github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/pkg/cataloger/python/parse_poetry_lock.go

github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/pkg/cataloger/python/parse_poetry_lock.go (about)

     1  package python
     2  
     3  import (
     4  	"fmt"
     5  
     6  	"github.com/pelletier/go-toml"
     7  
     8  	"github.com/anchore/syft/syft/artifact"
     9  	"github.com/anchore/syft/syft/file"
    10  	"github.com/anchore/syft/syft/pkg"
    11  	"github.com/anchore/syft/syft/pkg/cataloger/generic"
    12  )
    13  
    14  // integrity check
    15  var _ generic.Parser = parsePoetryLock
    16  
    17  type poetryMetadata struct {
    18  	Packages []struct {
    19  		Name        string `toml:"name"`
    20  		Version     string `toml:"version"`
    21  		Category    string `toml:"category"`
    22  		Description string `toml:"description"`
    23  		Optional    bool   `toml:"optional"`
    24  	} `toml:"package"`
    25  }
    26  
    27  // parsePoetryLock is a parser function for poetry.lock contents, returning all python packages discovered.
    28  func parsePoetryLock(_ file.Resolver, _ *generic.Environment, reader file.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) {
    29  	tree, err := toml.LoadReader(reader)
    30  	if err != nil {
    31  		return nil, nil, fmt.Errorf("unable to load poetry.lock for parsing: %w", err)
    32  	}
    33  
    34  	metadata := poetryMetadata{}
    35  	err = tree.Unmarshal(&metadata)
    36  	if err != nil {
    37  		return nil, nil, fmt.Errorf("unable to parse poetry.lock: %w", err)
    38  	}
    39  
    40  	var pkgs []pkg.Package
    41  	for _, p := range metadata.Packages {
    42  		pkgs = append(
    43  			pkgs,
    44  			newPackageForIndex(
    45  				p.Name,
    46  				p.Version,
    47  				reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
    48  			),
    49  		)
    50  	}
    51  
    52  	return pkgs, nil, nil
    53  }