oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

540 add additional go package metadata (#546)

Browse Source 
* update with distinct golang metadata types

Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
This commit is contained in:
Christopher Angelo Phillips 2021-10-13 11:00:28 -04:00 committed by GitHub
parent 10368f6fe8
commit 7d13fbf0d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 50 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
syft/pkg/cataloger/golang/parse_go_bin.go
View File

@ -21,26 +21,27 @@ func parseGoBin(path string, reader io.ReadCloser) ([]pkg.Package, error) {
return nil, err return nil, err
} }
_, mod := findVers(x) goVersion, mod := findVers(x)
pkgs := buildGoPkgInfo(path, mod) pkgs := buildGoPkgInfo(path, mod, goVersion)
return pkgs, nil return pkgs, nil
} }
func buildGoPkgInfo(path, mod string) []pkg.Package { func buildGoPkgInfo(path, mod, goVersion string) []pkg.Package {
pkgsSlice := make([]pkg.Package, 0) pkgsSlice := make([]pkg.Package, 0)
scanner := bufio.NewScanner(strings.NewReader(mod)) scanner := bufio.NewScanner(strings.NewReader(mod))
// filter mod dependencies: [dep, name, version, sha] // filter mod dependencies: [dep, name, version, sha]
for scanner.Scan() { for scanner.Scan() {
fields := strings.Fields(scanner.Text()) fields := strings.Fields(scanner.Text())
// must have dep, name, version
if len(fields) < 3 { // must have dep, name, version, sha
if len(fields) < 4 {
continue continue
} }
switch fields[0] {
case packageIdentifier: if fields[0] == packageIdentifier || fields[0] == replaceIdentifier {
pkgsSlice = append(pkgsSlice, pkg.Package{ pkgsSlice = append(pkgsSlice, pkg.Package{
Name: fields[1], Name: fields[1],
Version: fields[2], Version: fields[2],
@ -51,11 +52,12 @@ func buildGoPkgInfo(path, mod string) []pkg.Package {
RealPath: path, RealPath: path,
}, },
}, },
MetadataType: pkg.GolangBinMetadataType,
Metadata: pkg.GolangBinMetadata{
GoCompiledVersion: goVersion,
H1Digest: fields[3],
},
}) })
case replaceIdentifier:
pkg := &pkgsSlice[len(pkgsSlice)-1]
pkg.Name = fields[1]
pkg.Version = fields[2]
} }
} }

29
syft/pkg/cataloger/golang/parse_go_bin_test.go
View File

@ -8,6 +8,8 @@ import (
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
const goCompiledVersion = "1.17"
func TestBuildGoPkgInfo(t *testing.T) { func TestBuildGoPkgInfo(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
@ -33,6 +35,11 @@ func TestBuildGoPkgInfo(t *testing.T) {
Locations: []source.Location{ Locations: []source.Location{
{}, {},
}, },
MetadataType: pkg.GolangBinMetadataType,
Metadata: pkg.GolangBinMetadata{
GoCompiledVersion: goCompiledVersion,
H1Digest: "h1:VSVdnH7cQ7V+B33qSJHTCRlNgra1607Q8PzEmnvb2Ic=",
},
}, },
{ {
Name: "github.com/anchore/client-go", Name: "github.com/anchore/client-go",
@ -42,6 +49,11 @@ func TestBuildGoPkgInfo(t *testing.T) {
Locations: []source.Location{ Locations: []source.Location{
{}, {},
}, },
MetadataType: pkg.GolangBinMetadataType,
Metadata: pkg.GolangBinMetadata{
GoCompiledVersion: goCompiledVersion,
H1Digest: "h1:DYssiUV1pBmKqzKsm4mqXx8artqC0Q8HgZsVI3lMsAg=",
},
}, },
}, },
}, },
@ -62,6 +74,11 @@ func TestBuildGoPkgInfo(t *testing.T) {
Locations: []source.Location{ Locations: []source.Location{
{}, {},
}, },
MetadataType: pkg.GolangBinMetadataType,
Metadata: pkg.GolangBinMetadata{
GoCompiledVersion: goCompiledVersion,
H1Digest: "h1:KlOXYy8wQWTUJYFgkUI40Lzr06ofg5IRXUK5C7qZt1k=",
},
}, },
{ {
Name: "golang.org/x/sys", Name: "golang.org/x/sys",
@ -71,6 +88,11 @@ func TestBuildGoPkgInfo(t *testing.T) {
Locations: []source.Location{ Locations: []source.Location{
{}, {},
}, },
MetadataType: pkg.GolangBinMetadataType,
Metadata: pkg.GolangBinMetadata{
GoCompiledVersion: goCompiledVersion,
H1Digest: "h1:PjhxBct4MZii8FFR8+oeS7QOvxKOTZXgk63EU2XpfJE=",
},
}, },
{ {
Name: "golang.org/x/term", Name: "golang.org/x/term",
@ -80,6 +102,11 @@ func TestBuildGoPkgInfo(t *testing.T) {
Locations: []source.Location{ Locations: []source.Location{
{}, {},
}, },
MetadataType: pkg.GolangBinMetadataType,
Metadata: pkg.GolangBinMetadata{
GoCompiledVersion: goCompiledVersion,
H1Digest: "h1:Ihq/mm/suC88gF8WFcVwk+OV6Tq+wyA1O0E5UEvDglI=",
},
}, },
}, },
}, },
@ -88,7 +115,7 @@ func TestBuildGoPkgInfo(t *testing.T) {
for _, tt := range tests { for _, tt := range tests {
tt := tt tt := tt
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
pkgs := buildGoPkgInfo("", tt.mod) pkgs := buildGoPkgInfo("", tt.mod, goCompiledVersion)
assert.Equal(t, tt.expected, pkgs) assert.Equal(t, tt.expected, pkgs)
}) })
} }

7
syft/pkg/golang_bin_metadata.go Normal file
View File

@ -0,0 +1,7 @@
package pkg
// GolangBinMetadata represents all captured data for a Golang Binary
type GolangBinMetadata struct {
GoCompiledVersion string
H1Digest string
}

2
syft/pkg/metadata.go
View File

@ -15,6 +15,7 @@ const (
PythonPackageMetadataType MetadataType = "PythonPackageMetadata" PythonPackageMetadataType MetadataType = "PythonPackageMetadata"
RustCargoPackageMetadataType MetadataType = "RustCargoPackageMetadata" RustCargoPackageMetadataType MetadataType = "RustCargoPackageMetadata"
KbPackageMetadataType MetadataType = "KbPackageMetadata" KbPackageMetadataType MetadataType = "KbPackageMetadata"
GolangBinMetadataType MetadataType = "GolangBinMetadata"
) )
var AllMetadataTypes = []MetadataType{ var AllMetadataTypes = []MetadataType{
@ -27,4 +28,5 @@ var AllMetadataTypes = []MetadataType{
PythonPackageMetadataType, PythonPackageMetadataType,
RustCargoPackageMetadataType, RustCargoPackageMetadataType,
KbPackageMetadataType, KbPackageMetadataType,
GolangBinMetadataType,
} }