mirror of
https://github.com/anchore/syft.git
synced 2025-11-21 10:23:18 +01:00
abbba3fc19
* consider additional vendor candidates for ruby, python, rpm, npm, and java Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add java pom.xml processing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow for downstream transform control in cpe generation processing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * migrate CPE generation logic to dedicated package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split java manifest groupID extraction into two tiers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * extract groupID from pom parent project during CPE generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update java groupID processing tests to cover multi-tier approach Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix constructor names for cpe.fieldCandidate Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename helper function to startsWithTopLevelDomain Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add nil changes for java manifest sections Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update comment to reflect parsing maven files Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split out java description parsing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split out pom parent processing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * simplify vendorsFromGroupIDs and associated tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * simplify test type for vendorsFromGroupIDs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * copy candidate varidations to new instances Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename CPE generation string util functions Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add an explanation around fieldCandidate Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * simplify type for the cpe.fieldCandidateSet Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * make CPE filter function names more readable Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update groupIDsFromJavaManifest to use a guard clause Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * extract groupID extraction from artifactID fields into a separate function Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump goreleaser version to combat failure Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
54 lines
1.2 KiB
Go
54 lines
1.2 KiB
Go
package java
|
|
|
|
import (
|
|
"bufio"
|
|
"fmt"
|
|
"io"
|
|
"strings"
|
|
|
|
"github.com/anchore/syft/syft/pkg"
|
|
"github.com/mitchellh/mapstructure"
|
|
)
|
|
|
|
const pomPropertiesGlob = "*pom.properties"
|
|
|
|
func parsePomProperties(path string, reader io.Reader) (*pkg.PomProperties, error) {
|
|
var props pkg.PomProperties
|
|
propMap := make(map[string]string)
|
|
scanner := bufio.NewScanner(reader)
|
|
for scanner.Scan() {
|
|
line := scanner.Text()
|
|
|
|
// ignore empty lines and comments
|
|
if strings.TrimSpace(line) == "" || strings.HasPrefix(strings.TrimLeft(line, " "), "#") {
|
|
continue
|
|
}
|
|
|
|
idx := strings.IndexAny(line, "=:")
|
|
if idx == -1 {
|
|
return nil, fmt.Errorf("unable to split pom.properties key-value pairs: %q", line)
|
|
}
|
|
|
|
key := strings.TrimSpace(line[0:idx])
|
|
value := strings.TrimSpace(line[idx+1:])
|
|
propMap[key] = value
|
|
}
|
|
|
|
if err := scanner.Err(); err != nil {
|
|
return nil, fmt.Errorf("unable to read pom.properties: %w", err)
|
|
}
|
|
|
|
if err := mapstructure.Decode(propMap, &props); err != nil {
|
|
return nil, fmt.Errorf("unable to parse pom.properties: %w", err)
|
|
}
|
|
|
|
// don't allow for a nil collection, ensure it is empty
|
|
if props.Extra == nil {
|
|
props.Extra = make(map[string]string)
|
|
}
|
|
|
|
props.Path = path
|
|
|
|
return &props, nil
|
|
}
|