similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/build-example-java-app-maven.sh rename to syft/pkg/cataloger/java/test-fixtures/java-builds/build-example-java-app-maven.sh diff --git a/syft/cataloger/java/test-fixtures/java-builds/build-example-jenkins-plugin.sh b/syft/pkg/cataloger/java/test-fixtures/java-builds/build-example-jenkins-plugin.sh similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/build-example-jenkins-plugin.sh rename to syft/pkg/cataloger/java/test-fixtures/java-builds/build-example-jenkins-plugin.sh diff --git a/syft/cataloger/java/test-fixtures/java-builds/build-example-sb-app-nestedjar.sh b/syft/pkg/cataloger/java/test-fixtures/java-builds/build-example-sb-app-nestedjar.sh similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/build-example-sb-app-nestedjar.sh rename to syft/pkg/cataloger/java/test-fixtures/java-builds/build-example-sb-app-nestedjar.sh diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-java-app/.gitignore b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-java-app/.gitignore similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-java-app/.gitignore rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-java-app/.gitignore diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-java-app/build.gradle b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-java-app/build.gradle similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-java-app/build.gradle rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-java-app/build.gradle diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-java-app/pom.xml b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-java-app/pom.xml similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-java-app/pom.xml rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-java-app/pom.xml diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-java-app/src/main/java/hello/Greeter.java b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-java-app/src/main/java/hello/Greeter.java similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-java-app/src/main/java/hello/Greeter.java rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-java-app/src/main/java/hello/Greeter.java diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-java-app/src/main/java/hello/HelloWorld.java b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-java-app/src/main/java/hello/HelloWorld.java similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-java-app/src/main/java/hello/HelloWorld.java rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-java-app/src/main/java/hello/HelloWorld.java diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/pom.xml b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/pom.xml similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/pom.xml rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/pom.xml diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/java/io/jenkins/plugins/sample/HelloWorldBuilder.java b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/java/io/jenkins/plugins/sample/HelloWorldBuilder.java similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/java/io/jenkins/plugins/sample/HelloWorldBuilder.java rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/java/io/jenkins/plugins/sample/HelloWorldBuilder.java diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/index.jelly b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/index.jelly similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/index.jelly rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/index.jelly diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/config.jelly b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/config.jelly similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/config.jelly rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/config.jelly diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/config.properties b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/config.properties similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/config.properties rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/config.properties diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/config_fr.properties b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/config_fr.properties similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/config_fr.properties rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/config_fr.properties diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/help-name.html b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/help-name.html similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/help-name.html rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/help-name.html diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/help-name_fr.html b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/help-name_fr.html similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/help-name_fr.html rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/help-name_fr.html diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/help-useFrench.html b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/help-useFrench.html similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/help-useFrench.html rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/help-useFrench.html diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/help-useFrench_fr.html b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/help-useFrench_fr.html similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/help-useFrench_fr.html rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/HelloWorldBuilder/help-useFrench_fr.html diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/Messages.properties b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/Messages.properties similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/Messages.properties rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/Messages.properties diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/Messages_fr.properties b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/Messages_fr.properties similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/Messages_fr.properties rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-jenkins-plugin/src/main/resources/io/jenkins/plugins/sample/Messages_fr.properties diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-sb-app/.gitignore b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-sb-app/.gitignore similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-sb-app/.gitignore rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-sb-app/.gitignore diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-sb-app/pom.xml b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-sb-app/pom.xml similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-sb-app/pom.xml rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-sb-app/pom.xml diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-sb-app/src/main/java/com/example/springboot/Application.java b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-sb-app/src/main/java/com/example/springboot/Application.java similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-sb-app/src/main/java/com/example/springboot/Application.java rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-sb-app/src/main/java/com/example/springboot/Application.java diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-sb-app/src/main/java/com/example/springboot/HelloController.java b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-sb-app/src/main/java/com/example/springboot/HelloController.java similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-sb-app/src/main/java/com/example/springboot/HelloController.java rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-sb-app/src/main/java/com/example/springboot/HelloController.java diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-sb-app/src/test/java/com/example/springboot/HelloControllerIT.java b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-sb-app/src/test/java/com/example/springboot/HelloControllerIT.java similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-sb-app/src/test/java/com/example/springboot/HelloControllerIT.java rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-sb-app/src/test/java/com/example/springboot/HelloControllerIT.java diff --git a/syft/cataloger/java/test-fixtures/java-builds/example-sb-app/src/test/java/com/example/springboot/HelloControllerTest.java b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-sb-app/src/test/java/com/example/springboot/HelloControllerTest.java similarity index 100% rename from syft/cataloger/java/test-fixtures/java-builds/example-sb-app/src/test/java/com/example/springboot/HelloControllerTest.java rename to syft/pkg/cataloger/java/test-fixtures/java-builds/example-sb-app/src/test/java/com/example/springboot/HelloControllerTest.java diff --git a/syft/cataloger/java/test-fixtures/manifest/continuation b/syft/pkg/cataloger/java/test-fixtures/manifest/continuation similarity index 100% rename from syft/cataloger/java/test-fixtures/manifest/continuation rename to syft/pkg/cataloger/java/test-fixtures/manifest/continuation diff --git a/syft/cataloger/java/test-fixtures/manifest/extra-info b/syft/pkg/cataloger/java/test-fixtures/manifest/extra-info similarity index 100% rename from syft/cataloger/java/test-fixtures/manifest/extra-info rename to syft/pkg/cataloger/java/test-fixtures/manifest/extra-info diff --git a/syft/cataloger/java/test-fixtures/manifest/small b/syft/pkg/cataloger/java/test-fixtures/manifest/small similarity index 100% rename from syft/cataloger/java/test-fixtures/manifest/small rename to syft/pkg/cataloger/java/test-fixtures/manifest/small diff --git a/syft/cataloger/java/test-fixtures/manifest/standard-info b/syft/pkg/cataloger/java/test-fixtures/manifest/standard-info similarity index 100% rename from syft/cataloger/java/test-fixtures/manifest/standard-info rename to syft/pkg/cataloger/java/test-fixtures/manifest/standard-info diff --git a/syft/cataloger/java/test-fixtures/manifest/version-with-date b/syft/pkg/cataloger/java/test-fixtures/manifest/version-with-date similarity index 100% rename from syft/cataloger/java/test-fixtures/manifest/version-with-date rename to syft/pkg/cataloger/java/test-fixtures/manifest/version-with-date diff --git a/syft/cataloger/java/test-fixtures/pom/extra.pom.properties b/syft/pkg/cataloger/java/test-fixtures/pom/extra.pom.properties similarity index 100% rename from syft/cataloger/java/test-fixtures/pom/extra.pom.properties rename to syft/pkg/cataloger/java/test-fixtures/pom/extra.pom.properties diff --git a/syft/cataloger/java/test-fixtures/pom/small.pom.properties b/syft/pkg/cataloger/java/test-fixtures/pom/small.pom.properties similarity index 100% rename from syft/cataloger/java/test-fixtures/pom/small.pom.properties rename to syft/pkg/cataloger/java/test-fixtures/pom/small.pom.properties diff --git a/syft/cataloger/javascript/cataloger.go b/syft/pkg/cataloger/javascript/cataloger.go similarity index 94% rename from syft/cataloger/javascript/cataloger.go rename to syft/pkg/cataloger/javascript/cataloger.go index fe709d458..791554a5d 100644 --- a/syft/cataloger/javascript/cataloger.go +++ b/syft/pkg/cataloger/javascript/cataloger.go @@ -4,7 +4,7 @@ Package javascript provides a concrete Cataloger implementation for JavaScript e package javascript import ( - "github.com/anchore/syft/syft/cataloger/common" + "github.com/anchore/syft/syft/pkg/cataloger/common" ) // NewJavascriptPackageCataloger returns a new JavaScript cataloger object based on detection of npm based packages. diff --git a/syft/cataloger/javascript/parse_package_json.go b/syft/pkg/cataloger/javascript/parse_package_json.go similarity index 97% rename from syft/cataloger/javascript/parse_package_json.go rename to syft/pkg/cataloger/javascript/parse_package_json.go index 5a4fbadc9..d5ff50142 100644 --- a/syft/cataloger/javascript/parse_package_json.go +++ b/syft/pkg/cataloger/javascript/parse_package_json.go @@ -13,8 +13,8 @@ import ( "github.com/mitchellh/mapstructure" - "github.com/anchore/syft/syft/cataloger/common" "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/pkg/cataloger/common" ) // integrity check @@ -161,7 +161,7 @@ func licensesFromJSON(p PackageJSON) ([]string, error) { return nil, fmt.Errorf("unable to parse license field: %w", err) } -// parsePackageJson parses a package.json and returns the discovered JavaScript packages. +// parsePackageJSON parses a package.json and returns the discovered JavaScript packages. func parsePackageJSON(_ string, reader io.Reader) ([]pkg.Package, error) { packages := make([]pkg.Package, 0) dec := json.NewDecoder(reader) diff --git a/syft/cataloger/javascript/parse_package_json_test.go b/syft/pkg/cataloger/javascript/parse_package_json_test.go similarity index 100% rename from syft/cataloger/javascript/parse_package_json_test.go rename to syft/pkg/cataloger/javascript/parse_package_json_test.go diff --git a/syft/cataloger/javascript/parse_package_lock.go b/syft/pkg/cataloger/javascript/parse_package_lock.go similarity index 96% rename from syft/cataloger/javascript/parse_package_lock.go rename to syft/pkg/cataloger/javascript/parse_package_lock.go index 4018cbf63..c4f3a8f99 100644 --- a/syft/cataloger/javascript/parse_package_lock.go +++ b/syft/pkg/cataloger/javascript/parse_package_lock.go @@ -5,8 +5,8 @@ import ( "fmt" "io" - "github.com/anchore/syft/syft/cataloger/common" "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/pkg/cataloger/common" ) // integrity check diff --git a/syft/cataloger/javascript/parse_package_lock_test.go b/syft/pkg/cataloger/javascript/parse_package_lock_test.go similarity index 100% rename from syft/cataloger/javascript/parse_package_lock_test.go rename to syft/pkg/cataloger/javascript/parse_package_lock_test.go diff --git a/syft/cataloger/javascript/parse_yarn_lock.go b/syft/pkg/cataloger/javascript/parse_yarn_lock.go similarity index 97% rename from syft/cataloger/javascript/parse_yarn_lock.go rename to syft/pkg/cataloger/javascript/parse_yarn_lock.go index 5e18c5aff..078610d47 100644 --- a/syft/cataloger/javascript/parse_yarn_lock.go +++ b/syft/pkg/cataloger/javascript/parse_yarn_lock.go @@ -8,8 +8,8 @@ import ( "strings" "github.com/anchore/syft/internal/log" - "github.com/anchore/syft/syft/cataloger/common" "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/pkg/cataloger/common" ) // integrity check diff --git a/syft/cataloger/javascript/parse_yarn_lock_test.go b/syft/pkg/cataloger/javascript/parse_yarn_lock_test.go similarity index 100% rename from syft/cataloger/javascript/parse_yarn_lock_test.go rename to syft/pkg/cataloger/javascript/parse_yarn_lock_test.go diff --git a/syft/cataloger/javascript/test-fixtures/pkg-json/package-license-object.json b/syft/pkg/cataloger/javascript/test-fixtures/pkg-json/package-license-object.json similarity index 100% rename from syft/cataloger/javascript/test-fixtures/pkg-json/package-license-object.json rename to syft/pkg/cataloger/javascript/test-fixtures/pkg-json/package-license-object.json diff --git a/syft/cataloger/javascript/test-fixtures/pkg-json/package-license-objects.json b/syft/pkg/cataloger/javascript/test-fixtures/pkg-json/package-license-objects.json similarity index 100% rename from syft/cataloger/javascript/test-fixtures/pkg-json/package-license-objects.json rename to syft/pkg/cataloger/javascript/test-fixtures/pkg-json/package-license-objects.json diff --git a/syft/cataloger/javascript/test-fixtures/pkg-json/package-nested-author.json b/syft/pkg/cataloger/javascript/test-fixtures/pkg-json/package-nested-author.json similarity index 100% rename from syft/cataloger/javascript/test-fixtures/pkg-json/package-nested-author.json rename to syft/pkg/cataloger/javascript/test-fixtures/pkg-json/package-nested-author.json diff --git a/syft/cataloger/javascript/test-fixtures/pkg-json/package-no-license.json b/syft/pkg/cataloger/javascript/test-fixtures/pkg-json/package-no-license.json similarity index 100% rename from syft/cataloger/javascript/test-fixtures/pkg-json/package-no-license.json rename to syft/pkg/cataloger/javascript/test-fixtures/pkg-json/package-no-license.json diff --git a/syft/cataloger/javascript/test-fixtures/pkg-json/package-partial.json b/syft/pkg/cataloger/javascript/test-fixtures/pkg-json/package-partial.json similarity index 100% rename from syft/cataloger/javascript/test-fixtures/pkg-json/package-partial.json rename to syft/pkg/cataloger/javascript/test-fixtures/pkg-json/package-partial.json diff --git a/syft/cataloger/javascript/test-fixtures/pkg-json/package-repo-string.json b/syft/pkg/cataloger/javascript/test-fixtures/pkg-json/package-repo-string.json similarity index 100% rename from syft/cataloger/javascript/test-fixtures/pkg-json/package-repo-string.json rename to syft/pkg/cataloger/javascript/test-fixtures/pkg-json/package-repo-string.json diff --git a/syft/cataloger/javascript/test-fixtures/pkg-json/package.json b/syft/pkg/cataloger/javascript/test-fixtures/pkg-json/package.json similarity index 100% rename from syft/cataloger/javascript/test-fixtures/pkg-json/package.json rename to syft/pkg/cataloger/javascript/test-fixtures/pkg-json/package.json diff --git a/syft/cataloger/javascript/test-fixtures/pkg-lock/package-lock.json b/syft/pkg/cataloger/javascript/test-fixtures/pkg-lock/package-lock.json similarity index 100% rename from syft/cataloger/javascript/test-fixtures/pkg-lock/package-lock.json rename to syft/pkg/cataloger/javascript/test-fixtures/pkg-lock/package-lock.json diff --git a/syft/cataloger/javascript/test-fixtures/yarn/yarn.lock b/syft/pkg/cataloger/javascript/test-fixtures/yarn/yarn.lock similarity index 100% rename from syft/cataloger/javascript/test-fixtures/yarn/yarn.lock rename to syft/pkg/cataloger/javascript/test-fixtures/yarn/yarn.lock diff --git a/syft/cataloger/package_url.go b/syft/pkg/cataloger/package_url.go similarity index 100% rename from syft/cataloger/package_url.go rename to syft/pkg/cataloger/package_url.go diff --git a/syft/cataloger/package_url_test.go b/syft/pkg/cataloger/package_url_test.go similarity index 100% rename from syft/cataloger/package_url_test.go rename to syft/pkg/cataloger/package_url_test.go diff --git a/syft/cataloger/python/index_cataloger.go b/syft/pkg/cataloger/python/index_cataloger.go similarity index 92% rename from syft/cataloger/python/index_cataloger.go rename to syft/pkg/cataloger/python/index_cataloger.go index 620892b22..4c821a289 100644 --- a/syft/cataloger/python/index_cataloger.go +++ b/syft/pkg/cataloger/python/index_cataloger.go @@ -4,7 +4,7 @@ Package python provides a concrete Cataloger implementation for Python ecosystem package python import ( - "github.com/anchore/syft/syft/cataloger/common" + "github.com/anchore/syft/syft/pkg/cataloger/common" ) // NewPythonIndexCataloger returns a new cataloger for python packages referenced from poetry lock files, requirements.txt files, and setup.py files. diff --git a/syft/cataloger/python/package_cataloger.go b/syft/pkg/cataloger/python/package_cataloger.go similarity index 50% rename from syft/cataloger/python/package_cataloger.go rename to syft/pkg/cataloger/python/package_cataloger.go index af8360792..64540ad7b 100644 --- a/syft/cataloger/python/package_cataloger.go +++ b/syft/pkg/cataloger/python/package_cataloger.go @@ -3,6 +3,7 @@ package python import ( "bufio" "fmt" + "path/filepath" "github.com/anchore/syft/syft/pkg" @@ -28,64 +29,34 @@ func (c *PackageCataloger) Name() string { } // Catalog is given an object to resolve file references and content, this function returns any discovered Packages after analyzing python egg and wheel installations. -func (c *PackageCataloger) Catalog(resolver source.Resolver) ([]pkg.Package, error) { - entries, err := c.getPackageEntries(resolver) - if err != nil { - return nil, err +func (c *PackageCataloger) Catalog(resolver source.FileResolver) ([]pkg.Package, error) { + // nolint:prealloc + var fileMatches []source.Location + + for _, glob := range []string{eggMetadataGlob, wheelMetadataGlob, eggFileMetadataGlob} { + matches, err := resolver.FilesByGlob(glob) + if err != nil { + return nil, fmt.Errorf("failed to find files by glob: %s", glob) + } + fileMatches = append(fileMatches, matches...) } - var packages []pkg.Package - for _, entry := range entries { - p, err := c.catalogEggOrWheel(entry) + var pkgs []pkg.Package + for _, location := range fileMatches { + p, err := c.catalogEggOrWheel(resolver, location) if err != nil { - return nil, fmt.Errorf("unable to catalog python package=%+v: %w", entry.Metadata.Location.RealPath, err) + return nil, fmt.Errorf("unable to catalog python package=%+v: %w", location.RealPath, err) } if p != nil { - packages = append(packages, *p) + pkgs = append(pkgs, *p) } } - - return packages, nil -} - -// getPackageEntries fetches the contents for all python packages within the given resolver. -func (c *PackageCataloger) getPackageEntries(resolver source.Resolver) ([]*packageEntry, error) { - var metadataLocations []source.Location - - // find all primary record paths - matches, err := resolver.FilesByGlob(eggMetadataGlob, eggFileMetadataGlob, wheelMetadataGlob) - if err != nil { - return nil, fmt.Errorf("failed to find files by glob: %w", err) - } - metadataLocations = append(metadataLocations, matches...) - - // for every primary record path, craft all secondary record paths and build a request object to gather all file contents for each record - requester := source.NewContentRequester() - entries := make([]*packageEntry, len(metadataLocations)) - for i, metadataLocation := range metadataLocations { - // build the entry to process (holding only path information) - entry := newPackageEntry(resolver, metadataLocation) - - // populate the data onto the requester object - requester.Add(&entry.Metadata) - if entry.FileRecord != nil { - requester.Add(entry.FileRecord) - } - if entry.TopPackage != nil { - requester.Add(entry.TopPackage) - } - - // keep track of the entry for later package processing - entries[i] = entry - } - - // return the set of entries and execute the request for fetching contents - return entries, requester.Execute(resolver) + return pkgs, nil } // catalogEggOrWheel takes the primary metadata file reference and returns the python package it represents. -func (c *PackageCataloger) catalogEggOrWheel(entry *packageEntry) (*pkg.Package, error) { - metadata, sources, err := c.assembleEggOrWheelMetadata(entry) +func (c *PackageCataloger) catalogEggOrWheel(resolver source.FileResolver, metadataLocation source.Location) (*pkg.Package, error) { + metadata, sources, err := c.assembleEggOrWheelMetadata(resolver, metadataLocation) if err != nil { return nil, err } @@ -114,45 +85,26 @@ func (c *PackageCataloger) catalogEggOrWheel(entry *packageEntry) (*pkg.Package, }, nil } -// assembleEggOrWheelMetadata discovers and accumulates python package metadata from multiple file sources and returns a single metadata object as well as a list of files where the metadata was derived from. -func (c *PackageCataloger) assembleEggOrWheelMetadata(entry *packageEntry) (*pkg.PythonPackageMetadata, []source.Location, error) { - var sources = []source.Location{entry.Metadata.Location} - - metadata, err := parseWheelOrEggMetadata(entry.Metadata.Location.RealPath, entry.Metadata.Contents) - if err != nil { - return nil, nil, err - } - - // attach any python files found for the given wheel/egg installation - r, s, err := c.processRecordFiles(entry.FileRecord) - if err != nil { - return nil, nil, err - } - sources = append(sources, s...) - metadata.Files = r - - // attach any top-level package names found for the given wheel/egg installation - p, s, err := c.processTopLevelPackages(entry.TopPackage) - if err != nil { - return nil, nil, err - } - sources = append(sources, s...) - metadata.TopLevelPackages = p - - return &metadata, sources, nil -} - -// processRecordFiles takes a corresponding RECORD file for the given python package metadata file and returns the set of file records contained. -func (c *PackageCataloger) processRecordFiles(entry *source.FileData) (files []pkg.PythonFileRecord, sources []source.Location, err error) { +// fetchRecordFiles finds a corresponding RECORD file for the given python package metadata file and returns the set of file records contained. +func (c *PackageCataloger) fetchRecordFiles(resolver source.FileResolver, metadataLocation source.Location) (files []pkg.PythonFileRecord, sources []source.Location, err error) { // we've been given a file reference to a specific wheel METADATA file. note: this may be for a directory // or for an image... for an image the METADATA file may be present within multiple layers, so it is important // to reconcile the RECORD path to the same layer (or the next adjacent lower layer). - if entry != nil { - sources = append(sources, entry.Location) + // lets find the RECORD file relative to the directory where the METADATA file resides (in path AND layer structure) + recordPath := filepath.Join(filepath.Dir(metadataLocation.RealPath), "RECORD") + recordRef := resolver.RelativeFileByPath(metadataLocation, recordPath) + + if recordRef != nil { + sources = append(sources, *recordRef) + + recordContents, err := resolver.FileContentsByLocation(*recordRef) + if err != nil { + return nil, nil, err + } // parse the record contents - records, err := parseWheelOrEggRecord(entry.Contents) + records, err := parseWheelOrEggRecord(recordContents) if err != nil { return nil, nil, err } @@ -162,15 +114,25 @@ func (c *PackageCataloger) processRecordFiles(entry *source.FileData) (files []p return files, sources, nil } -// processTopLevelPackages takes a corresponding top_level.txt file for the given python package metadata file and returns the set of package names contained. -func (c *PackageCataloger) processTopLevelPackages(entry *source.FileData) (pkgs []string, sources []source.Location, err error) { - if entry == nil { +// fetchTopLevelPackages finds a corresponding top_level.txt file for the given python package metadata file and returns the set of package names contained. +func (c *PackageCataloger) fetchTopLevelPackages(resolver source.FileResolver, metadataLocation source.Location) (pkgs []string, sources []source.Location, err error) { + // a top_level.txt file specifies the python top-level packages (provided by this python package) installed into site-packages + parentDir := filepath.Dir(metadataLocation.RealPath) + topLevelPath := filepath.Join(parentDir, "top_level.txt") + topLevelLocation := resolver.RelativeFileByPath(metadataLocation, topLevelPath) + + if topLevelLocation == nil { return nil, nil, nil } - sources = append(sources, entry.Location) + sources = append(sources, *topLevelLocation) - scanner := bufio.NewScanner(entry.Contents) + topLevelContents, err := resolver.FileContentsByLocation(*topLevelLocation) + if err != nil { + return nil, nil, err + } + + scanner := bufio.NewScanner(topLevelContents) for scanner.Scan() { pkgs = append(pkgs, scanner.Text()) } @@ -181,3 +143,36 @@ func (c *PackageCataloger) processTopLevelPackages(entry *source.FileData) (pkgs return pkgs, sources, nil } + +// assembleEggOrWheelMetadata discovers and accumulates python package metadata from multiple file sources and returns a single metadata object as well as a list of files where the metadata was derived from. +func (c *PackageCataloger) assembleEggOrWheelMetadata(resolver source.FileResolver, metadataLocation source.Location) (*pkg.PythonPackageMetadata, []source.Location, error) { + var sources = []source.Location{metadataLocation} + + metadataContents, err := resolver.FileContentsByLocation(metadataLocation) + if err != nil { + return nil, nil, err + } + + metadata, err := parseWheelOrEggMetadata(metadataLocation.RealPath, metadataContents) + if err != nil { + return nil, nil, err + } + + // attach any python files found for the given wheel/egg installation + r, s, err := c.fetchRecordFiles(resolver, metadataLocation) + if err != nil { + return nil, nil, err + } + sources = append(sources, s...) + metadata.Files = r + + // attach any top-level package names found for the given wheel/egg installation + p, s, err := c.fetchTopLevelPackages(resolver, metadataLocation) + if err != nil { + return nil, nil, err + } + sources = append(sources, s...) + metadata.TopLevelPackages = p + + return &metadata, sources, nil +} diff --git a/syft/cataloger/python/package_cataloger_test.go b/syft/pkg/cataloger/python/package_cataloger_test.go similarity index 100% rename from syft/cataloger/python/package_cataloger_test.go rename to syft/pkg/cataloger/python/package_cataloger_test.go diff --git a/syft/cataloger/python/parse_poetry_lock.go b/syft/pkg/cataloger/python/parse_poetry_lock.go similarity index 92% rename from syft/cataloger/python/parse_poetry_lock.go rename to syft/pkg/cataloger/python/parse_poetry_lock.go index 6b08098a4..b6981a1b0 100644 --- a/syft/cataloger/python/parse_poetry_lock.go +++ b/syft/pkg/cataloger/python/parse_poetry_lock.go @@ -4,8 +4,8 @@ import ( "fmt" "io" - "github.com/anchore/syft/syft/cataloger/common" "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/pkg/cataloger/common" "github.com/pelletier/go-toml" ) diff --git a/syft/cataloger/python/parse_poetry_lock_test.go b/syft/pkg/cataloger/python/parse_poetry_lock_test.go similarity index 100% rename from syft/cataloger/python/parse_poetry_lock_test.go rename to syft/pkg/cataloger/python/parse_poetry_lock_test.go diff --git a/syft/cataloger/python/parse_requirements.go b/syft/pkg/cataloger/python/parse_requirements.go similarity index 97% rename from syft/cataloger/python/parse_requirements.go rename to syft/pkg/cataloger/python/parse_requirements.go index 27ec43cc8..b206224dd 100644 --- a/syft/cataloger/python/parse_requirements.go +++ b/syft/pkg/cataloger/python/parse_requirements.go @@ -6,8 +6,8 @@ import ( "io" "strings" - "github.com/anchore/syft/syft/cataloger/common" "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/pkg/cataloger/common" ) // integrity check diff --git a/syft/cataloger/python/parse_requirements_test.go b/syft/pkg/cataloger/python/parse_requirements_test.go similarity index 100% rename from syft/cataloger/python/parse_requirements_test.go rename to syft/pkg/cataloger/python/parse_requirements_test.go diff --git a/syft/cataloger/python/parse_setup.go b/syft/pkg/cataloger/python/parse_setup.go similarity index 95% rename from syft/cataloger/python/parse_setup.go rename to syft/pkg/cataloger/python/parse_setup.go index 337c436e7..e1b0c39ce 100644 --- a/syft/cataloger/python/parse_setup.go +++ b/syft/pkg/cataloger/python/parse_setup.go @@ -6,8 +6,8 @@ import ( "regexp" "strings" - "github.com/anchore/syft/syft/cataloger/common" "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/pkg/cataloger/common" ) // integrity check diff --git a/syft/cataloger/python/parse_setup_test.go b/syft/pkg/cataloger/python/parse_setup_test.go similarity index 100% rename from syft/cataloger/python/parse_setup_test.go rename to syft/pkg/cataloger/python/parse_setup_test.go diff --git a/syft/cataloger/python/parse_wheel_egg_metadata.go b/syft/pkg/cataloger/python/parse_wheel_egg_metadata.go similarity index 100% rename from syft/cataloger/python/parse_wheel_egg_metadata.go rename to syft/pkg/cataloger/python/parse_wheel_egg_metadata.go diff --git a/syft/cataloger/python/parse_wheel_egg_metadata_test.go b/syft/pkg/cataloger/python/parse_wheel_egg_metadata_test.go similarity index 100% rename from syft/cataloger/python/parse_wheel_egg_metadata_test.go rename to syft/pkg/cataloger/python/parse_wheel_egg_metadata_test.go diff --git a/syft/cataloger/python/parse_wheel_egg_record.go b/syft/pkg/cataloger/python/parse_wheel_egg_record.go similarity index 100% rename from syft/cataloger/python/parse_wheel_egg_record.go rename to syft/pkg/cataloger/python/parse_wheel_egg_record.go diff --git a/syft/cataloger/python/parse_wheel_egg_record_test.go b/syft/pkg/cataloger/python/parse_wheel_egg_record_test.go similarity index 100% rename from syft/cataloger/python/parse_wheel_egg_record_test.go rename to syft/pkg/cataloger/python/parse_wheel_egg_record_test.go diff --git a/syft/cataloger/python/poetry_metadata.go b/syft/pkg/cataloger/python/poetry_metadata.go similarity index 100% rename from syft/cataloger/python/poetry_metadata.go rename to syft/pkg/cataloger/python/poetry_metadata.go diff --git a/syft/cataloger/python/poetry_metadata_package.go b/syft/pkg/cataloger/python/poetry_metadata_package.go similarity index 100% rename from syft/cataloger/python/poetry_metadata_package.go rename to syft/pkg/cataloger/python/poetry_metadata_package.go diff --git a/syft/cataloger/python/test-fixtures/Python-2.7.egg-info b/syft/pkg/cataloger/python/test-fixtures/Python-2.7.egg-info similarity index 100% rename from syft/cataloger/python/test-fixtures/Python-2.7.egg-info rename to syft/pkg/cataloger/python/test-fixtures/Python-2.7.egg-info diff --git a/syft/cataloger/python/test-fixtures/dist-info/METADATA b/syft/pkg/cataloger/python/test-fixtures/dist-info/METADATA similarity index 100% rename from syft/cataloger/python/test-fixtures/dist-info/METADATA rename to syft/pkg/cataloger/python/test-fixtures/dist-info/METADATA diff --git a/syft/cataloger/python/test-fixtures/dist-info/RECORD b/syft/pkg/cataloger/python/test-fixtures/dist-info/RECORD similarity index 100% rename from syft/cataloger/python/test-fixtures/dist-info/RECORD rename to syft/pkg/cataloger/python/test-fixtures/dist-info/RECORD diff --git a/syft/cataloger/python/test-fixtures/dist-info/top_level.txt b/syft/pkg/cataloger/python/test-fixtures/dist-info/top_level.txt similarity index 100% rename from syft/cataloger/python/test-fixtures/dist-info/top_level.txt rename to syft/pkg/cataloger/python/test-fixtures/dist-info/top_level.txt diff --git a/syft/cataloger/python/test-fixtures/egg-info/PKG-INFO b/syft/pkg/cataloger/python/test-fixtures/egg-info/PKG-INFO similarity index 100% rename from syft/cataloger/python/test-fixtures/egg-info/PKG-INFO rename to syft/pkg/cataloger/python/test-fixtures/egg-info/PKG-INFO diff --git a/syft/cataloger/python/test-fixtures/egg-info/PKG-INFO-INVALID b/syft/pkg/cataloger/python/test-fixtures/egg-info/PKG-INFO-INVALID similarity index 100% rename from syft/cataloger/python/test-fixtures/egg-info/PKG-INFO-INVALID rename to syft/pkg/cataloger/python/test-fixtures/egg-info/PKG-INFO-INVALID diff --git a/syft/cataloger/python/test-fixtures/egg-info/RECORD b/syft/pkg/cataloger/python/test-fixtures/egg-info/RECORD similarity index 100% rename from syft/cataloger/python/test-fixtures/egg-info/RECORD rename to syft/pkg/cataloger/python/test-fixtures/egg-info/RECORD diff --git a/syft/cataloger/python/test-fixtures/egg-info/top_level.txt b/syft/pkg/cataloger/python/test-fixtures/egg-info/top_level.txt similarity index 100% rename from syft/cataloger/python/test-fixtures/egg-info/top_level.txt rename to syft/pkg/cataloger/python/test-fixtures/egg-info/top_level.txt diff --git a/syft/cataloger/python/test-fixtures/partial.dist-info/METADATA b/syft/pkg/cataloger/python/test-fixtures/partial.dist-info/METADATA similarity index 100% rename from syft/cataloger/python/test-fixtures/partial.dist-info/METADATA rename to syft/pkg/cataloger/python/test-fixtures/partial.dist-info/METADATA diff --git a/syft/cataloger/python/test-fixtures/poetry/poetry.lock b/syft/pkg/cataloger/python/test-fixtures/poetry/poetry.lock similarity index 100% rename from syft/cataloger/python/test-fixtures/poetry/poetry.lock rename to syft/pkg/cataloger/python/test-fixtures/poetry/poetry.lock diff --git a/syft/cataloger/python/test-fixtures/requires/requirements.txt b/syft/pkg/cataloger/python/test-fixtures/requires/requirements.txt similarity index 100% rename from syft/cataloger/python/test-fixtures/requires/requirements.txt rename to syft/pkg/cataloger/python/test-fixtures/requires/requirements.txt diff --git a/syft/cataloger/python/test-fixtures/setup/setup.py b/syft/pkg/cataloger/python/test-fixtures/setup/setup.py similarity index 100% rename from syft/cataloger/python/test-fixtures/setup/setup.py rename to syft/pkg/cataloger/python/test-fixtures/setup/setup.py diff --git a/syft/cataloger/python/test-fixtures/test.egg-info b/syft/pkg/cataloger/python/test-fixtures/test.egg-info similarity index 100% rename from syft/cataloger/python/test-fixtures/test.egg-info rename to syft/pkg/cataloger/python/test-fixtures/test.egg-info diff --git a/syft/cataloger/rpmdb/cataloger.go b/syft/pkg/cataloger/rpmdb/cataloger.go similarity index 93% rename from syft/cataloger/rpmdb/cataloger.go rename to syft/pkg/cataloger/rpmdb/cataloger.go index 6f7a93288..eca4c60c7 100644 --- a/syft/cataloger/rpmdb/cataloger.go +++ b/syft/pkg/cataloger/rpmdb/cataloger.go @@ -25,7 +25,7 @@ func (c *Cataloger) Name() string { } // Catalog is given an object to resolve file references and content, this function returns any discovered Packages after analyzing rpm db installation. -func (c *Cataloger) Catalog(resolver source.Resolver) ([]pkg.Package, error) { +func (c *Cataloger) Catalog(resolver source.FileResolver) ([]pkg.Package, error) { fileMatches, err := resolver.FilesByGlob(pkg.RpmDbGlob) if err != nil { return nil, fmt.Errorf("failed to find rpmdb's by glob: %w", err) diff --git a/syft/cataloger/rpmdb/parse_rpmdb.go b/syft/pkg/cataloger/rpmdb/parse_rpmdb.go similarity index 90% rename from syft/cataloger/rpmdb/parse_rpmdb.go rename to syft/pkg/cataloger/rpmdb/parse_rpmdb.go index f67a123e7..103de4f5f 100644 --- a/syft/cataloger/rpmdb/parse_rpmdb.go +++ b/syft/pkg/cataloger/rpmdb/parse_rpmdb.go @@ -14,7 +14,7 @@ import ( ) // parseApkDb parses an "Packages" RPM DB and returns the Packages listed within it. -func parseRpmDB(resolver source.FileResolver, dbLocation source.Location, reader io.Reader) ([]pkg.Package, error) { +func parseRpmDB(resolver source.FilePathResolver, dbLocation source.Location, reader io.Reader) ([]pkg.Package, error) { f, err := ioutil.TempFile("", internal.ApplicationName+"-rpmdb") if err != nil { return nil, fmt.Errorf("failed to create temp rpmdb file: %w", err) @@ -72,7 +72,7 @@ func parseRpmDB(resolver source.FileResolver, dbLocation source.Location, reader return allPkgs, nil } -func extractRpmdbFileRecords(resolver source.FileResolver, entry *rpmdb.PackageInfo) []pkg.RpmdbFileRecord { +func extractRpmdbFileRecords(resolver source.FilePathResolver, entry *rpmdb.PackageInfo) []pkg.RpmdbFileRecord { var records = make([]pkg.RpmdbFileRecord, 0) for _, record := range entry.Files { diff --git a/syft/cataloger/rpmdb/parse_rpmdb_test.go b/syft/pkg/cataloger/rpmdb/parse_rpmdb_test.go similarity index 100% rename from syft/cataloger/rpmdb/parse_rpmdb_test.go rename to syft/pkg/cataloger/rpmdb/parse_rpmdb_test.go diff --git a/syft/cataloger/rpmdb/test-fixtures/Packages b/syft/pkg/cataloger/rpmdb/test-fixtures/Packages similarity index 100% rename from syft/cataloger/rpmdb/test-fixtures/Packages rename to syft/pkg/cataloger/rpmdb/test-fixtures/Packages diff --git a/syft/cataloger/rpmdb/test-fixtures/generate-fixture.sh b/syft/pkg/cataloger/rpmdb/test-fixtures/generate-fixture.sh similarity index 100% rename from syft/cataloger/rpmdb/test-fixtures/generate-fixture.sh rename to syft/pkg/cataloger/rpmdb/test-fixtures/generate-fixture.sh diff --git a/syft/cataloger/ruby/catalogers.go b/syft/pkg/cataloger/ruby/catalogers.go similarity index 94% rename from syft/cataloger/ruby/catalogers.go rename to syft/pkg/cataloger/ruby/catalogers.go index e9d9b7cec..6e7499fce 100644 --- a/syft/cataloger/ruby/catalogers.go +++ b/syft/pkg/cataloger/ruby/catalogers.go @@ -4,7 +4,7 @@ Package bundler provides a concrete Cataloger implementation for Ruby Gemfile.lo package ruby import ( - "github.com/anchore/syft/syft/cataloger/common" + "github.com/anchore/syft/syft/pkg/cataloger/common" ) // NewGemFileLockCataloger returns a new Bundler cataloger object tailored for parsing index-oriented files (e.g. Gemfile.lock). diff --git a/syft/cataloger/ruby/parse_gemfile_lock.go b/syft/pkg/cataloger/ruby/parse_gemfile_lock.go similarity index 96% rename from syft/cataloger/ruby/parse_gemfile_lock.go rename to syft/pkg/cataloger/ruby/parse_gemfile_lock.go index 23a4a7756..b27b3ba66 100644 --- a/syft/cataloger/ruby/parse_gemfile_lock.go +++ b/syft/pkg/cataloger/ruby/parse_gemfile_lock.go @@ -6,8 +6,8 @@ import ( "strings" "github.com/anchore/syft/internal" - "github.com/anchore/syft/syft/cataloger/common" "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/pkg/cataloger/common" ) // integrity check diff --git a/syft/cataloger/ruby/parse_gemfile_lock_test.go b/syft/pkg/cataloger/ruby/parse_gemfile_lock_test.go similarity index 100% rename from syft/cataloger/ruby/parse_gemfile_lock_test.go rename to syft/pkg/cataloger/ruby/parse_gemfile_lock_test.go diff --git a/syft/cataloger/ruby/parse_gemspec.go b/syft/pkg/cataloger/ruby/parse_gemspec.go similarity index 98% rename from syft/cataloger/ruby/parse_gemspec.go rename to syft/pkg/cataloger/ruby/parse_gemspec.go index 239d2a4eb..d2fd0ba60 100644 --- a/syft/cataloger/ruby/parse_gemspec.go +++ b/syft/pkg/cataloger/ruby/parse_gemspec.go @@ -12,8 +12,8 @@ import ( "github.com/mitchellh/mapstructure" - "github.com/anchore/syft/syft/cataloger/common" "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/pkg/cataloger/common" ) // integrity check diff --git a/syft/cataloger/ruby/parse_gemspec_test.go b/syft/pkg/cataloger/ruby/parse_gemspec_test.go similarity index 100% rename from syft/cataloger/ruby/parse_gemspec_test.go rename to syft/pkg/cataloger/ruby/parse_gemspec_test.go diff --git a/syft/cataloger/ruby/test-fixtures/Gemfile.lock b/syft/pkg/cataloger/ruby/test-fixtures/Gemfile.lock similarity index 100% rename from syft/cataloger/ruby/test-fixtures/Gemfile.lock rename to syft/pkg/cataloger/ruby/test-fixtures/Gemfile.lock diff --git a/syft/cataloger/ruby/test-fixtures/bundler.gemspec b/syft/pkg/cataloger/ruby/test-fixtures/bundler.gemspec similarity index 100% rename from syft/cataloger/ruby/test-fixtures/bundler.gemspec rename to syft/pkg/cataloger/ruby/test-fixtures/bundler.gemspec diff --git a/syft/cataloger/rust/cargo_metadata.go b/syft/pkg/cataloger/rust/cargo_metadata.go similarity index 100% rename from syft/cataloger/rust/cargo_metadata.go rename to syft/pkg/cataloger/rust/cargo_metadata.go diff --git a/syft/cataloger/rust/cataloger.go b/syft/pkg/cataloger/rust/cataloger.go similarity index 88% rename from syft/cataloger/rust/cataloger.go rename to syft/pkg/cataloger/rust/cataloger.go index bd2625c5d..df0f9ee40 100644 --- a/syft/cataloger/rust/cataloger.go +++ b/syft/pkg/cataloger/rust/cataloger.go @@ -4,7 +4,7 @@ Package rust provides a concrete Cataloger implementation for Cargo.lock files. package rust import ( - "github.com/anchore/syft/syft/cataloger/common" + "github.com/anchore/syft/syft/pkg/cataloger/common" ) // NewCargoLockCataloger returns a new Rust Cargo lock file cataloger object. diff --git a/syft/cataloger/rust/parse_cargo_lock.go b/syft/pkg/cataloger/rust/parse_cargo_lock.go similarity index 100% rename from syft/cataloger/rust/parse_cargo_lock.go rename to syft/pkg/cataloger/rust/parse_cargo_lock.go diff --git a/syft/cataloger/rust/parse_cargo_lock_test.go b/syft/pkg/cataloger/rust/parse_cargo_lock_test.go similarity index 100% rename from syft/cataloger/rust/parse_cargo_lock_test.go rename to syft/pkg/cataloger/rust/parse_cargo_lock_test.go diff --git a/syft/cataloger/rust/test-fixtures/Cargo.lock b/syft/pkg/cataloger/rust/test-fixtures/Cargo.lock similarity index 100% rename from syft/cataloger/rust/test-fixtures/Cargo.lock rename to syft/pkg/cataloger/rust/test-fixtures/Cargo.lock