Skip to content

Commit

Permalink
feat: add relationships (aquasecurity#6563)
Browse files Browse the repository at this point in the history
Signed-off-by: knqyf263 <[email protected]>
  • Loading branch information
knqyf263 authored Apr 27, 2024
1 parent a018ee1 commit 6343e4f
Show file tree
Hide file tree
Showing 65 changed files with 4,349 additions and 2,243 deletions.
2 changes: 2 additions & 0 deletions integration/testdata/composer.lock.json.golden

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 7 additions & 0 deletions integration/testdata/conan.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
},
"Version": "1.0.8",
"Indirect": true,
"Relationship": "indirect",
"Layer": {},
"Locations": [
{
Expand All @@ -45,6 +46,7 @@
},
"Version": "2.4.8",
"Indirect": true,
"Relationship": "indirect",
"Layer": {},
"Locations": [
{
Expand All @@ -61,6 +63,7 @@
},
"Version": "1.1.1q",
"Indirect": true,
"Relationship": "indirect",
"Layer": {},
"Locations": [
{
Expand All @@ -77,6 +80,7 @@
},
"Version": "8.43",
"Indirect": true,
"Relationship": "indirect",
"DependsOn": [
"bzip2/1.0.8",
"zlib/1.2.12"
Expand All @@ -96,6 +100,7 @@
"PURL": "pkg:conan/[email protected]"
},
"Version": "1.9.4",
"Relationship": "direct",
"DependsOn": [
"pcre/8.43",
"zlib/1.2.12",
Expand All @@ -119,6 +124,7 @@
},
"Version": "3.39.2",
"Indirect": true,
"Relationship": "indirect",
"Layer": {},
"Locations": [
{
Expand All @@ -135,6 +141,7 @@
},
"Version": "1.2.12",
"Indirect": true,
"Relationship": "indirect",
"Layer": {},
"Locations": [
{
Expand Down
13 changes: 0 additions & 13 deletions integration/testdata/npm-with-dev.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "2.0.6",
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -47,7 +46,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -63,7 +61,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "4.0.0",
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -79,7 +76,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "1.4.0",
"Indirect": true,
"DependsOn": [
"[email protected]"
],
Expand All @@ -98,7 +94,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "4.1.1",
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -117,7 +112,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"DependsOn": [
"[email protected]"
],
Expand All @@ -136,7 +130,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "15.7.2",
"Indirect": true,
"DependsOn": [
"[email protected]",
"[email protected]",
Expand All @@ -160,7 +153,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"DependsOn": [
"[email protected]",
"[email protected]",
Expand All @@ -185,7 +177,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -204,7 +195,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"DependsOn": [
"[email protected]",
"[email protected]"
Expand All @@ -224,7 +214,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "0.13.6",
"Indirect": true,
"DependsOn": [
"[email protected]",
"[email protected]"
Expand All @@ -244,7 +233,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "1.2.0",
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -264,7 +252,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand Down
12 changes: 0 additions & 12 deletions integration/testdata/npm.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "2.0.6",
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -47,7 +46,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -63,7 +61,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "4.0.0",
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -79,7 +76,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "1.4.0",
"Indirect": true,
"DependsOn": [
"[email protected]"
],
Expand All @@ -98,7 +94,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "4.1.1",
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -117,7 +112,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"DependsOn": [
"[email protected]"
],
Expand All @@ -136,7 +130,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "15.7.2",
"Indirect": true,
"DependsOn": [
"[email protected]",
"[email protected]",
Expand All @@ -160,7 +153,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"DependsOn": [
"[email protected]",
"[email protected]",
Expand All @@ -185,7 +177,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand All @@ -204,7 +195,6 @@
"Licenses": [
"MIT"
],
"Indirect": true,
"DependsOn": [
"[email protected]",
"[email protected]"
Expand All @@ -224,7 +214,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "0.13.6",
"Indirect": true,
"DependsOn": [
"[email protected]",
"[email protected]"
Expand All @@ -244,7 +233,6 @@
"PURL": "pkg:npm/[email protected]"
},
"Version": "1.2.0",
"Indirect": true,
"Layer": {},
"Locations": [
{
Expand Down
2 changes: 2 additions & 0 deletions integration/testdata/nuget.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
"PURL": "pkg:nuget/[email protected]"
},
"Version": "12.0.3",
"Relationship": "direct",
"Layer": {},
"Locations": [
{
Expand All @@ -43,6 +44,7 @@
"PURL": "pkg:nuget/[email protected]"
},
"Version": "5.7.0",
"Relationship": "direct",
"DependsOn": [
"[email protected]"
],
Expand Down
3 changes: 3 additions & 0 deletions integration/testdata/poetry.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
"PURL": "pkg:pypi/[email protected]"
},
"Version": "8.1.3",
"Relationship": "direct",
"DependsOn": [
"[email protected]"
],
Expand All @@ -41,6 +42,7 @@
},
"Version": "0.4.6",
"Indirect": true,
"Relationship": "indirect",
"Layer": {}
},
{
Expand All @@ -50,6 +52,7 @@
"PURL": "pkg:pypi/[email protected]"
},
"Version": "0.14",
"Relationship": "direct",
"Layer": {}
}
],
Expand Down
3 changes: 1 addition & 2 deletions integration/testdata/pom-cyclonedx.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -91,8 +91,7 @@
{
"ref": "3ff14136-e09f-4df9-80ea-000000000002",
"dependsOn": [
"pkg:maven/com.example/[email protected]",
"pkg:maven/com.fasterxml.jackson.core/[email protected]"
"pkg:maven/com.example/[email protected]"
]
},
{
Expand Down
2 changes: 2 additions & 0 deletions integration/testdata/pubspec.lock.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
"PURL": "pkg:pub/[email protected]"
},
"Version": "0.13.2",
"Relationship": "direct",
"Layer": {}
},
{
Expand All @@ -38,6 +39,7 @@
},
"Version": "1.3.1",
"Indirect": true,
"Relationship": "indirect",
"Layer": {}
}
],
Expand Down
1 change: 1 addition & 0 deletions integration/testdata/yarn.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
"Licenses": [
"MIT"
],
"Relationship": "direct",
"Layer": {},
"Locations": [
{
Expand Down
3 changes: 2 additions & 1 deletion pkg/dependency/parser/c/conan/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"strings"

"github.com/liamg/jfather"
"github.com/samber/lo"
"golang.org/x/exp/slices"
"golang.org/x/xerrors"

Expand Down Expand Up @@ -70,7 +71,7 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency,

// Determine if the package is a direct dependency or not
direct := slices.Contains(directDeps, i)
lib.Indirect = !direct
lib.Relationship = lo.Ternary(direct, types.RelationshipDirect, types.RelationshipIndirect)

parsed[i] = lib
}
Expand Down
Loading

0 comments on commit 6343e4f

Please sign in to comment.