github.com/anchore/syft@v1.4.2-0.20240516191711-1bec1fc5d397/syft/pkg/cataloger/swift/parse_podfile_lock.go

github.com/anchore/syft@v1.4.2-0.20240516191711-1bec1fc5d397/syft/pkg/cataloger/swift/parse_podfile_lock.go (about)

     1  package swift
     2  
     3  import (
     4  	"context"
     5  	"fmt"
     6  	"io"
     7  	"strings"
     8  
     9  	"gopkg.in/yaml.v3"
    10  
    11  	"github.com/anchore/syft/syft/artifact"
    12  	"github.com/anchore/syft/syft/file"
    13  	"github.com/anchore/syft/syft/pkg"
    14  	"github.com/anchore/syft/syft/pkg/cataloger/generic"
    15  )
    16  
    17  var _ generic.Parser = parsePodfileLock
    18  
    19  type podfileLock struct {
    20  	Pods            []interface{}       `yaml:"PODS"`
    21  	Dependencies    []string            `yaml:"DEPENDENCIES"`
    22  	SpecRepos       map[string][]string `yaml:"SPEC REPOS"`
    23  	SpecChecksums   map[string]string   `yaml:"SPEC CHECKSUMS"`
    24  	PodfileChecksum string              `yaml:"PODFILE CHECKSUM"`
    25  	Cocopods        string              `yaml:"COCOAPODS"`
    26  }
    27  
    28  // parsePodfileLock is a parser function for Podfile.lock contents, returning all cocoapods pods discovered.
    29  func parsePodfileLock(_ context.Context, _ file.Resolver, _ *generic.Environment, reader file.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) {
    30  	bytes, err := io.ReadAll(reader)
    31  	if err != nil {
    32  		return nil, nil, fmt.Errorf("unable to read file: %w", err)
    33  	}
    34  	var podfile podfileLock
    35  	if err = yaml.Unmarshal(bytes, &podfile); err != nil {
    36  		return nil, nil, fmt.Errorf("unable to parse yaml: %w", err)
    37  	}
    38  
    39  	var pkgs []pkg.Package
    40  	for _, podInterface := range podfile.Pods {
    41  		var podBlob string
    42  		switch v := podInterface.(type) {
    43  		case map[string]interface{}:
    44  			for k := range v {
    45  				podBlob = k
    46  			}
    47  		case string:
    48  			podBlob = v
    49  		default:
    50  			return nil, nil, fmt.Errorf("malformed podfile.lock")
    51  		}
    52  		splits := strings.Split(podBlob, " ")
    53  		podName := splits[0]
    54  		podVersion := strings.TrimSuffix(strings.TrimPrefix(splits[1], "("), ")")
    55  		podRootPkg := strings.Split(podName, "/")[0]
    56  
    57  		var pkgHash string
    58  		pkgHash, exists := podfile.SpecChecksums[podRootPkg]
    59  		if !exists {
    60  			return nil, nil, fmt.Errorf("malformed podfile.lock: incomplete checksums")
    61  		}
    62  
    63  		pkgs = append(
    64  			pkgs,
    65  			newCocoaPodsPackage(
    66  				podName,
    67  				podVersion,
    68  				pkgHash,
    69  				reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
    70  			),
    71  		)
    72  	}
    73  
    74  	return pkgs, nil, nil
    75  }