Created analyzer for NuGet.

Signed-off-by: Johannes Tegnér <johannes@jitesoft.com>
aquasecurity · Oct 14, 2020 · 7d817d6 · 7d817d6
1 parent 719c92b
commit 7d817d6
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 0 deletions.
diff --git a/analyzer/library/const.go b/analyzer/library/const.go
@@ -5,6 +5,7 @@ const (
 	Cargo    = "cargo"
 	Composer = "composer"
 	Npm      = "npm"
+	NuGet    = "nuget"
 	Pipenv   = "pipenv"
 	Poetry   = "poetry"
 	Yarn     = "yarn"

diff --git a/analyzer/library/nuget/nuget.go b/analyzer/library/nuget/nuget.go
@@ -0,0 +1,36 @@
+package nuget
+
+import (
+	"github.com/aquasecurity/fanal/analyzer"
+	"github.com/aquasecurity/fanal/analyzer/library"
+	"github.com/aquasecurity/fanal/utils"
+	"github.com/aquasecurity/go-dep-parser/pkg/nuget"
+	"golang.org/x/xerrors"
+	"os"
+	"path/filepath"
+)
+
+func init() {
+	analyzer.RegisterAnalyzer(&nugetLibraryAnalyzer{})
+}
+
+var requiredFiles = []string{"packages.lock.json"}
+
+type nugetLibraryAnalyzer struct{}
+
+func (a nugetLibraryAnalyzer) Analyze(content []byte) (analyzer.AnalyzeReturn, error) {
+	ret, err := library.Analyze(content, nuget.Parse)
+	if err != nil {
+		return analyzer.AnalyzeReturn{}, xerrors.Errorf("unable to parse packages.lock.json: %w", err)
+	}
+	return ret, nil
+}
+
+func (a nugetLibraryAnalyzer) Required(filePath string, _ os.FileInfo) bool {
+	fileName := filepath.Base(filePath)
+	return utils.StringInSlice(fileName, requiredFiles)
+}
+
+func (a nugetLibraryAnalyzer) Name() string {
+	return library.NuGet
+}