diff --git a/syft/cataloger/javascript/parse_package_json.go b/syft/cataloger/javascript/parse_package_json.go index 077c433e7b60..5a4fbadc96e1 100644 --- a/syft/cataloger/javascript/parse_package_json.go +++ b/syft/cataloger/javascript/parse_package_json.go @@ -7,6 +7,8 @@ import ( "io" "regexp" + "github.com/anchore/syft/internal/log" + "github.com/anchore/syft/internal" "github.com/mitchellh/mapstructure" @@ -172,6 +174,11 @@ func parsePackageJSON(_ string, reader io.Reader) ([]pkg.Package, error) { return nil, fmt.Errorf("failed to parse package.json file: %w", err) } + if !p.hasNameAndVersionValues() { + log.Debug("encountered package.json file without a name and/or version field, ignoring this file") + return nil, nil + } + licenses, err := licensesFromJSON(p) if err != nil { return nil, fmt.Errorf("failed to parse package.json file: %w", err) @@ -195,3 +202,7 @@ func parsePackageJSON(_ string, reader io.Reader) ([]pkg.Package, error) { return packages, nil } + +func (p PackageJSON) hasNameAndVersionValues() bool { + return p.Name != "" && p.Version != "" +} diff --git a/syft/cataloger/javascript/parse_package_json_test.go b/syft/cataloger/javascript/parse_package_json_test.go index c2940a7a2a8b..83af1f9b1d03 100644 --- a/syft/cataloger/javascript/parse_package_json_test.go +++ b/syft/cataloger/javascript/parse_package_json_test.go @@ -142,3 +142,20 @@ func TestParsePackageJSON(t *testing.T) { }) } } + +func TestParsePackageJSON_Partial(t *testing.T) { // see https://github.com/anchore/syft/issues/311 + const fixtureFile = "test-fixtures/pkg-json/package-partial.json" + fixture, err := os.Open(fixtureFile) + if err != nil { + t.Fatalf("failed to open fixture: %+v", err) + } + + actual, err := parsePackageJSON("", fixture) + if err != nil { + t.Fatalf("failed to parse package-lock.json: %+v", err) + } + + if actualCount := len(actual); actualCount != 0 { + t.Errorf("no packages should've been returned (but got %d packages)", actualCount) + } +} diff --git a/syft/cataloger/javascript/test-fixtures/pkg-json/package-partial.json b/syft/cataloger/javascript/test-fixtures/pkg-json/package-partial.json new file mode 100644 index 000000000000..db7a90b51dfe --- /dev/null +++ b/syft/cataloger/javascript/test-fixtures/pkg-json/package-partial.json @@ -0,0 +1,5 @@ +{ + "sideEffects": false, + "module": "../../esm/fp/isSaturday/index.js", + "typings": "../../typings.d.ts" +} diff --git a/test/integration/regression_test.go b/test/integration/regression_test.go index 1d5340d1f41b..34f8f2ff8343 100644 --- a/test/integration/regression_test.go +++ b/test/integration/regression_test.go @@ -24,7 +24,7 @@ func TestRegression212ApkBufferSize(t *testing.T) { t.Fatalf("failed to catalog image: %+v", err) } - expectedPkgs := 57 + expectedPkgs := 58 actualPkgs := 0 for range catalog.Enumerate(pkg.ApkPkg) { actualPkgs += 1 diff --git a/test/integration/test-fixtures/image-large-apk-data/Dockerfile b/test/integration/test-fixtures/image-large-apk-data/Dockerfile index 465f33bcfeb7..357f0a5d9b38 100644 --- a/test/integration/test-fixtures/image-large-apk-data/Dockerfile +++ b/test/integration/test-fixtures/image-large-apk-data/Dockerfile @@ -1,2 +1,5 @@ -FROM alpine:latest -RUN apk add tzdata vim alpine-sdk +FROM alpine@sha256:d9a7354e3845ea8466bb00b22224d9116b183e594527fb5b6c3d30bc01a20378 +RUN apk add --no-cache \ + tzdata=2020f-r0 \ + vim=8.2.2320-r0 \ + alpine-sdk=1.0-r0