-
Notifications
You must be signed in to change notification settings - Fork 597
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Conan (C/C++) conan.lock file support #1230
Changes from 5 commits
67d8f25
96aac3a
5ad3b0e
e72dbe3
d44c78e
010e58f
fea2745
d3ed041
c25aa38
6401db3
be74c52
20560be
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
package cpp | ||
|
||
import ( | ||
"encoding/json" | ||
"io" | ||
"strings" | ||
|
||
"github.com/anchore/syft/syft/artifact" | ||
"github.com/anchore/syft/syft/pkg" | ||
"github.com/anchore/syft/syft/pkg/cataloger/common" | ||
) | ||
|
||
// integrity check | ||
var _ common.ParserFn = parseConanlock | ||
|
||
type conanLock struct { | ||
GraphLock struct { | ||
Nodes map[string]struct { | ||
Ref string `json:"ref"` | ||
Options string `json:"options"` | ||
Path string `json:"path"` | ||
Context string `json:"context"` | ||
} `json:"nodes"` | ||
} `json:"graph_lock"` | ||
Version string `json:"version"` | ||
ProfileHost string `json:"profile_host"` | ||
} | ||
|
||
// parseConanlock is a parser function for conan.lock contents, returning all packages discovered. | ||
func parseConanlock(_ string, reader io.Reader) ([]*pkg.Package, []artifact.Relationship, error) { | ||
pkgs := []*pkg.Package{} | ||
var cl conanLock | ||
if err := json.NewDecoder(reader).Decode(&cl); err != nil { | ||
return nil, nil, err | ||
} | ||
for _, node := range cl.GraphLock.Nodes { | ||
if len(node.Ref) > 0 { | ||
// ref: pkga/0.1@user/testing | ||
splits := strings.Split(strings.Split(node.Ref, "@")[0], "/") | ||
if len(splits) < 2 { | ||
continue | ||
} | ||
pkgName, pkgVersion := splits[0], splits[1] | ||
pkgs = append(pkgs, &pkg.Package{ | ||
Name: pkgName, | ||
Version: pkgVersion, | ||
Language: pkg.CPP, | ||
Type: pkg.ConanPkg, | ||
MetadataType: pkg.ConanaMetadataType, | ||
Metadata: pkg.ConanMetadata{ | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. capturing the name and version isn't really necessary. There is one or two other catalogers that do this for implementation-specific limitations, however, in this case it's redundant. That being said, there is other information in a If we don't want to add any more elements, my recommendation now would be to not have a metadata struct at all. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @wagoodman I can add Then I'll update the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @wagoodman it also looks like https://github.com/anchore/syft/blob/main/syft/pkg/conan_metadata.go Is there another space you would want this method? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ahh, we're reusing the same metadata for logically a different things. I don't think we should do this. That is, the |
||
Name: pkgName, | ||
Version: pkgVersion, | ||
Options: node.Options, | ||
Path: node.Path, | ||
Context: node.Context, | ||
}, | ||
}) | ||
} | ||
} | ||
|
||
return pkgs, nil, nil | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
package cpp | ||
|
||
import ( | ||
"os" | ||
"testing" | ||
|
||
"github.com/go-test/deep" | ||
|
||
"github.com/anchore/syft/syft/pkg" | ||
) | ||
|
||
func TestParseConanlock(t *testing.T) { | ||
expected := []*pkg.Package{ | ||
{ | ||
Name: "zlib", | ||
Version: "1.2.12", | ||
Language: pkg.CPP, | ||
Type: pkg.ConanPkg, | ||
MetadataType: pkg.ConanaMetadataType, | ||
Metadata: pkg.ConanMetadata{ | ||
Name: "zlib", | ||
Version: "1.2.12", | ||
}, | ||
}, | ||
} | ||
|
||
fixture, err := os.Open("test-fixtures/conan.lock") | ||
if err != nil { | ||
t.Fatalf("failed to open fixture: %+v", err) | ||
} | ||
|
||
// TODO: no relationships are under test yet | ||
actual, _, err := parseConanlock(fixture.Name(), fixture) | ||
if err != nil { | ||
t.Error(err) | ||
} | ||
|
||
differences := deep.Equal(expected, actual) | ||
if differences != nil { | ||
t.Errorf("returned package list differed from expectation: %+v", differences) | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
{ | ||
"graph_lock": { | ||
"nodes": { | ||
"0": { | ||
"ref": "zlib/1.2.12", | ||
"options": "fPIC=True\nshared=False", | ||
"path": "all/conanfile.py", | ||
"context": "host" | ||
} | ||
}, | ||
"revisions_enabled": false | ||
}, | ||
"version": "0.4", | ||
"profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=9\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n" | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,6 +8,9 @@ import ( | |
type ConanMetadata struct { | ||
Name string `mapstructure:"name" json:"name"` | ||
Version string `mapstructure:"version" json:"version"` | ||
Options string `mapstructure:"options" json:"options"` | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. we'll need to regenerate the json schema due to change (might as well wait on this until we know what the final change is) |
||
Path string `mapstructure:"path" json:"path"` | ||
Context string `mapstructure:"context" json:"context"` | ||
} | ||
|
||
func (m ConanMetadata) PackageURL(_ *linux.Release) string { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: this could be
map[string]pkg.ConanMetadata
instead of redefining these. That is, if the metadata is meant to raise up the raw packaging metadata, if we remove name/version then there would be no difference between this struct def andpkg.ConanMetadata
.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I could be wrong about this if
options string
should really be transformed intooptions []string
(split by newline) oroptions map[string]string
if split by newline and=
. (same comment for similar fields)There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll update options to be the map suggestion and look to make the other fields updated to match this suggestion
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For those following along here are all possible fields for the conan.lock structure
https://github.com/conan-io/conan/blob/develop/conans/model/graph_lock.py#L101-L276