New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add support for conan.lock file #2779
Merged
Merged
Changes from 7 commits
Commits
Show all changes
21 commits
Select commit
Hold shift + click to select a range
08eec95
add analyzer for conan lock
DmitriyLewen 9b92b0a
add tests
DmitriyLewen 7679e0c
add conan to docs
DmitriyLewen 9865f71
add c and c++ to semantic pr
DmitriyLewen 25a6642
refactor
DmitriyLewen 48dcafa
fix linter error
DmitriyLewen 0d6162c
docs: add info about supported filenames
DmitriyLewen 396b657
update go-dep-parser
DmitriyLewen 1ad0a02
Merge branch 'main' into 'feat/glad-conan'
DmitriyLewen 948a9e9
update go-dep-parser
DmitriyLewen 28a8ccb
Merge branch 'main' into 'feat/glad-conan'
DmitriyLewen 6141516
add note about file-pattern for non-default filename conan.lock
DmitriyLewen 8da2b6b
chore: remove the replace directive
knqyf263 4c0d2fc
refactor: simplify the test
knqyf263 f51a946
Add a comment
knqyf263 06e652d
Add a const for conan.lock
knqyf263 039d5b1
add a dependency relationship
knqyf263 bd0062e
add a integration test
knqyf263 1ecf6c4
sort got libs
knqyf263 487c306
fix the broken golden file
knqyf263 e5844c7
test fix
knqyf263 File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -64,6 +64,8 @@ jobs: | |
dotnet | ||
java | ||
go | ||
c | ||
c++ | ||
|
||
os | ||
lang | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
package conan | ||
|
||
import ( | ||
"context" | ||
"os" | ||
|
||
"github.com/aquasecurity/go-dep-parser/pkg/c/conan/lock" | ||
"github.com/aquasecurity/trivy/pkg/fanal/analyzer" | ||
"github.com/aquasecurity/trivy/pkg/fanal/analyzer/language" | ||
"github.com/aquasecurity/trivy/pkg/fanal/types" | ||
|
||
"golang.org/x/xerrors" | ||
) | ||
|
||
func init() { | ||
analyzer.RegisterAnalyzer(&conanLockAnalyzer{}) | ||
} | ||
|
||
const ( | ||
version = 1 | ||
// Lock file name can be anything (https://docs.conan.io/en/latest/versioning/lockfiles/introduction.html#locking-dependencies) | ||
// Now we only check default filename - `conan.lock` | ||
fileName = "conan.lock" | ||
) | ||
|
||
// conanLockAnalyzer analyzes conan.lock | ||
type conanLockAnalyzer struct{} | ||
|
||
func (a conanLockAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput) (*analyzer.AnalysisResult, error) { | ||
p := lock.NewParser() | ||
res, err := language.Analyze(types.ConanLock, input.FilePath, input.Content, p) | ||
if err != nil { | ||
return nil, xerrors.Errorf("%s parse error: %w", input.FilePath, err) | ||
} | ||
return res, nil | ||
} | ||
|
||
func (a conanLockAnalyzer) Required(_ string, fileInfo os.FileInfo) bool { | ||
return fileInfo.Name() == fileName | ||
} | ||
|
||
func (a conanLockAnalyzer) Type() analyzer.Type { | ||
return analyzer.TypeConanLock | ||
} | ||
|
||
func (a conanLockAnalyzer) Version() int { | ||
return version | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,106 @@ | ||
package conan | ||
|
||
import ( | ||
"os" | ||
"path/filepath" | ||
"testing" | ||
|
||
"github.com/aquasecurity/trivy/pkg/fanal/analyzer" | ||
"github.com/aquasecurity/trivy/pkg/fanal/types" | ||
"github.com/stretchr/testify/assert" | ||
"github.com/stretchr/testify/require" | ||
) | ||
|
||
func Test_conanLockAnalyzer_Analyze(t *testing.T) { | ||
tests := []struct { | ||
name string | ||
inputFile string | ||
want *analyzer.AnalysisResult | ||
}{ | ||
{ | ||
name: "happy path", | ||
inputFile: "testdata/happy.lock", | ||
want: &analyzer.AnalysisResult{ | ||
Applications: []types.Application{ | ||
{ | ||
Type: types.ConanLock, | ||
FilePath: "testdata/happy.lock", | ||
Libraries: []types.Package{ | ||
{ | ||
Name: "openssl", | ||
Version: "1.1.1k", | ||
}, | ||
}, | ||
}, | ||
}, | ||
}, | ||
}, | ||
{ | ||
name: "empty file", | ||
inputFile: "testdata/empty.lock", | ||
}, | ||
} | ||
|
||
for _, tt := range tests { | ||
t.Run(tt.name, func(t *testing.T) { | ||
f, err := os.Open(tt.inputFile) | ||
require.NoError(t, err) | ||
defer func() { | ||
err = f.Close() | ||
assert.NoError(t, err) | ||
}() | ||
|
||
a := conanLockAnalyzer{} | ||
got, err := a.Analyze(nil, analyzer.AnalysisInput{ | ||
FilePath: tt.inputFile, | ||
Content: f, | ||
}) | ||
|
||
assert.NoError(t, err) | ||
assert.Equal(t, tt.want, got) | ||
}) | ||
} | ||
} | ||
|
||
func Test_nugetLibraryAnalyzer_Required(t *testing.T) { | ||
tests := []struct { | ||
name string | ||
filePath string | ||
want bool | ||
}{ | ||
{ | ||
name: "default name", | ||
filePath: "test/conan.lock", | ||
want: true, | ||
}, | ||
{ | ||
name: "name with prefix", | ||
filePath: "test/pkga_deps.lock", | ||
want: false, | ||
}, | ||
{ | ||
name: "txt", | ||
filePath: "test/test.txt", | ||
want: false, | ||
}, | ||
} | ||
for _, tt := range tests { | ||
t.Run(tt.name, func(t *testing.T) { | ||
err := os.MkdirAll(filepath.Dir(tt.filePath), 0700) | ||
assert.NoError(t, err) | ||
_, err = os.Create(tt.filePath) | ||
assert.NoError(t, err) | ||
defer func() { | ||
err = os.RemoveAll(filepath.Dir(tt.filePath)) | ||
assert.NoError(t, err) | ||
}() | ||
|
||
fileInfo, err := os.Stat(tt.filePath) | ||
assert.NoError(t, err) | ||
|
||
a := conanLockAnalyzer{} | ||
got := a.Required("", fileInfo) | ||
assert.Equal(t, tt.want, got) | ||
}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
{ | ||
"graph_lock": { | ||
"nodes": { | ||
"0": { | ||
"options": "o", | ||
"path": "conanfile.txt", | ||
"context": "host" | ||
} | ||
}, | ||
"revisions_enabled": false | ||
}, | ||
"version": "0.4", | ||
"profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=9\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
{ | ||
"graph_lock": { | ||
"nodes": { | ||
"0": { | ||
"options": "o", | ||
"requires": [ | ||
"1" | ||
], | ||
"path": "conanfile.txt", | ||
"context": "host" | ||
}, | ||
"1": { | ||
"ref": "openssl/1.1.1k", | ||
"options": "", | ||
"package_id": "", | ||
"prev": "0", | ||
"context": "host" | ||
} | ||
}, | ||
"revisions_enabled": false | ||
}, | ||
"version": "0.4", | ||
"profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=9\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why can we just update
go-dep-parser
? or it's for testingThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are right. It is for testing.
So we can see, that Trivy works correctly with these changes.
I will remove
replace
and updatego-dep-parser
version after merge #128.I will also change status to
ready for review