Skip to content

Commit

Permalink
Fix panic for empty input to Swift cataloger (#2226)
Browse files Browse the repository at this point in the history
* survive invalid input in swift parser

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add empty file

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
  • Loading branch information
wagoodman authored Oct 16, 2023
1 parent 144ed72 commit 31f1d7d
Show file tree
Hide file tree
Showing 4 changed files with 41 additions and 1 deletion.
13 changes: 12 additions & 1 deletion syft/pkg/cataloger/swift/parse_package_resolved.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"fmt"
"io"

"github.com/anchore/syft/internal/log"
"github.com/anchore/syft/syft/artifact"
"github.com/anchore/syft/syft/file"
"github.com/anchore/syft/syft/pkg"
Expand Down Expand Up @@ -67,7 +68,17 @@ func parsePackageResolved(_ file.Resolver, _ *generic.Environment, reader file.L
}
}

var pins, err = pinsForVersion(packageResolvedData, packageResolvedData["version"].(float64))
if packageResolvedData["version"] == nil {
log.Trace("no version found in Package.resolved file, skipping")
return nil, nil, nil
}

version, ok := packageResolvedData["version"].(float64)
if !ok {
return nil, nil, fmt.Errorf("failed to parse Package.resolved file: version is not a number")
}

var pins, err = pinsForVersion(packageResolvedData, version)
if err != nil {
return nil, nil, err
}
Expand Down
25 changes: 25 additions & 0 deletions syft/pkg/cataloger/swift/parse_package_resolved_test.go
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
package swift

import (
"os"
"path/filepath"
"testing"

"github.com/stretchr/testify/require"

"github.com/anchore/syft/syft/artifact"
"github.com/anchore/syft/syft/file"
"github.com/anchore/syft/syft/pkg"
Expand Down Expand Up @@ -80,3 +84,24 @@ func TestParsePackageResolved(t *testing.T) {

pkgtest.TestFileParser(t, fixture, parsePackageResolved, expectedPkgs, expectedRelationships)
}

func TestParsePackageResolved_empty(t *testing.T) {
// regression for https://github.com/anchore/syft/issues/2225
fixture := "test-fixtures/empty-packages.resolved"

pkgtest.TestFileParser(t, fixture, parsePackageResolved, nil, nil)

dir := t.TempDir()
fixture = filepath.Join(dir, "Package.resolved")
_, err := os.Create(fixture)
require.NoError(t, err)

pkgtest.TestFileParser(t, fixture, parsePackageResolved, nil, nil)
}

func TestParsePackageResolved_versionNotANumber(t *testing.T) {
// regression for https://github.com/anchore/syft/issues/2225
fixture := "test-fixtures/bad-version-packages.resolved"

pkgtest.NewCatalogTester().FromFile(t, fixture).WithError().TestParser(t, parsePackageResolved)
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
"version" : "2"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{}

0 comments on commit 31f1d7d

Please sign in to comment.