github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/pkg/cataloger/rust/package.go (about) 1 package rust 2 3 import ( 4 "github.com/microsoft/go-rustaudit" 5 6 "github.com/anchore/packageurl-go" 7 "github.com/anchore/syft/syft/file" 8 "github.com/anchore/syft/syft/pkg" 9 ) 10 11 // Pkg returns the standard `pkg.Package` representation of the package referenced within the Cargo.lock metadata. 12 func newPackageFromCargoMetadata(m pkg.CargoPackageMetadata, locations ...file.Location) pkg.Package { 13 p := pkg.Package{ 14 Name: m.Name, 15 Version: m.Version, 16 Locations: file.NewLocationSet(locations...), 17 PURL: packageURL(m.Name, m.Version), 18 Language: pkg.Rust, 19 Type: pkg.RustPkg, 20 MetadataType: pkg.RustCargoPackageMetadataType, 21 Metadata: m, 22 } 23 24 p.SetID() 25 26 return p 27 } 28 29 func newPackagesFromAudit(location file.Location, versionInfo rustaudit.VersionInfo) []pkg.Package { 30 var pkgs []pkg.Package 31 32 for _, dep := range versionInfo.Packages { 33 dep := dep 34 p := newPackageFromAudit(&dep, location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)) 35 if pkg.IsValid(&p) && dep.Kind == rustaudit.Runtime { 36 pkgs = append(pkgs, p) 37 } 38 } 39 40 return pkgs 41 } 42 43 func newPackageFromAudit(dep *rustaudit.Package, locations ...file.Location) pkg.Package { 44 p := pkg.Package{ 45 Name: dep.Name, 46 Version: dep.Version, 47 PURL: packageURL(dep.Name, dep.Version), 48 Language: pkg.Rust, 49 Type: pkg.RustPkg, 50 Locations: file.NewLocationSet(locations...), 51 MetadataType: pkg.RustCargoPackageMetadataType, 52 Metadata: pkg.CargoPackageMetadata{ 53 Name: dep.Name, 54 Version: dep.Version, 55 Source: dep.Source, 56 }, 57 } 58 59 p.SetID() 60 61 return p 62 } 63 64 // packageURL returns the PURL for the specific rust package (see https://github.com/package-url/purl-spec) 65 func packageURL(name, version string) string { 66 return packageurl.NewPackageURL( 67 packageurl.TypeCargo, 68 "", 69 name, 70 version, 71 nil, 72 "", 73 ).ToString() 74 }