gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-22 07:10:41 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
b7debf7f0acb44f170c90c70be794722812962e9
trivy/analyzer/library/npm/npm.go
Tomoya Amachi b7debf7f0a add yarn.lock parser (fanal#16) 
* add yarn.lock parser

* skip analyze package files in dependency folder
2019-05-16 09:29:14 +09:00

50 lines
1.2 KiB
Go
Raw Blame History

package npm
import (
"bytes"
"path/filepath"
"strings"
"github.com/knqyf263/fanal/analyzer"
"github.com/knqyf263/fanal/extractor"
"github.com/knqyf263/fanal/utils"
"github.com/knqyf263/go-dep-parser/pkg/npm"
"github.com/knqyf263/go-dep-parser/pkg/types"
"golang.org/x/xerrors"
)
func init() {
analyzer.RegisterLibraryAnalyzer(&npmLibraryAnalyzer{})
}
type npmLibraryAnalyzer struct{}
func (a npmLibraryAnalyzer) Analyze(fileMap extractor.FileMap) (map[analyzer.FilePath][]types.Library, error) {
libMap := map[analyzer.FilePath][]types.Library{}
requiredFiles := a.RequiredFiles()
for filename, content := range fileMap {
basename := filepath.Base(filename)
if !utils.StringInSlice(basename, requiredFiles) {
continue
}
// skip analyze files which in dependency folder
if utils.StringInSlice(utils.NODE_DEP_DIR, strings.Split(filename, utils.PathSeparator)) {
continue
}
r := bytes.NewBuffer(content)
libs, err := npm.Parse(r)
if err != nil {
return nil, xerrors.Errorf("invalid package-lock.json format: %w", err)
}
libMap[analyzer.FilePath(filename)] = libs
}
return libMap, nil
}
func (a npmLibraryAnalyzer) RequiredFiles() []string {
return []string{"package-lock.json"}
}
Reference in New Issue View Git Blame Copy Permalink