github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/pkg/cataloger/java/zip_wrapped_archive_parser.go (about) 1 package java 2 3 import ( 4 "fmt" 5 6 intFile "github.com/anchore/syft/internal/file" 7 "github.com/anchore/syft/syft/artifact" 8 "github.com/anchore/syft/syft/file" 9 "github.com/anchore/syft/syft/pkg" 10 "github.com/anchore/syft/syft/pkg/cataloger/generic" 11 ) 12 13 var genericZipGlobs = []string{ 14 "**/*.zip", 15 } 16 17 // TODO: when the generic archive cataloger is implemented, this should be removed (https://github.com/anchore/syft/issues/246) 18 19 // parseZipWrappedJavaArchive is a parser function for java archive contents contained within arbitrary zip files. 20 func parseZipWrappedJavaArchive(_ file.Resolver, _ *generic.Environment, reader file.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { 21 contentPath, archivePath, cleanupFn, err := saveArchiveToTmp(reader.AccessPath(), reader) 22 // note: even on error, we should always run cleanup functions 23 defer cleanupFn() 24 if err != nil { 25 return nil, nil, err 26 } 27 28 // we use our zip helper functions instead of that from the archiver package or the standard lib. Why? These helper 29 // functions support zips with shell scripts prepended to the file. Specifically, the helpers use the central 30 // header at the end of the file to determine where the beginning of the zip payload is (unlike the standard lib 31 // or archiver). 32 fileManifest, err := intFile.NewZipFileManifest(archivePath) 33 if err != nil { 34 return nil, nil, fmt.Errorf("unable to read files from java archive: %w", err) 35 } 36 37 // look for java archives within the zip archive 38 return discoverPkgsFromZip(reader.Location, archivePath, contentPath, fileManifest, nil) 39 }