-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
9c1ce5a
commit 876466f
Showing
9 changed files
with
158 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
package gradle | ||
|
||
import ( | ||
"context" | ||
"os" | ||
"path/filepath" | ||
"strings" | ||
|
||
"github.com/aquasecurity/go-dep-parser/pkg/gradle/lockfile" | ||
"github.com/aquasecurity/trivy/pkg/fanal/analyzer" | ||
"github.com/aquasecurity/trivy/pkg/fanal/analyzer/language" | ||
"github.com/aquasecurity/trivy/pkg/fanal/types" | ||
"golang.org/x/xerrors" | ||
) | ||
|
||
func init() { | ||
analyzer.RegisterAnalyzer(&gradleLockAnalyzer{}) | ||
} | ||
|
||
const ( | ||
version = 1 | ||
fileNameSuffix = "gradle.lockfile" | ||
) | ||
|
||
// gradleLockAnalyzer analyzes '*gradle.lockfile' | ||
type gradleLockAnalyzer struct{} | ||
|
||
func (a gradleLockAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput) (*analyzer.AnalysisResult, error) { | ||
p := lockfile.NewParser() | ||
res, err := language.Analyze(types.GradleLock, input.FilePath, input.Content, p) | ||
if err != nil { | ||
return nil, xerrors.Errorf("%s parse error: %w", input.FilePath, err) | ||
} | ||
return res, nil | ||
} | ||
|
||
func (a gradleLockAnalyzer) Required(filePath string, _ os.FileInfo) bool { | ||
return strings.HasSuffix(filepath.Base(filePath), fileNameSuffix) | ||
} | ||
|
||
func (a gradleLockAnalyzer) Type() analyzer.Type { | ||
return analyzer.TypeGradleLock | ||
} | ||
|
||
func (a gradleLockAnalyzer) Version() int { | ||
return version | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
package gradle | ||
|
||
import ( | ||
"os" | ||
"testing" | ||
|
||
"github.com/aquasecurity/trivy/pkg/fanal/analyzer" | ||
"github.com/aquasecurity/trivy/pkg/fanal/types" | ||
"github.com/stretchr/testify/assert" | ||
"github.com/stretchr/testify/require" | ||
) | ||
|
||
func Test_gradleLockAnalyzer_Analyze(t *testing.T) { | ||
tests := []struct { | ||
name string | ||
inputFile string | ||
want *analyzer.AnalysisResult | ||
}{ | ||
{ | ||
name: "happy path", | ||
inputFile: "testdata/happy.lockfile", | ||
want: &analyzer.AnalysisResult{ | ||
Applications: []types.Application{ | ||
{ | ||
Type: types.GradleLock, | ||
FilePath: "testdata/happy.lockfile", | ||
Libraries: []types.Package{ | ||
{ | ||
Name: "com.example:example", | ||
Version: "0.0.1", | ||
}, | ||
}, | ||
}, | ||
}, | ||
}, | ||
}, | ||
{ | ||
name: "empty file", | ||
inputFile: "testdata/empty.lockfile", | ||
}, | ||
} | ||
|
||
for _, tt := range tests { | ||
t.Run(tt.name, func(t *testing.T) { | ||
f, err := os.Open(tt.inputFile) | ||
require.NoError(t, err) | ||
defer f.Close() | ||
|
||
a := gradleLockAnalyzer{} | ||
got, err := a.Analyze(nil, analyzer.AnalysisInput{ | ||
FilePath: tt.inputFile, | ||
Content: f, | ||
}) | ||
|
||
assert.NoError(t, err) | ||
assert.Equal(t, tt.want, got) | ||
}) | ||
} | ||
} | ||
|
||
func Test_nugetLibraryAnalyzer_Required(t *testing.T) { | ||
tests := []struct { | ||
name string | ||
filePath string | ||
want bool | ||
}{ | ||
{ | ||
name: "default name", | ||
filePath: "test/gradle.lockfile", | ||
want: true, | ||
}, | ||
{ | ||
name: "name with prefix", | ||
filePath: "test/settings-gradle.lockfile", | ||
want: true, | ||
}, | ||
{ | ||
name: "zip", | ||
filePath: "test.zip", | ||
want: false, | ||
}, | ||
} | ||
for _, tt := range tests { | ||
t.Run(tt.name, func(t *testing.T) { | ||
a := gradleLockAnalyzer{} | ||
got := a.Required(tt.filePath, nil) | ||
assert.Equal(t, tt.want, got) | ||
}) | ||
} | ||
} |
4 changes: 4 additions & 0 deletions
4
pkg/fanal/analyzer/language/java/gradle/testdata/empty.lockfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
# This is a Gradle generated file for dependency locking. | ||
# Manual edits can break the build and are not advised. | ||
# This file is expected to be part of source control. | ||
empty= |
5 changes: 5 additions & 0 deletions
5
pkg/fanal/analyzer/language/java/gradle/testdata/happy.lockfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
# This is a Gradle generated file for dependency locking. | ||
# Manual edits can break the build and are not advised. | ||
# This file is expected to be part of source control. | ||
com.example:example:0.0.1=classpath | ||
empty= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters