github.com/nextlinux/gosbom@v0.81.1-0.20230627115839-1ff50c281391/gosbom/pkg/cataloger/swift/parse_podfile_lock.go

github.com/nextlinux/gosbom@v0.81.1-0.20230627115839-1ff50c281391/gosbom/pkg/cataloger/swift/parse_podfile_lock.go (about)

     1  package swift
     2  
     3  import (
     4  	"fmt"
     5  	"io"
     6  	"strings"
     7  
     8  	"github.com/nextlinux/gosbom/gosbom/artifact"
     9  	"github.com/nextlinux/gosbom/gosbom/file"
    10  	"github.com/nextlinux/gosbom/gosbom/pkg"
    11  	"github.com/nextlinux/gosbom/gosbom/pkg/cataloger/generic"
    12  	"gopkg.in/yaml.v3"
    13  )
    14  
    15  var _ generic.Parser = parsePodfileLock
    16  
    17  type podfileLock struct {
    18  	Pods            []interface{}       `yaml:"PODS"`
    19  	Dependencies    []string            `yaml:"DEPENDENCIES"`
    20  	SpecRepos       map[string][]string `yaml:"SPEC REPOS"`
    21  	SpecChecksums   map[string]string   `yaml:"SPEC CHECKSUMS"`
    22  	PodfileChecksum string              `yaml:"PODFILE CHECKSUM"`
    23  	Cocopods        string              `yaml:"COCOAPODS"`
    24  }
    25  
    26  // parsePodfileLock is a parser function for Podfile.lock contents, returning all cocoapods pods discovered.
    27  func parsePodfileLock(_ file.Resolver, _ *generic.Environment, reader file.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) {
    28  	bytes, err := io.ReadAll(reader)
    29  	if err != nil {
    30  		return nil, nil, fmt.Errorf("unable to read file: %w", err)
    31  	}
    32  	var podfile podfileLock
    33  	if err = yaml.Unmarshal(bytes, &podfile); err != nil {
    34  		return nil, nil, fmt.Errorf("unable to parse yaml: %w", err)
    35  	}
    36  
    37  	var pkgs []pkg.Package
    38  	for _, podInterface := range podfile.Pods {
    39  		var podBlob string
    40  		switch v := podInterface.(type) {
    41  		case map[string]interface{}:
    42  			for k := range v {
    43  				podBlob = k
    44  			}
    45  		case string:
    46  			podBlob = v
    47  		default:
    48  			return nil, nil, fmt.Errorf("malformed podfile.lock")
    49  		}
    50  		splits := strings.Split(podBlob, " ")
    51  		podName := splits[0]
    52  		podVersion := strings.TrimSuffix(strings.TrimPrefix(splits[1], "("), ")")
    53  		podRootPkg := strings.Split(podName, "/")[0]
    54  
    55  		var pkgHash string
    56  		pkgHash, exists := podfile.SpecChecksums[podRootPkg]
    57  		if !exists {
    58  			return nil, nil, fmt.Errorf("malformed podfile.lock: incomplete checksums")
    59  		}
    60  
    61  		pkgs = append(
    62  			pkgs,
    63  			newPackage(
    64  				podName,
    65  				podVersion,
    66  				pkgHash,
    67  				reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
    68  			),
    69  		)
    70  	}
    71  
    72  	return pkgs, nil, nil
    73  }