github.com/lineaje-labs/syft@v0.98.1-0.20231227153149-9e393f60ff1b/syft/pkg/cataloger/rust/package.go (about) 1 package rust 2 3 import ( 4 "github.com/microsoft/go-rustaudit" 5 6 "github.com/anchore/packageurl-go" 7 "github.com/anchore/syft/syft/file" 8 "github.com/anchore/syft/syft/pkg" 9 ) 10 11 // Pkg returns the standard `pkg.Package` representation of the package referenced within the Cargo.lock metadata. 12 func newPackageFromCargoMetadata(m pkg.RustCargoLockEntry, locations ...file.Location) pkg.Package { 13 p := pkg.Package{ 14 Name: m.Name, 15 Version: m.Version, 16 Locations: file.NewLocationSet(locations...), 17 PURL: packageURL(m.Name, m.Version), 18 Language: pkg.Rust, 19 Type: pkg.RustPkg, 20 Metadata: m, 21 } 22 23 p.SetID() 24 25 return p 26 } 27 28 func newPackagesFromAudit(location file.Location, versionInfo rustaudit.VersionInfo) []pkg.Package { 29 var pkgs []pkg.Package 30 31 for _, dep := range versionInfo.Packages { 32 dep := dep 33 p := newPackageFromAudit(&dep, location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)) 34 if pkg.IsValid(&p) && dep.Kind == rustaudit.Runtime { 35 pkgs = append(pkgs, p) 36 } 37 } 38 39 return pkgs 40 } 41 42 func newPackageFromAudit(dep *rustaudit.Package, locations ...file.Location) pkg.Package { 43 p := pkg.Package{ 44 Name: dep.Name, 45 Version: dep.Version, 46 PURL: packageURL(dep.Name, dep.Version), 47 Language: pkg.Rust, 48 Type: pkg.RustPkg, 49 Locations: file.NewLocationSet(locations...), 50 Metadata: pkg.RustBinaryAuditEntry{ 51 Name: dep.Name, 52 Version: dep.Version, 53 Source: dep.Source, 54 }, 55 } 56 57 p.SetID() 58 59 return p 60 } 61 62 // packageURL returns the PURL for the specific rust package (see https://github.com/package-url/purl-spec) 63 func packageURL(name, version string) string { 64 return packageurl.NewPackageURL( 65 packageurl.TypeCargo, 66 "", 67 name, 68 version, 69 nil, 70 "", 71 ).ToString() 72 }