github.com/khulnasoft-lab/tunnel-db@v0.0.0-20231117205118-74e1113bd007/pkg/vulnsrc/ghsa/cocoapods.go (about) 1 package ghsa 2 3 import ( 4 "encoding/json" 5 "io" 6 "log" 7 "path/filepath" 8 9 "golang.org/x/exp/slices" 10 "golang.org/x/xerrors" 11 12 "github.com/khulnasoft-lab/tunnel-db/pkg/utils" 13 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrc/vulnerability" 14 ) 15 16 // Spec is cocoapods struct 17 type Spec struct { 18 Name string `json:"name"` 19 Source Source `json:"source"` 20 } 21 22 type Source struct { 23 Git string `json:"git"` 24 } 25 26 var cocoapodsSpecDir = filepath.Join("cocoapods-specs", "Specs") 27 28 func walkCocoaPodsSpecs(root string) (map[string][]string, error) { 29 log.Printf("Walk `Cocoapods Specs` to convert Swift URLs to Cocoapods package names") 30 var specs = make(map[string][]string) 31 err := utils.FileWalk(filepath.Join(root, cocoapodsSpecDir), func(r io.Reader, path string) error { 32 if filepath.Ext(path) != ".json" { 33 return nil 34 } 35 var spec Spec 36 if err := json.NewDecoder(r).Decode(&spec); err != nil { 37 return xerrors.Errorf("failed to decode CocoaPods Spec: %w", err) 38 } 39 if spec.Source.Git == "" { 40 return nil 41 } 42 43 // Trim `https://` prefix and `.git` suffix to fit the format 44 link := vulnerability.NormalizePkgName(vulnerability.Swift, spec.Source.Git) 45 // some packages (or subpackages) can use same git url 46 // we need to save all packages 47 if names, ok := specs[link]; ok { 48 if !slices.Contains(names, spec.Name) { 49 specs[link] = append(specs[link], spec.Name) 50 } 51 } else { 52 specs[link] = []string{spec.Name} 53 } 54 return nil 55 }) 56 if err != nil { 57 return nil, xerrors.Errorf("error in CocoaPods walk: %w", err) 58 } 59 return specs, nil 60 }