diff --git a/integration/testdata/julia-cyclonedx.json.golden b/integration/testdata/julia-cyclonedx.json.golden index 425a674eaed2..f86ae2dfe472 100644 --- a/integration/testdata/julia-cyclonedx.json.golden +++ b/integration/testdata/julia-cyclonedx.json.golden @@ -2,19 +2,22 @@ "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5", - "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001", + "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000006", "version": 1, "metadata": { "timestamp": "2021-08-25T12:20:30+00:00", - "tools": [ - { - "vendor": "aquasecurity", - "name": "trivy", - "version": "dev" - } - ], + "tools": { + "components": [ + { + "type": "application", + "group": "aquasecurity", + "name": "trivy", + "version": "dev" + } + ] + }, "component": { - "bom-ref": "3ff14136-e09f-4df9-80ea-000000000002", + "bom-ref": "3ff14136-e09f-4df9-80ea-000000000001", "type": "application", "name": "testdata/fixtures/repo/julia", "properties": [ @@ -27,7 +30,7 @@ }, "components": [ { - "bom-ref": "98bde055-d07d-4cb8-91a7-cf00399e7169", + "bom-ref": "3ff14136-e09f-4df9-80ea-000000000002", "type": "application", "name": "Manifest.toml", "properties": [ @@ -95,16 +98,17 @@ ], "dependencies": [ { - "ref": "3ff14136-e09f-4df9-80ea-000000000002", + "ref": "3ff14136-e09f-4df9-80ea-000000000001", "dependsOn": [ - "3ff14136-e09f-4df9-80ea-000000000003" + "3ff14136-e09f-4df9-80ea-000000000002" ] }, { - "ref": "3ff14136-e09f-4df9-80ea-000000000003", + "ref": "3ff14136-e09f-4df9-80ea-000000000002", "dependsOn": [ "pkg:julia/A@1.9.0?uuid=ead4f63c-334e-11e9-00e6-e7f0a5f21b60", - "pkg:julia/B@1.9.0?uuid=edca9bc6-334e-11e9-3554-9595dbb4349c" + "pkg:julia/B@1.9.0?uuid=edca9bc6-334e-11e9-3554-9595dbb4349c", + "pkg:julia/B@1.9.0?uuid=f41f7b98-334e-11e9-1257-49272045fb24" ] }, { diff --git a/integration/testdata/julia-spdx.json.golden b/integration/testdata/julia-spdx.json.golden index 4542630ba4a1..483991784365 100644 --- a/integration/testdata/julia-spdx.json.golden +++ b/integration/testdata/julia-spdx.json.golden @@ -3,7 +3,7 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "testdata/fixtures/repo/julia", - "documentNamespace": "http://aquasecurity.github.io/trivy/filesystem/testdata/fixtures/repo/julia-3ff14136-e09f-4df9-80ea-000000000001", + "documentNamespace": "http://aquasecurity.github.io/trivy/filesystem/testdata/fixtures/repo/julia-3ff14136-e09f-4df9-80ea-000000000006", "creationInfo": { "creators": [ "Organization: aquasecurity", @@ -12,13 +12,25 @@ "created": "2021-08-25T12:20:30Z" }, "packages": [ + { + "name": "Manifest.toml", + "SPDXID": "SPDXRef-Application-18fc3597717a3e56", + "downloadLocation": "NONE", + "filesAnalyzed": false, + "attributionTexts": [ + "Class: lang-pkgs", + "Type: julia" + ], + "primaryPackagePurpose": "APPLICATION" + }, { "name": "A", - "SPDXID": "SPDXRef-Package-46973d9aca091871", + "SPDXID": "SPDXRef-Package-2a46714189f3b9de", "versionInfo": "1.9.0", "supplier": "NOASSERTION", "downloadLocation": "NONE", "filesAnalyzed": false, + "sourceInfo": "package found in: Manifest.toml", "licenseConcluded": "NONE", "licenseDeclared": "NONE", "externalRefs": [ @@ -29,60 +41,57 @@ } ], "attributionTexts": [ - "PkgID: ead4f63c-334e-11e9-00e6-e7f0a5f21b60" + "PkgID: ead4f63c-334e-11e9-00e6-e7f0a5f21b60", + "PkgType: julia" ], "primaryPackagePurpose": "LIBRARY" }, { "name": "B", - "SPDXID": "SPDXRef-Package-436cd42285772e07", + "SPDXID": "SPDXRef-Package-4a8e351c4c9b7318", "versionInfo": "1.9.0", "supplier": "NOASSERTION", "downloadLocation": "NONE", "filesAnalyzed": false, + "sourceInfo": "package found in: Manifest.toml", "licenseConcluded": "NONE", "licenseDeclared": "NONE", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:julia/B@1.9.0?uuid=f41f7b98-334e-11e9-1257-49272045fb24" + "referenceLocator": "pkg:julia/B@1.9.0?uuid=edca9bc6-334e-11e9-3554-9595dbb4349c" } ], "attributionTexts": [ - "PkgID: f41f7b98-334e-11e9-1257-49272045fb24" + "PkgID: edca9bc6-334e-11e9-3554-9595dbb4349c", + "PkgType: julia" ], "primaryPackagePurpose": "LIBRARY" }, { "name": "B", - "SPDXID": "SPDXRef-Package-fa368ab116ed505f", + "SPDXID": "SPDXRef-Package-d10d5e4a30a43fff", "versionInfo": "1.9.0", "supplier": "NOASSERTION", "downloadLocation": "NONE", "filesAnalyzed": false, + "sourceInfo": "package found in: Manifest.toml", "licenseConcluded": "NONE", "licenseDeclared": "NONE", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:julia/B@1.9.0?uuid=edca9bc6-334e-11e9-3554-9595dbb4349c" + "referenceLocator": "pkg:julia/B@1.9.0?uuid=f41f7b98-334e-11e9-1257-49272045fb24" } ], "attributionTexts": [ - "PkgID: edca9bc6-334e-11e9-3554-9595dbb4349c" + "PkgID: f41f7b98-334e-11e9-1257-49272045fb24", + "PkgType: julia" ], "primaryPackagePurpose": "LIBRARY" }, - { - "name": "julia", - "SPDXID": "SPDXRef-Application-7d3c9e4ebc4e0210", - "downloadLocation": "NONE", - "filesAnalyzed": false, - "sourceInfo": "Manifest.toml", - "primaryPackagePurpose": "APPLICATION" - }, { "name": "testdata/fixtures/repo/julia", "SPDXID": "SPDXRef-Filesystem-1be792dd0077c431", @@ -96,29 +105,34 @@ ], "relationships": [ { - "spdxElementId": "SPDXRef-DOCUMENT", - "relatedSpdxElement": "SPDXRef-Filesystem-1be792dd0077c431", - "relationshipType": "DESCRIBES" + "spdxElementId": "SPDXRef-Application-18fc3597717a3e56", + "relatedSpdxElement": "SPDXRef-Package-2a46714189f3b9de", + "relationshipType": "CONTAINS" }, { - "spdxElementId": "SPDXRef-Filesystem-1be792dd0077c431", - "relatedSpdxElement": "SPDXRef-Application-7d3c9e4ebc4e0210", + "spdxElementId": "SPDXRef-Application-18fc3597717a3e56", + "relatedSpdxElement": "SPDXRef-Package-4a8e351c4c9b7318", "relationshipType": "CONTAINS" }, { - "spdxElementId": "SPDXRef-Application-7d3c9e4ebc4e0210", - "relatedSpdxElement": "SPDXRef-Package-46973d9aca091871", + "spdxElementId": "SPDXRef-Application-18fc3597717a3e56", + "relatedSpdxElement": "SPDXRef-Package-d10d5e4a30a43fff", "relationshipType": "CONTAINS" }, { - "spdxElementId": "SPDXRef-Application-7d3c9e4ebc4e0210", - "relatedSpdxElement": "SPDXRef-Package-fa368ab116ed505f", - "relationshipType": "CONTAINS" + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Filesystem-1be792dd0077c431", + "relationshipType": "DESCRIBES" }, { - "spdxElementId": "SPDXRef-Application-7d3c9e4ebc4e0210", - "relatedSpdxElement": "SPDXRef-Package-436cd42285772e07", + "spdxElementId": "SPDXRef-Filesystem-1be792dd0077c431", + "relatedSpdxElement": "SPDXRef-Application-18fc3597717a3e56", "relationshipType": "CONTAINS" + }, + { + "spdxElementId": "SPDXRef-Package-2a46714189f3b9de", + "relatedSpdxElement": "SPDXRef-Package-d10d5e4a30a43fff", + "relationshipType": "DEPENDS_ON" } ] -} +} \ No newline at end of file diff --git a/pkg/dependency/parser/julia/manifest/parse_test.go b/pkg/dependency/parser/julia/manifest/parse_test.go index 95a1180f6de9..efbc0bfcbee5 100644 --- a/pkg/dependency/parser/julia/manifest/parse_test.go +++ b/pkg/dependency/parser/julia/manifest/parse_test.go @@ -21,14 +21,14 @@ func TestParse(t *testing.T) { { name: "Manifest v1.6", file: "testdata/primary/Manifest_v1.6.toml", - want: juliaV16Libs, - wantDeps: juliaV16Deps, + want: juliaV1_6Pkgs, + wantDeps: juliaV1_6Deps, }, { name: "Manifest v1.8", file: "testdata/primary/Manifest_v1.8.toml", - want: juliaV18Libs, - wantDeps: juliaV18Deps, + want: juliaV1_8Pkgs, + wantDeps: juliaV1_8Deps, }, { name: "no deps v1.6", @@ -45,19 +45,19 @@ func TestParse(t *testing.T) { { name: "dep extensions v1.9", file: "testdata/dep_ext_v1.9/Manifest.toml", - want: juliaV19DepExtLibs, + want: juliaV1_9DepExtPkgs, wantDeps: nil, }, { name: "shadowed dep v1.9", file: "testdata/shadowed_dep_v1.9/Manifest.toml", - want: juliaV19ShadowedDepLibs, - wantDeps: juliaV19ShadowedDepDeps, + want: juliaV1_9ShadowedDepPkgs, + wantDeps: juliaV1_9ShadowedDepDeps, }, { name: "julia v1.0 format", file: "testdata/julia_v1.0_format/Manifest.toml", - want: juliaV10FormatLibs, + want: juliaV10FormatPkgs, wantDeps: juliaV10FormatDeps, }, } diff --git a/pkg/dependency/parser/julia/manifest/parse_testcase.go b/pkg/dependency/parser/julia/manifest/parse_testcase.go index e75df9b2b840..232529065c55 100644 --- a/pkg/dependency/parser/julia/manifest/parse_testcase.go +++ b/pkg/dependency/parser/julia/manifest/parse_testcase.go @@ -1,18 +1,18 @@ package julia -import "github.com/aquasecurity/trivy/pkg/fanal/types" +import ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" var ( - juliaV16Libs = []ftypes.Library{ - {ID: "ade2ca70-3891-5945-98fb-dc099432e06a", Name: "Dates", Version: "unknown", Locations: []types.Location{{StartLine: 3, EndLine: 5}}}, - {ID: "682c06a0-de6a-54ab-a142-c8b1cf79cde6", Name: "JSON", Version: "0.21.4", Locations: []types.Location{{StartLine: 7, EndLine: 11}}}, - {ID: "a63ad114-7e13-5084-954f-fe012c677804", Name: "Mmap", Version: "unknown", Locations: []types.Location{{StartLine: 13, EndLine: 14}}}, - {ID: "69de0a69-1ddd-5017-9359-2bf0b02dc9f0", Name: "Parsers", Version: "2.4.2", Locations: []types.Location{{StartLine: 16, EndLine: 20}}}, - {ID: "de0858da-6303-5e67-8744-51eddeeeb8d7", Name: "Printf", Version: "unknown", Locations: []types.Location{{StartLine: 22, EndLine: 24}}}, - {ID: "4ec0a83e-493e-50e2-b9ac-8f72acf5a8f5", Name: "Unicode", Version: "unknown", Locations: []types.Location{{StartLine: 26, EndLine: 27}}}, + juliaV1_6Pkgs = []ftypes.Package{ + {ID: "ade2ca70-3891-5945-98fb-dc099432e06a", Name: "Dates", Version: "unknown", Locations: []ftypes.Location{{StartLine: 3, EndLine: 5}}}, + {ID: "682c06a0-de6a-54ab-a142-c8b1cf79cde6", Name: "JSON", Version: "0.21.4", Locations: []ftypes.Location{{StartLine: 7, EndLine: 11}}}, + {ID: "a63ad114-7e13-5084-954f-fe012c677804", Name: "Mmap", Version: "unknown", Locations: []ftypes.Location{{StartLine: 13, EndLine: 14}}}, + {ID: "69de0a69-1ddd-5017-9359-2bf0b02dc9f0", Name: "Parsers", Version: "2.4.2", Locations: []ftypes.Location{{StartLine: 16, EndLine: 20}}}, + {ID: "de0858da-6303-5e67-8744-51eddeeeb8d7", Name: "Printf", Version: "unknown", Locations: []ftypes.Location{{StartLine: 22, EndLine: 24}}}, + {ID: "4ec0a83e-493e-50e2-b9ac-8f72acf5a8f5", Name: "Unicode", Version: "unknown", Locations: []ftypes.Location{{StartLine: 26, EndLine: 27}}}, } - juliaV16Deps = []ftypes.Dependency{ + juliaV1_6Deps = []ftypes.Dependency{ {ID: "ade2ca70-3891-5945-98fb-dc099432e06a", DependsOn: []string{"de0858da-6303-5e67-8744-51eddeeeb8d7"}}, {ID: "682c06a0-de6a-54ab-a142-c8b1cf79cde6", DependsOn: []string{ "4ec0a83e-493e-50e2-b9ac-8f72acf5a8f5", @@ -24,23 +24,23 @@ var ( {ID: "de0858da-6303-5e67-8744-51eddeeeb8d7", DependsOn: []string{"4ec0a83e-493e-50e2-b9ac-8f72acf5a8f5"}}, } - juliaV18Libs = []ftypes.Library{ - {ID: "ade2ca70-3891-5945-98fb-dc099432e06a", Name: "Dates", Version: "1.8.5", Locations: []types.Location{{StartLine: 7, EndLine: 9}}}, - {ID: "682c06a0-de6a-54ab-a142-c8b1cf79cde6", Name: "JSON", Version: "0.21.4", Locations: []types.Location{{StartLine: 11, EndLine: 15}}}, - {ID: "a63ad114-7e13-5084-954f-fe012c677804", Name: "Mmap", Version: "1.8.5", Locations: []types.Location{{StartLine: 17, EndLine: 18}}}, - {ID: "69de0a69-1ddd-5017-9359-2bf0b02dc9f0", Name: "Parsers", Version: "2.5.10", Locations: []types.Location{{StartLine: 20, EndLine: 24}}}, - {ID: "aea7be01-6a6a-4083-8856-8a6e6704d82a", Name: "PrecompileTools", Version: "1.1.1", Locations: []types.Location{{StartLine: 26, EndLine: 30}}}, - {ID: "21216c6a-2e73-6563-6e65-726566657250", Name: "Preferences", Version: "1.4.0", Locations: []types.Location{{StartLine: 32, EndLine: 36}}}, - {ID: "de0858da-6303-5e67-8744-51eddeeeb8d7", Name: "Printf", Version: "1.8.5", Locations: []types.Location{{StartLine: 38, EndLine: 40}}}, - {ID: "9a3f8284-a2c9-5f02-9a11-845980a1fd5c", Name: "Random", Version: "1.8.5", Locations: []types.Location{{StartLine: 42, EndLine: 44}}}, - {ID: "ea8e919c-243c-51af-8825-aaa63cd721ce", Name: "SHA", Version: "0.7.0", Locations: []types.Location{{StartLine: 46, EndLine: 48}}}, - {ID: "9e88b42a-f829-5b0c-bbe9-9e923198166b", Name: "Serialization", Version: "1.8.5", Locations: []types.Location{{StartLine: 50, EndLine: 51}}}, - {ID: "fa267f1f-6049-4f14-aa54-33bafae1ed76", Name: "TOML", Version: "1.0.0", Locations: []types.Location{{StartLine: 53, EndLine: 56}}}, - {ID: "cf7118a7-6976-5b1a-9a39-7adc72f591a4", Name: "UUIDs", Version: "1.8.5", Locations: []types.Location{{StartLine: 58, EndLine: 60}}}, - {ID: "4ec0a83e-493e-50e2-b9ac-8f72acf5a8f5", Name: "Unicode", Version: "1.8.5", Locations: []types.Location{{StartLine: 62, EndLine: 63}}}, + juliaV1_8Pkgs = []ftypes.Package{ + {ID: "ade2ca70-3891-5945-98fb-dc099432e06a", Name: "Dates", Version: "1.8.5", Locations: []ftypes.Location{{StartLine: 7, EndLine: 9}}}, + {ID: "682c06a0-de6a-54ab-a142-c8b1cf79cde6", Name: "JSON", Version: "0.21.4", Locations: []ftypes.Location{{StartLine: 11, EndLine: 15}}}, + {ID: "a63ad114-7e13-5084-954f-fe012c677804", Name: "Mmap", Version: "1.8.5", Locations: []ftypes.Location{{StartLine: 17, EndLine: 18}}}, + {ID: "69de0a69-1ddd-5017-9359-2bf0b02dc9f0", Name: "Parsers", Version: "2.5.10", Locations: []ftypes.Location{{StartLine: 20, EndLine: 24}}}, + {ID: "aea7be01-6a6a-4083-8856-8a6e6704d82a", Name: "PrecompileTools", Version: "1.1.1", Locations: []ftypes.Location{{StartLine: 26, EndLine: 30}}}, + {ID: "21216c6a-2e73-6563-6e65-726566657250", Name: "Preferences", Version: "1.4.0", Locations: []ftypes.Location{{StartLine: 32, EndLine: 36}}}, + {ID: "de0858da-6303-5e67-8744-51eddeeeb8d7", Name: "Printf", Version: "1.8.5", Locations: []ftypes.Location{{StartLine: 38, EndLine: 40}}}, + {ID: "9a3f8284-a2c9-5f02-9a11-845980a1fd5c", Name: "Random", Version: "1.8.5", Locations: []ftypes.Location{{StartLine: 42, EndLine: 44}}}, + {ID: "ea8e919c-243c-51af-8825-aaa63cd721ce", Name: "SHA", Version: "0.7.0", Locations: []ftypes.Location{{StartLine: 46, EndLine: 48}}}, + {ID: "9e88b42a-f829-5b0c-bbe9-9e923198166b", Name: "Serialization", Version: "1.8.5", Locations: []ftypes.Location{{StartLine: 50, EndLine: 51}}}, + {ID: "fa267f1f-6049-4f14-aa54-33bafae1ed76", Name: "TOML", Version: "1.0.0", Locations: []ftypes.Location{{StartLine: 53, EndLine: 56}}}, + {ID: "cf7118a7-6976-5b1a-9a39-7adc72f591a4", Name: "UUIDs", Version: "1.8.5", Locations: []ftypes.Location{{StartLine: 58, EndLine: 60}}}, + {ID: "4ec0a83e-493e-50e2-b9ac-8f72acf5a8f5", Name: "Unicode", Version: "1.8.5", Locations: []ftypes.Location{{StartLine: 62, EndLine: 63}}}, } - juliaV18Deps = []ftypes.Dependency{ + juliaV1_8Deps = []ftypes.Dependency{ {ID: "ade2ca70-3891-5945-98fb-dc099432e06a", DependsOn: []string{"de0858da-6303-5e67-8744-51eddeeeb8d7"}}, {ID: "682c06a0-de6a-54ab-a142-c8b1cf79cde6", DependsOn: []string{ "4ec0a83e-493e-50e2-b9ac-8f72acf5a8f5", @@ -61,26 +61,26 @@ var ( {ID: "cf7118a7-6976-5b1a-9a39-7adc72f591a4", DependsOn: []string{"9a3f8284-a2c9-5f02-9a11-845980a1fd5c", "ea8e919c-243c-51af-8825-aaa63cd721ce"}}, } - juliaV19DepExtLibs = []ftypes.Library{ - {ID: "621f4979-c628-5d54-868e-fcf4e3e8185c", Name: "AbstractFFTs", Version: "1.3.1", Locations: []types.Location{{StartLine: 7, EndLine: 10}}}, + juliaV1_9DepExtPkgs = []ftypes.Package{ + {ID: "621f4979-c628-5d54-868e-fcf4e3e8185c", Name: "AbstractFFTs", Version: "1.3.1", Locations: []ftypes.Location{{StartLine: 7, EndLine: 10}}}, } - juliaV19ShadowedDepLibs = []ftypes.Library{ - {ID: "ead4f63c-334e-11e9-00e6-e7f0a5f21b60", Name: "A", Version: "1.9.0", Locations: []types.Location{{StartLine: 7, EndLine: 8}}}, - {ID: "f41f7b98-334e-11e9-1257-49272045fb24", Name: "B", Version: "1.9.0", Locations: []types.Location{{StartLine: 13, EndLine: 14}}}, - {ID: "edca9bc6-334e-11e9-3554-9595dbb4349c", Name: "B", Version: "1.9.0", Locations: []types.Location{{StartLine: 15, EndLine: 16}}}, + juliaV1_9ShadowedDepPkgs = []ftypes.Package{ + {ID: "ead4f63c-334e-11e9-00e6-e7f0a5f21b60", Name: "A", Version: "1.9.0", Locations: []ftypes.Location{{StartLine: 7, EndLine: 8}}}, + {ID: "f41f7b98-334e-11e9-1257-49272045fb24", Name: "B", Version: "1.9.0", Locations: []ftypes.Location{{StartLine: 13, EndLine: 14}}}, + {ID: "edca9bc6-334e-11e9-3554-9595dbb4349c", Name: "B", Version: "1.9.0", Locations: []ftypes.Location{{StartLine: 15, EndLine: 16}}}, } - juliaV19ShadowedDepDeps = []ftypes.Dependency{ + juliaV1_9ShadowedDepDeps = []ftypes.Dependency{ {ID: "ead4f63c-334e-11e9-00e6-e7f0a5f21b60", DependsOn: []string{"f41f7b98-334e-11e9-1257-49272045fb24"}}, } - juliaV10FormatLibs = []ftypes.Library{ - {ID: "767738be-2f1f-45a9-b806-0234f3164144", Name: "Foo", Version: "unknown", Locations: []types.Location{{StartLine: 1, EndLine: 5}}}, - {ID: "6f418443-bd2e-4783-b551-cdbac608adf2", Name: "Foo", Version: "unknown", Locations: []types.Location{{StartLine: 7, EndLine: 10}}}, - {ID: "2a550a13-6bab-4a91-a4ee-dff34d6b99d0", Name: "Bar", Version: "unknown", Locations: []types.Location{{StartLine: 12, EndLine: 14}}}, - {ID: "6801f525-dc68-44e8-a4e8-cabd286279e7", Name: "Baz", Version: "unknown", Locations: []types.Location{{StartLine: 19, EndLine: 21}}}, - {ID: "b5ec9b9c-e354-47fd-b367-a348bdc8f909", Name: "Qux", Version: "unknown", Locations: []types.Location{{StartLine: 26, EndLine: 28}}}, + juliaV10FormatPkgs = []ftypes.Package{ + {ID: "767738be-2f1f-45a9-b806-0234f3164144", Name: "Foo", Version: "unknown", Locations: []ftypes.Location{{StartLine: 1, EndLine: 5}}}, + {ID: "6f418443-bd2e-4783-b551-cdbac608adf2", Name: "Foo", Version: "unknown", Locations: []ftypes.Location{{StartLine: 7, EndLine: 10}}}, + {ID: "2a550a13-6bab-4a91-a4ee-dff34d6b99d0", Name: "Bar", Version: "unknown", Locations: []ftypes.Location{{StartLine: 12, EndLine: 14}}}, + {ID: "6801f525-dc68-44e8-a4e8-cabd286279e7", Name: "Baz", Version: "unknown", Locations: []ftypes.Location{{StartLine: 19, EndLine: 21}}}, + {ID: "b5ec9b9c-e354-47fd-b367-a348bdc8f909", Name: "Qux", Version: "unknown", Locations: []ftypes.Location{{StartLine: 26, EndLine: 28}}}, } juliaV10FormatDeps = []ftypes.Dependency{ diff --git a/pkg/detector/library/driver.go b/pkg/detector/library/driver.go index 4151dfec08f8..f78932b13442 100644 --- a/pkg/detector/library/driver.go +++ b/pkg/detector/library/driver.go @@ -82,7 +82,7 @@ func NewDriver(libType ftypes.LangType) (Driver, bool) { ecosystem = vulnerability.Kubernetes comparer = compare.GenericComparer{} case ftypes.Julia: - log.Logger.Warn("Julia is supported for SBOM, not for vulnerability scanning") + log.Warn("Julia is supported for SBOM, not for vulnerability scanning") return Driver{}, false default: log.Warn("The library type is not supported for vulnerability scanning", diff --git a/pkg/fanal/analyzer/language/julia/pkg/pkg.go b/pkg/fanal/analyzer/language/julia/pkg/pkg.go index e688079b8d2e..c2b9fda035e3 100644 --- a/pkg/fanal/analyzer/language/julia/pkg/pkg.go +++ b/pkg/fanal/analyzer/language/julia/pkg/pkg.go @@ -16,7 +16,6 @@ import ( "golang.org/x/xerrors" julia "github.com/aquasecurity/trivy/pkg/dependency/parser/julia/manifest" - godeptypes "github.com/aquasecurity/trivy/pkg/dependency/types" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/analyzer/language" "github.com/aquasecurity/trivy/pkg/fanal/types" @@ -36,7 +35,8 @@ var requiredFiles = []string{ } type juliaAnalyzer struct { - lockParser godeptypes.Parser + lockParser language.Parser + logger *log.Logger } type Project struct { @@ -47,6 +47,7 @@ type Project struct { func newJuliaAnalyzer(_ analyzer.AnalyzerOptions) (analyzer.PostAnalyzer, error) { return &juliaAnalyzer{ lockParser: julia.NewParser(), + logger: log.WithPrefix("julia"), }, nil } @@ -67,11 +68,12 @@ func (a juliaAnalyzer) PostAnalyze(_ context.Context, input analyzer.PostAnalysi } // Parse Project.toml alongside Manifest.toml to identify the direct dependencies. This mutates `app`. - if err = analyzeDependencies(input.FS, filepath.Dir(path), app); err != nil { - log.Logger.Warnf("Unable to parse %q to analyze dependencies: %s", filepath.Join(filepath.Dir(path), types.JuliaProject), err) + if err = a.analyzeDependencies(input.FS, filepath.Dir(path), app); err != nil { + a.logger.Warn("Unable to parse file to analyze dependencies", + log.String("FILEPATH", filepath.Join(filepath.Dir(path), types.JuliaProject)), log.Err(err)) } - sort.Sort(app.Libraries) + sort.Sort(app.Packages) apps = append(apps, *app) return nil }) @@ -101,24 +103,24 @@ func (a juliaAnalyzer) parseJuliaManifest(path string, r io.Reader) (*types.Appl return language.Parse(types.Julia, path, r, a.lockParser) } -func analyzeDependencies(fsys fs.FS, dir string, app *types.Application) error { - deps, devDeps, err := getProjectDeps(fsys, dir) +func (a juliaAnalyzer) analyzeDependencies(fsys fs.FS, dir string, app *types.Application) error { + deps, devDeps, err := a.getProjectDeps(fsys, dir) if err != nil { return err } - pkgs := walkDependencies(deps, app.Libraries, false) - devPkgs := walkDependencies(devDeps, app.Libraries, true) - app.Libraries = append(pkgs, devPkgs...) + pkgs := walkDependencies(deps, app.Packages, false) + devPkgs := walkDependencies(devDeps, app.Packages, true) + app.Packages = append(pkgs, devPkgs...) return nil } // getProjectDeps parses project.toml and returns root and dev dependencies. -func getProjectDeps(fsys fs.FS, dir string) (map[string]string, map[string]string, error) { +func (a juliaAnalyzer) getProjectDeps(fsys fs.FS, dir string) (map[string]string, map[string]string, error) { projectPath := filepath.Join(dir, types.JuliaProject) project, err := parseJuliaProject(fsys, projectPath) if errors.Is(err, fs.ErrNotExist) { - log.Logger.Debugf("Julia: %s not found", projectPath) + a.logger.Debug("Julia project not found", log.String("PROJECT_PATH", projectPath)) return nil, nil, nil } else if err != nil { return nil, nil, xerrors.Errorf("unable to parse %s: %w", projectPath, err) diff --git a/pkg/fanal/analyzer/language/julia/pkg/pkg_test.go b/pkg/fanal/analyzer/language/julia/pkg/pkg_test.go index 350b10c883ce..8e96e0574d93 100644 --- a/pkg/fanal/analyzer/language/julia/pkg/pkg_test.go +++ b/pkg/fanal/analyzer/language/julia/pkg/pkg_test.go @@ -25,7 +25,7 @@ func Test_juliaAnalyzer_Analyze(t *testing.T) { { Type: types.Julia, FilePath: "Manifest.toml", - Libraries: []types.Package{ + Packages: types.Packages{ { ID: "ade2ca70-3891-5945-98fb-dc099432e06a", Name: "Dates", @@ -170,7 +170,7 @@ func Test_juliaAnalyzer_Analyze(t *testing.T) { { Type: types.Julia, FilePath: "Manifest.toml", - Libraries: []types.Package{ + Packages: types.Packages{ { ID: "621f4979-c628-5d54-868e-fcf4e3e8185c", Name: "AbstractFFTs", @@ -184,44 +184,6 @@ func Test_juliaAnalyzer_Analyze(t *testing.T) { }, }, }, - { - name: "shadowed_dep_v1.9", - dir: "testdata/shadowed_dep_v1.9", - want: &analyzer.AnalysisResult{ - Applications: []types.Application{ - { - Type: types.Julia, - FilePath: "Manifest.toml", - Libraries: []types.Package{ - { - ID: "ead4f63c-334e-11e9-00e6-e7f0a5f21b60", - Name: "A", - Version: "1.9.0", - Indirect: false, - Locations: []types.Location{{StartLine: 7, EndLine: 8}}, - DependsOn: []string{"f41f7b98-334e-11e9-1257-49272045fb24"}, - }, - { - ID: "edca9bc6-334e-11e9-3554-9595dbb4349c", - Name: "B", - Version: "1.9.0", - Indirect: false, - Locations: []types.Location{{StartLine: 15, EndLine: 16}}, - DependsOn: nil, - }, - { - ID: "f41f7b98-334e-11e9-1257-49272045fb24", - Name: "B", - Version: "1.9.0", - Indirect: true, - Locations: []types.Location{{StartLine: 13, EndLine: 14}}, - DependsOn: nil, - }, - }, - }, - }, - }, - }, { name: "no_manifest", dir: "testdata/no_manifest", diff --git a/pkg/purl/purl_test.go b/pkg/purl/purl_test.go index 18456d94c2ba..90af61d7b949 100644 --- a/pkg/purl/purl_test.go +++ b/pkg/purl/purl_test.go @@ -415,15 +415,13 @@ func TestNewPackageURL(t *testing.T) { Version: "1.9.0", }, want: &purl.PackageURL{ - PackageURL: packageurl.PackageURL{ - Type: packageurl.TypeJulia, - Name: "Dates", - Version: "1.9.0", - Qualifiers: packageurl.Qualifiers{ - { - Key: "uuid", - Value: "ade2ca70-3891-5945-98fb-dc099432e06a", - }, + Type: packageurl.TypeJulia, + Name: "Dates", + Version: "1.9.0", + Qualifiers: packageurl.Qualifiers{ + { + Key: "uuid", + Value: "ade2ca70-3891-5945-98fb-dc099432e06a", }, }, }, diff --git a/pkg/sbom/cyclonedx/marshal_test.go b/pkg/sbom/cyclonedx/marshal_test.go index 52781b865a8f..d3d104b28347 100644 --- a/pkg/sbom/cyclonedx/marshal_test.go +++ b/pkg/sbom/cyclonedx/marshal_test.go @@ -2,22 +2,20 @@ package cyclonedx_test import ( "context" - "testing" - "time" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" - "github.com/package-url/packageurl-go" - "github.com/aquasecurity/trivy/pkg/sbom/core" + "github.com/package-url/packageurl-go" + "testing" + "time" cdx "github.com/CycloneDX/cyclonedx-go" - "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/samber/lo" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" dtypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/clock" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/report" diff --git a/pkg/sbom/spdx/marshal_test.go b/pkg/sbom/spdx/marshal_test.go index e6b4a9360c32..ee4c10949148 100644 --- a/pkg/sbom/spdx/marshal_test.go +++ b/pkg/sbom/spdx/marshal_test.go @@ -2,13 +2,12 @@ package spdx_test import ( "context" - "hash/fnv" - "testing" - "time" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" "github.com/aquasecurity/trivy/pkg/sbom/core" "github.com/package-url/packageurl-go" + "hash/fnv" + "testing" + "time" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/mitchellh/hashstructure/v2"