github.com/anchore/syft@v1.38.2/syft/pkg/cataloger/rust/package.go

github.com/anchore/syft@v1.38.2/syft/pkg/cataloger/rust/package.go (about)

     1  package rust
     2  
     3  import (
     4  	"github.com/rust-secure-code/go-rustaudit"
     5  
     6  	"github.com/anchore/packageurl-go"
     7  	"github.com/anchore/syft/syft/file"
     8  	"github.com/anchore/syft/syft/pkg"
     9  )
    10  
    11  // Pkg returns the standard `pkg.Package` representation of the package referenced within the Cargo.lock metadata.
    12  func newPackageFromCargoMetadata(m pkg.RustCargoLockEntry, locations ...file.Location) pkg.Package {
    13  	p := pkg.Package{
    14  		Name:      m.Name,
    15  		Version:   m.Version,
    16  		Locations: file.NewLocationSet(locations...),
    17  		PURL:      packageURL(m.Name, m.Version),
    18  		Language:  pkg.Rust,
    19  		Type:      pkg.RustPkg,
    20  		Metadata:  m,
    21  	}
    22  
    23  	p.SetID()
    24  
    25  	return p
    26  }
    27  
    28  func newPackageFromAudit(dep *rustaudit.Package, locations ...file.Location) pkg.Package {
    29  	p := pkg.Package{
    30  		Name:      dep.Name,
    31  		Version:   dep.Version,
    32  		PURL:      packageURL(dep.Name, dep.Version),
    33  		Language:  pkg.Rust,
    34  		Type:      pkg.RustPkg,
    35  		Locations: file.NewLocationSet(locations...),
    36  		Metadata: pkg.RustBinaryAuditEntry{
    37  			Name:    dep.Name,
    38  			Version: dep.Version,
    39  			Source:  dep.Source,
    40  		},
    41  	}
    42  
    43  	p.SetID()
    44  
    45  	return p
    46  }
    47  
    48  // packageURL returns the PURL for the specific rust package (see https://github.com/package-url/purl-spec)
    49  func packageURL(name, version string) string {
    50  	return packageurl.NewPackageURL(
    51  		packageurl.TypeCargo,
    52  		"",
    53  		name,
    54  		version,
    55  		nil,
    56  		"",
    57  	).ToString()
    58  }