mirror of
https://github.com/anchore/syft.git
synced 2025-11-20 18:03:16 +01:00
1aaa644007
* [wip] Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * distinct the package metadata functions Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove metadata type from package core model Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * incorporate review feedback for names Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add RPM archive metadata and split parser helpers Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * clarify the python package metadata type Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename the KB metadata type Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * break hackage and composer types by use case Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * linting fix Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix encoding and decoding for syft-json and cyclonedx Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump json schema to 11 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update cyclonedx-json snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update cyclonedx-xml snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update spdx-json snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update spdx-tv snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update syft-json snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * correct metadata type in stack yaml parser test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix bom-ref redactor for cyclonedx-xml Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tests for legacy package metadata names Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * regenerate json schema v11 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix legacy HackageMetadataType reflect type value check Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * packagemetadata discovery should account for type shadowing Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump json schema version to v12 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update json schema to incorporate changes from main Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add syft-json legacy config option Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tests around v11-v12 json decoding Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add docs for SYFT_JSON_LEGACY Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename structs to be compliant with new naming scheme Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
73 lines
1.7 KiB
Go
73 lines
1.7 KiB
Go
package rust
|
|
|
|
import (
|
|
"github.com/microsoft/go-rustaudit"
|
|
|
|
"github.com/anchore/packageurl-go"
|
|
"github.com/anchore/syft/syft/file"
|
|
"github.com/anchore/syft/syft/pkg"
|
|
)
|
|
|
|
// Pkg returns the standard `pkg.Package` representation of the package referenced within the Cargo.lock metadata.
|
|
func newPackageFromCargoMetadata(m pkg.RustCargoLockEntry, locations ...file.Location) pkg.Package {
|
|
p := pkg.Package{
|
|
Name: m.Name,
|
|
Version: m.Version,
|
|
Locations: file.NewLocationSet(locations...),
|
|
PURL: packageURL(m.Name, m.Version),
|
|
Language: pkg.Rust,
|
|
Type: pkg.RustPkg,
|
|
Metadata: m,
|
|
}
|
|
|
|
p.SetID()
|
|
|
|
return p
|
|
}
|
|
|
|
func newPackagesFromAudit(location file.Location, versionInfo rustaudit.VersionInfo) []pkg.Package {
|
|
var pkgs []pkg.Package
|
|
|
|
for _, dep := range versionInfo.Packages {
|
|
dep := dep
|
|
p := newPackageFromAudit(&dep, location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation))
|
|
if pkg.IsValid(&p) && dep.Kind == rustaudit.Runtime {
|
|
pkgs = append(pkgs, p)
|
|
}
|
|
}
|
|
|
|
return pkgs
|
|
}
|
|
|
|
func newPackageFromAudit(dep *rustaudit.Package, locations ...file.Location) pkg.Package {
|
|
p := pkg.Package{
|
|
Name: dep.Name,
|
|
Version: dep.Version,
|
|
PURL: packageURL(dep.Name, dep.Version),
|
|
Language: pkg.Rust,
|
|
Type: pkg.RustPkg,
|
|
Locations: file.NewLocationSet(locations...),
|
|
Metadata: pkg.RustBinaryAuditEntry{
|
|
Name: dep.Name,
|
|
Version: dep.Version,
|
|
Source: dep.Source,
|
|
},
|
|
}
|
|
|
|
p.SetID()
|
|
|
|
return p
|
|
}
|
|
|
|
// packageURL returns the PURL for the specific rust package (see https://github.com/package-url/purl-spec)
|
|
func packageURL(name, version string) string {
|
|
return packageurl.NewPackageURL(
|
|
packageurl.TypeCargo,
|
|
"",
|
|
name,
|
|
version,
|
|
nil,
|
|
"",
|
|
).ToString()
|
|
}
|