github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/pkg/cataloger/dotnet/package.go

github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/pkg/cataloger/dotnet/package.go (about)

     1  package dotnet
     2  
     3  import (
     4  	"fmt"
     5  	"regexp"
     6  	"strings"
     7  
     8  	"github.com/anchore/packageurl-go"
     9  	"github.com/anchore/syft/syft/file"
    10  	"github.com/anchore/syft/syft/pkg"
    11  )
    12  
    13  func newDotnetDepsPackage(nameVersion string, lib dotnetDepsLibrary, locations ...file.Location) *pkg.Package {
    14  	name, version := extractNameAndVersion(nameVersion)
    15  
    16  	m := pkg.DotnetDepsMetadata{
    17  		Name:     name,
    18  		Version:  version,
    19  		Path:     lib.Path,
    20  		Sha512:   lib.Sha512,
    21  		HashPath: lib.HashPath,
    22  	}
    23  
    24  	p := &pkg.Package{
    25  		Name:         name,
    26  		Version:      version,
    27  		Locations:    file.NewLocationSet(locations...),
    28  		PURL:         packageURL(m),
    29  		Language:     pkg.Dotnet,
    30  		Type:         pkg.DotnetPkg,
    31  		MetadataType: pkg.DotnetDepsMetadataType,
    32  		Metadata:     m,
    33  	}
    34  
    35  	p.SetID()
    36  
    37  	return p
    38  }
    39  
    40  func getDepsJSONFilePrefix(p string) string {
    41  	r := regexp.MustCompile(`([^\/]+)\.deps\.json$`)
    42  	match := r.FindStringSubmatch(p)
    43  	if len(match) > 1 {
    44  		return match[1]
    45  	}
    46  	return ""
    47  }
    48  
    49  func extractNameAndVersion(nameVersion string) (name, version string) {
    50  	fields := strings.Split(nameVersion, "/")
    51  	name = fields[0]
    52  	version = fields[1]
    53  	return
    54  }
    55  
    56  func createNameAndVersion(name, version string) (nameVersion string) {
    57  	nameVersion = fmt.Sprintf("%s/%s", name, version)
    58  	return
    59  }
    60  
    61  func packageURL(m pkg.DotnetDepsMetadata) string {
    62  	var qualifiers packageurl.Qualifiers
    63  
    64  	return packageurl.NewPackageURL(
    65  		// This originally was packageurl.TypeDotnet, but this isn't a valid PURL type, according to:
    66  		// https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst
    67  		// Some history:
    68  		//   https://github.com/anchore/packageurl-go/pull/8 added the type to Anchore's fork
    69  		//   due to this PR: https://github.com/anchore/syft/pull/951
    70  		// There were questions about "dotnet" being the right purlType at the time, but it was
    71  		// acknowledged that scanning a dotnet file does not necessarily mean the packages found
    72  		// are nuget packages and so the alternate type was added. Since this is still an invalid
    73  		// PURL type, however, we will use TypeNuget and revisit at such time there is a better
    74  		// official PURL type available.
    75  		packageurl.TypeNuget,
    76  		"",
    77  		m.Name,
    78  		m.Version,
    79  		qualifiers,
    80  		"",
    81  	).ToString()
    82  }