github.com/lineaje-labs/syft@v0.98.1-0.20231227153149-9e393f60ff1b/syft/pkg/cataloger/python/parse_poetry_lock.go (about) 1 package python 2 3 import ( 4 "fmt" 5 6 "github.com/pelletier/go-toml" 7 8 "github.com/anchore/syft/syft/artifact" 9 "github.com/anchore/syft/syft/file" 10 "github.com/anchore/syft/syft/pkg" 11 "github.com/anchore/syft/syft/pkg/cataloger/generic" 12 ) 13 14 // integrity check 15 var _ generic.Parser = parsePoetryLock 16 17 type poetryMetadata struct { 18 Packages []struct { 19 Name string `toml:"name"` 20 Version string `toml:"version"` 21 Category string `toml:"category"` 22 Description string `toml:"description"` 23 Optional bool `toml:"optional"` 24 } `toml:"package"` 25 } 26 27 // parsePoetryLock is a parser function for poetry.lock contents, returning all python packages discovered. 28 func parsePoetryLock(_ file.Resolver, _ *generic.Environment, reader file.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { 29 tree, err := toml.LoadReader(reader) 30 if err != nil { 31 return nil, nil, fmt.Errorf("unable to load poetry.lock for parsing: %w", err) 32 } 33 34 metadata := poetryMetadata{} 35 err = tree.Unmarshal(&metadata) 36 if err != nil { 37 return nil, nil, fmt.Errorf("unable to parse poetry.lock: %w", err) 38 } 39 40 var pkgs []pkg.Package 41 for _, p := range metadata.Packages { 42 pkgs = append( 43 pkgs, 44 newPackageForIndex( 45 p.Name, 46 p.Version, 47 reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), 48 ), 49 ) 50 } 51 52 return pkgs, nil, nil 53 }