Skip to content

Commit

Permalink
refactor: use go-version to detect sdk version
Browse files Browse the repository at this point in the history
  • Loading branch information
DmitriyLewen committed Jun 3, 2024
1 parent 1aa02bb commit f70d7ac
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 15 deletions.
2 changes: 2 additions & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -427,3 +427,5 @@ require (
sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
)

replace github.com/aquasecurity/go-version => ../go-version
3 changes: 0 additions & 3 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -760,9 +760,6 @@ github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 h1:eve
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798/go.mod h1:hxbJZtKlO4P8sZ9nztizR6XLoE33O+BkPmuYQ4ACyz0=
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 h1:vmXNl+HDfqqXgr0uY1UgK1GAhps8nbAAtqHNBcgyf+4=
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46/go.mod h1:olhPNdiiAAMiSujemd1O/sc6GcyePr23f/6uGKtthNg=
github.com/aquasecurity/go-version v0.0.0-20201107203531-5e48ac5d022a/go.mod h1:9Beu8XsUNNfzml7WBf3QmyPToP1wm1Gj/Vc5UJKqTzU=
github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 h1:rcEG5HI490FF0a7zuvxOxen52ddygCfNVjP0XOCMl+M=
github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492/go.mod h1:9Beu8XsUNNfzml7WBf3QmyPToP1wm1Gj/Vc5UJKqTzU=
github.com/aquasecurity/loading v0.0.5 h1:2iq02sPSSMU+ULFPmk0v0lXnK/eZ2e0dRAj/Dl5TvuM=
github.com/aquasecurity/loading v0.0.5/go.mod h1:NSHeeq1JTDTFuXAe87q4yQ2DX57pXiaQMqq8Zm9HCJA=
github.com/aquasecurity/table v1.8.0 h1:9ntpSwrUfjrM6/YviArlx/ZBGd6ix8W+MtojQcM7tv0=
Expand Down
30 changes: 18 additions & 12 deletions pkg/dependency/parser/dart/pub/parse.go
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
package pub

import (
"strings"

"golang.org/x/xerrors"
"gopkg.in/yaml.v3"

goversion "github.com/aquasecurity/go-version/pkg/version"
"github.com/aquasecurity/trivy/pkg/dependency"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/log"
Expand Down Expand Up @@ -58,7 +57,10 @@ func (p Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependency
version := dep.Version
if version == "0.0.0" && dep.Source == "sdk" {
if constraint, ok := l.Sdks[string(dep.Description)]; ok {
if v := firstVersionOfConstrain(constraint); v != "" {
v, err := firstVersionOfConstrain(constraint)
if err != nil {
p.logger.Warn("unable to get sdk version from constraint: %w", err)
} else if v != "" {
p.logger.Info("The first version of the constraint from the sdk source was used.", log.String("dep", name), log.String("constraint", constraint))
version = v
}
Expand Down Expand Up @@ -93,17 +95,21 @@ func (p Parser) relationship(dep string) ftypes.Relationship {
}

// firstVersionOfConstrain returns the first acceptable version for constraint
func firstVersionOfConstrain(constraint string) string {
func firstVersionOfConstrain(constraint string) (string, error) {
css, err := goversion.NewConstraints(constraint)
if err != nil {
return "", xerrors.Errorf("unable to parse constraints: %w", err)
}

// Dart uses only `>=` and `^` operators:
// cf. https://dart.dev/tools/pub/dependencies#traditional-syntax
switch {
case strings.HasPrefix(constraint, ">="):
constraint = strings.TrimPrefix(constraint, ">=")
constraint, _, _ = strings.Cut(constraint, " ")
return constraint
case strings.HasPrefix(constraint, "^"):
return strings.TrimPrefix(constraint, "^")
constraints := css.List()
// We only need to get the first version from the range
if constraints[0][0].Operator() != ">=" && constraints[0][0].Operator() != "^" {
return "", nil
}
return ""

return constraints[0][0].Version(), nil
}

func (d *Description) UnmarshalYAML(value *yaml.Node) error {
Expand Down

0 comments on commit f70d7ac

Please sign in to comment.