Merge pull request #312 from anchore/omit-empty-packages

Omit empty packages
anchore · Jan 22, 2021 · 7bcdafe · 7bcdafe
2 parents 0f62888 + 4576c08
commit 7bcdafe
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 3 deletions.
diff --git a/syft/cataloger/javascript/parse_package_json.go b/syft/cataloger/javascript/parse_package_json.go
@@ -7,6 +7,8 @@ import (
 	"io"
 	"regexp"
 
+	"github.com/anchore/syft/internal/log"
+
 	"github.com/anchore/syft/internal"
 
 	"github.com/mitchellh/mapstructure"
@@ -172,6 +174,11 @@ func parsePackageJSON(_ string, reader io.Reader) ([]pkg.Package, error) {
 			return nil, fmt.Errorf("failed to parse package.json file: %w", err)
 		}
 
+		if !p.hasNameAndVersionValues() {
+			log.Debug("encountered package.json file without a name and/or version field, ignoring this file")
+			return nil, nil
+		}
+
 		licenses, err := licensesFromJSON(p)
 		if err != nil {
 			return nil, fmt.Errorf("failed to parse package.json file: %w", err)
@@ -195,3 +202,7 @@ func parsePackageJSON(_ string, reader io.Reader) ([]pkg.Package, error) {
 
 	return packages, nil
 }
+
+func (p PackageJSON) hasNameAndVersionValues() bool {
+	return p.Name != "" && p.Version != ""
+}
diff --git a/syft/cataloger/javascript/parse_package_json_test.go b/syft/cataloger/javascript/parse_package_json_test.go
@@ -142,3 +142,20 @@ func TestParsePackageJSON(t *testing.T) {
 		})
 	}
 }
+
+func TestParsePackageJSON_Partial(t *testing.T) { // see https://github.com/anchore/syft/issues/311
+	const fixtureFile = "test-fixtures/pkg-json/package-partial.json"
+	fixture, err := os.Open(fixtureFile)
+	if err != nil {
+		t.Fatalf("failed to open fixture: %+v", err)
+	}
+
+	actual, err := parsePackageJSON("", fixture)
+	if err != nil {
+		t.Fatalf("failed to parse package-lock.json: %+v", err)
+	}
+
+	if actualCount := len(actual); actualCount != 0 {
+		t.Errorf("no packages should've been returned (but got %d packages)", actualCount)
+	}
+}
diff --git a/syft/cataloger/javascript/test-fixtures/pkg-json/package-partial.json b/syft/cataloger/javascript/test-fixtures/pkg-json/package-partial.json
@@ -0,0 +1,5 @@
+{
+  "sideEffects": false,
+  "module": "../../esm/fp/isSaturday/index.js",
+  "typings": "../../typings.d.ts"
+}
diff --git a/test/integration/regression_test.go b/test/integration/regression_test.go
@@ -24,7 +24,7 @@ func TestRegression212ApkBufferSize(t *testing.T) {
 		t.Fatalf("failed to catalog image: %+v", err)
 	}
 
-	expectedPkgs := 57
+	expectedPkgs := 58
 	actualPkgs := 0
 	for range catalog.Enumerate(pkg.ApkPkg) {
 		actualPkgs += 1

diff --git a/test/integration/test-fixtures/image-large-apk-data/Dockerfile b/test/integration/test-fixtures/image-large-apk-data/Dockerfile
@@ -1,2 +1,5 @@
-FROM alpine:latest
-RUN apk add tzdata vim alpine-sdk
+FROM alpine@sha256:d9a7354e3845ea8466bb00b22224d9116b183e594527fb5b6c3d30bc01a20378
+RUN apk add --no-cache \
+            tzdata=2020f-r0 \
+            vim=8.2.2320-r0 \
+            alpine-sdk=1.0-r0