Fix parsing Julia v1.0 Manifests

pkg/dependency/parser/julia/manifest/parse.go

@@ -36,8 +36,9 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency,
 	var primMan primitiveManifest
 	var manMetadata toml.MetaData
 	decoder := toml.NewDecoder(r)
-	// Try to read the old Manifest format. If that fails, try the new format.
-	if _, err := decoder.Decode(&oldDeps); err != nil {
+	// Try to read the old Manifest format. This can also read the v1.0 Manifest format, which we parse out later.
+	var err error
+	if manMetadata, err = decoder.Decode(&oldDeps); err != nil {
 		if _, err = r.Seek(0, io.SeekStart); err != nil {
 			return nil, nil, xerrors.Errorf("seek error: %w", err)
 		}

pkg/dependency/parser/julia/manifest/parse_test.go

@@ -21,14 +21,14 @@ func TestParse(t *testing.T) {
 		{
 			name:     "Manifest v1.6",
 			file:     "testdata/primary/Manifest_v1.6.toml",
-			want:     juliaV1_6Libs,
-			wantDeps: juliaV1_6Deps,
+			want:     juliaV16Libs,
+			wantDeps: juliaV16Deps,
 		},
 		{
 			name:     "Manifest v1.8",
 			file:     "testdata/primary/Manifest_v1.8.toml",
-			want:     juliaV1_8Libs,
-			wantDeps: juliaV1_8Deps,
+			want:     juliaV18Libs,
+			wantDeps: juliaV18Deps,
 		},
 		{
 			name:     "no deps v1.6",
@@ -45,14 +45,20 @@ func TestParse(t *testing.T) {
 		{
 			name:     "dep extensions v1.9",
 			file:     "testdata/dep_ext_v1.9/Manifest.toml",
-			want:     juliaV1_9DepExtLibs,
+			want:     juliaV19DepExtLibs,
 			wantDeps: nil,
 		},
 		{
 			name:     "shadowed dep v1.9",
 			file:     "testdata/shadowed_dep_v1.9/Manifest.toml",
-			want:     juliaV1_9ShadowedDepLibs,
-			wantDeps: juliaV1_9ShadowedDepDeps,
+			want:     juliaV19ShadowedDepLibs,
+			wantDeps: juliaV19ShadowedDepDeps,
+		},
+		{
+			name:     "julia v1.0 format",
+			file:     "testdata/julia_v1.0_format/Manifest.toml",
+			want:     juliaV10FormatLibs,
+			wantDeps: juliaV10FormatDeps,
 		},
 	}
 

pkg/dependency/parser/julia/manifest/parse_testcase.go

@@ -3,7 +3,7 @@ package julia
 import "github.com/aquasecurity/trivy/pkg/dependency/types"
 
 var (
-	juliaV1_6Libs = []types.Library{
+	juliaV16Libs = []types.Library{
 		{ID: "ade2ca70-3891-5945-98fb-dc099432e06a", Name: "Dates", Version: "unknown", Locations: []types.Location{{StartLine: 3, EndLine: 5}}},
 		{ID: "682c06a0-de6a-54ab-a142-c8b1cf79cde6", Name: "JSON", Version: "0.21.4", Locations: []types.Location{{StartLine: 7, EndLine: 11}}},
 		{ID: "a63ad114-7e13-5084-954f-fe012c677804", Name: "Mmap", Version: "unknown", Locations: []types.Location{{StartLine: 13, EndLine: 14}}},
@@ -12,7 +12,7 @@ var (
 		{ID: "4ec0a83e-493e-50e2-b9ac-8f72acf5a8f5", Name: "Unicode", Version: "unknown", Locations: []types.Location{{StartLine: 26, EndLine: 27}}},
 	}
 
-	juliaV1_6Deps = []types.Dependency{
+	juliaV16Deps = []types.Dependency{
 		{ID: "ade2ca70-3891-5945-98fb-dc099432e06a", DependsOn: []string{"de0858da-6303-5e67-8744-51eddeeeb8d7"}},
 		{ID: "682c06a0-de6a-54ab-a142-c8b1cf79cde6", DependsOn: []string{
 			"4ec0a83e-493e-50e2-b9ac-8f72acf5a8f5",
@@ -24,7 +24,7 @@ var (
 		{ID: "de0858da-6303-5e67-8744-51eddeeeb8d7", DependsOn: []string{"4ec0a83e-493e-50e2-b9ac-8f72acf5a8f5"}},
 	}
 
-	juliaV1_8Libs = []types.Library{
+	juliaV18Libs = []types.Library{
 		{ID: "ade2ca70-3891-5945-98fb-dc099432e06a", Name: "Dates", Version: "1.8.5", Locations: []types.Location{{StartLine: 7, EndLine: 9}}},
 		{ID: "682c06a0-de6a-54ab-a142-c8b1cf79cde6", Name: "JSON", Version: "0.21.4", Locations: []types.Location{{StartLine: 11, EndLine: 15}}},
 		{ID: "a63ad114-7e13-5084-954f-fe012c677804", Name: "Mmap", Version: "1.8.5", Locations: []types.Location{{StartLine: 17, EndLine: 18}}},
@@ -40,7 +40,7 @@ var (
 		{ID: "4ec0a83e-493e-50e2-b9ac-8f72acf5a8f5", Name: "Unicode", Version: "1.8.5", Locations: []types.Location{{StartLine: 62, EndLine: 63}}},
 	}
 
-	juliaV1_8Deps = []types.Dependency{
+	juliaV18Deps = []types.Dependency{
 		{ID: "ade2ca70-3891-5945-98fb-dc099432e06a", DependsOn: []string{"de0858da-6303-5e67-8744-51eddeeeb8d7"}},
 		{ID: "682c06a0-de6a-54ab-a142-c8b1cf79cde6", DependsOn: []string{
 			"4ec0a83e-493e-50e2-b9ac-8f72acf5a8f5",
@@ -61,17 +61,32 @@ var (
 		{ID: "cf7118a7-6976-5b1a-9a39-7adc72f591a4", DependsOn: []string{"9a3f8284-a2c9-5f02-9a11-845980a1fd5c", "ea8e919c-243c-51af-8825-aaa63cd721ce"}},
 	}
 
-	juliaV1_9DepExtLibs = []types.Library{
+	juliaV19DepExtLibs = []types.Library{
 		{ID: "621f4979-c628-5d54-868e-fcf4e3e8185c", Name: "AbstractFFTs", Version: "1.3.1", Locations: []types.Location{{StartLine: 7, EndLine: 10}}},
 	}
 
-	juliaV1_9ShadowedDepLibs = []types.Library{
+	juliaV19ShadowedDepLibs = []types.Library{
 		{ID: "ead4f63c-334e-11e9-00e6-e7f0a5f21b60", Name: "A", Version: "1.9.0", Locations: []types.Location{{StartLine: 7, EndLine: 8}}},
 		{ID: "f41f7b98-334e-11e9-1257-49272045fb24", Name: "B", Version: "1.9.0", Locations: []types.Location{{StartLine: 13, EndLine: 14}}},
 		{ID: "edca9bc6-334e-11e9-3554-9595dbb4349c", Name: "B", Version: "1.9.0", Locations: []types.Location{{StartLine: 15, EndLine: 16}}},
 	}
 
-	juliaV1_9ShadowedDepDeps = []types.Dependency{
+	juliaV19ShadowedDepDeps = []types.Dependency{
 		{ID: "ead4f63c-334e-11e9-00e6-e7f0a5f21b60", DependsOn: []string{"f41f7b98-334e-11e9-1257-49272045fb24"}},
 	}
+
+	juliaV10FormatLibs = []types.Library{
+		{ID: "767738be-2f1f-45a9-b806-0234f3164144", Name: "Foo", Version: "unknown", Locations: []types.Location{{StartLine: 1, EndLine: 5}}},
+		{ID: "6f418443-bd2e-4783-b551-cdbac608adf2", Name: "Foo", Version: "unknown", Locations: []types.Location{{StartLine: 7, EndLine: 10}}},
+		{ID: "2a550a13-6bab-4a91-a4ee-dff34d6b99d0", Name: "Bar", Version: "unknown", Locations: []types.Location{{StartLine: 12, EndLine: 14}}},
+		{ID: "6801f525-dc68-44e8-a4e8-cabd286279e7", Name: "Baz", Version: "unknown", Locations: []types.Location{{StartLine: 19, EndLine: 21}}},
+		{ID: "b5ec9b9c-e354-47fd-b367-a348bdc8f909", Name: "Qux", Version: "unknown", Locations: []types.Location{{StartLine: 26, EndLine: 28}}},
+	}
+
+	juliaV10FormatDeps = []types.Dependency{
+		{ID: "767738be-2f1f-45a9-b806-0234f3164144", DependsOn: []string{"2a550a13-6bab-4a91-a4ee-dff34d6b99d0", "6801f525-dc68-44e8-a4e8-cabd286279e7", "b5ec9b9c-e354-47fd-b367-a348bdc8f909"}},
+		{ID: "6f418443-bd2e-4783-b551-cdbac608adf2", DependsOn: []string{"b5ec9b9c-e354-47fd-b367-a348bdc8f909"}},
+		{ID: "2a550a13-6bab-4a91-a4ee-dff34d6b99d0", DependsOn: []string{"6801f525-dc68-44e8-a4e8-cabd286279e7", "6f418443-bd2e-4783-b551-cdbac608adf2"}},
+		{ID: "6801f525-dc68-44e8-a4e8-cabd286279e7", DependsOn: []string{"6f418443-bd2e-4783-b551-cdbac608adf2", "b5ec9b9c-e354-47fd-b367-a348bdc8f909"}},
+	}
 )

pkg/dependency/parser/julia/manifest/testdata/julia_v1.0_format/Manifest.toml

@@ -0,0 +1,28 @@
+[[Foo]]
+deps = ["Bar", "Baz", "Qux"]
+uuid = "767738be-2f1f-45a9-b806-0234f3164144"
+git-tree-sha1 = "7c626031568a5e432112a74009c3763f9b851e3e"
+path = "deps/Foo1"
+
+[[Foo]]
+deps = ["Qux"]
+uuid = "6f418443-bd2e-4783-b551-cdbac608adf2"
+path = "deps/Foo2.jl"
+
+[[Bar]]
+uuid = "2a550a13-6bab-4a91-a4ee-dff34d6b99d0"
+path = "deps/Bar"
+[Bar.deps]
+Baz = "6801f525-dc68-44e8-a4e8-cabd286279e7"
+Foo = "6f418443-bd2e-4783-b551-cdbac608adf2"
+
+[[Baz]]
+uuid = "6801f525-dc68-44e8-a4e8-cabd286279e7"
+git-tree-sha1 = "efc7e24c53d6a328011975294a2c75fed2f9800a"
+[Baz.deps]
+Foo = "6f418443-bd2e-4783-b551-cdbac608adf2"
+Qux = "b5ec9b9c-e354-47fd-b367-a348bdc8f909"
+
+[[Qux]]
+uuid = "b5ec9b9c-e354-47fd-b367-a348bdc8f909"
+path = "deps/Qux.jl"

pkg/dependency/parser/julia/manifest/testdata/julia_v1.0_format/Project.toml

@@ -0,0 +1,6 @@
+name = "TestProject"
+uuid = "84c38c17-0c6f-4d12-a694-d20b69c16777"
+
+[deps]
+Foo = "767738be-2f1f-45a9-b806-0234f3164144"
+Bar = "2a550a13-6bab-4a91-a4ee-dff34d6b99d0"