Skip to content

Commit

Permalink
refactor: unify Library and Package structs (#6633)
Browse files Browse the repository at this point in the history 
Signed-off-by: knqyf263 <[email protected]>
Co-authored-by: DmitriyLewen <[email protected]>
Co-authored-by: DmitriyLewen <[email protected]>
  • Loading branch information
@knqyf263 @DmitriyLewen
3 people authored May 7, 2024
1 parent 39ebed4 commit 3eecfc6
Show file tree
Hide file tree
Showing 156 changed files with 3,895 additions and 3,669 deletions.
48 changes: 24 additions & 24 deletions integration/testdata/conan.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,30 @@
"Class": "lang-pkgs",
"Type": "conan",
"Packages": [
{
"ID": "poco/1.9.4",
"Name": "poco",
"Identifier": {
"PURL": "pkg:conan/[email protected]",
"UID": "312753cebe80c0eb"
},
"Version": "1.9.4",
"Relationship": "direct",
"DependsOn": [
"pcre/8.43",
"zlib/1.2.12",
"expat/2.4.8",
"sqlite3/3.39.2",
"openssl/1.1.1q"
],
"Layer": {},
"Locations": [
{
"StartLine": 12,
"EndLine": 25
}
]
},
{
"ID": "bzip2/1.0.8",
"Name": "bzip2",
Expand Down Expand Up @@ -97,30 +121,6 @@
}
]
},
{
"ID": "poco/1.9.4",
"Name": "poco",
"Identifier": {
"PURL": "pkg:conan/[email protected]",
"UID": "312753cebe80c0eb"
},
"Version": "1.9.4",
"Relationship": "direct",
"DependsOn": [
"pcre/8.43",
"zlib/1.2.12",
"expat/2.4.8",
"sqlite3/3.39.2",
"openssl/1.1.1q"
],
"Layer": {},
"Locations": [
{
"StartLine": 12,
"EndLine": 25
}
]
},
{
"ID": "sqlite3/3.39.2",
"Name": "sqlite3",
Expand Down
22 changes: 11 additions & 11 deletions integration/testdata/poetry.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,17 @@
],
"Layer": {}
},
{
"ID": "[email protected]",
"Name": "werkzeug",
"Identifier": {
"PURL": "pkg:pypi/[email protected]",
"UID": "4176be111ad01070"
},
"Version": "0.14",
"Relationship": "direct",
"Layer": {}
},
{
"ID": "[email protected]",
"Name": "colorama",
Expand All @@ -46,17 +57,6 @@
"Indirect": true,
"Relationship": "indirect",
"Layer": {}
},
{
"ID": "[email protected]",
"Name": "werkzeug",
"Identifier": {
"PURL": "pkg:pypi/[email protected]",
"UID": "4176be111ad01070"
},
"Version": "0.14",
"Relationship": "direct",
"Layer": {}
}
],
"Vulnerabilities": [
Expand Down
49 changes: 24 additions & 25 deletions pkg/dependency/parser/c/conan/parse.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ import (
"golang.org/x/xerrors"

"github.com/aquasecurity/trivy/pkg/dependency"
"github.com/aquasecurity/trivy/pkg/dependency/types"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/log"
xio "github.com/aquasecurity/trivy/pkg/x/io"
Expand Down Expand Up @@ -44,42 +43,42 @@ type Parser struct {
logger *log.Logger
}

func NewParser() types.Parser {
func NewParser() *Parser {
return &Parser{
logger: log.WithPrefix("conan"),
}
}

func (p *Parser) parseV1(lock LockFile) ([]types.Library, []types.Dependency, error) {
var libs []types.Library
var deps []types.Dependency
func (p *Parser) parseV1(lock LockFile) ([]ftypes.Package, []ftypes.Dependency, error) {
var pkgs []ftypes.Package
var deps []ftypes.Dependency
var directDeps []string
if root, ok := lock.GraphLock.Nodes["0"]; ok {
directDeps = root.Requires
}

// Parse packages
parsed := make(map[string]types.Library)
parsed := make(map[string]ftypes.Package)
for i, node := range lock.GraphLock.Nodes {
if node.Ref == "" {
continue
}
lib, err := toLibrary(node.Ref, node.StartLine, node.EndLine)
pkg, err := toPackage(node.Ref, node.StartLine, node.EndLine)
if err != nil {
p.logger.Debug("Parse ref error", log.Err(err))
continue
}

// Determine if the package is a direct dependency or not
direct := slices.Contains(directDeps, i)
lib.Relationship = lo.Ternary(direct, types.RelationshipDirect, types.RelationshipIndirect)
pkg.Relationship = lo.Ternary(direct, ftypes.RelationshipDirect, ftypes.RelationshipIndirect)

parsed[i] = lib
parsed[i] = pkg
}

// Parse dependency graph
for i, node := range lock.GraphLock.Nodes {
lib, ok := parsed[i]
pkg, ok := parsed[i]
if !ok {
continue
}
Expand All @@ -91,33 +90,33 @@ func (p *Parser) parseV1(lock LockFile) ([]types.Library, []types.Dependency, er
}
}
if len(childDeps) != 0 {
deps = append(deps, types.Dependency{
ID: lib.ID,
deps = append(deps, ftypes.Dependency{
ID: pkg.ID,
DependsOn: childDeps,
})
}

libs = append(libs, lib)
pkgs = append(pkgs, pkg)
}
return libs, deps, nil
return pkgs, deps, nil
}

func (p *Parser) parseV2(lock LockFile) ([]types.Library, []types.Dependency, error) {
var libs []types.Library
func (p *Parser) parseV2(lock LockFile) ([]ftypes.Package, []ftypes.Dependency, error) {
var pkgs []ftypes.Package

for _, req := range lock.Requires {
lib, err := toLibrary(req.Dependency, req.StartLine, req.EndLine)
pkg, err := toPackage(req.Dependency, req.StartLine, req.EndLine)
if err != nil {
p.logger.Debug("Creating library entry from requirement failed", err)
p.logger.Debug("Creating package entry from requirement failed", err)
continue
}

libs = append(libs, lib)
pkgs = append(pkgs, pkg)
}
return libs, []types.Dependency{}, nil
return pkgs, []ftypes.Dependency{}, nil
}

func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependency, error) {
var lock LockFile

input, err := io.ReadAll(r)
Expand Down Expand Up @@ -153,16 +152,16 @@ func parsePackage(text string) (string, string, error) {
return ss[0], ss[1], nil
}

func toLibrary(pkg string, startLine, endLine int) (types.Library, error) {
func toPackage(pkg string, startLine, endLine int) (ftypes.Package, error) {
name, version, err := parsePackage(pkg)
if err != nil {
return types.Library{}, err
return ftypes.Package{}, err
}
return types.Library{
return ftypes.Package{
ID: dependency.ID(ftypes.Conan, name, version),
Name: name,
Version: version,
Locations: []types.Location{
Locations: []ftypes.Location{
{
StartLine: startLine,
EndLine: endLine,
Expand Down
Loading

0 comments on commit 3eecfc6

Please sign in to comment.