github.com/anchore/syft@v1.38.2/syft/pkg/cataloger/java/parse_gradle_lockfile.go

github.com/anchore/syft@v1.38.2/syft/pkg/cataloger/java/parse_gradle_lockfile.go (about)

     1  package java
     2  
     3  import (
     4  	"bufio"
     5  	"context"
     6  	"strings"
     7  
     8  	"github.com/anchore/syft/syft/artifact"
     9  	"github.com/anchore/syft/syft/file"
    10  	"github.com/anchore/syft/syft/pkg"
    11  	"github.com/anchore/syft/syft/pkg/cataloger/generic"
    12  )
    13  
    14  // lockfileDependency represents a single dependency in the gradle.lockfile file
    15  type lockfileDependency struct {
    16  	Group   string
    17  	Name    string
    18  	Version string
    19  }
    20  
    21  func parseGradleLockfile(_ context.Context, _ file.Resolver, _ *generic.Environment, reader file.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) {
    22  	var pkgs []pkg.Package
    23  
    24  	// Create a new scanner to read the file
    25  	scanner := bufio.NewScanner(reader)
    26  
    27  	// Create slices to hold the dependencies and plugins
    28  	dependencies := []lockfileDependency{}
    29  
    30  	// Loop over all lines in the file
    31  	for scanner.Scan() {
    32  		line := scanner.Text()
    33  
    34  		// Trim leading and trailing whitespace from the line
    35  		line = strings.TrimSpace(line)
    36  
    37  		groupNameVersion := line
    38  		groupNameVersion = strings.Split(groupNameVersion, "=")[0]
    39  		parts := strings.Split(groupNameVersion, ":")
    40  
    41  		// we have a version directly specified
    42  		if len(parts) == 3 {
    43  			// Create a new Dependency struct and add it to the dependencies slice
    44  			dep := lockfileDependency{Group: parts[0], Name: parts[1], Version: parts[2]}
    45  			dependencies = append(dependencies, dep)
    46  		}
    47  	}
    48  
    49  	// map the dependencies
    50  	for _, dep := range dependencies {
    51  		archive := pkg.JavaArchive{
    52  			PomProject: &pkg.JavaPomProject{
    53  				GroupID:    dep.Group,
    54  				ArtifactID: dep.Name,
    55  				Version:    dep.Version,
    56  				Name:       dep.Name,
    57  			},
    58  		}
    59  
    60  		mappedPkg := pkg.Package{
    61  			Name:    dep.Name,
    62  			Version: dep.Version,
    63  			Locations: file.NewLocationSet(
    64  				reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
    65  			),
    66  			Language: pkg.Java,
    67  			Type:     pkg.JavaPkg,
    68  			PURL:     packageURL(dep.Name, dep.Version, archive),
    69  			Metadata: archive,
    70  		}
    71  		mappedPkg.SetID()
    72  		pkgs = append(pkgs, mappedPkg)
    73  	}
    74  
    75  	return pkgs, nil, nil
    76  }