Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: don't return error for package.json without version/name #4377

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ require (
github.com/alicebob/miniredis/v2 v2.30.2
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
github.com/aquasecurity/defsec v0.88.1
github.com/aquasecurity/go-dep-parser v0.0.0-20230424082450-f8baca321fbf
github.com/aquasecurity/go-dep-parser v0.0.0-20230514135501-4adad90d3013
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -321,8 +321,8 @@ github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
github.com/aquasecurity/defsec v0.88.1 h1:zyQE7khEXotrtrDRaRQnAN1/OXdw5ZmttMJ04n42AQQ=
github.com/aquasecurity/defsec v0.88.1/go.mod h1:+IF79zLDD0Lm+z+UH+cmGmIFZ8d/ZBcd8r1Xw3EDxZI=
github.com/aquasecurity/go-dep-parser v0.0.0-20230424082450-f8baca321fbf h1:MZmenKvakITNp/0RKk6U4MrWmI2DdSYxyrFlntnkDGs=
github.com/aquasecurity/go-dep-parser v0.0.0-20230424082450-f8baca321fbf/go.mod h1:lI+o04X85vxgx2jPji9G0tZ6AqqhVcXn8A88qimWfOM=
github.com/aquasecurity/go-dep-parser v0.0.0-20230514135501-4adad90d3013 h1:W4aixCRckBRj9arjuVXRfRQjJ5+/qof7ZRgSsCH9zpA=
github.com/aquasecurity/go-dep-parser v0.0.0-20230514135501-4adad90d3013/go.mod h1:bDhCMOPc4Fq7fRg05DNJklkdR+66BWnhf8rWVL+LiYk=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s=
github.com/aquasecurity/go-mock-aws v0.0.0-20230328195059-5bf52338aec3 h1:Vt9y1gZS5JGY3tsL9zc++Cg4ofX51CG7PaMyC5SXWPg=
Expand Down
4 changes: 4 additions & 0 deletions pkg/fanal/analyzer/language/nodejs/pkg/pkg.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,10 @@ func (*parser) Parse(r dio.ReadSeekerAt) ([]godeptypes.Library, []godeptypes.Dep
if err != nil {
return nil, nil, err
}
// skip packages without name/version
if pkg.Library.ID == "" {
return nil, nil, nil
}
// package.json may contain version range in `dependencies` fields
// e.g. "devDependencies": { "mocha": "^5.2.0", }
// so we get only information about project
Expand Down
8 changes: 6 additions & 2 deletions pkg/fanal/analyzer/language/nodejs/pkg/pkg_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,9 +65,13 @@ func Test_nodePkgLibraryAnalyzer_Analyze(t *testing.T) {
},
},
{
name: "sad path",
name: "happy path without name",
inputFile: "testdata/noname.json",
wantErr: "unable to parse",
},
{
name: "sad path",
inputFile: "testdata/sad.json",
wantErr: "JSON decode error",
},
}
for _, tt := range tests {
Expand Down
1 change: 1 addition & 0 deletions pkg/fanal/analyzer/language/nodejs/pkg/testdata/sad.json
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{