github.com/nextlinux/gosbom@v0.81.1-0.20230627115839-1ff50c281391/gosbom/pkg/cataloger/php/parse_composer_lock.go (about) 1 package php 2 3 import ( 4 "encoding/json" 5 "errors" 6 "fmt" 7 "io" 8 9 "github.com/nextlinux/gosbom/gosbom/artifact" 10 "github.com/nextlinux/gosbom/gosbom/file" 11 "github.com/nextlinux/gosbom/gosbom/pkg" 12 "github.com/nextlinux/gosbom/gosbom/pkg/cataloger/generic" 13 ) 14 15 var _ generic.Parser = parseComposerLock 16 17 type parsedData struct { 18 License []string `json:"license"` 19 pkg.PhpComposerJSONMetadata 20 } 21 22 type composerLock struct { 23 Packages []parsedData `json:"packages"` 24 PackageDev []parsedData `json:"packages-dev"` 25 } 26 27 // parseComposerLock is a parser function for Composer.lock contents, returning "Default" php packages discovered. 28 func parseComposerLock(_ file.Resolver, _ *generic.Environment, reader file.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { 29 pkgs := make([]pkg.Package, 0) 30 dec := json.NewDecoder(reader) 31 32 for { 33 var lock composerLock 34 if err := dec.Decode(&lock); errors.Is(err, io.EOF) { 35 break 36 } else if err != nil { 37 return nil, nil, fmt.Errorf("failed to parse composer.lock file: %w", err) 38 } 39 for _, m := range lock.Packages { 40 pkgs = append( 41 pkgs, 42 newComposerLockPackage( 43 m, 44 reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), 45 ), 46 ) 47 } 48 49 // TODO: did we omit this on purpose? 50 // for _, m := range lock.PackageDev { 51 // pkgs = append(pkgs, newComposerLockPackage(m, reader.Location)) 52 //} 53 } 54 55 return pkgs, nil, nil 56 }