github.com/vchain-us/vcn@v0.9.11-0.20210921212052-a2484d23c0b3/pkg/bom/golang/from_gosum.go (about) 1 package golang 2 3 import ( 4 "bufio" 5 "os" 6 "path/filepath" 7 "strings" 8 "fmt" 9 10 "github.com/vchain-us/vcn/pkg/bom/artifact" 11 ) 12 13 // goArtifactFromSum implements Artifact interface 14 type goArtifactFromSum struct { 15 goArtifact 16 } 17 18 // Dependencies returns list of Go dependencies used during the build 19 func (a *goArtifactFromSum) ResolveDependencies(output artifact.OutputOptions) ([]artifact.Dependency, error) { 20 if a.Deps != nil { 21 return a.Deps, nil 22 } 23 // cache content of go.sum to avoid dupes 24 sumFile, err := os.Open(filepath.Join(a.path, "go.sum")) 25 if err != nil { 26 return nil, err 27 } 28 defer sumFile.Close() 29 30 scanner := bufio.NewScanner(sumFile) 31 hashes := make(map[mapKey]string) 32 for scanner.Scan() { 33 fields := strings.Fields(scanner.Text()) 34 if len(fields) != 3 { 35 continue // skip malformed lines 36 } 37 if strings.HasSuffix(fields[1], "/go.mod") { 38 continue // skip go.mod hashes 39 } 40 key := mapKey{name: fields[0], version: fields[1]} 41 if _, ok := hashes[key]; ok { 42 continue 43 } 44 hashes[key] = fields[2] 45 } 46 47 res := make([]artifact.Dependency, 0, len(hashes)) 48 for k, v := range hashes { 49 hash, hashType, err := ModHash(v) 50 if err != nil { 51 return nil, err 52 } 53 res = append(res, artifact.Dependency{ 54 Name: k.name, 55 Version: k.version, 56 Hash: hash, 57 HashType: hashType}) 58 if output == artifact.Debug { 59 fmt.Printf("%s@%s (%s)\n", k.name, k.version, hash) 60 } 61 } 62 63 a.Deps = res 64 return res, nil 65 }