package lock v2 parsing (#5)

* package lock v2 parsing Signed-off-by: Benji Visser <benji@093b.org> * updating dotnet deps tests Signed-off-by: Benji Visser <benji@093b.org> * else if Signed-off-by: Benji Visser <benji@093b.org> * //nolint:funlen Signed-off-by: Benji Visser <benji@093b.org> * fix goimports Signed-off-by: Benji Visser <benji@093b.org> --------- Signed-off-by: Benji Visser <benji@093b.org>
noqcks · Oct 2, 2023 · 294cf5d · 294cf5d
1 parent 21656aa
commit 294cf5d
Show file tree

Hide file tree

Showing 7 changed files with 533 additions and 304 deletions.
diff --git a/go.mod b/go.mod
@@ -85,6 +85,11 @@ require (
 	modernc.org/sqlite v1.25.0
 )
 
+require (
+	github.com/samber/lo v1.38.1
+	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2
+)
+
 require (
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
@@ -186,7 +191,6 @@ require (
 	golang.org/x/sys v0.12.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/tools v0.13.0 // indirect
-	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	google.golang.org/grpc v1.55.0 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect

diff --git a/go.sum b/go.sum
@@ -616,6 +616,8 @@ github.com/saferwall/pe v1.4.5/go.mod h1:SNzv3cdgk8SBI0UwHfyTcdjawfdnN+nbydnEL7G
 github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig=
 github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d h1:hrujxIzL1woJ7AwssoOcM/tq5JjjG2yYOc8odClEiXA=
 github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d/go.mod h1:uugorj2VCxiV1x+LzaIdVa9b4S4qGAcH6cbhh4qVxOU=
+github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM=
+github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA=
 github.com/sassoftware/go-rpmutils v0.2.0 h1:pKW0HDYMFWQ5b4JQPiI3WI12hGsVoW0V8+GMoZiI/JE=
 github.com/sassoftware/go-rpmutils v0.2.0/go.mod h1:TJJQYtLe/BeEmEjelI3b7xNZjzAukEkeWKmoakvaOoI=
 github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e h1:7q6NSFZDeGfvvtIRwBrU/aegEYJYmvev0cHAwo17zZQ=

diff --git a/syft/formats/common/cyclonedxhelpers/component.go b/syft/formats/common/cyclonedxhelpers/component.go
@@ -30,10 +30,8 @@ func encodeComponent(p pkg.Package) cyclonedx.Component {
 	componentType := cyclonedx.ComponentTypeLibrary
 	if p.ComponentType != "" {
 		componentType = cyclonedx.ComponentType(p.ComponentType)
-	} else {
-		if p.Type == pkg.BinaryPkg {
-			componentType = cyclonedx.ComponentTypeApplication
-		}
+	} else if p.Type == pkg.BinaryPkg {
+		componentType = cyclonedx.ComponentTypeApplication
 	}
 
 	return cyclonedx.Component{

diff --git a/syft/pkg/cataloger/dotnet/parse_dotnet_deps_test.go b/syft/pkg/cataloger/dotnet/parse_dotnet_deps_test.go
@@ -13,39 +13,42 @@ func TestParseDotnetDeps(t *testing.T) {
 	fixture := "test-fixtures/TestLibrary.deps.json"
 	fixtureLocationSet := file.NewLocationSet(file.NewLocation(fixture))
 	rootPkg := pkg.Package{
-		Name:         "TestLibrary",
-		Version:      "1.0.0",
-		PURL:         "pkg:nuget/TestLibrary@1.0.0",
-		Locations:    fixtureLocationSet,
-		Language:     pkg.Dotnet,
-		Type:         pkg.DotnetPkg,
-		MetadataType: pkg.DotnetDepsMetadataType,
+		Name:          "TestLibrary",
+		Version:       "1.0.0",
+		PURL:          "pkg:nuget/TestLibrary@1.0.0",
+		Locations:     fixtureLocationSet,
+		Language:      pkg.Dotnet,
+		Type:          pkg.DotnetPkg,
+		MetadataType:  pkg.DotnetDepsMetadataType,
+		ComponentType: pkg.ComponentTypeApplication,
 		Metadata: pkg.DotnetDepsMetadata{
 			Name:    "TestLibrary",
 			Version: "1.0.0",
 		},
 	}
 	testCommon := pkg.Package{
-		Name:         "TestCommon",
-		Version:      "1.0.0",
-		PURL:         "pkg:nuget/TestCommon@1.0.0",
-		Locations:    fixtureLocationSet,
-		Language:     pkg.Dotnet,
-		Type:         pkg.DotnetPkg,
-		MetadataType: pkg.DotnetDepsMetadataType,
+		Name:          "TestCommon",
+		Version:       "1.0.0",
+		PURL:          "pkg:nuget/TestCommon@1.0.0",
+		Locations:     fixtureLocationSet,
+		Language:      pkg.Dotnet,
+		Type:          pkg.DotnetPkg,
+		MetadataType:  pkg.DotnetDepsMetadataType,
+		ComponentType: pkg.ComponentTypeLibrary,
 		Metadata: pkg.DotnetDepsMetadata{
 			Name:    "TestCommon",
 			Version: "1.0.0",
 		},
 	}
 	awssdkcore := pkg.Package{
-		Name:         "AWSSDK.Core",
-		Version:      "3.7.10.6",
-		PURL:         "pkg:nuget/AWSSDK.Core@3.7.10.6",
-		Locations:    fixtureLocationSet,
-		Language:     pkg.Dotnet,
-		Type:         pkg.DotnetPkg,
-		MetadataType: pkg.DotnetDepsMetadataType,
+		Name:          "AWSSDK.Core",
+		Version:       "3.7.10.6",
+		PURL:          "pkg:nuget/AWSSDK.Core@3.7.10.6",
+		Locations:     fixtureLocationSet,
+		Language:      pkg.Dotnet,
+		Type:          pkg.DotnetPkg,
+		MetadataType:  pkg.DotnetDepsMetadataType,
+		ComponentType: pkg.ComponentTypeLibrary,
 		Metadata: pkg.DotnetDepsMetadata{
 			Name:     "AWSSDK.Core",
 			Version:  "3.7.10.6",
@@ -55,13 +58,14 @@ func TestParseDotnetDeps(t *testing.T) {
 		},
 	}
 	msftDependencyInjectionAbstractions := pkg.Package{
-		Name:         "Microsoft.Extensions.DependencyInjection.Abstractions",
-		Version:      "6.0.0",
-		PURL:         "pkg:nuget/Microsoft.Extensions.DependencyInjection.Abstractions@6.0.0",
-		Locations:    fixtureLocationSet,
-		Language:     pkg.Dotnet,
-		Type:         pkg.DotnetPkg,
-		MetadataType: pkg.DotnetDepsMetadataType,
+		Name:          "Microsoft.Extensions.DependencyInjection.Abstractions",
+		Version:       "6.0.0",
+		PURL:          "pkg:nuget/Microsoft.Extensions.DependencyInjection.Abstractions@6.0.0",
+		Locations:     fixtureLocationSet,
+		Language:      pkg.Dotnet,
+		Type:          pkg.DotnetPkg,
+		MetadataType:  pkg.DotnetDepsMetadataType,
+		ComponentType: pkg.ComponentTypeLibrary,
 		Metadata: pkg.DotnetDepsMetadata{
 			Name:     "Microsoft.Extensions.DependencyInjection.Abstractions",
 			Version:  "6.0.0",
@@ -71,13 +75,14 @@ func TestParseDotnetDeps(t *testing.T) {
 		},
 	}
 	msftDependencyInjection := pkg.Package{
-		Name:         "Microsoft.Extensions.DependencyInjection",
-		Version:      "6.0.0",
-		PURL:         "pkg:nuget/Microsoft.Extensions.DependencyInjection@6.0.0",
-		Locations:    fixtureLocationSet,
-		Language:     pkg.Dotnet,
-		Type:         pkg.DotnetPkg,
-		MetadataType: pkg.DotnetDepsMetadataType,
+		Name:          "Microsoft.Extensions.DependencyInjection",
+		Version:       "6.0.0",
+		PURL:          "pkg:nuget/Microsoft.Extensions.DependencyInjection@6.0.0",
+		Locations:     fixtureLocationSet,
+		Language:      pkg.Dotnet,
+		Type:          pkg.DotnetPkg,
+		MetadataType:  pkg.DotnetDepsMetadataType,
+		ComponentType: pkg.ComponentTypeLibrary,
 		Metadata: pkg.DotnetDepsMetadata{
 			Name:     "Microsoft.Extensions.DependencyInjection",
 			Version:  "6.0.0",
@@ -87,13 +92,14 @@ func TestParseDotnetDeps(t *testing.T) {
 		},
 	}
 	msftLoggingAbstractions := pkg.Package{
-		Name:         "Microsoft.Extensions.Logging.Abstractions",
-		Version:      "6.0.0",
-		PURL:         "pkg:nuget/Microsoft.Extensions.Logging.Abstractions@6.0.0",
-		Locations:    fixtureLocationSet,
-		Language:     pkg.Dotnet,
-		Type:         pkg.DotnetPkg,
-		MetadataType: pkg.DotnetDepsMetadataType,
+		Name:          "Microsoft.Extensions.Logging.Abstractions",
+		Version:       "6.0.0",
+		PURL:          "pkg:nuget/Microsoft.Extensions.Logging.Abstractions@6.0.0",
+		Locations:     fixtureLocationSet,
+		Language:      pkg.Dotnet,
+		Type:          pkg.DotnetPkg,
+		MetadataType:  pkg.DotnetDepsMetadataType,
+		ComponentType: pkg.ComponentTypeLibrary,
 		Metadata: pkg.DotnetDepsMetadata{
 			Name:     "Microsoft.Extensions.Logging.Abstractions",
 			Version:  "6.0.0",
@@ -103,13 +109,14 @@ func TestParseDotnetDeps(t *testing.T) {
 		},
 	}
 	msftExtensionsLogging := pkg.Package{
-		Name:         "Microsoft.Extensions.Logging",
-		Version:      "6.0.0",
-		PURL:         "pkg:nuget/Microsoft.Extensions.Logging@6.0.0",
-		Locations:    fixtureLocationSet,
-		Language:     pkg.Dotnet,
-		Type:         pkg.DotnetPkg,
-		MetadataType: pkg.DotnetDepsMetadataType,
+		Name:          "Microsoft.Extensions.Logging",
+		Version:       "6.0.0",
+		PURL:          "pkg:nuget/Microsoft.Extensions.Logging@6.0.0",
+		Locations:     fixtureLocationSet,
+		Language:      pkg.Dotnet,
+		Type:          pkg.DotnetPkg,
+		MetadataType:  pkg.DotnetDepsMetadataType,
+		ComponentType: pkg.ComponentTypeLibrary,
 		Metadata: pkg.DotnetDepsMetadata{
 			Name:     "Microsoft.Extensions.Logging",
 			Version:  "6.0.0",
@@ -119,13 +126,14 @@ func TestParseDotnetDeps(t *testing.T) {
 		},
 	}
 	msftExtensionsOptions := pkg.Package{
-		Name:         "Microsoft.Extensions.Options",
-		Version:      "6.0.0",
-		PURL:         "pkg:nuget/Microsoft.Extensions.Options@6.0.0",
-		Locations:    fixtureLocationSet,
-		Language:     pkg.Dotnet,
-		Type:         pkg.DotnetPkg,
-		MetadataType: pkg.DotnetDepsMetadataType,
+		Name:          "Microsoft.Extensions.Options",
+		Version:       "6.0.0",
+		PURL:          "pkg:nuget/Microsoft.Extensions.Options@6.0.0",
+		Locations:     fixtureLocationSet,
+		Language:      pkg.Dotnet,
+		Type:          pkg.DotnetPkg,
+		MetadataType:  pkg.DotnetDepsMetadataType,
+		ComponentType: pkg.ComponentTypeLibrary,
 		Metadata: pkg.DotnetDepsMetadata{
 			Name:     "Microsoft.Extensions.Options",
 			Version:  "6.0.0",
@@ -135,13 +143,14 @@ func TestParseDotnetDeps(t *testing.T) {
 		},
 	}
 	msftExtensionsPrimitives := pkg.Package{
-		Name:         "Microsoft.Extensions.Primitives",
-		Version:      "6.0.0",
-		PURL:         "pkg:nuget/Microsoft.Extensions.Primitives@6.0.0",
-		Locations:    fixtureLocationSet,
-		Language:     pkg.Dotnet,
-		Type:         pkg.DotnetPkg,
-		MetadataType: pkg.DotnetDepsMetadataType,
+		Name:          "Microsoft.Extensions.Primitives",
+		Version:       "6.0.0",
+		PURL:          "pkg:nuget/Microsoft.Extensions.Primitives@6.0.0",
+		Locations:     fixtureLocationSet,
+		Language:      pkg.Dotnet,
+		Type:          pkg.DotnetPkg,
+		MetadataType:  pkg.DotnetDepsMetadataType,
+		ComponentType: pkg.ComponentTypeLibrary,
 		Metadata: pkg.DotnetDepsMetadata{
 			Name:     "Microsoft.Extensions.Primitives",
 			Version:  "6.0.0",
@@ -151,13 +160,14 @@ func TestParseDotnetDeps(t *testing.T) {
 		},
 	}
 	newtonsoftJson := pkg.Package{
-		Name:         "Newtonsoft.Json",
-		Version:      "13.0.1",
-		PURL:         "pkg:nuget/Newtonsoft.Json@13.0.1",
-		Locations:    fixtureLocationSet,
-		Language:     pkg.Dotnet,
-		Type:         pkg.DotnetPkg,
-		MetadataType: pkg.DotnetDepsMetadataType,
+		Name:          "Newtonsoft.Json",
+		Version:       "13.0.1",
+		PURL:          "pkg:nuget/Newtonsoft.Json@13.0.1",
+		Locations:     fixtureLocationSet,
+		Language:      pkg.Dotnet,
+		Type:          pkg.DotnetPkg,
+		MetadataType:  pkg.DotnetDepsMetadataType,
+		ComponentType: pkg.ComponentTypeLibrary,
 		Metadata: pkg.DotnetDepsMetadata{
 			Name:     "Newtonsoft.Json",
 			Version:  "13.0.1",
@@ -167,13 +177,14 @@ func TestParseDotnetDeps(t *testing.T) {
 		},
 	}
 	serilogSinksConsole := pkg.Package{
-		Name:         "Serilog.Sinks.Console",
-		Version:      "4.0.1",
-		PURL:         "pkg:nuget/Serilog.Sinks.Console@4.0.1",
-		Locations:    fixtureLocationSet,
-		Language:     pkg.Dotnet,
-		Type:         pkg.DotnetPkg,
-		MetadataType: pkg.DotnetDepsMetadataType,
+		Name:          "Serilog.Sinks.Console",
+		Version:       "4.0.1",
+		PURL:          "pkg:nuget/Serilog.Sinks.Console@4.0.1",
+		Locations:     fixtureLocationSet,
+		Language:      pkg.Dotnet,
+		Type:          pkg.DotnetPkg,
+		MetadataType:  pkg.DotnetDepsMetadataType,
+		ComponentType: pkg.ComponentTypeLibrary,
 		Metadata: pkg.DotnetDepsMetadata{
 			Name:     "Serilog.Sinks.Console",
 			Version:  "4.0.1",
@@ -183,13 +194,14 @@ func TestParseDotnetDeps(t *testing.T) {
 		},
 	}
 	serilog := pkg.Package{
-		Name:         "Serilog",
-		Version:      "2.10.0",
-		PURL:         "pkg:nuget/Serilog@2.10.0",
-		Locations:    fixtureLocationSet,
-		Language:     pkg.Dotnet,
-		Type:         pkg.DotnetPkg,
-		MetadataType: pkg.DotnetDepsMetadataType,
+		Name:          "Serilog",
+		Version:       "2.10.0",
+		PURL:          "pkg:nuget/Serilog@2.10.0",
+		Locations:     fixtureLocationSet,
+		Language:      pkg.Dotnet,
+		Type:          pkg.DotnetPkg,
+		MetadataType:  pkg.DotnetDepsMetadataType,
+		ComponentType: pkg.ComponentTypeLibrary,
 		Metadata: pkg.DotnetDepsMetadata{
 			Name:     "Serilog",
 			Version:  "2.10.0",
@@ -199,13 +211,14 @@ func TestParseDotnetDeps(t *testing.T) {
 		},
 	}
 	systemDiagnosticsDiagnosticsource := pkg.Package{
-		Name:         "System.Diagnostics.DiagnosticSource",
-		Version:      "6.0.0",
-		PURL:         "pkg:nuget/System.Diagnostics.DiagnosticSource@6.0.0",
-		Locations:    fixtureLocationSet,
-		Language:     pkg.Dotnet,
-		Type:         pkg.DotnetPkg,
-		MetadataType: pkg.DotnetDepsMetadataType,
+		Name:          "System.Diagnostics.DiagnosticSource",
+		Version:       "6.0.0",
+		PURL:          "pkg:nuget/System.Diagnostics.DiagnosticSource@6.0.0",
+		Locations:     fixtureLocationSet,
+		Language:      pkg.Dotnet,
+		Type:          pkg.DotnetPkg,
+		MetadataType:  pkg.DotnetDepsMetadataType,
+		ComponentType: pkg.ComponentTypeLibrary,
 		Metadata: pkg.DotnetDepsMetadata{
 			Name:     "System.Diagnostics.DiagnosticSource",
 			Version:  "6.0.0",
@@ -215,13 +228,14 @@ func TestParseDotnetDeps(t *testing.T) {
 		},
 	}
 	systemRuntimeCompilerServicesUnsafe := pkg.Package{
-		Name:         "System.Runtime.CompilerServices.Unsafe",
-		Version:      "6.0.0",
-		PURL:         "pkg:nuget/System.Runtime.CompilerServices.Unsafe@6.0.0",
-		Locations:    fixtureLocationSet,
-		Language:     pkg.Dotnet,
-		Type:         pkg.DotnetPkg,
-		MetadataType: pkg.DotnetDepsMetadataType,
+		Name:          "System.Runtime.CompilerServices.Unsafe",
+		Version:       "6.0.0",
+		PURL:          "pkg:nuget/System.Runtime.CompilerServices.Unsafe@6.0.0",
+		Locations:     fixtureLocationSet,
+		Language:      pkg.Dotnet,
+		Type:          pkg.DotnetPkg,
+		MetadataType:  pkg.DotnetDepsMetadataType,
+		ComponentType: pkg.ComponentTypeLibrary,
 		Metadata: pkg.DotnetDepsMetadata{
 			Name:     "System.Runtime.CompilerServices.Unsafe",
 			Version:  "6.0.0",