Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add relationships #6563

Merged
merged 34 commits into from
Apr 27, 2024
Merged

feat: add relationships #6563

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
fd4d12f
feat: add a relationship type
knqyf263 Apr 23, 2024
8553d28
feat(gomod): add the main module and relationships
knqyf263 Apr 23, 2024
326c1e9
feat(sbom): consider the root package
knqyf263 Apr 24, 2024
346b5ba
fix(gomod): drop root module dependencies
knqyf263 Apr 24, 2024
bf980e9
feat(yarn): add relationships
knqyf263 Apr 24, 2024
7469203
feat(conan): add relationships
knqyf263 Apr 24, 2024
df9c0d4
feat(pub): add relationships
knqyf263 Apr 24, 2024
c1a93df
feat(gradle): add unknown relationship
knqyf263 Apr 24, 2024
0cbfcc4
feat(npm): add relationships
knqyf263 Apr 24, 2024
a6284dd
feat(composer): add relationships
knqyf263 Apr 24, 2024
94b40ba
feat(poetry): add relationships
knqyf263 Apr 24, 2024
7e6b860
feat(rust/binary): add relationships
knqyf263 Apr 24, 2024
75414f5
feat(rust/cargo): add relationships
knqyf263 Apr 24, 2024
3a8bc89
feat(java/pom): add relationships
knqyf263 Apr 24, 2024
39b714e
feat(nuget): add relationships
knqyf263 Apr 24, 2024
0bce2d7
feat(php/composr): add unknown relationship
knqyf263 Apr 24, 2024
60d0e93
feat(ruby/bundler): add relationships
knqyf263 Apr 24, 2024
85b8cda
feat(nodejs/pnpm): add relationships
knqyf263 Apr 25, 2024
19bd014
refactor(parser): remove the indirect field
knqyf263 Apr 25, 2024
06ea496
refactor: use relationship field instead of indirect field
knqyf263 Apr 25, 2024
8027754
test(integration): fix golden files
knqyf263 Apr 25, 2024
5178e83
fix: linter issues
knqyf263 Apr 25, 2024
70fb679
Merge branch 'main' into relationships
knqyf263 Apr 25, 2024
3ff3e65
test(conan): add relationships to a new test case
knqyf263 Apr 25, 2024
3ddee97
feat(golang/binary): add relationships
knqyf263 Apr 25, 2024
7a1c9a8
feat: sort packages by relationships
knqyf263 Apr 26, 2024
fe8355d
feat(report): export string relationship
knqyf263 Apr 26, 2024
f5bd897
revert: support go main module
knqyf263 Apr 26, 2024
1e1fe20
refactor(rust/binary): move a comment
knqyf263 Apr 26, 2024
5e620b0
fix: drop runtime relationship
knqyf263 Apr 26, 2024
a0667ed
test(table): use relationships
knqyf263 Apr 26, 2024
8ffbd24
Merge branch 'main' into relationships
knqyf263 Apr 27, 2024
8575199
chore: remove a comment
knqyf263 Apr 27, 2024
4ea19d1
chore: update a comment
knqyf263 Apr 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions integration/testdata/composer.lock.json.golden
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 7 additions & 0 deletions integration/testdata/conan.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
},
"Version": "1.0.8",
"Indirect": true,
"Relationship": "indirect",
"Layer": {},
"Locations": [
{
Expand All @@ -45,6 +46,7 @@
},
"Version": "2.4.8",
"Indirect": true,
"Relationship": "indirect",
"Layer": {},
"Locations": [
{
Expand All @@ -61,6 +63,7 @@
},
"Version": "1.1.1q",
"Indirect": true,
"Relationship": "indirect",
"Layer": {},
"Locations": [
{
Expand All @@ -77,6 +80,7 @@
},
"Version": "8.43",
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"bzip2/1.0.8",
"zlib/1.2.12"
Expand All @@ -96,6 +100,7 @@
"PURL": "pkg:conan/[email protected]"
},
"Version": "1.9.4",
"Relationship": "direct",
"DependsOn": [
"pcre/8.43",
"zlib/1.2.12",
Expand All @@ -119,6 +124,7 @@
},
"Version": "3.39.2",
"Indirect": true,
"Relationship": "indirect",
"Layer": {},
"Locations": [
{
Expand All @@ -135,6 +141,7 @@
},
"Version": "1.2.12",
"Indirect": true,
"Relationship": "indirect",
"Layer": {},
"Locations": [
{
Expand Down
13 changes: 0 additions & 13 deletions integration/testdata/npm-with-dev.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "2.0.6",
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -47,7 +46,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -63,7 +61,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "4.0.0",
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -79,7 +76,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "1.4.0",
"Indirect": true,
"DependsOn": [
"[email protected]"
],
Expand All @@ -98,7 +94,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "4.1.1",
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -117,7 +112,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"DependsOn": [
"[email protected]"
],
Expand All @@ -136,7 +130,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "15.7.2",
"Indirect": true,
"DependsOn": [
"[email protected]",
"[email protected]",
Expand All @@ -160,7 +153,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"DependsOn": [
"[email protected]",
"[email protected]",
Expand All @@ -185,7 +177,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -204,7 +195,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"DependsOn": [
"[email protected]",
"[email protected]"
Expand All @@ -224,7 +214,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "0.13.6",
"Indirect": true,
"DependsOn": [
"[email protected]",
"[email protected]"
Expand All @@ -244,7 +233,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "1.2.0",
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -264,7 +252,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand Down
12 changes: 0 additions & 12 deletions integration/testdata/npm.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "2.0.6",
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -47,7 +46,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -63,7 +61,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "4.0.0",
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -79,7 +76,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "1.4.0",
"Indirect": true,
"DependsOn": [
"[email protected]"
],
Expand All @@ -98,7 +94,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "4.1.1",
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -117,7 +112,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"DependsOn": [
"[email protected]"
],
Expand All @@ -136,7 +130,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "15.7.2",
"Indirect": true,
"DependsOn": [
"[email protected]",
"[email protected]",
Expand All @@ -160,7 +153,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"DependsOn": [
"[email protected]",
"[email protected]",
Expand All @@ -185,7 +177,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -204,7 +195,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"DependsOn": [
"[email protected]",
"[email protected]"
Expand All @@ -224,7 +214,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "0.13.6",
"Indirect": true,
"DependsOn": [
"[email protected]",
"[email protected]"
Expand All @@ -244,7 +233,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "1.2.0",
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand Down
2 changes: 2 additions & 0 deletions integration/testdata/nuget.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
"PURL": "pkg:nuget/[email protected]"
},
"Version": "12.0.3",
"Relationship": "direct",
"Layer": {},
"Locations": [
{
Expand All @@ -43,6 +44,7 @@
"PURL": "pkg:nuget/[email protected]"
},
"Version": "5.7.0",
"Relationship": "direct",
"DependsOn": [
"[email protected]"
],
Expand Down
3 changes: 3 additions & 0 deletions integration/testdata/poetry.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
"PURL": "pkg:pypi/[email protected]"
},
"Version": "8.1.3",
"Relationship": "direct",
"DependsOn": [
"[email protected]"
],
Expand All @@ -41,6 +42,7 @@
},
"Version": "0.4.6",
"Indirect": true,
"Relationship": "indirect",
"Layer": {}
},
{
Expand All @@ -50,6 +52,7 @@
"PURL": "pkg:pypi/[email protected]"
},
"Version": "0.14",
"Relationship": "direct",
"Layer": {}
}
],
Expand Down
3 changes: 1 addition & 2 deletions integration/testdata/pom-cyclonedx.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,8 +91,7 @@
{
"ref": "3ff14136-e09f-4df9-80ea-000000000002",
"dependsOn": [
"pkg:maven/com.example/[email protected]",
"pkg:maven/com.fasterxml.jackson.core/[email protected]"
"pkg:maven/com.example/[email protected]"
]
},
{
Expand Down
2 changes: 2 additions & 0 deletions integration/testdata/pubspec.lock.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
"PURL": "pkg:pub/[email protected]"
},
"Version": "0.13.2",
"Relationship": "direct",
"Layer": {}
},
{
Expand All @@ -38,6 +39,7 @@
},
"Version": "1.3.1",
"Indirect": true,
"Relationship": "indirect",
"Layer": {}
}
],
Expand Down
1 change: 1 addition & 0 deletions integration/testdata/yarn.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
"Licenses": [
"MIT"
],
"Relationship": "direct",
"Layer": {},
"Locations": [
{
Expand Down
3 changes: 2 additions & 1 deletion pkg/dependency/parser/c/conan/parse.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"strings"

"github.com/liamg/jfather"
"github.com/samber/lo"
"golang.org/x/exp/slices"
"golang.org/x/xerrors"

Expand Down Expand Up @@ -70,7 +71,7 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency,

// Determine if the package is a direct dependency or not
direct := slices.Contains(directDeps, i)
lib.Indirect = !direct
lib.Relationship = lo.Ternary(direct, types.RelationshipDirect, types.RelationshipIndirect)

parsed[i] = lib
}
Expand Down
Loading