lockfile

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 22, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const PipenvEcosystem = PipEcosystem
View Source 
const PnpmEcosystem = NpmEcosystem
View Source 
const YarnEcosystem = NpmEcosystem

Variables

View Source 
var ErrExtractorNotFound = errors.New("could not determine extractor")
View Source 
var ErrOpenNotSupported = errors.New("this file does not support opening files")
View Source 
var ErrParserNotFound = errors.New("could not determine parser")

Functions

func ListExtractors 

func ListExtractors() []string

func ListParsers 

func ListParsers() []string

Types

type ApkInstalledExtractor 

type ApkInstalledExtractor struct{}

func (ApkInstalledExtractor) Extract 

func (e ApkInstalledExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (ApkInstalledExtractor) ShouldExtract 

func (e ApkInstalledExtractor) ShouldExtract(path string) bool

type CSVExtractor 

type CSVExtractor struct{}

func (CSVExtractor) Extract 

func (e CSVExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (CSVExtractor) ShouldExtract 

func (e CSVExtractor) ShouldExtract(_ string) bool

type ComposerLock 

type ComposerLock struct {
	Packages    []ComposerPackage `json:"packages"`
	PackagesDev []ComposerPackage `json:"packages-dev"`
}

type ComposerLockExtractor 

type ComposerLockExtractor struct{}

func (ComposerLockExtractor) Extract 

func (e ComposerLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (ComposerLockExtractor) ShouldExtract 

func (e ComposerLockExtractor) ShouldExtract(path string) bool

type ComposerPackage 

type ComposerPackage struct {
	Name    string `json:"name"`
	Version string `json:"version"`
	Dist    struct {
		Reference string `json:"reference"`
	} `json:"dist"`
}

type ConanGraphLock 

type ConanGraphLock struct {
	Nodes map[string]ConanGraphNode `json:"nodes"`
}

type ConanGraphNode 

type ConanGraphNode struct {
	Pref      string `json:"pref"`
	Ref       string `json:"ref"`
	Options   string `json:"options"`
	PackageID string `json:"package_id"`
	Prev      string `json:"prev"`
	Path      string `json:"path"`
	Context   string `json:"context"`
}

type ConanLockExtractor 

type ConanLockExtractor struct{}

func (ConanLockExtractor) Extract 

func (e ConanLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (ConanLockExtractor) ShouldExtract 

func (e ConanLockExtractor) ShouldExtract(path string) bool

type ConanLockFile 

type ConanLockFile struct {
	Version string `json:"version"`
	// conan v0.4- lockfiles use "graph_lock", "profile_host" and "profile_build"
	GraphLock    ConanGraphLock `json:"graph_lock,omitempty"`
	ProfileHost  string         `json:"profile_host,omitempty"`
	ProfileBuild string         `json:"profile_build,omitempty"`
	// conan v0.5+ lockfiles use "requires", "build_requires" and "python_requires"
	Requires       []string `json:"requires,omitempty"`
	BuildRequires  []string `json:"build_requires,omitempty"`
	PythonRequires []string `json:"python_requires,omitempty"`
}

type ConanReference 

type ConanReference struct {
	Name            string
	Version         string
	Username        string
	Channel         string
	RecipeRevision  string
	PackageID       string
	PackageRevision string
	TimeStamp       string
}

type DepFile 

type DepFile interface {
	io.Reader

	// Open opens an NestedDepFile based on the path of the
	// current DepFile if the provided path is relative.
	//
	// If the path is an absolute path, then it is opened absolutely.
	Open(path string) (NestedDepFile, error)

	Path() string
}

DepFile is an abstraction for a file that has been opened for extraction, and that knows how to open other DepFiles relative to itself.

type DpkgStatusExtractor 

type DpkgStatusExtractor struct{}

func (DpkgStatusExtractor) Extract 

func (e DpkgStatusExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (DpkgStatusExtractor) ShouldExtract 

func (e DpkgStatusExtractor) ShouldExtract(path string) bool

type Ecosystem 

type Ecosystem string
const AlpineEcosystem Ecosystem = "Alpine"
const BundlerEcosystem Ecosystem = "RubyGems"
const CRANEcosystem Ecosystem = "CRAN"
const ComposerEcosystem Ecosystem = "Packagist"
const ConanEcosystem Ecosystem = "ConanCenter"

TODO this is tentative and subject to change depending on the OSV schema 

const DebianEcosystem Ecosystem = "Debian"
const GoEcosystem Ecosystem = "Go"
const MavenEcosystem Ecosystem = "Maven"
const MixEcosystem Ecosystem = "Hex"
const NpmEcosystem Ecosystem = "npm"
const NuGetEcosystem Ecosystem = "NuGet"
const PipEcosystem Ecosystem = "PyPI"
const PubEcosystem Ecosystem = "Pub"

func KnownEcosystems 

func KnownEcosystems() []Ecosystem

KnownEcosystems returns a list of ecosystems that `lockfile` supports automatically inferring an extractor for based on a file path.

func (Ecosystem) IsDevGroup 

func (sys Ecosystem) IsDevGroup(groups []string) bool

IsDevGroup returns if any string in groups indicates the development dependency group for the specified ecosystem.

type Extractor 

type Extractor interface {
	// ShouldExtract checks if the Extractor should be used for the given path.
	ShouldExtract(path string) bool
	Extract(f DepFile) ([]PackageDetails, error)
}

func FindExtractor 

func FindExtractor(path, extractAs string) (Extractor, string)

type GemfileLockExtractor 

type GemfileLockExtractor struct{}

func (GemfileLockExtractor) Extract 

func (e GemfileLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (GemfileLockExtractor) ShouldExtract 

func (e GemfileLockExtractor) ShouldExtract(path string) bool

type GoLockExtractor 

type GoLockExtractor struct{}

func (GoLockExtractor) Extract 

func (e GoLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (GoLockExtractor) ShouldExtract 

func (e GoLockExtractor) ShouldExtract(path string) bool

type GradleLockExtractor 

type GradleLockExtractor struct{}

func (GradleLockExtractor) Extract 

func (e GradleLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (GradleLockExtractor) ShouldExtract 

func (e GradleLockExtractor) ShouldExtract(path string) bool

type LocalFile 

type LocalFile struct {
	io.ReadCloser
	// contains filtered or unexported fields
}

A LocalFile represents a file that exists on the local filesystem.

func (LocalFile) Open 

func (f LocalFile) Open(path string) (NestedDepFile, error)

func (LocalFile) Path 

func (f LocalFile) Path() string

type Lockfile 

type Lockfile struct {
	FilePath string   `json:"filePath"`
	ParsedAs string   `json:"parsedAs"`
	Packages Packages `json:"packages"`
}

func ExtractDeps 

func ExtractDeps(f DepFile, extractAs string) (Lockfile, error)

func FromApkInstalled 

func FromApkInstalled(pathToInstalled string) (Lockfile, error)

FromApkInstalled attempts to parse the given file as an "apk-installed" lockfile used by the Alpine Package Keeper (apk) to record installed packages.

func FromCSVFile 

func FromCSVFile(pathToCSV string, parseAs string) (Lockfile, error)

func FromCSVRows 

func FromCSVRows(filePath string, parseAs string, rows []string) (Lockfile, error)

func FromDpkgStatus 

func FromDpkgStatus(pathToStatus string) (Lockfile, error)

FromDpkgStatus attempts to parse the given file as an "dpkg-status" lockfile used by the Debian Package (dpkg) to record installed packages.

func FromOSVScannerResults 

func FromOSVScannerResults(pathToInstalled string) (Lockfile, error)

FromOSVScannerResults attempts to extract packages stored in the OSVScannerResults format

func Parse 

func Parse(pathToLockfile string, parseAs string) (Lockfile, error)

Parse attempts to extract a collection of package details from a lockfile, using one of the native parsers.

The parser is selected based on the name of the file, which can be overridden with the "parseAs" parameter.

func (Lockfile) String 

func (l Lockfile) String() string

type MavenLockDependency 

type MavenLockDependency struct {
	XMLName    xml.Name `xml:"dependency"`
	GroupID    string   `xml:"groupId"`
	ArtifactID string   `xml:"artifactId"`
	Version    string   `xml:"version"`
	Scope      string   `xml:"scope"`
}

func (MavenLockDependency) ResolveVersion 

func (mld MavenLockDependency) ResolveVersion(lockfile MavenLockFile) string

type MavenLockExtractor 

type MavenLockExtractor struct{}

func (MavenLockExtractor) Extract 

func (e MavenLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (MavenLockExtractor) ShouldExtract 

func (e MavenLockExtractor) ShouldExtract(path string) bool

type MavenLockFile 

type MavenLockFile struct {
	XMLName             xml.Name              `xml:"project"`
	ModelVersion        string                `xml:"modelVersion"`
	GroupID             string                `xml:"groupId"`
	ArtifactID          string                `xml:"artifactId"`
	Properties          MavenLockProperties   `xml:"properties"`
	Dependencies        []MavenLockDependency `xml:"dependencies>dependency"`
	ManagedDependencies []MavenLockDependency `xml:"dependencyManagement>dependencies>dependency"`
}

type MavenLockProperties 

type MavenLockProperties struct {
	// contains filtered or unexported fields
}

func (*MavenLockProperties) UnmarshalXML 

func (p *MavenLockProperties) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

type MixLockExtractor 

type MixLockExtractor struct{}

func (MixLockExtractor) Extract 

func (e MixLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (MixLockExtractor) ShouldExtract 

func (e MixLockExtractor) ShouldExtract(path string) bool

type NestedDepFile 

type NestedDepFile interface {
	io.Closer
	DepFile
}

NestedDepFile is an abstraction for a file that has been opened while extracting another file, and would need to be closed.

func OpenLocalDepFile 

func OpenLocalDepFile(path string) (NestedDepFile, error)

type NpmLockDependency 

type NpmLockDependency struct {
	// For an aliased package, Version is like "npm:[name]@[version]"
	Version      string                       `json:"version"`
	Dependencies map[string]NpmLockDependency `json:"dependencies,omitempty"`

	Dev      bool `json:"dev,omitempty"`
	Optional bool `json:"optional,omitempty"`

	Requires map[string]string `json:"requires,omitempty"`
}

type NpmLockExtractor 

type NpmLockExtractor struct{}

func (NpmLockExtractor) Extract 

func (e NpmLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (NpmLockExtractor) ShouldExtract 

func (e NpmLockExtractor) ShouldExtract(path string) bool

type NpmLockPackage 

type NpmLockPackage struct {
	// For an aliased package, Name is the real package name
	Name     string `json:"name"`
	Version  string `json:"version"`
	Resolved string `json:"resolved"`

	Dependencies         map[string]string `json:"dependencies,omitempty"`
	DevDependencies      map[string]string `json:"devDependencies,omitempty"`
	OptionalDependencies map[string]string `json:"optionalDependencies,omitempty"`
	PeerDependencies     map[string]string `json:"peerDependencies,omitempty"`

	Dev         bool `json:"dev,omitempty"`
	DevOptional bool `json:"devOptional,omitempty"`
	Optional    bool `json:"optional,omitempty"`

	Link bool `json:"link,omitempty"`
}

type NpmLockfile 

type NpmLockfile struct {
	Version int `json:"lockfileVersion"`
	// npm v1- lockfiles use "dependencies"
	Dependencies map[string]NpmLockDependency `json:"dependencies,omitempty"`
	// npm v2+ lockfiles use "packages"
	Packages map[string]NpmLockPackage `json:"packages,omitempty"`
}

type NuGetLockExtractor 

type NuGetLockExtractor struct{}

func (NuGetLockExtractor) Extract 

func (e NuGetLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (NuGetLockExtractor) ShouldExtract 

func (e NuGetLockExtractor) ShouldExtract(path string) bool

type NuGetLockPackage 

type NuGetLockPackage struct {
	Resolved string `json:"resolved"`
}

type NuGetLockfile 

type NuGetLockfile struct {
	Version      int                                    `json:"version"`
	Dependencies map[string]map[string]NuGetLockPackage `json:"dependencies"`
}

NuGetLockfile contains the required dependency information as defined in https://github.com/NuGet/NuGet.Client/blob/6.5.0.136/src/NuGet.Core/NuGet.ProjectModel/ProjectLockFile/PackagesLockFileFormat.cs

type OSVScannerResultsExtractor 

type OSVScannerResultsExtractor struct{}

func (OSVScannerResultsExtractor) Extract 

func (e OSVScannerResultsExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (OSVScannerResultsExtractor) ShouldExtract 

func (e OSVScannerResultsExtractor) ShouldExtract(path string) bool

type PackageDetails 

type PackageDetails struct {
	Name      string    `json:"name"`
	Version   string    `json:"version"`
	Commit    string    `json:"commit,omitempty"`
	Ecosystem Ecosystem `json:"ecosystem,omitempty"`
	CompareAs Ecosystem `json:"compareAs,omitempty"`
	DepGroups []string  `json:"-"`
}

func ParseApkInstalled 

func ParseApkInstalled(pathToLockfile string) ([]PackageDetails, error)

func ParseComposerLock 

func ParseComposerLock(pathToLockfile string) ([]PackageDetails, error)

func ParseConanLock 

func ParseConanLock(pathToLockfile string) ([]PackageDetails, error)

func ParseDpkgStatus 

func ParseDpkgStatus(pathToLockfile string) ([]PackageDetails, error)

func ParseGemfileLock 

func ParseGemfileLock(pathToLockfile string) ([]PackageDetails, error)

func ParseGoLock 

func ParseGoLock(pathToLockfile string) ([]PackageDetails, error)

func ParseGradleLock 

func ParseGradleLock(pathToLockfile string) ([]PackageDetails, error)

func ParseMavenLock 

func ParseMavenLock(pathToLockfile string) ([]PackageDetails, error)

func ParseMixLock 

func ParseMixLock(pathToLockfile string) ([]PackageDetails, error)

func ParseNpmLock 

func ParseNpmLock(pathToLockfile string) ([]PackageDetails, error)

func ParseNuGetLock 

func ParseNuGetLock(pathToLockfile string) ([]PackageDetails, error)

func ParseOSVScannerResults 

func ParseOSVScannerResults(pathToLockfile string) ([]PackageDetails, error)

func ParsePipenvLock 

func ParsePipenvLock(pathToLockfile string) ([]PackageDetails, error)

func ParsePnpmLock 

func ParsePnpmLock(pathToLockfile string) ([]PackageDetails, error)

func ParsePubspecLock 

func ParsePubspecLock(pathToLockfile string) ([]PackageDetails, error)

func ParseRenvLock 

func ParseRenvLock(pathToLockfile string) ([]PackageDetails, error)

func ParseRequirementsTxt 

func ParseRequirementsTxt(pathToLockfile string) ([]PackageDetails, error)

func ParseYarnLock 

func ParseYarnLock(pathToLockfile string) ([]PackageDetails, error)

type PackageDetailsParser 

type PackageDetailsParser = func(pathToLockfile string) ([]PackageDetails, error)

func FindParser 

func FindParser(pathToLockfile string, parseAs string) (PackageDetailsParser, string)

type Packages 

type Packages []PackageDetails

func (Packages) Ecosystems 

func (ps Packages) Ecosystems() []Ecosystem

type PipenvLock 

type PipenvLock struct {
	Packages    map[string]PipenvPackage `json:"default"`
	PackagesDev map[string]PipenvPackage `json:"develop"`
}

type PipenvLockExtractor 

type PipenvLockExtractor struct{}

func (PipenvLockExtractor) Extract 

func (e PipenvLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (PipenvLockExtractor) ShouldExtract 

func (e PipenvLockExtractor) ShouldExtract(path string) bool

type PipenvPackage 

type PipenvPackage struct {
	Version string `json:"version"`
}

type PnpmLockExtractor 

type PnpmLockExtractor struct{}

func (PnpmLockExtractor) Extract 

func (e PnpmLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (PnpmLockExtractor) ShouldExtract 

func (e PnpmLockExtractor) ShouldExtract(path string) bool

type PnpmLockPackage 

type PnpmLockPackage struct {
	Resolution PnpmLockPackageResolution `yaml:"resolution"`
	Name       string                    `yaml:"name"`
	Version    string                    `yaml:"version"`
	Dev        bool                      `yaml:"dev"`
}

type PnpmLockPackageResolution 

type PnpmLockPackageResolution struct {
	Tarball string `yaml:"tarball"`
	Commit  string `yaml:"commit"`
	Repo    string `yaml:"repo"`
	Type    string `yaml:"type"`
}

type PnpmLockfile 

type PnpmLockfile struct {
	Version  float64                    `yaml:"lockfileVersion"`
	Packages map[string]PnpmLockPackage `yaml:"packages,omitempty"`
}

func (*PnpmLockfile) UnmarshalYAML 

func (l *PnpmLockfile) UnmarshalYAML(unmarshal func(interface{}) error) error

type PubspecLockDescription 

type PubspecLockDescription struct {
	Name string `yaml:"name"`
	URL  string `yaml:"url"`
	Path string `yaml:"path"`
	Ref  string `yaml:"resolved-ref"`
}

func (*PubspecLockDescription) UnmarshalYAML 

func (pld *PubspecLockDescription) UnmarshalYAML(value *yaml.Node) error

type PubspecLockExtractor 

type PubspecLockExtractor struct{}

func (PubspecLockExtractor) Extract 

func (e PubspecLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (PubspecLockExtractor) ShouldExtract 

func (e PubspecLockExtractor) ShouldExtract(path string) bool

type PubspecLockPackage 

type PubspecLockPackage struct {
	Source      string                 `yaml:"source"`
	Description PubspecLockDescription `yaml:"description"`
	Version     string                 `yaml:"version"`
	Dependency  string                 `yaml:"dependency"`
}

type PubspecLockfile 

type PubspecLockfile struct {
	Packages map[string]PubspecLockPackage `yaml:"packages,omitempty"`
	Sdks     map[string]string             `yaml:"sdks"`
}

type RenvLockExtractor 

type RenvLockExtractor struct{}

func (RenvLockExtractor) Extract 

func (e RenvLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (RenvLockExtractor) ShouldExtract 

func (e RenvLockExtractor) ShouldExtract(path string) bool

type RenvLockfile 

type RenvLockfile struct {
	Packages map[string]RenvPackage `json:"Packages"`
}

type RenvPackage 

type RenvPackage struct {
	Package    string `json:"Package"`
	Version    string `json:"Version"`
	Repository string `json:"Repository"`
}

type RequirementsTxtExtractor 

type RequirementsTxtExtractor struct{}

func (RequirementsTxtExtractor) Extract 

func (e RequirementsTxtExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (RequirementsTxtExtractor) ShouldExtract 

func (e RequirementsTxtExtractor) ShouldExtract(path string) bool

type YarnLockExtractor 

type YarnLockExtractor struct{}

func (YarnLockExtractor) Extract 

func (e YarnLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (YarnLockExtractor) ShouldExtract 

func (e YarnLockExtractor) ShouldExtract(path string) bool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.