diff --git a/schema/json/generate.go b/schema/json/generate.go index ee00ac8d1b3..0e0b1cb8081 100644 --- a/schema/json/generate.go +++ b/schema/json/generate.go @@ -27,26 +27,33 @@ can be extended to include specific package metadata struct shapes in the future // This should represent all possible metadatas represented in the pkg.Package.Metadata field (an interface{}). // When a new package metadata definition is created it will need to be manually added here. The variable name does // not matter as long as it is exported. + +// TODO: this should be generated from reflection of whats in the pkg package type artifactMetadataContainer struct { - Apk pkg.ApkMetadata - Alpm pkg.AlpmMetadata - Dpkg pkg.DpkgMetadata - Gem pkg.GemMetadata - Java pkg.JavaMetadata - Npm pkg.NpmPackageJSONMetadata - Python pkg.PythonPackageMetadata - Rpm pkg.RpmMetadata - Cargo pkg.CargoPackageMetadata - Go pkg.GolangMetadata - Php pkg.PhpComposerJSONMetadata - Dart pkg.DartPubMetadata - Dotnet pkg.DotnetDepsMetadata - Portage pkg.PortageMetadata - Conan pkg.ConanMetadata - ConanLock pkg.ConanLockMetadata - KbPackage pkg.KbPackageMetadata - Hackage pkg.HackageMetadata - SwiftCocopods pkg.CocoapodsMetadata + Alpm pkg.AlpmMetadata + Apk pkg.ApkMetadata + Binary pkg.BinaryMetadata + Cocopods pkg.CocoapodsMetadata + Conan pkg.ConanMetadata + ConanLock pkg.ConanLockMetadata + Dart pkg.DartPubMetadata + Dotnet pkg.DotnetDepsMetadata + Dpkg pkg.DpkgMetadata + Gem pkg.GemMetadata + Go pkg.GolangMetadata + Hackage pkg.HackageMetadata + Java pkg.JavaMetadata + KbPackage pkg.KbPackageMetadata + NpmPackage pkg.NpmPackageJSONMetadata + NpmPackageLock pkg.NpmPackageLockJSONMetadata + MixLock pkg.MixLockMetadata + Php pkg.PhpComposerJSONMetadata + Portage pkg.PortageMetadata + PythonPackage pkg.PythonPackageMetadata + PythonPipfilelock pkg.PythonPipfileLockMetadata + Rebar pkg.RebarLockMetadata + Rpm pkg.RpmMetadata + RustCargo pkg.CargoPackageMetadata } func main() { diff --git a/schema/json/schema-6.1.0.json b/schema/json/schema-6.1.0.json index cc37e514634..adf7dd038fd 100644 --- a/schema/json/schema-6.1.0.json +++ b/schema/json/schema-6.1.0.json @@ -200,6 +200,25 @@ "files" ] }, + "BinaryMetadata": { + "properties": { + "classifier": { + "type": "string" + }, + "realPath": { + "type": "string" + }, + "virtualPath": { + "type": "string" + } + }, + "type": "object", + "required": [ + "classifier", + "realPath", + "virtualPath" + ] + }, "CargoPackageMetadata": { "properties": { "name": { @@ -766,6 +785,29 @@ }, "type": "object" }, + "MixLockMetadata": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "pkgHash": { + "type": "string" + }, + "pkgHashExt": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "version", + "pkgHash", + "pkgHashExt" + ] + }, "NpmPackageJSONMetadata": { "properties": { "name": { @@ -814,6 +856,21 @@ "private" ] }, + "NpmPackageLockJSONMetadata": { + "properties": { + "resolved": { + "type": "string" + }, + "integrity": { + "type": "string" + } + }, + "type": "object", + "required": [ + "resolved", + "integrity" + ] + }, "Package": { "properties": { "id": { @@ -869,6 +926,9 @@ { "$ref": "#/$defs/ApkMetadata" }, + { + "$ref": "#/$defs/BinaryMetadata" + }, { "$ref": "#/$defs/CargoPackageMetadata" }, @@ -905,9 +965,15 @@ { "$ref": "#/$defs/KbPackageMetadata" }, + { + "$ref": "#/$defs/MixLockMetadata" + }, { "$ref": "#/$defs/NpmPackageJSONMetadata" }, + { + "$ref": "#/$defs/NpmPackageLockJSONMetadata" + }, { "$ref": "#/$defs/PhpComposerJSONMetadata" }, @@ -917,6 +983,12 @@ { "$ref": "#/$defs/PythonPackageMetadata" }, + { + "$ref": "#/$defs/PythonPipfileLockMetadata" + }, + { + "$ref": "#/$defs/RebarLockMetadata" + }, { "$ref": "#/$defs/RpmMetadata" } @@ -1291,6 +1363,47 @@ "sitePackagesRootPath" ] }, + "PythonPipfileLockMetadata": { + "properties": { + "hashes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "index": { + "type": "string" + } + }, + "type": "object", + "required": [ + "hashes", + "index" + ] + }, + "RebarLockMetadata": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "pkgHash": { + "type": "string" + }, + "pkgHashExt": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "version", + "pkgHash", + "pkgHashExt" + ] + }, "Relationship": { "properties": { "parent": { diff --git a/syft/pkg/cataloger/javascript/cataloger_test.go b/syft/pkg/cataloger/javascript/cataloger_test.go index 1671781e8a6..2d310932baa 100644 --- a/syft/pkg/cataloger/javascript/cataloger_test.go +++ b/syft/pkg/cataloger/javascript/cataloger_test.go @@ -12,105 +12,127 @@ func Test_JavascriptCataloger(t *testing.T) { locationSet := source.NewLocationSet(source.NewLocation("package-lock.json")) expectedPkgs := []pkg.Package{ { - Name: "@actions/core", - Version: "1.6.0", - FoundBy: "javascript-lock-cataloger", - PURL: "pkg:npm/%40actions/core@1.6.0", - Locations: locationSet, - Language: pkg.JavaScript, - Type: pkg.NpmPkg, - Licenses: []string{"MIT"}, + Name: "@actions/core", + Version: "1.6.0", + FoundBy: "javascript-lock-cataloger", + PURL: "pkg:npm/%40actions/core@1.6.0", + Locations: locationSet, + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + Licenses: []string{"MIT"}, + MetadataType: pkg.NpmPackageLockJSONMetadataType, + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/@actions/core/-/core-1.6.0.tgz", Integrity: "sha512-NB1UAZomZlCV/LmJqkLhNTqtKfFXJZAUPcfl/zqG7EfsQdeUJtaWO98SGbuQ3pydJ3fHl2CvI/51OKYlCYYcaw=="}, }, { - Name: "ansi-regex", - Version: "3.0.0", - FoundBy: "javascript-lock-cataloger", - PURL: "pkg:npm/ansi-regex@3.0.0", - Locations: locationSet, - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "ansi-regex", + Version: "3.0.0", + FoundBy: "javascript-lock-cataloger", + PURL: "pkg:npm/ansi-regex@3.0.0", + Locations: locationSet, + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: pkg.NpmPackageLockJSONMetadataType, + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz", Integrity: "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg="}, }, { - Name: "cowsay", - Version: "1.4.0", - FoundBy: "javascript-lock-cataloger", - PURL: "pkg:npm/cowsay@1.4.0", - Locations: locationSet, - Language: pkg.JavaScript, - Type: pkg.NpmPkg, - Licenses: []string{"MIT"}, + Name: "cowsay", + Version: "1.4.0", + FoundBy: "javascript-lock-cataloger", + PURL: "pkg:npm/cowsay@1.4.0", + Locations: locationSet, + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + Licenses: []string{"MIT"}, + MetadataType: pkg.NpmPackageLockJSONMetadataType, + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/cowsay/-/cowsay-1.4.0.tgz", Integrity: "sha512-rdg5k5PsHFVJheO/pmE3aDg2rUDDTfPJau6yYkZYlHFktUz+UxbE+IgnUAEyyCyv4noL5ltxXD0gZzmHPCy/9g=="}, }, { - Name: "get-stdin", - Version: "5.0.1", - FoundBy: "javascript-lock-cataloger", - PURL: "pkg:npm/get-stdin@5.0.1", - Locations: locationSet, - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "get-stdin", + Version: "5.0.1", + FoundBy: "javascript-lock-cataloger", + PURL: "pkg:npm/get-stdin@5.0.1", + Locations: locationSet, + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: pkg.NpmPackageLockJSONMetadataType, + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/get-stdin/-/get-stdin-5.0.1.tgz", Integrity: "sha1-Ei4WFZHiH/TFJTAwVpPyDmOTo5g="}, }, { - Name: "is-fullwidth-code-point", - Version: "2.0.0", - FoundBy: "javascript-lock-cataloger", - PURL: "pkg:npm/is-fullwidth-code-point@2.0.0", - Locations: locationSet, - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "is-fullwidth-code-point", + Version: "2.0.0", + FoundBy: "javascript-lock-cataloger", + PURL: "pkg:npm/is-fullwidth-code-point@2.0.0", + Locations: locationSet, + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: pkg.NpmPackageLockJSONMetadataType, + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz", Integrity: "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8="}, }, { - Name: "minimist", - Version: "0.0.10", - FoundBy: "javascript-lock-cataloger", - PURL: "pkg:npm/minimist@0.0.10", - Locations: locationSet, - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "minimist", + Version: "0.0.10", + FoundBy: "javascript-lock-cataloger", + PURL: "pkg:npm/minimist@0.0.10", + Locations: locationSet, + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: pkg.NpmPackageLockJSONMetadataType, + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz", Integrity: "sha1-3j+YVD2/lggr5IrRoMfNqDYwHc8="}, }, { - Name: "optimist", - Version: "0.6.1", - FoundBy: "javascript-lock-cataloger", - PURL: "pkg:npm/optimist@0.6.1", - Locations: locationSet, - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "optimist", + Version: "0.6.1", + FoundBy: "javascript-lock-cataloger", + PURL: "pkg:npm/optimist@0.6.1", + Locations: locationSet, + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: pkg.NpmPackageLockJSONMetadataType, + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/optimist/-/optimist-0.6.1.tgz", Integrity: "sha1-2j6nRob6IaGaERwybpDrFaAZZoY="}, }, { - Name: "string-width", - Version: "2.1.1", - FoundBy: "javascript-lock-cataloger", - PURL: "pkg:npm/string-width@2.1.1", - Locations: locationSet, - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "string-width", + Version: "2.1.1", + FoundBy: "javascript-lock-cataloger", + PURL: "pkg:npm/string-width@2.1.1", + Locations: locationSet, + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: pkg.NpmPackageLockJSONMetadataType, + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz", Integrity: "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw=="}, }, { - Name: "strip-ansi", - Version: "4.0.0", - FoundBy: "javascript-lock-cataloger", - PURL: "pkg:npm/strip-ansi@4.0.0", - Locations: locationSet, - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "strip-ansi", + Version: "4.0.0", + FoundBy: "javascript-lock-cataloger", + PURL: "pkg:npm/strip-ansi@4.0.0", + Locations: locationSet, + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: pkg.NpmPackageLockJSONMetadataType, + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz", Integrity: "sha1-qEeQIusaw2iocTibY1JixQXuNo8="}, }, { - Name: "strip-eof", - Version: "1.0.0", - FoundBy: "javascript-lock-cataloger", - PURL: "pkg:npm/strip-eof@1.0.0", - Locations: locationSet, - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "strip-eof", + Version: "1.0.0", + FoundBy: "javascript-lock-cataloger", + PURL: "pkg:npm/strip-eof@1.0.0", + Locations: locationSet, + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: pkg.NpmPackageLockJSONMetadataType, + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/strip-eof/-/strip-eof-1.0.0.tgz", Integrity: "sha1-u0P/VZim6wXYm1n80SnJgzE2Br8="}, }, { - Name: "wordwrap", - Version: "0.0.3", - FoundBy: "javascript-lock-cataloger", - PURL: "pkg:npm/wordwrap@0.0.3", - Locations: locationSet, - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "wordwrap", + Version: "0.0.3", + FoundBy: "javascript-lock-cataloger", + PURL: "pkg:npm/wordwrap@0.0.3", + Locations: locationSet, + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: pkg.NpmPackageLockJSONMetadataType, + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/wordwrap/-/wordwrap-0.0.3.tgz", Integrity: "sha1-o9XabNXAvAAI03I0u68b7WMFkQc="}, }, } diff --git a/syft/pkg/cataloger/javascript/package.go b/syft/pkg/cataloger/javascript/package.go index 4c89f49ce45..665a08f82e1 100644 --- a/syft/pkg/cataloger/javascript/package.go +++ b/syft/pkg/cataloger/javascript/package.go @@ -63,12 +63,14 @@ func newPackageLockV1Package(resolver source.FileResolver, location source.Locat resolver, location, pkg.Package{ - Name: name, - Version: version, - Locations: source.NewLocationSet(location), - PURL: packageURL(name, version), - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: name, + Version: version, + Locations: source.NewLocationSet(location), + PURL: packageURL(name, version), + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: pkg.NpmPackageLockJSONMetadataType, + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: u.Resolved, Integrity: u.Integrity}, }, ) } @@ -84,13 +86,15 @@ func newPackageLockV2Package(resolver source.FileResolver, location source.Locat resolver, location, pkg.Package{ - Name: name, - Version: u.Version, - Locations: source.NewLocationSet(location), - PURL: packageURL(name, u.Version), - Language: pkg.JavaScript, - Type: pkg.NpmPkg, - Licenses: licenses, + Name: name, + Version: u.Version, + Locations: source.NewLocationSet(location), + PURL: packageURL(name, u.Version), + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + Licenses: licenses, + MetadataType: pkg.NpmPackageLockJSONMetadataType, + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: u.Resolved, Integrity: u.Integrity}, }, ) } diff --git a/syft/pkg/cataloger/javascript/parse_package_lock_test.go b/syft/pkg/cataloger/javascript/parse_package_lock_test.go index 2b305214ec0..29277f0e06d 100644 --- a/syft/pkg/cataloger/javascript/parse_package_lock_test.go +++ b/syft/pkg/cataloger/javascript/parse_package_lock_test.go @@ -13,81 +13,103 @@ func TestParsePackageLock(t *testing.T) { var expectedRelationships []artifact.Relationship expectedPkgs := []pkg.Package{ { - Name: "@actions/core", - Version: "1.6.0", - PURL: "pkg:npm/%40actions/core@1.6.0", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "@actions/core", + Version: "1.6.0", + PURL: "pkg:npm/%40actions/core@1.6.0", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/@actions/core/-/core-1.6.0.tgz", Integrity: "sha512-NB1UAZomZlCV/LmJqkLhNTqtKfFXJZAUPcfl/zqG7EfsQdeUJtaWO98SGbuQ3pydJ3fHl2CvI/51OKYlCYYcaw=="}, }, { - Name: "ansi-regex", - Version: "3.0.0", - PURL: "pkg:npm/ansi-regex@3.0.0", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "ansi-regex", + Version: "3.0.0", + PURL: "pkg:npm/ansi-regex@3.0.0", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz", Integrity: "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg="}, }, { - Name: "cowsay", - Version: "1.4.0", - PURL: "pkg:npm/cowsay@1.4.0", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "cowsay", + Version: "1.4.0", + PURL: "pkg:npm/cowsay@1.4.0", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/cowsay/-/cowsay-1.4.0.tgz", Integrity: "sha512-rdg5k5PsHFVJheO/pmE3aDg2rUDDTfPJau6yYkZYlHFktUz+UxbE+IgnUAEyyCyv4noL5ltxXD0gZzmHPCy/9g=="}, }, { - Name: "get-stdin", - Version: "5.0.1", - PURL: "pkg:npm/get-stdin@5.0.1", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "get-stdin", + Version: "5.0.1", + PURL: "pkg:npm/get-stdin@5.0.1", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/get-stdin/-/get-stdin-5.0.1.tgz", Integrity: "sha1-Ei4WFZHiH/TFJTAwVpPyDmOTo5g="}, }, { - Name: "is-fullwidth-code-point", - Version: "2.0.0", - PURL: "pkg:npm/is-fullwidth-code-point@2.0.0", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "is-fullwidth-code-point", + Version: "2.0.0", + PURL: "pkg:npm/is-fullwidth-code-point@2.0.0", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz", Integrity: "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8="}, }, { - Name: "minimist", - Version: "0.0.10", - PURL: "pkg:npm/minimist@0.0.10", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "minimist", + Version: "0.0.10", + PURL: "pkg:npm/minimist@0.0.10", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz", Integrity: "sha1-3j+YVD2/lggr5IrRoMfNqDYwHc8="}, }, { - Name: "optimist", - Version: "0.6.1", - PURL: "pkg:npm/optimist@0.6.1", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "optimist", + Version: "0.6.1", + PURL: "pkg:npm/optimist@0.6.1", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/optimist/-/optimist-0.6.1.tgz", Integrity: "sha1-2j6nRob6IaGaERwybpDrFaAZZoY="}, }, { - Name: "string-width", - Version: "2.1.1", - PURL: "pkg:npm/string-width@2.1.1", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "string-width", + Version: "2.1.1", + PURL: "pkg:npm/string-width@2.1.1", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz", Integrity: "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw=="}, }, { - Name: "strip-ansi", - Version: "4.0.0", - PURL: "pkg:npm/strip-ansi@4.0.0", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "strip-ansi", + Version: "4.0.0", + PURL: "pkg:npm/strip-ansi@4.0.0", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz", Integrity: "sha1-qEeQIusaw2iocTibY1JixQXuNo8="}, }, { - Name: "strip-eof", - Version: "1.0.0", - PURL: "pkg:npm/strip-eof@1.0.0", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "strip-eof", + Version: "1.0.0", + PURL: "pkg:npm/strip-eof@1.0.0", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/strip-eof/-/strip-eof-1.0.0.tgz", Integrity: "sha1-u0P/VZim6wXYm1n80SnJgzE2Br8="}, }, { - Name: "wordwrap", - Version: "0.0.3", - PURL: "pkg:npm/wordwrap@0.0.3", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "wordwrap", + Version: "0.0.3", + PURL: "pkg:npm/wordwrap@0.0.3", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/wordwrap/-/wordwrap-0.0.3.tgz", Integrity: "sha1-o9XabNXAvAAI03I0u68b7WMFkQc="}, }, } fixture := "test-fixtures/pkg-lock/package-lock.json" @@ -103,43 +125,53 @@ func TestParsePackageLockV2(t *testing.T) { var expectedRelationships []artifact.Relationship expectedPkgs := []pkg.Package{ { - Name: "npm", - Version: "6.14.6", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, - PURL: "pkg:npm/npm@6.14.6", + Name: "npm", + Version: "6.14.6", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + PURL: "pkg:npm/npm@6.14.6", + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{}, }, { - Name: "@types/prop-types", - Version: "15.7.5", - PURL: "pkg:npm/%40types/prop-types@15.7.5", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, - Licenses: []string{"MIT"}, + Name: "@types/prop-types", + Version: "15.7.5", + PURL: "pkg:npm/%40types/prop-types@15.7.5", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + Licenses: []string{"MIT"}, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.5.tgz", Integrity: "sha1-XxnSuFqY6VWANvajysyIGUIPBc8="}, }, { - Name: "@types/react", - Version: "18.0.17", - PURL: "pkg:npm/%40types/react@18.0.17", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, - Licenses: []string{"MIT"}, + Name: "@types/react", + Version: "18.0.17", + PURL: "pkg:npm/%40types/react@18.0.17", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + Licenses: []string{"MIT"}, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/@types/react/-/react-18.0.17.tgz", Integrity: "sha1-RYPZwyLWfv5LOak10iPtzHBQzPQ="}, }, { - Name: "@types/scheduler", - Version: "0.16.2", - PURL: "pkg:npm/%40types/scheduler@0.16.2", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, - Licenses: []string{"MIT"}, + Name: "@types/scheduler", + Version: "0.16.2", + PURL: "pkg:npm/%40types/scheduler@0.16.2", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + Licenses: []string{"MIT"}, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.2.tgz", Integrity: "sha1-GmL4lSVyPd4kuhsBsJK/XfitTTk="}, }, { - Name: "csstype", - Version: "3.1.0", - PURL: "pkg:npm/csstype@3.1.0", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, - Licenses: []string{"MIT"}, + Name: "csstype", + Version: "3.1.0", + PURL: "pkg:npm/csstype@3.1.0", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + Licenses: []string{"MIT"}, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/csstype/-/csstype-3.1.0.tgz", Integrity: "sha1-TdysNxjXh8+d8NG30VAzklyPKfI="}, }, } for i := range expectedPkgs { @@ -153,39 +185,49 @@ func TestParsePackageLockV3(t *testing.T) { var expectedRelationships []artifact.Relationship expectedPkgs := []pkg.Package{ { - Name: "lock-v3-fixture", - Version: "1.0.0", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, - PURL: "pkg:npm/lock-v3-fixture@1.0.0", + Name: "lock-v3-fixture", + Version: "1.0.0", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + PURL: "pkg:npm/lock-v3-fixture@1.0.0", + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{}, }, { - Name: "@types/prop-types", - Version: "15.7.5", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, - PURL: "pkg:npm/%40types/prop-types@15.7.5", + Name: "@types/prop-types", + Version: "15.7.5", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + PURL: "pkg:npm/%40types/prop-types@15.7.5", + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.5.tgz", Integrity: "sha512-JCB8C6SnDoQf0cNycqd/35A7MjcnK+ZTqE7judS6o7utxUCg6imJg3QK2qzHKszlTjcj2cn+NwMB2i96ubpj7w=="}, }, { - Name: "@types/react", - Version: "18.0.20", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, - PURL: "pkg:npm/%40types/react@18.0.20", + Name: "@types/react", + Version: "18.0.20", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + PURL: "pkg:npm/%40types/react@18.0.20", + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/@types/react/-/react-18.0.20.tgz", Integrity: "sha512-MWul1teSPxujEHVwZl4a5HxQ9vVNsjTchVA+xRqv/VYGCuKGAU6UhfrTdF5aBefwD1BHUD8i/zq+O/vyCm/FrA=="}, }, { - Name: "@types/scheduler", - Version: "0.16.2", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, - PURL: "pkg:npm/%40types/scheduler@0.16.2", + Name: "@types/scheduler", + Version: "0.16.2", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + PURL: "pkg:npm/%40types/scheduler@0.16.2", + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.2.tgz", Integrity: "sha512-hppQEBDmlwhFAXKJX2KnWLYu5yMfi91yazPb2l+lbJiwW+wdo1gNeRA+3RgNSO39WYX2euey41KEwnqesU2Jew=="}, }, { - Name: "csstype", - Version: "3.1.1", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, - PURL: "pkg:npm/csstype@3.1.1", + Name: "csstype", + Version: "3.1.1", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + PURL: "pkg:npm/csstype@3.1.1", + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/csstype/-/csstype-3.1.1.tgz", Integrity: "sha512-DJR/VvkAvSZW9bTouZue2sSxDwdTN92uHjqeKVm+0dAqdfNykRzQ95tay8aXMBAAPpUiq4Qcug2L7neoRh2Egw=="}, }, } for i := range expectedPkgs { @@ -198,35 +240,43 @@ func TestParsePackageLockAlias(t *testing.T) { var expectedRelationships []artifact.Relationship commonPkgs := []pkg.Package{ { - Name: "case", - Version: "1.6.2", - PURL: "pkg:npm/case@1.6.2", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "case", + Version: "1.6.2", + PURL: "pkg:npm/case@1.6.2", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/case/-/case-1.6.2.tgz", Integrity: "sha512-ll380ZRoraT7mUK2G92UbH+FJVD5AwdVIAYk9xhV1tauh0carDgYByUD1HhjCWsWgxrfQvCeHvtfj7IYR6TKeg=="}, }, { - Name: "case", - Version: "1.6.3", - PURL: "pkg:npm/case@1.6.3", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "case", + Version: "1.6.3", + PURL: "pkg:npm/case@1.6.3", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/case/-/case-1.6.3.tgz", Integrity: "sha512-mzDSXIPaFwVDvZAHqZ9VlbyF4yyXRuX6IvB06WvPYkqJVO24kX1PPhv9bfpKNFZyxYFmmgo03HUiD8iklmJYRQ=="}, }, { - Name: "@bundled-es-modules/chai", - Version: "4.2.2", - PURL: "pkg:npm/%40bundled-es-modules/chai@4.2.2", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, + Name: "@bundled-es-modules/chai", + Version: "4.2.2", + PURL: "pkg:npm/%40bundled-es-modules/chai@4.2.2", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/@bundled-es-modules/chai/-/chai-4.2.2.tgz", Integrity: "sha512-iGmVYw2/zJCoqyKTtWEYCtFmMyi8WmACQKtky0lpNyEKWX0YIOpKWGD7saMXL+tPpllss0otilxV0SLwyi3Ytg=="}, }, } v2Pkg := pkg.Package{ - Name: "alias-check", - Version: "1.0.0", - PURL: "pkg:npm/alias-check@1.0.0", - Language: pkg.JavaScript, - Type: pkg.NpmPkg, - Licenses: []string{"ISC"}, + Name: "alias-check", + Version: "1.0.0", + PURL: "pkg:npm/alias-check@1.0.0", + Language: pkg.JavaScript, + Type: pkg.NpmPkg, + Licenses: []string{"ISC"}, + MetadataType: "NpmPackageLockJsonMetadata", + Metadata: pkg.NpmPackageLockJSONMetadata{}, } packageLockV1 := "test-fixtures/pkg-lock/alias-package-lock-1.json" diff --git a/syft/pkg/cataloger/python/package.go b/syft/pkg/cataloger/python/package.go index dea6a4a133f..0cb1e3f71ab 100644 --- a/syft/pkg/cataloger/python/package.go +++ b/syft/pkg/cataloger/python/package.go @@ -23,6 +23,23 @@ func newPackageForIndex(name, version string, locations ...source.Location) pkg. return p } +func newPackageForIndexWithMetadata(name, version string, metadata pkg.PythonPipfileLockMetadata, locations ...source.Location) pkg.Package { + p := pkg.Package{ + Name: name, + Version: version, + Locations: source.NewLocationSet(locations...), + PURL: packageURL(name, version, nil), + Language: pkg.Python, + Type: pkg.PythonPkg, + MetadataType: pkg.PythonPipfileLockMetadataType, + Metadata: metadata, + } + + p.SetID() + + return p +} + func newPackageForPackage(m pkg.PythonPackageMetadata, sources ...source.Location) pkg.Package { var licenses []string if m.License != "" { diff --git a/syft/pkg/cataloger/python/parse_pipfile_lock.go b/syft/pkg/cataloger/python/parse_pipfile_lock.go index 07820120944..c957405a647 100644 --- a/syft/pkg/cataloger/python/parse_pipfile_lock.go +++ b/syft/pkg/cataloger/python/parse_pipfile_lock.go @@ -33,7 +33,9 @@ type pipfileLock struct { } type Dependency struct { - Version string `json:"version"` + Hashes []string `json:"hashes"` + Version string `json:"version"` + Index string `json:"index"` } var _ generic.Parser = parsePipfileLock @@ -50,9 +52,20 @@ func parsePipfileLock(_ source.FileResolver, _ *generic.Environment, reader sour } else if err != nil { return nil, nil, fmt.Errorf("failed to parse Pipfile.lock file: %w", err) } + sourcesMap := map[string]string{} + for _, source := range lock.Meta.Sources { + sourcesMap[source.Name] = source.URL + } for name, pkgMeta := range lock.Default { + var index string + if pkgMeta.Index != "" { + index = sourcesMap[pkgMeta.Index] + } else { + // https://pipenv.pypa.io/en/latest/advanced/#specifying-package-indexes + index = "https://pypi.org/simple" + } version := strings.TrimPrefix(pkgMeta.Version, "==") - pkgs = append(pkgs, newPackageForIndex(name, version, reader.Location)) + pkgs = append(pkgs, newPackageForIndexWithMetadata(name, version, pkg.PythonPipfileLockMetadata{Index: index, Hashes: pkgMeta.Hashes}, reader.Location)) } } diff --git a/syft/pkg/cataloger/python/parse_pipfile_lock_test.go b/syft/pkg/cataloger/python/parse_pipfile_lock_test.go index 7b9a2e1fcd8..15b327845db 100644 --- a/syft/pkg/cataloger/python/parse_pipfile_lock_test.go +++ b/syft/pkg/cataloger/python/parse_pipfile_lock_test.go @@ -15,36 +15,67 @@ func TestParsePipFileLock(t *testing.T) { locations := source.NewLocationSet(source.NewLocation(fixture)) expectedPkgs := []pkg.Package{ { - Name: "aio-pika", - Version: "6.8.0", - PURL: "pkg:pypi/aio-pika@6.8.0", - Locations: locations, - Language: pkg.Python, - Type: pkg.PythonPkg, + Name: "aio-pika", + Version: "6.8.0", + PURL: "pkg:pypi/aio-pika@6.8.0", + Locations: locations, + Language: pkg.Python, + Type: pkg.PythonPkg, + MetadataType: pkg.PythonPipfileLockMetadataType, + Metadata: pkg.PythonPipfileLockMetadata{ + Index: "https://pypi.org/simple", + Hashes: []string{ + "sha256:1d4305a5f78af3857310b4fe48348cdcf6c097e0e275ea88c2cd08570531a369", + "sha256:e69afef8695f47c5d107bbdba21bdb845d5c249acb3be53ef5c2d497b02657c0", + }}, }, { - Name: "aiodns", - Version: "2.0.0", - PURL: "pkg:pypi/aiodns@2.0.0", - Locations: locations, - Language: pkg.Python, - Type: pkg.PythonPkg, + Name: "aiodns", + Version: "2.0.0", + PURL: "pkg:pypi/aiodns@2.0.0", + Locations: locations, + Language: pkg.Python, + Type: pkg.PythonPkg, + MetadataType: pkg.PythonPipfileLockMetadataType, + Metadata: pkg.PythonPipfileLockMetadata{ + Index: "https://test.pypi.org/simple", + Hashes: []string{ + "sha256:815fdef4607474295d68da46978a54481dd1e7be153c7d60f9e72773cd38d77d", + "sha256:aaa5ac584f40fe778013df0aa6544bf157799bd3f608364b451840ed2c8688de", + }, + }, }, { - Name: "aiohttp", - Version: "3.7.4.post0", - PURL: "pkg:pypi/aiohttp@3.7.4.post0", - Locations: locations, - Language: pkg.Python, - Type: pkg.PythonPkg, + Name: "aiohttp", + Version: "3.7.4.post0", + PURL: "pkg:pypi/aiohttp@3.7.4.post0", + Locations: locations, + Language: pkg.Python, + Type: pkg.PythonPkg, + MetadataType: pkg.PythonPipfileLockMetadataType, + Metadata: pkg.PythonPipfileLockMetadata{ + Index: "https://pypi.org/simple", + Hashes: []string{ + "sha256:02f46fc0e3c5ac58b80d4d56eb0a7c7d97fcef69ace9326289fb9f1955e65cfe", + "sha256:0563c1b3826945eecd62186f3f5c7d31abb7391fedc893b7e2b26303b5a9f3fe", + }, + }, }, { - Name: "aiohttp-jinja2", - Version: "1.4.2", - PURL: "pkg:pypi/aiohttp-jinja2@1.4.2", - Locations: locations, - Language: pkg.Python, - Type: pkg.PythonPkg, + Name: "aiohttp-jinja2", + Version: "1.4.2", + PURL: "pkg:pypi/aiohttp-jinja2@1.4.2", + Locations: locations, + Language: pkg.Python, + Type: pkg.PythonPkg, + MetadataType: pkg.PythonPipfileLockMetadataType, + Metadata: pkg.PythonPipfileLockMetadata{ + Index: "https://pypi.org/simple", + Hashes: []string{ + "sha256:860da7582efa866744bad5883947557d0f82e457d69903ea65d666b66f8a69ca", + "sha256:9c22a0e48e3b277fc145c67dd8c3b8f609dab36bce9eb337f70dfe716663c9a0", + }, + }, }, } diff --git a/syft/pkg/cataloger/python/test-fixtures/pipfile-lock/Pipfile.lock b/syft/pkg/cataloger/python/test-fixtures/pipfile-lock/Pipfile.lock index 78a6f10382e..92158451019 100644 --- a/syft/pkg/cataloger/python/test-fixtures/pipfile-lock/Pipfile.lock +++ b/syft/pkg/cataloger/python/test-fixtures/pipfile-lock/Pipfile.lock @@ -12,6 +12,11 @@ "name": "pypi", "url": "https://pypi.org/simple", "verify_ssl": true + }, + { + "name": "test", + "url": "https://test.pypi.org/simple", + "verify_ssl": true } ] }, @@ -29,7 +34,7 @@ "sha256:815fdef4607474295d68da46978a54481dd1e7be153c7d60f9e72773cd38d77d", "sha256:aaa5ac584f40fe778013df0aa6544bf157799bd3f608364b451840ed2c8688de" ], - "index": "pypi", + "index": "test", "version": "==2.0.0" }, "aiohttp": { diff --git a/syft/pkg/metadata.go b/syft/pkg/metadata.go index a5072b61005..b5ff07c3a1e 100644 --- a/syft/pkg/metadata.go +++ b/syft/pkg/metadata.go @@ -9,29 +9,31 @@ type MetadataType string const ( // this is the full set of data shapes that can be represented within the pkg.Package.Metadata field - AlpmMetadataType MetadataType = "AlpmMetadata" - ApkMetadataType MetadataType = "ApkMetadata" - BinaryMetadataType MetadataType = "BinaryMetadata" - CocoapodsMetadataType MetadataType = "CocoapodsMetadataType" - ConanLockMetadataType MetadataType = "ConanLockMetadataType" - ConanMetadataType MetadataType = "ConanMetadataType" - DartPubMetadataType MetadataType = "DartPubMetadata" - DotnetDepsMetadataType MetadataType = "DotnetDepsMetadata" - DpkgMetadataType MetadataType = "DpkgMetadata" - GemMetadataType MetadataType = "GemMetadata" - GolangMetadataType MetadataType = "GolangMetadata" - HackageMetadataType MetadataType = "HackageMetadataType" - JavaMetadataType MetadataType = "JavaMetadata" - KbPackageMetadataType MetadataType = "KbPackageMetadata" - MixLockMetadataType MetadataType = "MixLockMetadataType" - NpmPackageJSONMetadataType MetadataType = "NpmPackageJsonMetadata" - PhpComposerJSONMetadataType MetadataType = "PhpComposerJsonMetadata" - PortageMetadataType MetadataType = "PortageMetadata" - PythonPackageMetadataType MetadataType = "PythonPackageMetadata" - RebarLockMetadataType MetadataType = "RebarLockMetadataType" - RpmMetadataType MetadataType = "RpmMetadata" - RustCargoPackageMetadataType MetadataType = "RustCargoPackageMetadata" - UnknownMetadataType MetadataType = "UnknownMetadata" + UnknownMetadataType MetadataType = "UnknownMetadata" + AlpmMetadataType MetadataType = "AlpmMetadata" + ApkMetadataType MetadataType = "ApkMetadata" + BinaryMetadataType MetadataType = "BinaryMetadata" + CocoapodsMetadataType MetadataType = "CocoapodsMetadataType" + ConanLockMetadataType MetadataType = "ConanLockMetadataType" + ConanMetadataType MetadataType = "ConanMetadataType" + DartPubMetadataType MetadataType = "DartPubMetadata" + DotnetDepsMetadataType MetadataType = "DotnetDepsMetadata" + DpkgMetadataType MetadataType = "DpkgMetadata" + GemMetadataType MetadataType = "GemMetadata" + GolangMetadataType MetadataType = "GolangMetadata" + HackageMetadataType MetadataType = "HackageMetadataType" + JavaMetadataType MetadataType = "JavaMetadata" + KbPackageMetadataType MetadataType = "KbPackageMetadata" + MixLockMetadataType MetadataType = "MixLockMetadataType" + NpmPackageJSONMetadataType MetadataType = "NpmPackageJsonMetadata" + NpmPackageLockJSONMetadataType MetadataType = "NpmPackageLockJsonMetadata" + PhpComposerJSONMetadataType MetadataType = "PhpComposerJsonMetadata" + PortageMetadataType MetadataType = "PortageMetadata" + PythonPackageMetadataType MetadataType = "PythonPackageMetadata" + PythonPipfileLockMetadataType MetadataType = "PythonPipfileLockMetadata" + RebarLockMetadataType MetadataType = "RebarLockMetadataType" + RpmMetadataType MetadataType = "RpmMetadata" + RustCargoPackageMetadataType MetadataType = "RustCargoPackageMetadata" ) var AllMetadataTypes = []MetadataType{ @@ -51,37 +53,41 @@ var AllMetadataTypes = []MetadataType{ KbPackageMetadataType, MixLockMetadataType, NpmPackageJSONMetadataType, + NpmPackageLockJSONMetadataType, PhpComposerJSONMetadataType, PortageMetadataType, PythonPackageMetadataType, + PythonPipfileLockMetadataType, RebarLockMetadataType, RpmMetadataType, RustCargoPackageMetadataType, } var MetadataTypeByName = map[MetadataType]reflect.Type{ - AlpmMetadataType: reflect.TypeOf(AlpmMetadata{}), - ApkMetadataType: reflect.TypeOf(ApkMetadata{}), - BinaryMetadataType: reflect.TypeOf(BinaryMetadata{}), - CocoapodsMetadataType: reflect.TypeOf(CocoapodsMetadata{}), - ConanLockMetadataType: reflect.TypeOf(ConanLockMetadata{}), - ConanMetadataType: reflect.TypeOf(ConanMetadata{}), - DartPubMetadataType: reflect.TypeOf(DartPubMetadata{}), - DotnetDepsMetadataType: reflect.TypeOf(DotnetDepsMetadata{}), - DpkgMetadataType: reflect.TypeOf(DpkgMetadata{}), - GemMetadataType: reflect.TypeOf(GemMetadata{}), - GolangMetadataType: reflect.TypeOf(GolangMetadata{}), - HackageMetadataType: reflect.TypeOf(HackageMetadata{}), - JavaMetadataType: reflect.TypeOf(JavaMetadata{}), - KbPackageMetadataType: reflect.TypeOf(KbPackageMetadata{}), - MixLockMetadataType: reflect.TypeOf(MixLockMetadata{}), - NpmPackageJSONMetadataType: reflect.TypeOf(NpmPackageJSONMetadata{}), - PhpComposerJSONMetadataType: reflect.TypeOf(PhpComposerJSONMetadata{}), - PortageMetadataType: reflect.TypeOf(PortageMetadata{}), - PythonPackageMetadataType: reflect.TypeOf(PythonPackageMetadata{}), - RebarLockMetadataType: reflect.TypeOf(RebarLockMetadata{}), - RpmMetadataType: reflect.TypeOf(RpmMetadata{}), - RustCargoPackageMetadataType: reflect.TypeOf(CargoPackageMetadata{}), + AlpmMetadataType: reflect.TypeOf(AlpmMetadata{}), + ApkMetadataType: reflect.TypeOf(ApkMetadata{}), + BinaryMetadataType: reflect.TypeOf(BinaryMetadata{}), + CocoapodsMetadataType: reflect.TypeOf(CocoapodsMetadata{}), + ConanLockMetadataType: reflect.TypeOf(ConanLockMetadata{}), + ConanMetadataType: reflect.TypeOf(ConanMetadata{}), + DartPubMetadataType: reflect.TypeOf(DartPubMetadata{}), + DotnetDepsMetadataType: reflect.TypeOf(DotnetDepsMetadata{}), + DpkgMetadataType: reflect.TypeOf(DpkgMetadata{}), + GemMetadataType: reflect.TypeOf(GemMetadata{}), + GolangMetadataType: reflect.TypeOf(GolangMetadata{}), + HackageMetadataType: reflect.TypeOf(HackageMetadata{}), + JavaMetadataType: reflect.TypeOf(JavaMetadata{}), + KbPackageMetadataType: reflect.TypeOf(KbPackageMetadata{}), + MixLockMetadataType: reflect.TypeOf(MixLockMetadata{}), + NpmPackageJSONMetadataType: reflect.TypeOf(NpmPackageJSONMetadata{}), + NpmPackageLockJSONMetadataType: reflect.TypeOf(NpmPackageLockJSONMetadata{}), + PhpComposerJSONMetadataType: reflect.TypeOf(PhpComposerJSONMetadata{}), + PortageMetadataType: reflect.TypeOf(PortageMetadata{}), + PythonPackageMetadataType: reflect.TypeOf(PythonPackageMetadata{}), + PythonPipfileLockMetadataType: reflect.TypeOf(PythonPipfileLockMetadata{}), + RebarLockMetadataType: reflect.TypeOf(RebarLockMetadata{}), + RpmMetadataType: reflect.TypeOf(RpmMetadata{}), + RustCargoPackageMetadataType: reflect.TypeOf(CargoPackageMetadata{}), } func CleanMetadataType(typ MetadataType) MetadataType { diff --git a/syft/pkg/npm_package_json_metadata.go b/syft/pkg/npm_package_json_metadata.go index d426a88d853..ae150e12fbd 100644 --- a/syft/pkg/npm_package_json_metadata.go +++ b/syft/pkg/npm_package_json_metadata.go @@ -1,6 +1,6 @@ package pkg -// NpmPackageJSONMetadata holds extra information that is used in pkg.Package +// NpmPackageJSONMetadata holds parsing information for a javascript package.json file type NpmPackageJSONMetadata struct { Name string `mapstructure:"name" json:"name"` Version string `mapstructure:"version" json:"version"` diff --git a/syft/pkg/npm_package_lock_json_metadata.go b/syft/pkg/npm_package_lock_json_metadata.go new file mode 100644 index 00000000000..3d9db0bf750 --- /dev/null +++ b/syft/pkg/npm_package_lock_json_metadata.go @@ -0,0 +1,7 @@ +package pkg + +// NpmPackageLockJSONMetadata holds parsing information for a javascript package-lock.json file +type NpmPackageLockJSONMetadata struct { + Resolved string `mapstructure:"resolved" json:"resolved"` + Integrity string `mapstructure:"integrity" json:"integrity"` +} diff --git a/syft/pkg/python_pipefile_lock_metadata.go b/syft/pkg/python_pipefile_lock_metadata.go new file mode 100644 index 00000000000..07233d95841 --- /dev/null +++ b/syft/pkg/python_pipefile_lock_metadata.go @@ -0,0 +1,6 @@ +package pkg + +type PythonPipfileLockMetadata struct { + Hashes []string `mapstructure:"hashes" json:"hashes"` + Index string `mapstructure:"index" json:"index"` +}