diff --git a/.binny.yaml b/.binny.yaml index 2c05729ab..46032cd34 100644 --- a/.binny.yaml +++ b/.binny.yaml @@ -26,7 +26,7 @@ tools: # used for linting - name: golangci-lint version: - want: v1.64.8 + want: v2.0.2 method: github-release with: repo: golangci/golangci-lint @@ -58,7 +58,7 @@ tools: # used to release all artifacts - name: goreleaser version: - want: v2.8.1 + want: v2.8.2 method: github-release with: repo: goreleaser/goreleaser diff --git a/.golangci.yaml b/.golangci.yaml index 400d739ab..0978c1753 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -1,15 +1,8 @@ -issues: - max-same-issues: 25 - uniq-by-line: false - - # TODO: enable this when we have coverage on docstring comments -# # The list of ids of default excludes to include or disable. -# include: -# - EXC0002 # disable excluding of issues about comments from golint - +version: "2" +run: + tests: false linters: - # inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint - disable-all: true + default: none enable: - asciicheck - bodyclose @@ -22,11 +15,8 @@ linters: - goconst - gocritic - gocyclo - - gofmt - - goimports - goprintffuncname - gosec - - gosimple - govet - ineffassign - misspell @@ -34,37 +24,35 @@ linters: - nolintlint - revive - staticcheck - - stylecheck - - typecheck - unconvert - unparam - unused - whitespace - -linters-settings: - funlen: - # Checks the number of lines in a function. - # If lower than 0, disable the check. - # Default: 60 - lines: 70 - # Checks the number of statements in a function. - # If lower than 0, disable the check. - # Default: 40 - statements: 50 - gocritic: - enabled-checks: - - deferInLoop - - ruleguard - settings: - ruleguard: - rules: "test/rules/rules.go" - gosec: - excludes: - - G115 - -run: - timeout: 10m - tests: false + settings: + funlen: + lines: 70 + statements: 50 + gocritic: + enabled-checks: + - deferInLoop + - ruleguard + settings: + ruleguard: + rules: test/rules/rules.go + gosec: + excludes: + - G115 + exclusions: + generated: lax + presets: + - comments + - common-false-positives + - legacy + - std-error-handling + paths: + - third_party$ + - builtin$ + - examples$ # do not enable... # - deadcode # The owner seems to have abandoned the linter. Replaced by "unused". @@ -91,3 +79,23 @@ run: # - testpackage # - varcheck # The owner seems to have abandoned the linter. Replaced by "unused". # - wsl # this doens't have an auto-fixer yet and is pretty noisy (https://github.com/bombsimon/wsl/issues/90) + +issues: + max-same-issues: 25 + uniq-by-line: false + +# TODO: enable this when we have coverage on docstring comments +# # The list of ids of default excludes to include or disable. +# include: +# - EXC0002 # disable excluding of issues about comments from golint + +formatters: + enable: + - gofmt + - goimports + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ + - examples$ diff --git a/cmd/syft/internal/commands/attest.go b/cmd/syft/internal/commands/attest.go index fa3b5ceef..417aa44d2 100644 --- a/cmd/syft/internal/commands/attest.go +++ b/cmd/syft/internal/commands/attest.go @@ -52,7 +52,7 @@ func Attest(app clio.Application) *cobra.Command { opts := defaultAttestOptions() // template format explicitly not allowed - opts.Format.Template.Enabled = false + opts.Template.Enabled = false return app.SetupCommand(&cobra.Command{ Use: "attest --output [FORMAT] ", @@ -136,7 +136,7 @@ func writeSBOMToFormattedFile(s *sbom.SBOM, sbomFile io.Writer, opts *attestOpti return fmt.Errorf("no output file provided") } - encs, err := opts.Format.Encoders() + encs, err := opts.Encoders() if err != nil { return fmt.Errorf("unable to create encoders: %w", err) } diff --git a/cmd/syft/internal/commands/scan.go b/cmd/syft/internal/commands/scan.go index 08b8b185a..0d730fbdc 100644 --- a/cmd/syft/internal/commands/scan.go +++ b/cmd/syft/internal/commands/scan.go @@ -110,7 +110,7 @@ func (o *scanOptions) PostLoad() error { } func (o *scanOptions) validateLegacyOptionsNotUsed() error { - if len(fangs.Flatten(o.Config.ConfigFile)) == 0 { + if len(fangs.Flatten(o.ConfigFile)) == 0 { return nil } @@ -122,7 +122,7 @@ func (o *scanOptions) validateLegacyOptionsNotUsed() error { File any `yaml:"file" json:"file" mapstructure:"file"` } - for _, f := range fangs.Flatten(o.Config.ConfigFile) { + for _, f := range fangs.Flatten(o.ConfigFile) { by, err := os.ReadFile(f) if err != nil { return fmt.Errorf("unable to read config file during validations %q: %w", f, err) diff --git a/cmd/syft/internal/options/output.go b/cmd/syft/internal/options/output.go index ab51887e0..6d6233b7b 100644 --- a/cmd/syft/internal/options/output.go +++ b/cmd/syft/internal/options/output.go @@ -89,7 +89,7 @@ func (o Output) SBOMWriter() (sbom.Writer, error) { usesTemplateOutput := names.Has(string(template.ID)) - if usesTemplateOutput && o.Format.Template.Path == "" { + if usesTemplateOutput && o.Template.Path == "" { return nil, fmt.Errorf(`must specify path to template file when using "template" output format`) } diff --git a/cmd/syft/internal/ui/capture.go b/cmd/syft/internal/ui/capture.go index 5e7198502..05a0b629d 100644 --- a/cmd/syft/internal/ui/capture.go +++ b/cmd/syft/internal/ui/capture.go @@ -36,11 +36,7 @@ func capture(target **os.File, writer io.Writer, bufSize int) func() { }() buf := make([]byte, bufSize) - for { - if original == nil { - break - } - + for original != nil { n, err := r.Read(buf) if n > 0 { _, _ = writer.Write(buf[0:n]) diff --git a/examples/create_custom_sbom/alpine_configuration_cataloger.go b/examples/create_custom_sbom/alpine_configuration_cataloger.go index 94f826e68..d43ff22e2 100644 --- a/examples/create_custom_sbom/alpine_configuration_cataloger.go +++ b/examples/create_custom_sbom/alpine_configuration_cataloger.go @@ -6,6 +6,7 @@ import ( "io" "path" + "github.com/anchore/syft/internal" "github.com/anchore/syft/syft/artifact" "github.com/anchore/syft/syft/file" "github.com/anchore/syft/syft/pkg" @@ -76,7 +77,6 @@ func newAlpineConfiguration(resolver file.Resolver) (*AlpineConfiguration, []fil return &AlpineConfiguration{ APKKeys: keys, }, locations, nil - } func getVersion(resolver file.Resolver) (string, []file.Location, error) { @@ -92,6 +92,7 @@ func getVersion(resolver file.Resolver) (string, []file.Location, error) { if err != nil { return "", nil, fmt.Errorf("unable to read alpine version: %w", err) } + defer internal.CloseAndLogError(reader, locations[0].RealPath) version, err := io.ReadAll(reader) if err != nil { @@ -111,7 +112,11 @@ func getAPKKeys(resolver file.Resolver) (map[string]string, []file.Location, err } for _, location := range locations { basename := path.Base(location.RealPath) + //nolint:gocritic reader, err := resolver.FileContentsByLocation(location) + if err != nil { + return nil, nil, fmt.Errorf("unable to resolve file contents by location at %s: %w", location.RealPath, err) + } content, err := io.ReadAll(reader) if err != nil { return nil, nil, fmt.Errorf("unable to read apk key content at %s: %w", location.RealPath, err) diff --git a/examples/create_custom_sbom/main.go b/examples/create_custom_sbom/main.go index f678549d3..11f1757c9 100644 --- a/examples/create_custom_sbom/main.go +++ b/examples/create_custom_sbom/main.go @@ -124,5 +124,4 @@ func showAlpineConfiguration(s sbom.SBOM) { panic(err) } fmt.Println(string(meta)) - } diff --git a/examples/select_catalogers/main.go b/examples/select_catalogers/main.go index 6bb8fa234..3ff3ecd8d 100644 --- a/examples/select_catalogers/main.go +++ b/examples/select_catalogers/main.go @@ -30,7 +30,6 @@ func main() { if err := enc.Encode(sbom.Descriptor.Configuration); err != nil { panic(err) } - } func imageReference() string { diff --git a/internal/cmptest/location.go b/internal/cmptest/location.go index 039136531..aa20b9cb0 100644 --- a/internal/cmptest/location.go +++ b/internal/cmptest/location.go @@ -13,5 +13,5 @@ func DefaultLocationComparer(x, y file.Location) bool { } func LocationComparerWithoutLayer(x, y file.Location) bool { - return cmp.Equal(x.Coordinates.RealPath, y.Coordinates.RealPath) && cmp.Equal(x.AccessPath, y.AccessPath) + return cmp.Equal(x.RealPath, y.RealPath) && cmp.Equal(x.AccessPath, y.AccessPath) } diff --git a/internal/file/tar_file_traversal.go b/internal/file/tar_file_traversal.go index f0679e525..7d211168a 100644 --- a/internal/file/tar_file_traversal.go +++ b/internal/file/tar_file_traversal.go @@ -23,7 +23,7 @@ func ExtractGlobsFromTarToUniqueTempFile(archivePath, dir string, globs ...strin defer file.Close() // ignore directories - if file.FileInfo.IsDir() { + if file.IsDir() { return nil } diff --git a/internal/file/zip_file_manifest.go b/internal/file/zip_file_manifest.go index ac61e6ae9..346e661c6 100644 --- a/internal/file/zip_file_manifest.go +++ b/internal/file/zip_file_manifest.go @@ -28,7 +28,7 @@ func NewZipFileManifest(archivePath string) (ZipFileManifest, error) { } }() - for _, file := range zipReader.Reader.File { + for _, file := range zipReader.File { manifest.Add(file.Name, file.FileInfo()) } return manifest, nil diff --git a/internal/file/zip_file_traversal.go b/internal/file/zip_file_traversal.go index b7338e5f5..1b712eff5 100644 --- a/internal/file/zip_file_traversal.go +++ b/internal/file/zip_file_traversal.go @@ -53,7 +53,7 @@ func TraverseFilesInZip(archivePath string, visitor func(*zip.File) error, paths } }() - for _, file := range zipReader.Reader.File { + for _, file := range zipReader.File { // if no paths are given then assume that all files should be traversed if len(paths) > 0 { if _, ok := request[file.Name]; !ok { diff --git a/internal/relationship/sort.go b/internal/relationship/sort.go index 88582b4e9..1f39f9ff8 100644 --- a/internal/relationship/sort.go +++ b/internal/relationship/sort.go @@ -22,7 +22,7 @@ func less(i, j artifact.Relationship) bool { jFrom, ok3 := j.From.(pkg.Package) jTo, ok4 := j.To.(pkg.Package) - if !(ok1 && ok2 && ok3 && ok4) { + if !ok1 && !ok2 && !ok3 && !ok4 { return false } diff --git a/internal/task/package_task_factory.go b/internal/task/package_task_factory.go index cbb893fc1..403b0eca7 100644 --- a/internal/task/package_task_factory.go +++ b/internal/task/package_task_factory.go @@ -245,10 +245,10 @@ func packageFileOwnershipRelationships(p pkg.Package, resolver file.PathResolver } for _, ref := range pathRefs { - if oldRef, ok := locations[ref.Coordinates.ID()]; ok { + if oldRef, ok := locations[ref.ID()]; ok { log.Debugf("found path duplicate of %s", oldRef.RealPath) } - locations[ref.Coordinates.ID()] = ref + locations[ref.ID()] = ref } } diff --git a/syft/file/location.go b/syft/file/location.go index 25bc753b9..8a0fe6f38 100644 --- a/syft/file/location.go +++ b/syft/file/location.go @@ -48,15 +48,15 @@ func (m *LocationMetadata) merge(other LocationMetadata) error { } func (l Location) WithAnnotation(key, value string) Location { - if l.LocationMetadata.Annotations == nil { - l.LocationMetadata.Annotations = map[string]string{} + if l.Annotations == nil { + l.Annotations = map[string]string{} } - l.LocationMetadata.Annotations[key] = value + l.Annotations[key] = value return l } func (l Location) WithoutAnnotations() Location { - l.LocationMetadata.Annotations = map[string]string{} + l.Annotations = map[string]string{} return l } diff --git a/syft/format/common/spdxhelpers/to_syft_model.go b/syft/format/common/spdxhelpers/to_syft_model.go index d0a7cb1cf..d1db08c3d 100644 --- a/syft/format/common/spdxhelpers/to_syft_model.go +++ b/syft/format/common/spdxhelpers/to_syft_model.go @@ -361,6 +361,7 @@ func collectDocRelationships(spdxIDMap map[string]any, doc *spdx.Document) (out from, fromOk := a.(pkg.Package) toPackage, toPackageOk := b.(pkg.Package) toLocation, toLocationOk := b.(file.Location) + //nolint:staticcheck if !fromOk || !(toPackageOk || toLocationOk) { log.Debugf("unable to find valid relationship mapping from SPDX, ignoring: (from: %+v) (to: %+v)", a, b) continue diff --git a/syft/format/internal/cyclonedxutil/helpers/licenses.go b/syft/format/internal/cyclonedxutil/helpers/licenses.go index eafccc6d0..2ddbbb946 100644 --- a/syft/format/internal/cyclonedxutil/helpers/licenses.go +++ b/syft/format/internal/cyclonedxutil/helpers/licenses.go @@ -213,13 +213,15 @@ func reduceOuter(expression string) string { func isBalanced(expression string) bool { count := 0 for _, c := range expression { - if c == '(' { + switch c { + case '(': count++ - } else if c == ')' { + case ')': count-- if count < 0 { return false } + default: } } return count == 0 diff --git a/syft/format/syftjson/to_syft_model.go b/syft/format/syftjson/to_syft_model.go index 3d616597d..1c1566fbd 100644 --- a/syft/format/syftjson/to_syft_model.go +++ b/syft/format/syftjson/to_syft_model.go @@ -228,7 +228,7 @@ func toSyftRelationships(doc *model.Document, catalog *pkg.Collection, relations idMap[string(p.ID())] = p locations := p.Locations.ToSlice() for _, l := range locations { - idMap[string(l.Coordinates.ID())] = l.Coordinates + idMap[string(l.ID())] = l.Coordinates } } diff --git a/syft/internal/fileresolver/container_image_all_layers.go b/syft/internal/fileresolver/container_image_all_layers.go index 4bad1ef1b..a2aab3983 100644 --- a/syft/internal/fileresolver/container_image_all_layers.go +++ b/syft/internal/fileresolver/container_image_all_layers.go @@ -57,7 +57,7 @@ func (r *ContainerImageAllLayers) fileByRef(ref stereoscopeFile.Reference, uniqu return nil, fmt.Errorf("unable to fetch metadata (ref=%+v): %w", ref, err) } - if entry.Metadata.Type == stereoscopeFile.TypeHardLink || entry.Metadata.Type == stereoscopeFile.TypeSymLink { + if entry.Type == stereoscopeFile.TypeHardLink || entry.Type == stereoscopeFile.TypeSymLink { // a link may resolve in this layer or higher, assuming a squashed tree is used to search // we should search all possible resolutions within the valid source for _, subLayerIdx := range r.layers[layerIdx:] { @@ -102,7 +102,7 @@ func (r *ContainerImageAllLayers) FilesByPath(paths ...string) ([]file.Location, if err != nil { return nil, fmt.Errorf("unable to get file metadata for path=%q: %w", ref.RealPath, err) } - if metadata.Metadata.IsDir() { + if metadata.IsDir() { continue } } @@ -146,7 +146,7 @@ func (r *ContainerImageAllLayers) FilesByGlob(patterns ...string) ([]file.Locati return nil, fmt.Errorf("unable to get file metadata for path=%q: %w", result.RequestPath, err) } // don't consider directories - if metadata.Metadata.IsDir() { + if metadata.IsDir() { continue } } @@ -192,7 +192,7 @@ func (r *ContainerImageAllLayers) FileContentsByLocation(location file.Location) return nil, fmt.Errorf("unable to get metadata for path=%q from file catalog: %w", location.RealPath, err) } - switch entry.Metadata.Type { + switch entry.Type { case stereoscopeFile.TypeSymLink, stereoscopeFile.TypeHardLink: // the location we are searching may be a symlink, we should always work with the resolved file newLocation := r.RelativeFileByPath(location, location.AccessPath) diff --git a/syft/internal/fileresolver/container_image_squash.go b/syft/internal/fileresolver/container_image_squash.go index d3593c969..efcd2e8e4 100644 --- a/syft/internal/fileresolver/container_image_squash.go +++ b/syft/internal/fileresolver/container_image_squash.go @@ -58,7 +58,7 @@ func (r *ContainerImageSquash) FilesByPath(paths ...string) ([]file.Location, er return nil, fmt.Errorf("unable to get file metadata for path=%q: %w", ref.RealPath, err) } // don't consider directories - if metadata.Metadata.IsDir() { + if metadata.IsDir() { continue } } @@ -106,7 +106,7 @@ func (r *ContainerImageSquash) FilesByGlob(patterns ...string) ([]file.Location, return nil, fmt.Errorf("unable to get file metadata for path=%q: %w", result.RequestPath, err) } // don't consider directories - if metadata.Metadata.IsDir() { + if metadata.IsDir() { continue } } @@ -151,7 +151,7 @@ func (r *ContainerImageSquash) FileContentsByLocation(location file.Location) (i return nil, fmt.Errorf("unable to get metadata for path=%q from file catalog: %w", location.RealPath, err) } - switch entry.Metadata.Type { + switch entry.Type { case stereoscopeFile.TypeSymLink, stereoscopeFile.TypeHardLink: // the location we are searching may be a symlink, we should always work with the resolved file locations, err := r.FilesByPath(location.RealPath) diff --git a/syft/internal/fileresolver/directory.go b/syft/internal/fileresolver/directory.go index 1c60730b8..0f2df32b3 100644 --- a/syft/internal/fileresolver/directory.go +++ b/syft/internal/fileresolver/directory.go @@ -59,7 +59,7 @@ func (r *Directory) buildIndex() error { r.tree = tree r.index = index - r.filetreeResolver.searchContext = filetree.NewSearchContext(tree, index) + r.searchContext = filetree.NewSearchContext(tree, index) return nil } diff --git a/syft/internal/fileresolver/file.go b/syft/internal/fileresolver/file.go index 2c71ceab1..c0bd30889 100644 --- a/syft/internal/fileresolver/file.go +++ b/syft/internal/fileresolver/file.go @@ -51,7 +51,7 @@ func (r *File) buildIndex() error { r.tree = tree r.index = index - r.filetreeResolver.searchContext = filetree.NewSearchContext(tree, index) + r.searchContext = filetree.NewSearchContext(tree, index) return nil } diff --git a/syft/internal/fileresolver/filetree_resolver.go b/syft/internal/fileresolver/filetree_resolver.go index 15c0dacfe..15d051166 100644 --- a/syft/internal/fileresolver/filetree_resolver.go +++ b/syft/internal/fileresolver/filetree_resolver.go @@ -68,7 +68,7 @@ func (r filetreeResolver) FilesByPath(userPaths ...string) ([]file.Location, err } // don't consider directories - if entry.Metadata.IsDir() { + if entry.IsDir() { continue } @@ -114,17 +114,17 @@ func (r filetreeResolver) FilesByGlob(patterns ...string) ([]file.Location, erro } entry, err := r.index.Get(*refVia.Reference) if err != nil { - return nil, fmt.Errorf("unable to get file metadata for reference %s: %w", refVia.Reference.RealPath, err) + return nil, fmt.Errorf("unable to get file metadata for reference %s: %w", refVia.RealPath, err) } // don't consider directories - if entry.Metadata.IsDir() { + if entry.IsDir() { continue } loc := file.NewVirtualLocationFromDirectory( - r.responsePath(string(refVia.Reference.RealPath)), // the actual path relative to the resolver root - r.responsePath(string(refVia.RequestPath)), // the path used to access this file, relative to the resolver root + r.responsePath(string(refVia.RealPath)), // the actual path relative to the resolver root + r.responsePath(string(refVia.RequestPath)), // the path used to access this file, relative to the resolver root *refVia.Reference, ) uniqueFileIDs.Add(*refVia.Reference) @@ -217,7 +217,7 @@ func (r *filetreeResolver) FilesByMIMEType(types ...string) ([]file.Location, er continue } location := file.NewVirtualLocationFromDirectory( - r.responsePath(string(refVia.Reference.RealPath)), + r.responsePath(string(refVia.RealPath)), r.responsePath(string(refVia.RequestPath)), *refVia.Reference, ) diff --git a/syft/pkg/cataloger/alpine/parse_apk_db.go b/syft/pkg/cataloger/alpine/parse_apk_db.go index a2e654ade..bcc4030ca 100644 --- a/syft/pkg/cataloger/alpine/parse_apk_db.go +++ b/syft/pkg/cataloger/alpine/parse_apk_db.go @@ -123,7 +123,7 @@ func parseApkDB(_ context.Context, resolver file.Resolver, env *generic.Environm // This should get fixed with https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10875 if r == nil { // find the repositories file from the relative directory of the DB file - releases := findReleases(resolver, reader.Location.RealPath) + releases := findReleases(resolver, reader.RealPath) if len(releases) > 0 { r = &releases[0] @@ -173,7 +173,7 @@ func parseReleasesFromAPKRepository(reader file.LocationReadCloser) []linux.Rele reposB, err := io.ReadAll(reader) if err != nil { - log.Tracef("unable to read APK repositories file %q: %+v", reader.Location.RealPath, err) + log.Tracef("unable to read APK repositories file %q: %+v", reader.RealPath, err) return nil } diff --git a/syft/pkg/cataloger/arch/parse_alpm_db.go b/syft/pkg/cataloger/arch/parse_alpm_db.go index 61006affb..f59a90cf3 100644 --- a/syft/pkg/cataloger/arch/parse_alpm_db.go +++ b/syft/pkg/cataloger/arch/parse_alpm_db.go @@ -80,7 +80,7 @@ func parseAlpmDB(_ context.Context, resolver file.Resolver, env *generic.Environ newPackage( data, env.LinuxRelease, - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), locs..., ), }, nil, errs diff --git a/syft/pkg/cataloger/bitnami/cataloger.go b/syft/pkg/cataloger/bitnami/cataloger.go index 6cdf1a12d..dd876f56e 100644 --- a/syft/pkg/cataloger/bitnami/cataloger.go +++ b/syft/pkg/cataloger/bitnami/cataloger.go @@ -33,13 +33,13 @@ func parseSBOM(_ context.Context, resolver file.Resolver, _ *generic.Environment } if s == nil { - log.WithFields("path", reader.Location.RealPath).Trace("file is not an SBOM") + log.WithFields("path", reader.RealPath).Trace("file is not an SBOM") return nil, nil, nil } // Bitnami exclusively uses SPDX JSON SBOMs if sFormat != "spdx-json" { - log.WithFields("path", reader.Location.RealPath).Trace("file is not an SPDX JSON SBOM") + log.WithFields("path", reader.RealPath).Trace("file is not an SPDX JSON SBOM") return nil, nil, nil } @@ -59,7 +59,7 @@ func parseSBOM(_ context.Context, resolver file.Resolver, _ *generic.Environment // where there is evidence of this file, and the catalogers have not run against any file other than, // the SBOM, this is the only location that is relevant for this cataloger. p.Locations = file.NewLocationSet( - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ) // Parse the Bitnami-specific metadata @@ -70,7 +70,7 @@ func parseSBOM(_ context.Context, resolver file.Resolver, _ *generic.Environment // Bitnami packages reported in a SPDX file are shipped under the same directory // as the SPDX file itself. - metadata.Path = filepath.Dir(reader.Location.RealPath) + metadata.Path = filepath.Dir(reader.RealPath) if p.ID() != mainPkgID { metadata.Files = packageFiles(s.Relationships, p, metadata.Path) secondaryPkgsFiles = append(secondaryPkgsFiles, metadata.Files...) @@ -86,12 +86,12 @@ func parseSBOM(_ context.Context, resolver file.Resolver, _ *generic.Environment } // Resolve all files owned by the main package in the SBOM and update the metadata - if mainPkgFiles, err := mainPkgFiles(resolver, reader.Location.RealPath, secondaryPkgsFiles); err == nil { + if mainPkgFiles, err := mainPkgFiles(resolver, reader.RealPath, secondaryPkgsFiles); err == nil { for i, p := range pkgs { if p.ID() == mainPkgID { metadata, ok := p.Metadata.(*pkg.BitnamiSBOMEntry) if !ok { - log.WithFields("spdx-filepath", reader.Location.RealPath).Trace("main package in SBOM does not have Bitnami metadata") + log.WithFields("spdx-filepath", reader.RealPath).Trace("main package in SBOM does not have Bitnami metadata") continue } @@ -100,7 +100,7 @@ func parseSBOM(_ context.Context, resolver file.Resolver, _ *generic.Environment } } } else { - log.WithFields("spdx-filepath", reader.Location.RealPath, "error", err).Trace("unable to resolve owned files for main package in SBOM") + log.WithFields("spdx-filepath", reader.RealPath, "error", err).Trace("unable to resolve owned files for main package in SBOM") } return pkgs, filterRelationships(s.Relationships, pkgs), nil diff --git a/syft/pkg/cataloger/cpp/parse_conanfile.go b/syft/pkg/cataloger/cpp/parse_conanfile.go index 52a35d209..5ae124051 100644 --- a/syft/pkg/cataloger/cpp/parse_conanfile.go +++ b/syft/pkg/cataloger/cpp/parse_conanfile.go @@ -48,7 +48,7 @@ func parseConanfile(_ context.Context, _ file.Resolver, _ *generic.Environment, p := newConanfilePackage( m, - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ) if p == nil { continue diff --git a/syft/pkg/cataloger/cpp/parse_conaninfo.go b/syft/pkg/cataloger/cpp/parse_conaninfo.go index 8094b3406..895497174 100644 --- a/syft/pkg/cataloger/cpp/parse_conaninfo.go +++ b/syft/pkg/cataloger/cpp/parse_conaninfo.go @@ -60,7 +60,7 @@ func parseFullRequiresLine(line string, reader file.LocationReadCloser, pkgs *[] p := newConaninfoPackage( meta, - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ) if p != nil { *pkgs = append(*pkgs, *p) @@ -83,7 +83,7 @@ func parseConaninfo(_ context.Context, _ file.Resolver, _ *generic.Environment, // First set the base package info by checking the relative path fullFilePath := string(reader.Location.LocationData.Reference().RealPath) if len(fullFilePath) == 0 { - fullFilePath = reader.Location.LocationData.RealPath + fullFilePath = reader.RealPath } mainMetadata, err := parseConanMetadataFromFilePath(fullFilePath) @@ -102,7 +102,7 @@ func parseConaninfo(_ context.Context, _ file.Resolver, _ *generic.Environment, case errors.Is(err, io.EOF): mainPackage := newConaninfoPackage( mainMetadata, - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ) mainPackageRef := *mainPackage diff --git a/syft/pkg/cataloger/cpp/parse_conanlock.go b/syft/pkg/cataloger/cpp/parse_conanlock.go index 1a1aa4d12..0382e93b6 100644 --- a/syft/pkg/cataloger/cpp/parse_conanlock.go +++ b/syft/pkg/cataloger/cpp/parse_conanlock.go @@ -91,7 +91,7 @@ func handleConanLockV1(cl conanLock, reader file.LocationReadCloser, parsedPkgRe p := newConanlockPackage( metadata, - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ) if p != nil { @@ -115,7 +115,7 @@ func handleConanLockV2(cl conanLock, reader file.LocationReadCloser, indexToPkgM p := newConanReferencePackage( reference, - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ) if p != nil { diff --git a/syft/pkg/cataloger/dart/parse_pubspec_lock.go b/syft/pkg/cataloger/dart/parse_pubspec_lock.go index 2d5a998d8..0f4135fd6 100644 --- a/syft/pkg/cataloger/dart/parse_pubspec_lock.go +++ b/syft/pkg/cataloger/dart/parse_pubspec_lock.go @@ -102,7 +102,7 @@ func parsePubspecLock(_ context.Context, _ file.Resolver, _ *generic.Environment newPubspecLockPackage( name, pubPkg, - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), ) } diff --git a/syft/pkg/cataloger/debian/parse_dpkg_db.go b/syft/pkg/cataloger/debian/parse_dpkg_db.go index 0e8d00b5a..54f21a609 100644 --- a/syft/pkg/cataloger/debian/parse_dpkg_db.go +++ b/syft/pkg/cataloger/debian/parse_dpkg_db.go @@ -36,7 +36,7 @@ func parseDpkgDB(ctx context.Context, resolver file.Resolver, env *generic.Envir return nil, nil, fmt.Errorf("unable to catalog dpkg DB=%q: %w", reader.RealPath, err) } - dbLoc := reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation) + dbLoc := reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation) var pkgs []pkg.Package _ = sync.CollectSlice(&ctx, cataloging.ExecutorFile, sync.ToSeq(metadata), func(m pkg.DpkgDBEntry) (pkg.Package, error) { return newDpkgPackage(m, dbLoc, resolver, env.LinuxRelease, findDpkgInfoFiles(m.Package, resolver, reader.Location)...), nil diff --git a/syft/pkg/cataloger/dotnet/parse_packages_lock.go b/syft/pkg/cataloger/dotnet/parse_packages_lock.go index 126d44cdf..069d898c7 100644 --- a/syft/pkg/cataloger/dotnet/parse_packages_lock.go +++ b/syft/pkg/cataloger/dotnet/parse_packages_lock.go @@ -69,7 +69,7 @@ func parseDotnetPackagesLock(_ context.Context, _ file.Resolver, _ *generic.Envi name, _ := extractNameAndVersion(nameVersion) dep := allDependencies[nameVersion] - dotnetPkg := newDotnetPackagesLockPackage(name, dep, reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)) + dotnetPkg := newDotnetPackagesLockPackage(name, dep, reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)) if dotnetPkg != nil { pkgs = append(pkgs, *dotnetPkg) pkgMap[nameVersion] = *dotnetPkg diff --git a/syft/pkg/cataloger/elixir/parse_mix_lock.go b/syft/pkg/cataloger/elixir/parse_mix_lock.go index adcdfbd9e..cf811426d 100644 --- a/syft/pkg/cataloger/elixir/parse_mix_lock.go +++ b/syft/pkg/cataloger/elixir/parse_mix_lock.go @@ -61,7 +61,7 @@ func parseMixLock(_ context.Context, _ file.Resolver, _ *generic.Environment, re PkgHash: hash, PkgHashExt: hashExt, }, - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), ) } diff --git a/syft/pkg/cataloger/erlang/parse_otp_app.go b/syft/pkg/cataloger/erlang/parse_otp_app.go index 09edd1b3a..b2c923df3 100644 --- a/syft/pkg/cataloger/erlang/parse_otp_app.go +++ b/syft/pkg/cataloger/erlang/parse_otp_app.go @@ -35,7 +35,7 @@ func parseOTPApp(_ context.Context, _ file.Resolver, _ *generic.Environment, rea p := newPackageFromOTP( name, version, - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ) packages = append(packages, p) diff --git a/syft/pkg/cataloger/erlang/parse_rebar_lock.go b/syft/pkg/cataloger/erlang/parse_rebar_lock.go index 5ff4b8f3b..ee38ced35 100644 --- a/syft/pkg/cataloger/erlang/parse_rebar_lock.go +++ b/syft/pkg/cataloger/erlang/parse_rebar_lock.go @@ -56,7 +56,7 @@ func parseRebarLock(_ context.Context, _ file.Resolver, _ *generic.Environment, Name: name, Version: version, }, - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ) pkgMap[name] = &p diff --git a/syft/pkg/cataloger/gentoo/parse_portage_contents.go b/syft/pkg/cataloger/gentoo/parse_portage_contents.go index 30a000441..403d68943 100644 --- a/syft/pkg/cataloger/gentoo/parse_portage_contents.go +++ b/syft/pkg/cataloger/gentoo/parse_portage_contents.go @@ -27,14 +27,14 @@ var ( // parses individual CONTENTS files from the portage flat-file store (e.g. /var/db/pkg/*/*/CONTENTS). func parsePortageContents(_ context.Context, resolver file.Resolver, _ *generic.Environment, reader file.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { - cpvMatch := cpvRe.FindStringSubmatch(reader.Location.RealPath) + cpvMatch := cpvRe.FindStringSubmatch(reader.RealPath) if cpvMatch == nil { - return nil, nil, fmt.Errorf("failed to match package and version in %s", reader.Location.RealPath) + return nil, nil, fmt.Errorf("failed to match package and version in %s", reader.RealPath) } name, version := cpvMatch[1], cpvMatch[2] if name == "" || version == "" { - log.WithFields("path", reader.Location.RealPath).Debug("failed to parse portage name and version") + log.WithFields("path", reader.RealPath).Debug("failed to parse portage name and version") return nil, nil, fmt.Errorf("failed to parse portage name and version") } @@ -43,7 +43,7 @@ func parsePortageContents(_ context.Context, resolver file.Resolver, _ *generic. Version: version, PURL: packageURL(name, version), Locations: file.NewLocationSet( - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), Type: pkg.PortagePkg, Metadata: pkg.PortageEntry{ diff --git a/syft/pkg/cataloger/golang/parse_go_binary.go b/syft/pkg/cataloger/golang/parse_go_binary.go index 83f679467..79fdf006e 100644 --- a/syft/pkg/cataloger/golang/parse_go_binary.go +++ b/syft/pkg/cataloger/golang/parse_go_binary.go @@ -343,7 +343,7 @@ func getGOARCHFromBin(r io.ReaderAt) (string, error) { if err != nil { return "", fmt.Errorf("unrecognized file format: %w", err) } - arch = fmt.Sprintf("%d", f.FileHeader.TargetMachine) + arch = fmt.Sprintf("%d", f.TargetMachine) default: return "", errUnrecognizedFormat } diff --git a/syft/pkg/cataloger/golang/parse_go_mod.go b/syft/pkg/cataloger/golang/parse_go_mod.go index 227f4c5e4..d44679a69 100644 --- a/syft/pkg/cataloger/golang/parse_go_mod.go +++ b/syft/pkg/cataloger/golang/parse_go_mod.go @@ -61,7 +61,7 @@ func (c *goModCataloger) parseGoModFile(ctx context.Context, resolver file.Resol Name: m.Mod.Path, Version: m.Mod.Version, Licenses: pkg.NewLicenseSet(lics...), - Locations: file.NewLocationSet(reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), + Locations: file.NewLocationSet(reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), PURL: packageURL(m.Mod.Path, m.Mod.Version), Language: pkg.Go, Type: pkg.GoModulePkg, @@ -83,7 +83,7 @@ func (c *goModCataloger) parseGoModFile(ctx context.Context, resolver file.Resol Name: m.New.Path, Version: m.New.Version, Licenses: pkg.NewLicenseSet(lics...), - Locations: file.NewLocationSet(reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), + Locations: file.NewLocationSet(reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), PURL: packageURL(m.New.Path, m.New.Version), Language: pkg.Go, Type: pkg.GoModulePkg, @@ -120,7 +120,7 @@ func parseGoSumFile(resolver file.Resolver, reader file.LocationReadCloser) (map return out, fmt.Errorf("no resolver provided") } - goSumPath := strings.TrimSuffix(reader.Location.RealPath, ".mod") + ".sum" + goSumPath := strings.TrimSuffix(reader.RealPath, ".mod") + ".sum" goSumLocation := resolver.RelativeFileByPath(reader.Location, goSumPath) if goSumLocation == nil { return nil, fmt.Errorf("unable to resolve: %s", goSumPath) diff --git a/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go b/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go index 37495128c..a5d57911d 100644 --- a/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go +++ b/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go @@ -275,7 +275,7 @@ func (ni nativeImageElf) fetchPkgs() (pkgs []pkg.Package, relationships []artifa if dataSection == nil { return nil, nil, fmt.Errorf("no .data section found in binary: %w", err) } - dataSectionBase := dataSection.SectionHeader.Addr + dataSectionBase := dataSection.Addr data, err := dataSection.Data() if err != nil { return nil, nil, fmt.Errorf("cannot read the .data section: %w", err) diff --git a/syft/pkg/cataloger/java/parse_gradle_lockfile.go b/syft/pkg/cataloger/java/parse_gradle_lockfile.go index a2aa11b5d..939a90463 100644 --- a/syft/pkg/cataloger/java/parse_gradle_lockfile.go +++ b/syft/pkg/cataloger/java/parse_gradle_lockfile.go @@ -63,7 +63,7 @@ func parseGradleLockfile(_ context.Context, _ file.Resolver, _ *generic.Environm Name: dep.Name, Version: dep.Version, Locations: file.NewLocationSet( - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), Language: pkg.Java, Type: pkg.JavaPkg, diff --git a/syft/pkg/cataloger/javascript/parse_package_json.go b/syft/pkg/cataloger/javascript/parse_package_json.go index da38e0dbd..0c13d344a 100644 --- a/syft/pkg/cataloger/javascript/parse_package_json.go +++ b/syft/pkg/cataloger/javascript/parse_package_json.go @@ -67,7 +67,7 @@ func parsePackageJSON(_ context.Context, _ file.Resolver, _ *generic.Environment // a compliance filter later will remove these packages based on compliance rules pkgs = append( pkgs, - newPackageJSONPackage(p, reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), + newPackageJSONPackage(p, reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), ) } diff --git a/syft/pkg/cataloger/kernel/parse_linux_kernel_module_file.go b/syft/pkg/cataloger/kernel/parse_linux_kernel_module_file.go index cf98d6417..1106bb942 100644 --- a/syft/pkg/cataloger/kernel/parse_linux_kernel_module_file.go +++ b/syft/pkg/cataloger/kernel/parse_linux_kernel_module_file.go @@ -28,7 +28,7 @@ func parseLinuxKernelModuleFile(_ context.Context, _ file.Resolver, _ *generic.E return nil, nil, nil } - metadata.Path = reader.Location.RealPath + metadata.Path = reader.RealPath return []pkg.Package{ newLinuxKernelModulePackage( diff --git a/syft/pkg/cataloger/lua/parse_rockspec.go b/syft/pkg/cataloger/lua/parse_rockspec.go index de109e77e..67c4310fe 100644 --- a/syft/pkg/cataloger/lua/parse_rockspec.go +++ b/syft/pkg/cataloger/lua/parse_rockspec.go @@ -74,7 +74,7 @@ func parseRockspec(_ context.Context, _ file.Resolver, _ *generic.Environment, r Homepage: homepage, Description: description, }, - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ) return []pkg.Package{p}, nil, nil diff --git a/syft/pkg/cataloger/ocaml/parse_opam.go b/syft/pkg/cataloger/ocaml/parse_opam.go index 6e56db757..bb5f2084a 100644 --- a/syft/pkg/cataloger/ocaml/parse_opam.go +++ b/syft/pkg/cataloger/ocaml/parse_opam.go @@ -39,7 +39,7 @@ func parseOpamPackage(_ context.Context, _ file.Resolver, _ *generic.Environment // If name is inferred from file name/path var name, version string var licenses []string - loc := reader.Location.LocationData.AccessPath + loc := reader.AccessPath dir, file := path.Split(loc) if file == "opam" { @@ -95,7 +95,7 @@ func parseOpamPackage(_ context.Context, _ file.Resolver, _ *generic.Environment pkgs, newOpamPackage( entry, - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), ) diff --git a/syft/pkg/cataloger/python/parse_poetry_lock.go b/syft/pkg/cataloger/python/parse_poetry_lock.go index 2b75f51b8..e7ba52e3e 100644 --- a/syft/pkg/cataloger/python/parse_poetry_lock.go +++ b/syft/pkg/cataloger/python/parse_poetry_lock.go @@ -99,7 +99,7 @@ func poetryLockPackages(reader file.LocationReadCloser) ([]pkg.Package, error) { p.Name, p.Version, newPythonPoetryLockEntry(p), - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), ) } diff --git a/syft/pkg/cataloger/python/parse_requirements.go b/syft/pkg/cataloger/python/parse_requirements.go index ce3a0f9b1..bbc761530 100644 --- a/syft/pkg/cataloger/python/parse_requirements.go +++ b/syft/pkg/cataloger/python/parse_requirements.go @@ -153,7 +153,7 @@ func (rp requirementsParser) parseRequirementsTxt(_ context.Context, _ file.Reso URL: parseURL(req.URL), Markers: req.Markers, }, - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), ) } diff --git a/syft/pkg/cataloger/python/parse_setup.go b/syft/pkg/cataloger/python/parse_setup.go index ccbe916f5..3332508ac 100644 --- a/syft/pkg/cataloger/python/parse_setup.go +++ b/syft/pkg/cataloger/python/parse_setup.go @@ -59,7 +59,7 @@ func parseSetup(_ context.Context, _ file.Resolver, _ *generic.Environment, read newPackageForIndex( name, version, - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), ) } diff --git a/syft/pkg/cataloger/redhat/parse_rpm_archive.go b/syft/pkg/cataloger/redhat/parse_rpm_archive.go index 8c4b395a7..9a5d268e7 100644 --- a/syft/pkg/cataloger/redhat/parse_rpm_archive.go +++ b/syft/pkg/cataloger/redhat/parse_rpm_archive.go @@ -19,7 +19,7 @@ import ( func parseRpmArchive(_ context.Context, _ file.Resolver, _ *generic.Environment, reader file.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { rpm, err := rpmutils.ReadRpm(reader) if err != nil { - return nil, nil, fmt.Errorf("RPM file found but unable to read: %s (%w)", reader.Location.RealPath, err) + return nil, nil, fmt.Errorf("RPM file found but unable to read: %s (%w)", reader.RealPath, err) } nevra, err := rpm.Header.GetNEVRA() diff --git a/syft/pkg/cataloger/ruby/parse_gemfile_lock.go b/syft/pkg/cataloger/ruby/parse_gemfile_lock.go index 748727bcc..d8fe50850 100644 --- a/syft/pkg/cataloger/ruby/parse_gemfile_lock.go +++ b/syft/pkg/cataloger/ruby/parse_gemfile_lock.go @@ -47,7 +47,7 @@ func parseGemFileLockEntries(_ context.Context, _ file.Resolver, _ *generic.Envi newGemfileLockPackage( candidate[0], strings.Trim(candidate[1], "()"), - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), ) } diff --git a/syft/pkg/cataloger/rust/parse_cargo_lock.go b/syft/pkg/cataloger/rust/parse_cargo_lock.go index 79c6d07c1..9551ca89f 100644 --- a/syft/pkg/cataloger/rust/parse_cargo_lock.go +++ b/syft/pkg/cataloger/rust/parse_cargo_lock.go @@ -43,7 +43,7 @@ func parseCargoLock(_ context.Context, _ file.Resolver, _ *generic.Environment, } newPkg := newPackageFromCargoMetadata( p, - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ) pkgs = append( pkgs, diff --git a/syft/pkg/cataloger/sbom/cataloger.go b/syft/pkg/cataloger/sbom/cataloger.go index 9779a8166..998fecaee 100644 --- a/syft/pkg/cataloger/sbom/cataloger.go +++ b/syft/pkg/cataloger/sbom/cataloger.go @@ -40,7 +40,7 @@ func NewCataloger() pkg.Cataloger { func parseSBOM(_ context.Context, _ file.Resolver, _ *generic.Environment, reader file.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { readSeeker, err := adaptToReadSeeker(reader) if err != nil { - return nil, nil, fmt.Errorf("unable to read SBOM file %q: %w", reader.Location.RealPath, err) + return nil, nil, fmt.Errorf("unable to read SBOM file %q: %w", reader.RealPath, err) } s, _, _, err := format.Decode(readSeeker) if err != nil { @@ -48,7 +48,7 @@ func parseSBOM(_ context.Context, _ file.Resolver, _ *generic.Environment, reade } if s == nil { - log.WithFields("path", reader.Location.RealPath).Trace("file is not an SBOM") + log.WithFields("path", reader.RealPath).Trace("file is not an SBOM") return nil, nil, nil } @@ -60,14 +60,14 @@ func parseSBOM(_ context.Context, _ file.Resolver, _ *generic.Environment, reade // where there is evidence of this file, and the catalogers have not run against any file other than, // the SBOM, this is the only location that is relevant for this cataloger. p.Locations = file.NewLocationSet( - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ) p.FoundBy = catalogerName pkgs = append(pkgs, p) relationships = append(relationships, artifact.Relationship{ From: p, - To: reader.Location.Coordinates, + To: reader.Coordinates, Type: artifact.DescribedByRelationship, }) } diff --git a/syft/pkg/cataloger/swift/parse_package_resolved.go b/syft/pkg/cataloger/swift/parse_package_resolved.go index 4fc3965c9..68211b72d 100644 --- a/syft/pkg/cataloger/swift/parse_package_resolved.go +++ b/syft/pkg/cataloger/swift/parse_package_resolved.go @@ -94,7 +94,7 @@ func parsePackageResolved(_ context.Context, _ file.Resolver, _ *generic.Environ pkgPin.Version, pkgPin.Location, pkgPin.Revision, - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), ) } diff --git a/syft/pkg/cataloger/swift/parse_podfile_lock.go b/syft/pkg/cataloger/swift/parse_podfile_lock.go index 43803a9f8..10730af67 100644 --- a/syft/pkg/cataloger/swift/parse_podfile_lock.go +++ b/syft/pkg/cataloger/swift/parse_podfile_lock.go @@ -67,7 +67,7 @@ func parsePodfileLock(_ context.Context, _ file.Resolver, _ *generic.Environment podName, podVersion, pkgHash, - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), ) } diff --git a/syft/pkg/cataloger/swipl/parse_pack.go b/syft/pkg/cataloger/swipl/parse_pack.go index e062da963..ffc13a1b9 100644 --- a/syft/pkg/cataloger/swipl/parse_pack.go +++ b/syft/pkg/cataloger/swipl/parse_pack.go @@ -62,7 +62,7 @@ func parsePackPackage(_ context.Context, _ file.Resolver, _ *generic.Environment pkgs, newSwiplPackPackage( entry, - reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), ) diff --git a/syft/pkg/cataloger/terraform/parse_tf_lock.go b/syft/pkg/cataloger/terraform/parse_tf_lock.go index b29b683c4..bd7091f7e 100644 --- a/syft/pkg/cataloger/terraform/parse_tf_lock.go +++ b/syft/pkg/cataloger/terraform/parse_tf_lock.go @@ -36,7 +36,7 @@ func parseTerraformLock(_ context.Context, _ file.Resolver, _ *generic.Environme p := pkg.Package{ Name: provider.URL, Version: provider.Version, - Locations: file.NewLocationSet(reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), + Locations: file.NewLocationSet(reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), Licenses: pkg.NewLicenseSet(), // TODO: license could be found in .terraform/providers/${name}/${version}/${arch}/LICENSE.txt Language: pkg.Go, Type: pkg.TerraformPkg, diff --git a/syft/pkg/cataloger/wordpress/parse_plugin.go b/syft/pkg/cataloger/wordpress/parse_plugin.go index a3d266b00..713058f19 100644 --- a/syft/pkg/cataloger/wordpress/parse_plugin.go +++ b/syft/pkg/cataloger/wordpress/parse_plugin.go @@ -44,7 +44,7 @@ func parseWordpressPluginFiles(_ context.Context, _ file.Resolver, _ *generic.En _, err := reader.Read(buffer) if err != nil { - return nil, nil, fmt.Errorf("failed to read %s file: %w", reader.Location.Path(), err) + return nil, nil, fmt.Errorf("failed to read %s file: %w", reader.Path(), err) } fields := extractFields(string(buffer))