From b7debf7f0acb44f170c90c70be794722812962e9 Mon Sep 17 00:00:00 2001 From: Tomoya Amachi Date: Thu, 16 May 2019 09:29:14 +0900 Subject: [PATCH] add yarn.lock parser (fanal#16) * add yarn.lock parser * skip analyze package files in dependency folder --- analyzer/library/npm/npm.go | 6 ++++ analyzer/library/yarn/yarn.go | 52 +++++++++++++++++++++++++++++++++++ cmd/fanal/main.go | 5 ++-- go.mod | 2 +- go.sum | 4 +-- utils/utils.go | 6 ++++ 6 files changed, 70 insertions(+), 5 deletions(-) create mode 100644 analyzer/library/yarn/yarn.go diff --git a/analyzer/library/npm/npm.go b/analyzer/library/npm/npm.go index 3f119b7750..3ba53719c6 100644 --- a/analyzer/library/npm/npm.go +++ b/analyzer/library/npm/npm.go @@ -3,6 +3,7 @@ package npm import ( "bytes" "path/filepath" + "strings" "github.com/knqyf263/fanal/analyzer" "github.com/knqyf263/fanal/extractor" @@ -28,6 +29,11 @@ func (a npmLibraryAnalyzer) Analyze(fileMap extractor.FileMap) (map[analyzer.Fil continue } + // skip analyze files which in dependency folder + if utils.StringInSlice(utils.NODE_DEP_DIR, strings.Split(filename, utils.PathSeparator)) { + continue + } + r := bytes.NewBuffer(content) libs, err := npm.Parse(r) if err != nil { diff --git a/analyzer/library/yarn/yarn.go b/analyzer/library/yarn/yarn.go new file mode 100644 index 0000000000..83f60e1770 --- /dev/null +++ b/analyzer/library/yarn/yarn.go @@ -0,0 +1,52 @@ +package yarn + +import ( + "bytes" + "path/filepath" + "strings" + + "github.com/knqyf263/fanal/analyzer" + "github.com/knqyf263/fanal/extractor" + "github.com/knqyf263/fanal/utils" + "github.com/knqyf263/go-dep-parser/pkg/types" + "github.com/knqyf263/go-dep-parser/pkg/yarn" + "golang.org/x/xerrors" +) + +func init() { + analyzer.RegisterLibraryAnalyzer(&yarnLibraryAnalyzer{}) +} + +type yarnLibraryAnalyzer struct{} + +func (a yarnLibraryAnalyzer) Analyze(fileMap extractor.FileMap) (map[analyzer.FilePath][]types.Library, error) { + libMap := map[analyzer.FilePath][]types.Library{} + requiredFiles := a.RequiredFiles() + + for filename, content := range fileMap { + + basename := filepath.Base(filename) + + if !utils.StringInSlice(basename, requiredFiles) { + continue + } + + // skip analyze files which in dependency folder + if utils.StringInSlice(utils.NODE_DEP_DIR, strings.Split(filename, utils.PathSeparator)) { + continue + } + + r := bytes.NewBuffer(content) + libs, err := yarn.Parse(r) + if err != nil { + return nil, xerrors.Errorf("invalid yarn.lock format: %w", err) + } + libMap[analyzer.FilePath(filename)] = libs + } + + return libMap, nil +} + +func (a yarnLibraryAnalyzer) RequiredFiles() []string { + return []string{"yarn.lock"} +} diff --git a/cmd/fanal/main.go b/cmd/fanal/main.go index b6905df46a..a917d0303b 100644 --- a/cmd/fanal/main.go +++ b/cmd/fanal/main.go @@ -18,6 +18,7 @@ import ( _ "github.com/knqyf263/fanal/analyzer/library/composer" _ "github.com/knqyf263/fanal/analyzer/library/npm" _ "github.com/knqyf263/fanal/analyzer/library/pipenv" + _ "github.com/knqyf263/fanal/analyzer/library/yarn" _ "github.com/knqyf263/fanal/analyzer/os/alpine" _ "github.com/knqyf263/fanal/analyzer/os/amazonlinux" _ "github.com/knqyf263/fanal/analyzer/os/debianbase" @@ -78,13 +79,13 @@ func run() (err error) { if err != nil { return err } - fmt.Printf("Packages: %d\n", len(pkgs)) + fmt.Printf("via image Packages: %d\n", len(pkgs)) pkgs, err = analyzer.GetPackagesFromCommands(os, files) if err != nil { return err } - fmt.Printf("Packages: %d\n", len(pkgs)) + fmt.Printf("via file Packages: %d\n", len(pkgs)) libs, err := analyzer.GetLibraries(files) if err != nil { diff --git a/go.mod b/go.mod index 5495a6b54c..c053060bdd 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/docker/docker v0.0.0-20180924202107-a9c061deec0f github.com/docker/go-connections v0.4.0 // indirect github.com/genuinetools/reg v0.16.0 - github.com/knqyf263/go-dep-parser v0.0.0-20190511063217-d5d543bfc261 + github.com/knqyf263/go-dep-parser v0.0.0-20190515172517-b8305876c9c2 github.com/knqyf263/go-rpmdb v0.0.0-20190501070121-10a1c42a10dc github.com/knqyf263/nested v0.0.1 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 diff --git a/go.sum b/go.sum index 9791b00040..c25ab2abcb 100644 --- a/go.sum +++ b/go.sum @@ -93,8 +93,8 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/knqyf263/berkeleydb v0.0.0-20190501065933-fafe01fb9662 h1:UGS0RbPHwXJkq8tcba8OD0nvVUWLf2h7uUJznuHPPB0= github.com/knqyf263/berkeleydb v0.0.0-20190501065933-fafe01fb9662/go.mod h1:bu1CcN4tUtoRcI/B/RFHhxMNKFHVq/c3SV+UTyduoXg= -github.com/knqyf263/go-dep-parser v0.0.0-20190511063217-d5d543bfc261 h1:RPgPsbEsYj6LuOjZnKl2DvbfodNWRuWKZfWJkrD7l8s= -github.com/knqyf263/go-dep-parser v0.0.0-20190511063217-d5d543bfc261/go.mod h1:gSiqSkOFPstUZu/qZ4wnNJS69PtQQnPl397vxKHJ5mQ= +github.com/knqyf263/go-dep-parser v0.0.0-20190515172517-b8305876c9c2 h1:bQGj8WH6X4czC2FlkgUKKFq2xPnJovzf61T4Yl9sVZs= +github.com/knqyf263/go-dep-parser v0.0.0-20190515172517-b8305876c9c2/go.mod h1:gSiqSkOFPstUZu/qZ4wnNJS69PtQQnPl397vxKHJ5mQ= github.com/knqyf263/go-rpmdb v0.0.0-20190501070121-10a1c42a10dc h1:pumO9pqmRAjvic6oove22RGh9wDZQnj96XQjJSbSEPs= github.com/knqyf263/go-rpmdb v0.0.0-20190501070121-10a1c42a10dc/go.mod h1:MrSSvdMpTSymaQWk1yFr9sxFSyQmKMj6jkbvGrchBV8= github.com/knqyf263/nested v0.0.1 h1:Sv26CegUMhjt19zqbBKntjwESdxe5hxVPSk0+AKjdUc= diff --git a/utils/utils.go b/utils/utils.go index 540d28454d..c5f157ba80 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -1,10 +1,16 @@ package utils import ( + "fmt" "os" "path/filepath" ) +var ( + NODE_DEP_DIR = "node_modules" + PathSeparator = fmt.Sprintf("%c", os.PathSeparator) +) + func CacheDir() string { cacheDir, err := os.UserCacheDir() if err != nil {