github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/pkg/cataloger/rust/parse_audit_binary.go

github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/pkg/cataloger/rust/parse_audit_binary.go (about)

     1  package rust
     2  
     3  import (
     4  	"errors"
     5  
     6  	rustaudit "github.com/microsoft/go-rustaudit"
     7  
     8  	"github.com/anchore/syft/internal/log"
     9  	"github.com/anchore/syft/syft/artifact"
    10  	"github.com/anchore/syft/syft/file"
    11  	"github.com/anchore/syft/syft/pkg"
    12  	"github.com/anchore/syft/syft/pkg/cataloger/generic"
    13  	"github.com/anchore/syft/syft/pkg/cataloger/internal/unionreader"
    14  )
    15  
    16  // Catalog identifies executables then attempts to read Rust dependency information from them
    17  func parseAuditBinary(_ file.Resolver, _ *generic.Environment, reader file.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) {
    18  	var pkgs []pkg.Package
    19  
    20  	unionReader, err := unionreader.GetUnionReader(reader.ReadCloser)
    21  	if err != nil {
    22  		return nil, nil, err
    23  	}
    24  
    25  	for _, versionInfo := range parseAuditBinaryEntry(unionReader, reader.RealPath) {
    26  		pkgs = append(pkgs, newPackagesFromAudit(reader.Location, versionInfo)...)
    27  	}
    28  
    29  	return pkgs, nil, nil
    30  }
    31  
    32  // scanFile scans file to try to report the Rust crate dependencies
    33  func parseAuditBinaryEntry(reader unionreader.UnionReader, filename string) []rustaudit.VersionInfo {
    34  	// NOTE: multiple readers are returned to cover universal binaries, which are files
    35  	// with more than one binary
    36  	readers, err := unionreader.GetReaders(reader)
    37  	if err != nil {
    38  		log.Warnf("rust cataloger: failed to open a binary: %v", err)
    39  		return nil
    40  	}
    41  
    42  	var versionInfos []rustaudit.VersionInfo
    43  	for _, r := range readers {
    44  		versionInfo, err := rustaudit.GetDependencyInfo(r)
    45  
    46  		if err != nil {
    47  			if errors.Is(err, rustaudit.ErrNoRustDepInfo) {
    48  				// since the cataloger can only select executables and not distinguish if they are a Rust-compiled
    49  				// binary, we should not show warnings/logs in this case.
    50  				return nil
    51  			}
    52  			log.Tracef("rust cataloger: unable to read dependency information (file=%q): %v", filename, err)
    53  			return nil
    54  		}
    55  
    56  		versionInfos = append(versionInfos, versionInfo)
    57  	}
    58  
    59  	return versionInfos
    60  }