github.com/nextlinux/gosbom@v0.81.1-0.20230627115839-1ff50c281391/gosbom/pkg/cataloger/python/parse_poetry_lock.go (about) 1 package python 2 3 import ( 4 "fmt" 5 6 "github.com/nextlinux/gosbom/gosbom/artifact" 7 "github.com/nextlinux/gosbom/gosbom/file" 8 "github.com/nextlinux/gosbom/gosbom/pkg" 9 "github.com/nextlinux/gosbom/gosbom/pkg/cataloger/generic" 10 "github.com/pelletier/go-toml" 11 ) 12 13 // integrity check 14 var _ generic.Parser = parsePoetryLock 15 16 type poetryMetadata struct { 17 Packages []struct { 18 Name string `toml:"name"` 19 Version string `toml:"version"` 20 Category string `toml:"category"` 21 Description string `toml:"description"` 22 Optional bool `toml:"optional"` 23 } `toml:"package"` 24 } 25 26 // parsePoetryLock is a parser function for poetry.lock contents, returning all python packages discovered. 27 func parsePoetryLock(_ file.Resolver, _ *generic.Environment, reader file.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { 28 tree, err := toml.LoadReader(reader) 29 if err != nil { 30 return nil, nil, fmt.Errorf("unable to load poetry.lock for parsing: %w", err) 31 } 32 33 metadata := poetryMetadata{} 34 err = tree.Unmarshal(&metadata) 35 if err != nil { 36 return nil, nil, fmt.Errorf("unable to parse poetry.lock: %w", err) 37 } 38 39 var pkgs []pkg.Package 40 for _, p := range metadata.Packages { 41 pkgs = append( 42 pkgs, 43 newPackageForIndex( 44 p.Name, 45 p.Version, 46 reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), 47 ), 48 ) 49 } 50 51 return pkgs, nil, nil 52 }