-
Notifications
You must be signed in to change notification settings - Fork 587
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #224 from anchore/add_package_json
Add support for package.json #200
- Loading branch information
Showing
18 changed files
with
857 additions
and
109 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
## Updating the JSON schema | ||
Today the JSON schema is generated from integration test data. Specifically, when integration tests are run, the `/schema/json/examples` directory is populated with syft JSON output data. This examples directory is used to drive automatically generating the JSON schema. | ||
The caveats with this approach is: | ||
1) the JSON schema is only as good as the examples provided | ||
2) there is an integration test that ensures that the JSON schema is valid relative to what the code currently generates. | ||
This means to update the JSON schema you need to | ||
1) Open up `test/integration/json_schema_test.go` and comment out invocations of the `validateAgainstV1Schema` function. | ||
2) From the root of the repo run `generate-json-schema`. Now there should be a new schema generated at `/schema/json/schema.json` | ||
3) Uncomment the `validateAgainstV1Schema` function. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
package javascript | ||
|
||
import ( | ||
"encoding/json" | ||
"fmt" | ||
"io" | ||
|
||
"github.com/anchore/syft/syft/cataloger/common" | ||
"github.com/anchore/syft/syft/pkg" | ||
) | ||
|
||
// integrity check | ||
var _ common.ParserFn = parsePackageLock | ||
|
||
// PackageJSON represents a JavaScript package.json file | ||
type PackageJSON struct { | ||
Version string `json:"version"` | ||
Latest []string `json:"latest"` | ||
Author string `json:"author"` | ||
License string `json:"license"` | ||
Name string `json:"name"` | ||
Homepage string `json:"homepage"` | ||
Description string `json:"description"` | ||
Dependencies map[string]string `json:"dependencies"` | ||
} | ||
|
||
// parsePackageJson parses a package.json and returns the discovered JavaScript packages. | ||
func parsePackageJSON(_ string, reader io.Reader) ([]pkg.Package, error) { | ||
packages := make([]pkg.Package, 0) | ||
dec := json.NewDecoder(reader) | ||
|
||
for { | ||
var p PackageJSON | ||
if err := dec.Decode(&p); err == io.EOF { | ||
break | ||
} else if err != nil { | ||
return nil, fmt.Errorf("failed to parse package.json file: %w", err) | ||
} | ||
|
||
packages = append(packages, pkg.Package{ | ||
Name: p.Name, | ||
Version: p.Version, | ||
Licenses: []string{p.License}, | ||
Language: pkg.JavaScript, | ||
Type: pkg.NpmPkg, | ||
Metadata: pkg.NpmMetadata{ | ||
Author: p.Author, | ||
Homepage: p.Homepage, | ||
}, | ||
}) | ||
} | ||
|
||
return packages, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
package javascript | ||
|
||
import ( | ||
"os" | ||
"testing" | ||
|
||
"github.com/anchore/syft/syft/pkg" | ||
"github.com/go-test/deep" | ||
) | ||
|
||
func TestParsePackageJSON(t *testing.T) { | ||
expected := pkg.Package{ | ||
Name: "npm", | ||
Version: "6.14.6", | ||
Type: pkg.NpmPkg, | ||
Licenses: []string{"Artistic-2.0"}, | ||
Language: pkg.JavaScript, | ||
Metadata: pkg.NpmMetadata{ | ||
Author: "Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me)", | ||
Homepage: "https://docs.npmjs.com/", | ||
}, | ||
} | ||
fixture, err := os.Open("test-fixtures/pkg-json/package.json") | ||
if err != nil { | ||
t.Fatalf("failed to open fixture: %+v", err) | ||
} | ||
|
||
actual, err := parsePackageJSON(fixture.Name(), fixture) | ||
if err != nil { | ||
t.Fatalf("failed to parse package-lock.json: %+v", err) | ||
} | ||
if len(actual) != 1 { | ||
for _, a := range actual { | ||
t.Log(" ", a) | ||
} | ||
t.Fatalf("unexpected package count: %d!=1", len(actual)) | ||
} | ||
|
||
for _, d := range deep.Equal(actual[0], expected) { | ||
t.Errorf("diff: %+v", d) | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.