github.com/anchore/syft@v1.38.2/syft/pkg/cataloger/terraform/parse_tf_lock.go (about) 1 package terraform 2 3 import ( 4 "context" 5 "fmt" 6 "io" 7 8 "github.com/hashicorp/hcl/v2/hclsimple" 9 10 "github.com/anchore/syft/syft/artifact" 11 "github.com/anchore/syft/syft/file" 12 "github.com/anchore/syft/syft/pkg" 13 "github.com/anchore/syft/syft/pkg/cataloger/generic" 14 ) 15 16 type terraformLockFile struct { 17 Providers []pkg.TerraformLockProviderEntry `hcl:"provider,block"` 18 } 19 20 func parseTerraformLock(_ context.Context, _ file.Resolver, _ *generic.Environment, reader file.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { 21 var lockFile terraformLockFile 22 23 contents, err := io.ReadAll(reader) 24 if err != nil { 25 return nil, nil, fmt.Errorf("failed to read terraform lock file: %w", err) 26 } 27 28 err = hclsimple.Decode(reader.RealPath, contents, nil, &lockFile) 29 if err != nil { 30 return nil, nil, fmt.Errorf("failed to decode terraform lock file: %w", err) 31 } 32 33 pkgs := make([]pkg.Package, 0, len(lockFile.Providers)) 34 35 for _, provider := range lockFile.Providers { 36 p := pkg.Package{ 37 Name: provider.URL, 38 Version: provider.Version, 39 Locations: file.NewLocationSet(reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), 40 Licenses: pkg.NewLicenseSet(), // TODO: license could be found in .terraform/providers/${name}/${version}/${arch}/LICENSE.txt 41 Language: pkg.Go, 42 Type: pkg.TerraformPkg, 43 Metadata: provider, 44 // TODO: PURL omitted from package creation until the following issue resolved 45 // https://github.com/package-url/purl-spec/issues/369 46 } 47 p.SetID() 48 49 pkgs = append(pkgs, p) 50 } 51 52 return pkgs, nil, nil 53 }