forked from anchore/syft
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add Erlang OTP Application cataloger (anchore#2403)
* Add cataloger for Erlang OTP applications Signed-off-by: Laurent Goderre <laurent.goderre@docker.com> * Add OTP Package type and Purl for ErLang Signed-off-by: Laurent Goderre <laurent.goderre@docker.com> * remove erlang OTP metadata type Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * use OTP purl type Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * restore otp fixture and adjust tests for dir-only results Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Laurent Goderre <laurent.goderre@docker.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
- Loading branch information
1 parent
29afe2e
commit 61bcfea
Showing
19 changed files
with
223 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 10 additions & 0 deletions
10
cmd/syft/internal/test/integration/test-fixtures/image-pkg-coverage/pkgs/erlang/accept.app
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
{application,accept, | ||
[{description,"Accept header(s) for Erlang/Elixir"}, | ||
{vsn,"0.3.5"}, | ||
{registered,[]}, | ||
{applications,[kernel,stdlib]}, | ||
{env,[]}, | ||
{modules, ['accept_encoding_header','accept_header','accept_neg','accept_parser']}, | ||
{maintainers,["Ilya Khaprov"]}, | ||
{licenses,["MIT"]}, | ||
{links,[{"Github","https://github.com/deadtrickster/accept"}]}]}. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
package erlang | ||
|
||
import ( | ||
"context" | ||
|
||
"github.com/anchore/syft/internal/log" | ||
"github.com/anchore/syft/syft/artifact" | ||
"github.com/anchore/syft/syft/file" | ||
"github.com/anchore/syft/syft/pkg" | ||
"github.com/anchore/syft/syft/pkg/cataloger/generic" | ||
) | ||
|
||
// parseOTPApp parses a OTP *.app files to a package objects | ||
func parseOTPApp(_ context.Context, _ file.Resolver, _ *generic.Environment, reader file.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { | ||
doc, err := parseErlang(reader) | ||
if err != nil { | ||
// there are multiple file formats that use the *.app extension, so it's possible that this is not an OTP app file at all | ||
// ... which means we should not return an error here | ||
log.WithFields("error", err).Trace("unable to parse Erlang OTP app") | ||
return nil, nil, nil | ||
} | ||
|
||
var packages []pkg.Package | ||
|
||
root := doc.Get(0) | ||
|
||
name := root.Get(1).String() | ||
|
||
keys := root.Get(2) | ||
|
||
for _, key := range keys.Slice() { | ||
if key.Get(0).String() == "vsn" { | ||
version := key.Get(1).String() | ||
|
||
p := newPackageFromOTP( | ||
name, version, | ||
reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), | ||
) | ||
|
||
packages = append(packages, p) | ||
} | ||
} | ||
|
||
return packages, nil, nil | ||
} | ||
|
||
// integrity check | ||
var _ generic.Parser = parseOTPApp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
package erlang | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/anchore/syft/syft/artifact" | ||
"github.com/anchore/syft/syft/file" | ||
"github.com/anchore/syft/syft/pkg" | ||
"github.com/anchore/syft/syft/pkg/cataloger/internal/pkgtest" | ||
) | ||
|
||
func TestParseOTPApplication(t *testing.T) { | ||
tests := []struct { | ||
fixture string | ||
expected []pkg.Package | ||
}{ | ||
{ | ||
fixture: "test-fixtures/rabbitmq.app", | ||
expected: []pkg.Package{ | ||
{ | ||
Name: "rabbit", | ||
Version: "3.12.10", | ||
Language: pkg.Erlang, | ||
Type: pkg.ErlangOTPPkg, | ||
PURL: "pkg:otp/rabbit@3.12.10", | ||
}, | ||
}, | ||
}, | ||
} | ||
|
||
for _, test := range tests { | ||
t.Run(test.fixture, func(t *testing.T) { | ||
// TODO: relationships are not under test | ||
var expectedRelationships []artifact.Relationship | ||
|
||
for idx := range test.expected { | ||
test.expected[idx].Locations = file.NewLocationSet(file.NewLocation(test.fixture)) | ||
} | ||
|
||
pkgtest.TestFileParser(t, test.fixture, parseOTPApp, test.expected, expectedRelationships) | ||
}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
syft/pkg/cataloger/erlang/test-fixtures/glob-paths/src/rabbitmq.app
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
bogus erlang file |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
{application, 'rabbit', [ | ||
{description, "RabbitMQ"}, | ||
{vsn, "3.12.10"}, | ||
{id, "v3.12.9-9-g1f61ca8"}, | ||
{modules, ['amqqueue','background_gc']}, | ||
{optional_applications, []}, | ||
{env, [ | ||
{memory_monitor_interval, 2500}, | ||
{disk_free_limit, 50000000}, %% 50MB | ||
{msg_store_index_module, rabbit_msg_store_ets_index}, | ||
{backing_queue_module, rabbit_variable_queue}, | ||
%% 0 ("no limit") would make a better default, but that | ||
%% breaks the QPid Java client | ||
{frame_max, 131072}, | ||
%% see rabbitmq-server#1593 | ||
{channel_max, 2047} | ||
]} | ||
]}. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.