github.com/lineaje-labs/syft@v0.98.1-0.20231227153149-9e393f60ff1b/syft/pkg/cataloger/php/parse_composer_lock.go (about) 1 package php 2 3 import ( 4 "encoding/json" 5 "errors" 6 "fmt" 7 "io" 8 9 "github.com/anchore/syft/syft/artifact" 10 "github.com/anchore/syft/syft/file" 11 "github.com/anchore/syft/syft/pkg" 12 "github.com/anchore/syft/syft/pkg/cataloger/generic" 13 ) 14 15 var _ generic.Parser = parseComposerLock 16 17 type parsedLockData struct { 18 License []string `json:"license"` 19 pkg.PhpComposerLockEntry 20 } 21 22 type composerLock struct { 23 Packages []parsedLockData `json:"packages"` 24 PackageDev []parsedLockData `json:"packages-dev"` // TODO: these are not currently included as packages in the SBOM... should they be? 25 } 26 27 // parseComposerLock is a parser function for Composer.lock contents, returning "Default" php packages discovered. 28 func parseComposerLock(_ file.Resolver, _ *generic.Environment, reader file.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { 29 pkgs := make([]pkg.Package, 0) 30 dec := json.NewDecoder(reader) 31 32 for { 33 var lock composerLock 34 if err := dec.Decode(&lock); errors.Is(err, io.EOF) { 35 break 36 } else if err != nil { 37 return nil, nil, fmt.Errorf("failed to parse composer.lock file: %w", err) 38 } 39 for _, pd := range lock.Packages { 40 pkgs = append( 41 pkgs, 42 newComposerLockPackage( 43 pd, 44 reader.Location, 45 ), 46 ) 47 } 48 } 49 50 return pkgs, nil, nil 51 }