gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-21 23:00:42 -08:00
Code Issues Packages Projects Releases Wiki Activity

add yarn.lock parser (fanal#16)

Browse Source 
* add yarn.lock parser

* skip analyze package files in dependency folder
This commit is contained in:
Tomoya Amachi
2019-05-16 09:29:14 +09:00
committed by Teppei Fukuda
parent ce1f557cf7
commit b7debf7f0a
6 changed files with 70 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
analyzer/library/npm/npm.go
View File

@@ -3,6 +3,7 @@ package npm
import (
"bytes"
"path/filepath"
"strings"
"github.com/knqyf263/fanal/analyzer"
"github.com/knqyf263/fanal/extractor"
@@ -28,6 +29,11 @@ func (a npmLibraryAnalyzer) Analyze(fileMap extractor.FileMap) (map[analyzer.Fil
continue
}
// skip analyze files which in dependency folder
if utils.StringInSlice(utils.NODE_DEP_DIR, strings.Split(filename, utils.PathSeparator)) {
continue
}
r := bytes.NewBuffer(content)
libs, err := npm.Parse(r)
if err != nil {

52
analyzer/library/yarn/yarn.go Normal file
View File

@@ -0,0 +1,52 @@
package yarn
import (
"bytes"
"path/filepath"
"strings"
"github.com/knqyf263/fanal/analyzer"
"github.com/knqyf263/fanal/extractor"
"github.com/knqyf263/fanal/utils"
"github.com/knqyf263/go-dep-parser/pkg/types"
"github.com/knqyf263/go-dep-parser/pkg/yarn"
"golang.org/x/xerrors"
)
func init() {
analyzer.RegisterLibraryAnalyzer(&yarnLibraryAnalyzer{})
}
type yarnLibraryAnalyzer struct{}
func (a yarnLibraryAnalyzer) Analyze(fileMap extractor.FileMap) (map[analyzer.FilePath][]types.Library, error) {
libMap := map[analyzer.FilePath][]types.Library{}
requiredFiles := a.RequiredFiles()
for filename, content := range fileMap {
basename := filepath.Base(filename)
if !utils.StringInSlice(basename, requiredFiles) {
continue
}
// skip analyze files which in dependency folder
if utils.StringInSlice(utils.NODE_DEP_DIR, strings.Split(filename, utils.PathSeparator)) {
continue
}
r := bytes.NewBuffer(content)
libs, err := yarn.Parse(r)
if err != nil {
return nil, xerrors.Errorf("invalid yarn.lock format: %w", err)
}
libMap[analyzer.FilePath(filename)] = libs
}
return libMap, nil
}
func (a yarnLibraryAnalyzer) RequiredFiles() []string {
return []string{"yarn.lock"}
}

5
cmd/fanal/main.go
View File

@@ -18,6 +18,7 @@ import (
_ "github.com/knqyf263/fanal/analyzer/library/composer"
_ "github.com/knqyf263/fanal/analyzer/library/npm"
_ "github.com/knqyf263/fanal/analyzer/library/pipenv"
_ "github.com/knqyf263/fanal/analyzer/library/yarn"
_ "github.com/knqyf263/fanal/analyzer/os/alpine"
_ "github.com/knqyf263/fanal/analyzer/os/amazonlinux"
_ "github.com/knqyf263/fanal/analyzer/os/debianbase"
@@ -78,13 +79,13 @@ func run() (err error) {
if err != nil {
return err
}
fmt.Printf("Packages: %d\n", len(pkgs))
fmt.Printf("via image Packages: %d\n", len(pkgs))
pkgs, err = analyzer.GetPackagesFromCommands(os, files)
if err != nil {
return err
}
fmt.Printf("Packages: %d\n", len(pkgs))
fmt.Printf("via file Packages: %d\n", len(pkgs))
libs, err := analyzer.GetLibraries(files)
if err != nil {

2
go.mod
View File

@@ -10,7 +10,7 @@ require (
github.com/docker/docker v0.0.0-20180924202107-a9c061deec0f
github.com/docker/go-connections v0.4.0 // indirect
github.com/genuinetools/reg v0.16.0
github.com/knqyf263/go-dep-parser v0.0.0-20190511063217-d5d543bfc261
github.com/knqyf263/go-dep-parser v0.0.0-20190515172517-b8305876c9c2
github.com/knqyf263/go-rpmdb v0.0.0-20190501070121-10a1c42a10dc
github.com/knqyf263/nested v0.0.1
github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348

4
go.sum
View File

@@ -93,8 +93,8 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/knqyf263/berkeleydb v0.0.0-20190501065933-fafe01fb9662 h1:UGS0RbPHwXJkq8tcba8OD0nvVUWLf2h7uUJznuHPPB0=
github.com/knqyf263/berkeleydb v0.0.0-20190501065933-fafe01fb9662/go.mod h1:bu1CcN4tUtoRcI/B/RFHhxMNKFHVq/c3SV+UTyduoXg=
github.com/knqyf263/go-dep-parser v0.0.0-20190511063217-d5d543bfc261 h1:RPgPsbEsYj6LuOjZnKl2DvbfodNWRuWKZfWJkrD7l8s=
github.com/knqyf263/go-dep-parser v0.0.0-20190511063217-d5d543bfc261/go.mod h1:gSiqSkOFPstUZu/qZ4wnNJS69PtQQnPl397vxKHJ5mQ=
github.com/knqyf263/go-dep-parser v0.0.0-20190515172517-b8305876c9c2 h1:bQGj8WH6X4czC2FlkgUKKFq2xPnJovzf61T4Yl9sVZs=
github.com/knqyf263/go-dep-parser v0.0.0-20190515172517-b8305876c9c2/go.mod h1:gSiqSkOFPstUZu/qZ4wnNJS69PtQQnPl397vxKHJ5mQ=
github.com/knqyf263/go-rpmdb v0.0.0-20190501070121-10a1c42a10dc h1:pumO9pqmRAjvic6oove22RGh9wDZQnj96XQjJSbSEPs=
github.com/knqyf263/go-rpmdb v0.0.0-20190501070121-10a1c42a10dc/go.mod h1:MrSSvdMpTSymaQWk1yFr9sxFSyQmKMj6jkbvGrchBV8=
github.com/knqyf263/nested v0.0.1 h1:Sv26CegUMhjt19zqbBKntjwESdxe5hxVPSk0+AKjdUc=

6
utils/utils.go
View File

@@ -1,10 +1,16 @@
package utils
import (
"fmt"
"os"
"path/filepath"
)
var (
NODE_DEP_DIR = "node_modules"
PathSeparator = fmt.Sprintf("%c", os.PathSeparator)
)
func CacheDir() string {
cacheDir, err := os.UserCacheDir()
if err != nil {