mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
b0ab75fd89
* remove existing cataloging API Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add file cataloging config Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add package cataloging config Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add configs for cross-cutting concerns Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename CLI option configs to not require import aliases later Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update all nested structs for the Catalog struct Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update Catalog cli options - add new cataloger selection options (selection and default) - remove the excludeBinaryOverlapByOwnership - deprecate "catalogers" flag - add new javascript configuration Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * migrate relationship capabilities to separate internal package Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * refactor golang cataloger to use configuration options when creating packages Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * create internal object to facilitate reading from and writing to an SBOM Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * create a command-like object (task) to facilitate partial SBOM creation Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add cataloger selection capability - be able to parse string expressions into a set of resolved actions against sets - be able to use expressions to select/add/remove tasks to/from the final set of tasks to run Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add package, file, and environment related tasks Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update existing file catalogers to use nested UI elements Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add CreateSBOMConfig that drives the SBOM creation process Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * capture SBOM creation info as a struct Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add CreateSBOM() function Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update docs with SBOM selection help + breaking changes Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix multiple override default inputs Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix deprecation flag printing to stdout Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * refactor cataloger selection description to separate object Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * keep expression errors and show specific suggestions only Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address additional review feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address more review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * addressed additional PR review feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix file selection references Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove guess language data generation option Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tests for coordinatesForSelection Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename relationship attributes Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add descriptions to relationships config fields Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * improve documentation around configuration options Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add explicit errors around legacy config entries Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
81 lines
3.0 KiB
Go
81 lines
3.0 KiB
Go
package syft
|
|
|
|
import (
|
|
"encoding/json"
|
|
"reflect"
|
|
|
|
"github.com/anchore/syft/syft/cataloging"
|
|
"github.com/anchore/syft/syft/cataloging/filecataloging"
|
|
"github.com/anchore/syft/syft/cataloging/pkgcataloging"
|
|
)
|
|
|
|
// configurationAuditTrail is all input configuration was used to generate the SBOM
|
|
type configurationAuditTrail struct {
|
|
Search cataloging.SearchConfig `json:"search" yaml:"search" mapstructure:"search"`
|
|
Relationships cataloging.RelationshipsConfig `json:"relationships" yaml:"relationships" mapstructure:"relationships"`
|
|
DataGeneration cataloging.DataGenerationConfig `json:"data-generation" yaml:"data-generation" mapstructure:"data-generation"`
|
|
Packages pkgcataloging.Config `json:"packages" yaml:"packages" mapstructure:"packages"`
|
|
Files filecataloging.Config `json:"files" yaml:"files" mapstructure:"files"`
|
|
Catalogers catalogerManifest `json:"catalogers" yaml:"catalogers" mapstructure:"catalogers"`
|
|
ExtraConfigs any `json:"extra,omitempty" yaml:"extra" mapstructure:"extra"`
|
|
}
|
|
|
|
type catalogerManifest struct {
|
|
Requested pkgcataloging.SelectionRequest `json:"requested" yaml:"requested" mapstructure:"requested"`
|
|
Used []string `json:"used" yaml:"used" mapstructure:"used"`
|
|
}
|
|
|
|
type marshalAPIConfiguration configurationAuditTrail
|
|
|
|
func (cfg configurationAuditTrail) MarshalJSON() ([]byte, error) {
|
|
// since the api configuration is placed into the SBOM in an empty interface, and we want a stable ordering of
|
|
// keys (not guided by the struct ordering) we need to convert the struct to a map. This is best done with
|
|
// simply marshalling and unmarshalling. Mapstructure is used to ensure we are honoring all json struct
|
|
// tags. Once we have a map, we can lean on the stable ordering of json map keys in the stdlib. This is an
|
|
// implementation detail that can be at least relied on until Go 2 (at which point it can change).
|
|
// This dance allows us to guarantee ordering of keys in the configuration section of the SBOM.
|
|
|
|
initialJSON, err := json.Marshal(marshalAPIConfiguration(cfg))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var dataMap map[string]interface{}
|
|
if err := json.Unmarshal(initialJSON, &dataMap); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if v, exists := dataMap["extra"]; exists && v == nil {
|
|
// remove the extra key if it renders as nil
|
|
delete(dataMap, "extra")
|
|
}
|
|
|
|
return marshalSorted(dataMap)
|
|
}
|
|
|
|
// marshalSorted recursively marshals a map with sorted keys
|
|
func marshalSorted(m interface{}) ([]byte, error) {
|
|
if reflect.TypeOf(m).Kind() != reflect.Map {
|
|
return json.Marshal(m)
|
|
}
|
|
|
|
val := reflect.ValueOf(m)
|
|
sortedMap := make(map[string]interface{})
|
|
|
|
for _, key := range val.MapKeys() {
|
|
value := val.MapIndex(key).Interface()
|
|
|
|
if value != nil && reflect.TypeOf(value).Kind() == reflect.Map {
|
|
sortedValue, err := marshalSorted(value)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
sortedMap[key.String()] = json.RawMessage(sortedValue)
|
|
} else {
|
|
sortedMap[key.String()] = value
|
|
}
|
|
}
|
|
|
|
return json.Marshal(sortedMap)
|
|
}
|