github.com/lineaje-labs/syft@v0.98.1-0.20231227153149-9e393f60ff1b/syft/pkg/cataloger/dotnet/package.go

github.com/lineaje-labs/syft@v0.98.1-0.20231227153149-9e393f60ff1b/syft/pkg/cataloger/dotnet/package.go (about)

     1  package dotnet
     2  
     3  import (
     4  	"fmt"
     5  	"regexp"
     6  	"strings"
     7  
     8  	"github.com/anchore/packageurl-go"
     9  	"github.com/anchore/syft/syft/file"
    10  	"github.com/anchore/syft/syft/pkg"
    11  )
    12  
    13  func newDotnetDepsPackage(nameVersion string, lib dotnetDepsLibrary, locations ...file.Location) *pkg.Package {
    14  	name, version := extractNameAndVersion(nameVersion)
    15  
    16  	m := pkg.DotnetDepsEntry{
    17  		Name:     name,
    18  		Version:  version,
    19  		Path:     lib.Path,
    20  		Sha512:   lib.Sha512,
    21  		HashPath: lib.HashPath,
    22  	}
    23  
    24  	p := &pkg.Package{
    25  		Name:      name,
    26  		Version:   version,
    27  		Locations: file.NewLocationSet(locations...),
    28  		PURL:      packageURL(m),
    29  		Language:  pkg.Dotnet,
    30  		Type:      pkg.DotnetPkg,
    31  		Metadata:  m,
    32  	}
    33  
    34  	p.SetID()
    35  
    36  	return p
    37  }
    38  
    39  func getDepsJSONFilePrefix(p string) string {
    40  	r := regexp.MustCompile(`([^\/]+)\.deps\.json$`)
    41  	match := r.FindStringSubmatch(p)
    42  	if len(match) > 1 {
    43  		return match[1]
    44  	}
    45  	return ""
    46  }
    47  
    48  func extractNameAndVersion(nameVersion string) (name, version string) {
    49  	fields := strings.Split(nameVersion, "/")
    50  	name = fields[0]
    51  	version = fields[1]
    52  	return
    53  }
    54  
    55  func createNameAndVersion(name, version string) (nameVersion string) {
    56  	nameVersion = fmt.Sprintf("%s/%s", name, version)
    57  	return
    58  }
    59  
    60  func packageURL(m pkg.DotnetDepsEntry) string {
    61  	var qualifiers packageurl.Qualifiers
    62  
    63  	return packageurl.NewPackageURL(
    64  		// This originally was packageurl.TypeDotnet, but this isn't a valid PURL type, according to:
    65  		// https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst
    66  		// Some history:
    67  		//   https://github.com/anchore/packageurl-go/pull/8 added the type to Anchore's fork
    68  		//   due to this PR: https://github.com/anchore/syft/pull/951
    69  		// There were questions about "dotnet" being the right purlType at the time, but it was
    70  		// acknowledged that scanning a dotnet file does not necessarily mean the packages found
    71  		// are nuget packages and so the alternate type was added. Since this is still an invalid
    72  		// PURL type, however, we will use TypeNuget and revisit at such time there is a better
    73  		// official PURL type available.
    74  		packageurl.TypeNuget,
    75  		"",
    76  		m.Name,
    77  		m.Version,
    78  		qualifiers,
    79  		"",
    80  	).ToString()
    81  }