github.com/nextlinux/gosbom@v0.81.1-0.20230627115839-1ff50c281391/gosbom/pkg/cataloger/dotnet/parse_dotnet_deps.go (about) 1 package dotnet 2 3 import ( 4 "encoding/json" 5 "fmt" 6 "sort" 7 8 "github.com/nextlinux/gosbom/gosbom/artifact" 9 "github.com/nextlinux/gosbom/gosbom/file" 10 "github.com/nextlinux/gosbom/gosbom/pkg" 11 "github.com/nextlinux/gosbom/gosbom/pkg/cataloger/generic" 12 ) 13 14 var _ generic.Parser = parseDotnetDeps 15 16 type dotnetDeps struct { 17 Libraries map[string]dotnetDepsLibrary `json:"libraries"` 18 } 19 20 type dotnetDepsLibrary struct { 21 Type string `json:"type"` 22 Path string `json:"path"` 23 Sha512 string `json:"sha512"` 24 HashPath string `json:"hashPath"` 25 } 26 27 func parseDotnetDeps(_ file.Resolver, _ *generic.Environment, reader file.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { 28 var pkgs []pkg.Package 29 30 dec := json.NewDecoder(reader) 31 32 var p dotnetDeps 33 if err := dec.Decode(&p); err != nil { 34 return nil, nil, fmt.Errorf("failed to parse deps.json file: %w", err) 35 } 36 37 var names []string 38 39 for nameVersion := range p.Libraries { 40 names = append(names, nameVersion) 41 } 42 43 // sort the names so that the order of the packages is deterministic 44 sort.Strings(names) 45 46 for _, nameVersion := range names { 47 lib := p.Libraries[nameVersion] 48 dotnetPkg := newDotnetDepsPackage( 49 nameVersion, 50 lib, 51 reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), 52 ) 53 54 if dotnetPkg != nil { 55 pkgs = append(pkgs, *dotnetPkg) 56 } 57 } 58 59 return pkgs, nil, nil 60 }