pkg

package
v0.52.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 29, 2022 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Overview

Package pkg provides the data structures for a package, a package catalog, package types, and domain-specific metadata.

Index

Constants

View Source 
const (
	PURLQualifierArch   = "arch"
	PURLQualifierDistro = "distro"
	PURLQualifierEpoch  = "epoch"
	PURLQualifierVCSURL = "vcs_url"

	// PURLQualifierUpstream this qualifier is not in the pURL spec, but is used by grype to perform indirect matching based on source information
	PURLQualifierUpstream = "upstream"
)
View Source 
const AlpmDBGlob = "**/var/lib/pacman/local/**/desc"
View Source 
const AltRpmDBGlob = "**/rpm/{Packages,Packages.db,rpmdb.sqlite}"

AltRpmDBGlob allows db matches against new locations introduced in fedora:{36,37} See https://github.com/zj1244/syft/issues/1077 for larger context

View Source 
const ApkDBGlob = "**/lib/apk/db/installed"
View Source 
const DpkgDBGlob = "**/var/lib/dpkg/{status,status.d/**}"
View Source 
const PortageDBGlob = "**/var/db/pkg/*/*/CONTENTS"
View Source 
const RpmDBGlob = "**/var/lib/rpm/{Packages,Packages.db,rpmdb.sqlite}"

Packages is the legacy Berkely db based format Packages.db is the "ndb" format used in SUSE rpmdb.sqlite is the sqlite format used in fedora + derivates

View Source 
const RpmManifestGlob = "**/var/lib/rpmmanifest/container-manifest-2"

Used in CBL-Mariner distroless images

Variables

View Source 
var AllLanguages = []Language{
	Java,
	JavaScript,
	Python,
	PHP,
	Ruby,
	Go,
	Rust,
	Dart,
	Dotnet,
	Swift,
	CPP,
	Haskell,
	Maven,
	Gradle,
}

AllLanguages is a set of all programming languages detected by syft.

View Source 
var AllMetadataTypes = []MetadataType{
	ApkMetadataType,
	AlpmMetadataType,
	DpkgMetadataType,
	GemMetadataType,
	JavaMetadataType,
	NpmPackageJSONMetadataType,
	RpmMetadataType,
	DartPubMetadataType,
	DotnetDepsMetadataType,
	PythonPackageMetadataType,
	RustCargoPackageMetadataType,
	KbPackageMetadataType,
	GolangBinMetadataType,
	PhpComposerJSONMetadataType,
	CocoapodsMetadataType,
	ConanaMetadataType,
	PortageMetadataType,
	HackageMetadataType,
}
View Source 
var AllPkgs = []Type{
	ApkPkg,
	AlpmPkg,
	GemPkg,
	DebPkg,
	RpmPkg,
	NpmPkg,
	PythonPkg,
	PhpComposerPkg,
	JavaPkg,
	JenkinsPluginPkg,
	GoModulePkg,
	RustPkg,
	KbPkg,
	DartPubPkg,
	DotnetPkg,
	CocoapodsPkg,
	ConanPkg,
	PortagePkg,
	HackagePkg,
}

AllPkgs represents all supported package types

View Source 
var MetadataTypeByName = map[MetadataType]reflect.Type{
	ApkMetadataType:              reflect.TypeOf(ApkMetadata{}),
	AlpmMetadataType:             reflect.TypeOf(AlpmMetadata{}),
	DpkgMetadataType:             reflect.TypeOf(DpkgMetadata{}),
	GemMetadataType:              reflect.TypeOf(GemMetadata{}),
	JavaMetadataType:             reflect.TypeOf(JavaMetadata{}),
	NpmPackageJSONMetadataType:   reflect.TypeOf(NpmPackageJSONMetadata{}),
	RpmMetadataType:              reflect.TypeOf(RpmMetadata{}),
	DartPubMetadataType:          reflect.TypeOf(DartPubMetadata{}),
	DotnetDepsMetadataType:       reflect.TypeOf(DotnetDepsMetadata{}),
	PythonPackageMetadataType:    reflect.TypeOf(PythonPackageMetadata{}),
	RustCargoPackageMetadataType: reflect.TypeOf(CargoMetadata{}),
	KbPackageMetadataType:        reflect.TypeOf(KbPackageMetadata{}),
	GolangBinMetadataType:        reflect.TypeOf(GolangBinMetadata{}),
	PhpComposerJSONMetadataType:  reflect.TypeOf(PhpComposerJSONMetadata{}),
	CocoapodsMetadataType:        reflect.TypeOf(CocoapodsMetadata{}),
	ConanaMetadataType:           reflect.TypeOf(ConanMetadata{}),
	PortageMetadataType:          reflect.TypeOf(PortageMetadata{}),
	HackageMetadataType:          reflect.TypeOf(HackageMetadata{}),
}

Functions

func CPEString 

func CPEString(c CPE) string

func IsValid 

func IsValid(p *Package) bool

IsValid checks whether a package has the minimum necessary info which is a non-empty name. The nil-check was added as a helper as often, in this code base, packages move between callers as pointers. CycloneDX and SPDX define Name as the minimum required info for a valid package: * https://spdx.github.io/spdx-spec/package-information/#73-package-version-field * https://cyclonedx.org/docs/1.4/json/#components_items_name

func NewRelationships 

func NewRelationships(catalog *Catalog) []artifact.Relationship

TODO: as more relationships are added, this function signature will probably accommodate selection

func RelationshipsByFileOwnership 

func RelationshipsByFileOwnership(catalog *Catalog) []artifact.Relationship

RelationshipsByFileOwnership creates a package-to-package relationship based on discovering which packages have evidence locations that overlap with ownership claim from another package's package manager metadata.

func URL 

func URL(p Package, release *linux.Release) string

func ValidateCPEString 

func ValidateCPEString(cpeStr string) error

Types

type AlpmFileRecord 

type AlpmFileRecord struct {
	Path    string        `mapstruture:"path" json:"path,omitempty"`
	Type    string        `mapstructure:"type" json:"type,omitempty"`
	UID     string        `mapstructure:"uid" json:"uid,omitempty"`
	GID     string        `mapstructure:"gid" json:"gid,omitempty"`
	Time    time.Time     `mapstructure:"time" json:"time,omitempty"`
	Size    string        `mapstructure:"size" json:"size,omitempty"`
	Link    string        `mapstructure:"link" json:"link,omitempty"`
	Digests []file.Digest `mapstructure:"digests" json:"digest,omitempty"`
}

type AlpmMetadata 

type AlpmMetadata struct {
	BasePackage  string           `mapstructure:"base" json:"basepackage"`
	Package      string           `mapstructure:"name" json:"package"`
	Version      string           `mapstructure:"version" json:"version"`
	Description  string           `mapstructure:"desc" json:"description"`
	Architecture string           `mapstructure:"arch" json:"architecture"`
	Size         int              `mapstructure:"size" json:"size" cyclonedx:"size"`
	Packager     string           `mapstructure:"packager" json:"packager"`
	License      string           `mapstructure:"license" json:"license"`
	URL          string           `mapstructure:"url" json:"url"`
	Validation   string           `mapstructure:"validation" json:"validation"`
	Reason       int              `mapstructure:"reason" json:"reason"`
	Files        []AlpmFileRecord `mapstructure:"files" json:"files"`
	Backup       []AlpmFileRecord `mapstructure:"backup" json:"backup"`
}

func (AlpmMetadata) OwnedFiles 

func (m AlpmMetadata) OwnedFiles() (result []string)

func (AlpmMetadata) PackageURL 

func (m AlpmMetadata) PackageURL(distro *linux.Release) string

PackageURL returns the PURL for the specific Arch Linux package (see https://github.com/package-url/purl-spec)

type ApkFileRecord 

type ApkFileRecord struct {
	Path        string       `json:"path"`
	OwnerUID    string       `json:"ownerUid,omitempty"`
	OwnerGID    string       `json:"ownerGid,omitempty"`
	Permissions string       `json:"permissions,omitempty"`
	Digest      *file.Digest `json:"digest,omitempty"`
}

ApkFileRecord represents a single file listing and metadata from a APK DB entry (which may have many of these file records).

type ApkMetadata 

type ApkMetadata struct {
	Package          string          `mapstructure:"P" json:"package"`
	OriginPackage    string          `mapstructure:"o" json:"originPackage" cyclonedx:"originPackage"`
	Maintainer       string          `mapstructure:"m" json:"maintainer"`
	Version          string          `mapstructure:"V" json:"version"`
	License          string          `mapstructure:"L" json:"license"`
	Architecture     string          `mapstructure:"A" json:"architecture"`
	URL              string          `mapstructure:"U" json:"url"`
	Description      string          `mapstructure:"T" json:"description"`
	Size             int             `mapstructure:"S" json:"size" cyclonedx:"size"`
	InstalledSize    int             `mapstructure:"I" json:"installedSize" cyclonedx:"installedSize"`
	PullDependencies string          `mapstructure:"D" json:"pullDependencies" cyclonedx:"pullDependencies"`
	PullChecksum     string          `mapstructure:"C" json:"pullChecksum" cyclonedx:"pullChecksum"`
	GitCommitOfAport string          `mapstructure:"c" json:"gitCommitOfApkPort" cyclonedx:"gitCommitOfApkPort"`
	Files            []ApkFileRecord `json:"files"`
}

ApkMetadata represents all captured data for a Alpine DB package entry. See the following sources for more information: - https://wiki.alpinelinux.org/wiki/Apk_spec - https://git.alpinelinux.org/apk-tools/tree/src/package.c - https://git.alpinelinux.org/apk-tools/tree/src/database.c

func (ApkMetadata) OwnedFiles 

func (m ApkMetadata) OwnedFiles() (result []string)

func (ApkMetadata) PackageURL 

func (m ApkMetadata) PackageURL(distro *linux.Release) string

PackageURL returns the PURL for the specific Alpine package (see https://github.com/package-url/purl-spec)

type ArchiveInfo 

type ArchiveInfo struct {
	Hash string `json:"hash"`
}

type CPE 

type CPE = wfn.Attributes

func MustCPE 

func MustCPE(cpeStr string) CPE

func NewCPE 

func NewCPE(cpeStr string) (CPE, error)

NewCPE will parse a formatted CPE string and return a CPE object. Some input, such as the existence of whitespace characters is allowed, however, a more strict validation is done after this sanitization process.

type CPEBySpecificity 

type CPEBySpecificity []wfn.Attributes

func (CPEBySpecificity) Len 

func (c CPEBySpecificity) Len() int

func (CPEBySpecificity) Less 

func (c CPEBySpecificity) Less(i, j int) bool

func (CPEBySpecificity) Swap 

func (c CPEBySpecificity) Swap(i, j int)

type CargoMetadata 

type CargoMetadata struct {
	Packages []CargoPackageMetadata `toml:"package"`
}

func (CargoMetadata) Pkgs 

func (m CargoMetadata) Pkgs() []*Package

Pkgs returns all of the packages referenced within the Cargo.lock metadata.

type CargoPackageMetadata 

type CargoPackageMetadata struct {
	Name         string   `toml:"name" json:"name"`
	Version      string   `toml:"version" json:"version"`
	Source       string   `toml:"source" json:"source"`
	Checksum     string   `toml:"checksum" json:"checksum"`
	Dependencies []string `toml:"dependencies" json:"dependencies"`
}

func (CargoPackageMetadata) PackageURL 

func (p CargoPackageMetadata) PackageURL(_ *linux.Release) string

PackageURL returns the PURL for the specific rust package (see https://github.com/package-url/purl-spec)

func (CargoPackageMetadata) Pkg 

func (p CargoPackageMetadata) Pkg() *Package

Pkg returns the standard `pkg.Package` representation of the package referenced within the Cargo.lock metadata.

type Catalog 

type Catalog struct {
	// contains filtered or unexported fields
}

Catalog represents a collection of Packages.

func NewCatalog 

func NewCatalog(pkgs ...Package) *Catalog

NewCatalog returns a new empty Catalog

func (*Catalog) Add 

func (c *Catalog) Add(p Package)

Add a package to the Catalog.

func (*Catalog) Enumerate 

func (c *Catalog) Enumerate(types ...Type) <-chan Package

Enumerate all packages for the given type(s), enumerating all packages if no type is specified.

func (*Catalog) Package 

func (c *Catalog) Package(id artifact.ID) *Package

Package returns the package with the given ID.

func (*Catalog) PackageCount 

func (c *Catalog) PackageCount() int

PackageCount returns the total number of packages that have been added.

func (*Catalog) Packages 

func (c *Catalog) Packages(ids []artifact.ID) (result []Package)

Packages returns all packages for the given ID.

func (*Catalog) PackagesByName 

func (c *Catalog) PackagesByName(name string) []Package

PackagesByName returns all packages that were discovered with a matching name.

func (*Catalog) PackagesByPath 

func (c *Catalog) PackagesByPath(path string) []Package

PackagesByPath returns all packages that were discovered from the given path.

func (*Catalog) Sorted 

func (c *Catalog) Sorted(types ...Type) (pkgs []Package)

Sorted enumerates all packages for the given types sorted by package name. Enumerates all packages if no type is specified.

type CocoapodsMetadata 

type CocoapodsMetadata struct {
	Name    string `mapstructure:"name" json:"name"`
	Version string `mapstructure:"version" json:"version"`
	PkgHash string `mapstructure:"pkgHash" json:"pkgHash"`
}

func (CocoapodsMetadata) PackageURL 

func (m CocoapodsMetadata) PackageURL(_ *linux.Release) string

type ConanMetadata 

type ConanMetadata struct {
	Name    string `mapstructure:"name" json:"name"`
	Version string `mapstructure:"version" json:"version"`
}

func (ConanMetadata) PackageURL 

func (m ConanMetadata) PackageURL(_ *linux.Release) string

type DartPubMetadata 

type DartPubMetadata struct {
	Name      string `mapstructure:"name" json:"name"`
	Version   string `mapstructure:"version" json:"version"`
	HostedURL string `mapstructure:"hosted_url" json:"hosted_url,omitempty"`
	VcsURL    string `mapstructure:"vcs_url" json:"vcs_url,omitempty"`
}

func (DartPubMetadata) PackageURL 

func (m DartPubMetadata) PackageURL(_ *linux.Release) string

type DirInfo 

type DirInfo struct {
	Editable bool `json:"editable"`
}

type DirectURLOrigin 

type DirectURLOrigin struct {
	URL         string      `json:"url"`
	VCSInfo     VCSInfo     `json:"vcs_info"`
	ArchiveInfo ArchiveInfo `json:"archive_info"`
	DirInfo     DirInfo     `json:"dir_info"`
}

type DotnetDepsMetadata 

type DotnetDepsMetadata struct {
	Name     string `mapstructure:"name" json:"name"`
	Version  string `mapstructure:"version" json:"version"`
	Path     string `mapstructure:"path" json:"path"`
	Sha512   string `mapstructure:"sha512" json:"sha512"`
	HashPath string `mapstructure:"hashPath" json:"hashPath"`
}

func (DotnetDepsMetadata) PackageURL 

func (m DotnetDepsMetadata) PackageURL(_ *linux.Release) string

type DpkgFileRecord 

type DpkgFileRecord struct {
	Path         string       `json:"path"`
	Digest       *file.Digest `json:"digest,omitempty"`
	IsConfigFile bool         `json:"isConfigFile"`
}

DpkgFileRecord represents a single file attributed to a debian package.

type DpkgMetadata 

type DpkgMetadata struct {
	Package       string           `mapstructure:"Package" json:"package"`
	Source        string           `mapstructure:"Source" json:"source" cyclonedx:"source"`
	Version       string           `mapstructure:"Version" json:"version"`
	SourceVersion string           `mapstructure:"SourceVersion" json:"sourceVersion" cyclonedx:"sourceVersion"`
	Architecture  string           `mapstructure:"Architecture" json:"architecture"`
	Maintainer    string           `mapstructure:"Maintainer" json:"maintainer"`
	InstalledSize int              `mapstructure:"InstalledSize" json:"installedSize" cyclonedx:"installedSize"`
	Description   string           `mapstructure:"Description" hash:"ignore" json:"-"`
	Files         []DpkgFileRecord `json:"files"`
}

DpkgMetadata represents all captured data for a Debian package DB entry; available fields are described at http://manpages.ubuntu.com/manpages/xenial/man1/dpkg-query.1.html in the --showformat section.

func (DpkgMetadata) OwnedFiles 

func (m DpkgMetadata) OwnedFiles() (result []string)

func (DpkgMetadata) PackageURL 

func (m DpkgMetadata) PackageURL(distro *linux.Release) string

PackageURL returns the PURL for the specific Debian package (see https://github.com/package-url/purl-spec)

type FileOwner 

type FileOwner interface {
	OwnedFiles() []string
}

FileOwner is the interface that wraps OwnedFiles method.

OwnedFiles returns a list of files that a piece of package Metadata indicates are owned by the package.

type GemMetadata 

type GemMetadata struct {
	Name     string   `mapstructure:"name" json:"name"`
	Version  string   `mapstructure:"version" json:"version"`
	Files    []string `mapstructure:"files" json:"files,omitempty"`
	Authors  []string `mapstructure:"authors" json:"authors,omitempty"`
	Licenses []string `mapstructure:"licenses" json:"licenses,omitempty"`
	Homepage string   `mapstructure:"homepage" json:"homepage,omitempty"`
}

GemMetadata represents all metadata parsed from the gemspec file

type GolangBinMetadata 

type GolangBinMetadata struct {
	BuildSettings     map[string]string `json:"goBuildSettings,omitempty" cyclonedx:"goBuildSettings"`
	GoCompiledVersion string            `json:"goCompiledVersion" cyclonedx:"goCompiledVersion"`
	Architecture      string            `json:"architecture" cyclonedx:"architecture"`
	H1Digest          string            `json:"h1Digest,omitempty" cyclonedx:"h1Digest"`
	MainModule        string            `json:"mainModule,omitempty" cyclonedx:"mainModule"`
}

GolangBinMetadata represents all captured data for a Golang Binary

type HackageMetadata 

type HackageMetadata struct {
	Name        string  `mapstructure:"name" json:"name"`
	Version     string  `mapstructure:"version" json:"version"`
	PkgHash     *string `mapstructure:"pkgHash" json:"pkgHash,omitempty"`
	SnapshotURL *string `mapstructure:"snapshotURL" json:"snapshotURL,omitempty"`
}

func (HackageMetadata) PackageURL 

func (m HackageMetadata) PackageURL(_ *linux.Release) string

type JavaManifest 

type JavaManifest struct {
	Main          map[string]string            `json:"main,omitempty"`
	NamedSections map[string]map[string]string `json:"namedSections,omitempty"`
}

JavaManifest represents the fields of interest extracted from a Java archive's META-INF/MANIFEST.MF file.

type JavaMetadata 

type JavaMetadata struct {
	VirtualPath    string         `json:"virtualPath" cyclonedx:"virtualPath"` // we need to include the virtual path in cyclonedx documents to prevent deduplication of jars within jars
	Manifest       *JavaManifest  `mapstructure:"Manifest" json:"manifest,omitempty"`
	PomProperties  *PomProperties `mapstructure:"PomProperties" json:"pomProperties,omitempty" cyclonedx:"-"`
	PomProject     *PomProject    `mapstructure:"PomProject" json:"pomProject,omitempty"`
	ArchiveDigests []file.Digest  `hash:"ignore" json:"digest,omitempty"`
	PURL           string         `hash:"ignore" json:"-"` // pURLs and CPEs are ignored for package IDs
	Parent         *Package       `hash:"ignore" json:"-"` // note: the parent cannot be included in the minimal definition of uniqueness since this field is not reproducible in an encode-decode cycle (is lossy).
}

JavaMetadata encapsulates all Java ecosystem metadata for a package as well as an (optional) parent relationship.

func (JavaMetadata) PackageURL 

func (m JavaMetadata) PackageURL(_ *linux.Release) string

PackageURL returns the PURL for the specific Maven package (see https://github.com/package-url/purl-spec)

type KbPackageMetadata 

type KbPackageMetadata struct {
	ProductID string `toml:"product_id" json:"product_id"`
	Kb        string `toml:"kb" json:"kb"`
}

KbPackageMetadata is slightly odd in how it is expected to map onto data. This is critical to grasp because there is no MSRC cataloger. The `ProductID` field is expected to be the MSRC Product ID, for example: "Windows 10 Version 1703 for 32-bit Systems". `Kb` is expected to be the actual KB number, for example "5001028"

type Language 

type Language string

Language represents a single programming language. 

const (
	// the full set of supported programming languages
	UnknownLanguage Language = ""
	Java            Language = "java"
	JavaScript      Language = "javascript"
	Python          Language = "python"
	PHP             Language = "php"
	Ruby            Language = "ruby"
	Go              Language = "go"
	Rust            Language = "rust"
	Dart            Language = "dart"
	Dotnet          Language = "dotnet"
	Swift           Language = "swift"
	CPP             Language = "c++"
	Haskell         Language = "haskell"
	Maven           Language = "maven"
	Gradle          Language = "gradle"
)

func LanguageByName 

func LanguageByName(name string) Language

func LanguageFromPURL 

func LanguageFromPURL(p string) Language

func (Language) String 

func (l Language) String() string

type MetadataType 

type MetadataType string

MetadataType represents the data shape stored within pkg.Package.Metadata. 

const (
	UnknownMetadataType          MetadataType = "UnknownMetadata"
	ApkMetadataType              MetadataType = "ApkMetadata"
	AlpmMetadataType             MetadataType = "AlpmMetadata"
	DpkgMetadataType             MetadataType = "DpkgMetadata"
	GemMetadataType              MetadataType = "GemMetadata"
	JavaMetadataType             MetadataType = "JavaMetadata"
	NpmPackageJSONMetadataType   MetadataType = "NpmPackageJsonMetadata"
	RpmMetadataType              MetadataType = "RpmMetadata"
	DartPubMetadataType          MetadataType = "DartPubMetadata"
	DotnetDepsMetadataType       MetadataType = "DotnetDepsMetadata"
	PythonPackageMetadataType    MetadataType = "PythonPackageMetadata"
	RustCargoPackageMetadataType MetadataType = "RustCargoPackageMetadata"
	KbPackageMetadataType        MetadataType = "KbPackageMetadata"
	GolangBinMetadataType        MetadataType = "GolangBinMetadata"
	PhpComposerJSONMetadataType  MetadataType = "PhpComposerJsonMetadata"
	CocoapodsMetadataType        MetadataType = "CocoapodsMetadataType"
	ConanaMetadataType           MetadataType = "ConanaMetadataType"
	PortageMetadataType          MetadataType = "PortageMetadata"
	HackageMetadataType          MetadataType = "HackageMetadataType"
)

func CleanMetadataType 

func CleanMetadataType(typ MetadataType) MetadataType

type NpmPackageJSONMetadata 

type NpmPackageJSONMetadata struct {
	Name        string   `mapstructure:"name" json:"name"`
	Version     string   `mapstructure:"version" json:"version"`
	Files       []string `mapstructure:"files" json:"files,omitempty"`
	Author      string   `mapstructure:"author" json:"author"`
	Licenses    []string `mapstructure:"licenses" json:"licenses"`
	Homepage    string   `mapstructure:"homepage" json:"homepage"`
	Description string   `mapstructure:"description" json:"description"`
	URL         string   `mapstructure:"url" json:"url"`
	Private     bool     `mapstructure:"private" json:"private"`
}

NpmPackageJSONMetadata holds extra information that is used in pkg.Package

func (NpmPackageJSONMetadata) PackageURL 

func (p NpmPackageJSONMetadata) PackageURL(_ *linux.Release) string

PackageURL returns the PURL for the specific NPM package (see https://github.com/package-url/purl-spec)

type Package 

type Package struct {
	Name         string             // the package name
	Version      string             // the version of the package
	FoundBy      string             `cyclonedx:"foundBy"` // the specific cataloger that discovered this package
	Locations    source.LocationSet // the locations that lead to the discovery of this package (note: this is not necessarily the locations that make up this package)
	Licenses     []string           // licenses discovered with the package metadata
	Language     Language           `cyclonedx:"language"`     // the language ecosystem this package belongs to (e.g. JavaScript, Python, etc)
	Type         Type               `cyclonedx:"type"`         // the package type (e.g. Npm, Yarn, Python, Rpm, Deb, etc)
	CPEs         []CPE              `hash:"ignore"`            // all possible Common Platform Enumerators (note: this is NOT included in the definition of the ID since all fields on a CPE are derived from other fields)
	PURL         string             `hash:"ignore"`            // the Package URL (see https://github.com/package-url/purl-spec)
	MetadataType MetadataType       `cyclonedx:"metadataType"` // the shape of the additional data in the "metadata" field
	Metadata     interface{}        // additional data found while parsing the package source
	GroupName    string
	// contains filtered or unexported fields
}

Package represents an application or library that has been bundled into a distributable format. TODO: if we ignore FoundBy for ID generation should we merge the field to show it was found in two places?

func (Package) ID 

func (p Package) ID() artifact.ID

func (*Package) OverrideID 

func (p *Package) OverrideID(id artifact.ID)

func (*Package) SetID 

func (p *Package) SetID()

func (Package) String 

func (p Package) String() string

Stringer to represent a package.

type PhpComposerAuthors 

type PhpComposerAuthors struct {
	Name     string `json:"name"`
	Email    string `json:"email,omitempty"`
	Homepage string `json:"homepage,omitempty"`
}

type PhpComposerExternalReference 

type PhpComposerExternalReference struct {
	Type      string `json:"type"`
	URL       string `json:"url"`
	Reference string `json:"reference"`
	Shasum    string `json:"shasum,omitempty"`
}

type PhpComposerJSONMetadata 

type PhpComposerJSONMetadata struct {
	Name            string                       `json:"name"`
	Version         string                       `json:"version"`
	Source          PhpComposerExternalReference `json:"source"`
	Dist            PhpComposerExternalReference `json:"dist"`
	Require         map[string]string            `json:"require,omitempty"`
	Provide         map[string]string            `json:"provide,omitempty"`
	RequireDev      map[string]string            `json:"require-dev,omitempty"`
	Suggest         map[string]string            `json:"suggest,omitempty"`
	Type            string                       `json:"type,omitempty"`
	NotificationURL string                       `json:"notification-url,omitempty"`
	Bin             []string                     `json:"bin,omitempty"`
	License         []string                     `json:"license,omitempty"`
	Authors         []PhpComposerAuthors         `json:"authors,omitempty"`
	Description     string                       `json:"description,omitempty"`
	Homepage        string                       `json:"homepage,omitempty"`
	Keywords        []string                     `json:"keywords,omitempty"`
	Time            string                       `json:"time,omitempty"`
}

PhpComposerJSONMetadata represents information found from composer v1/v2 "installed.json" files as well as composer.lock files

func (PhpComposerJSONMetadata) PackageURL 

func (m PhpComposerJSONMetadata) PackageURL(_ *linux.Release) string

type PomParent 

type PomParent struct {
	GroupID    string `json:"groupId"`
	ArtifactID string `json:"artifactId"`
	Version    string `json:"version"`
}

PomParent contains the fields within the <parent> tag in a pom.xml file

type PomProject 

type PomProject struct {
	Path        string     `json:"path"`
	Parent      *PomParent `json:"parent,omitempty"`
	GroupID     string     `json:"groupId"`
	ArtifactID  string     `json:"artifactId"`
	Version     string     `json:"version"`
	Name        string     `json:"name"`
	Description string     `json:"description,omitempty"`
	URL         string     `json:"url,omitempty"`
}

PomProject represents fields of interest extracted from a Java archive's pom.xml file. See https://maven.apache.org/ref/3.6.3/maven-model/maven.html for more details.

type PomProperties 

type PomProperties struct {
	Path       string            `mapstructure:"path" json:"path"`
	Name       string            `mapstructure:"name" json:"name"`
	GroupID    string            `mapstructure:"groupId" json:"groupId" cyclonedx:"groupID"`
	ArtifactID string            `mapstructure:"artifactId" json:"artifactId" cyclonedx:"artifactID"`
	Version    string            `mapstructure:"version" json:"version"`
	Extra      map[string]string `mapstructure:",remain" json:"extraFields"`
}

PomProperties represents the fields of interest extracted from a Java archive's pom.properties file.

func (PomProperties) PkgTypeIndicated 

func (p PomProperties) PkgTypeIndicated() Type

PkgTypeIndicated returns the package Type indicated by the data contained in the PomProperties.

type PortageFileRecord 

type PortageFileRecord struct {
	Path   string       `json:"path"`
	Digest *file.Digest `json:"digest,omitempty"`
}

PortageFileRecord represents a single file attributed to a portage package.

type PortageMetadata 

type PortageMetadata struct {
	Package       string              `mapstructure:"Package" json:"package"`
	Version       string              `mapstructure:"Version" json:"version"`
	InstalledSize int                 `mapstructure:"InstalledSize" json:"installedSize" cyclonedx:"installedSize"`
	Files         []PortageFileRecord `json:"files"`
}

PortageMetadata represents all captured data for a Package package DB entry.

type PythonDirectURLOriginInfo 

type PythonDirectURLOriginInfo struct {
	URL      string `json:"url"`
	CommitID string `json:"commitId,omitempty"`
	VCS      string `json:"vcs,omitempty"`
}

type PythonFileDigest 

type PythonFileDigest struct {
	Algorithm string `json:"algorithm"`
	Value     string `json:"value"`
}

PythonFileDigest represents the file metadata for a single file attributed to a python package.

type PythonFileRecord 

type PythonFileRecord struct {
	Path   string            `json:"path"`
	Digest *PythonFileDigest `json:"digest,omitempty"`
	Size   string            `json:"size,omitempty"`
}

PythonFileRecord represents a single entry within a RECORD file for a python wheel or egg package

type PythonPackageMetadata 

type PythonPackageMetadata struct {
	Name                 string                     `json:"name" mapstruct:"Name"`
	Version              string                     `json:"version" mapstruct:"Version"`
	License              string                     `json:"license" mapstruct:"License"`
	Author               string                     `json:"author" mapstruct:"Author"`
	AuthorEmail          string                     `json:"authorEmail" mapstruct:"Authoremail"`
	Platform             string                     `json:"platform" mapstruct:"Platform"`
	Files                []PythonFileRecord         `json:"files,omitempty"`
	SitePackagesRootPath string                     `json:"sitePackagesRootPath"`
	TopLevelPackages     []string                   `json:"topLevelPackages,omitempty"`
	DirectURLOrigin      *PythonDirectURLOriginInfo `json:"directUrlOrigin,omitempty"`
}

PythonPackageMetadata represents all captured data for a python egg or wheel package.

func (PythonPackageMetadata) OwnedFiles 

func (m PythonPackageMetadata) OwnedFiles() (result []string)

func (PythonPackageMetadata) PackageURL 

func (m PythonPackageMetadata) PackageURL(_ *linux.Release) string

type RpmMetadata 

type RpmMetadata struct {
	Name            string            `json:"name"`
	Version         string            `json:"version"`
	Epoch           *int              `json:"epoch"  cyclonedx:"epoch" jsonschema:"nullable"`
	Arch            string            `json:"architecture"`
	Release         string            `json:"release" cyclonedx:"release"`
	SourceRpm       string            `json:"sourceRpm" cyclonedx:"sourceRpm"`
	Size            int               `json:"size" cyclonedx:"size"`
	License         string            `json:"license"`
	Vendor          string            `json:"vendor"`
	ModularityLabel string            `json:"modularityLabel"`
	Files           []RpmdbFileRecord `json:"files"`
}

RpmMetadata represents all captured data for a RPM DB package entry.

func (RpmMetadata) OwnedFiles 

func (m RpmMetadata) OwnedFiles() (result []string)

func (RpmMetadata) PackageURL 

func (m RpmMetadata) PackageURL(distro *linux.Release) string

PackageURL returns the PURL for the specific RHEL package (see https://github.com/package-url/purl-spec)

type RpmdbFileMode 

type RpmdbFileMode uint16

RpmdbFileMode is the raw file mode for a single file. This can be interpreted as the linux stat.h mode (see https://pubs.opengroup.org/onlinepubs/007908799/xsh/sysstat.h.html)

type RpmdbFileRecord 

type RpmdbFileRecord struct {
	Path      string        `json:"path"`
	Mode      RpmdbFileMode `json:"mode"`
	Size      int           `json:"size"`
	Digest    file.Digest   `json:"digest"`
	UserName  string        `json:"userName"`
	GroupName string        `json:"groupName"`
	Flags     string        `json:"flags"`
}

RpmdbFileRecord represents the file metadata for a single file attributed to a RPM package.

type Type 

type Type string

Type represents a Package Type for or within a language ecosystem (there may be multiple package types within a language ecosystem) 

const (
	// the full set of supported packages
	UnknownPkg       Type = "UnknownPackage"
	ApkPkg           Type = "apk"
	AlpmPkg          Type = "alpm"
	GemPkg           Type = "gem"
	DebPkg           Type = "deb"
	RpmPkg           Type = "rpm"
	NpmPkg           Type = "npm"
	PythonPkg        Type = "python"
	PhpComposerPkg   Type = "php-composer"
	JavaPkg          Type = "java-archive"
	JenkinsPluginPkg Type = "jenkins-plugin"
	GoModulePkg      Type = "go-module"
	RustPkg          Type = "rust-crate"
	KbPkg            Type = "msrc-kb"
	DartPubPkg       Type = "dart-pub"
	DotnetPkg        Type = "dotnet"
	CocoapodsPkg     Type = "pod"
	ConanPkg         Type = "conan"
	PortagePkg       Type = "portage"
	HackagePkg       Type = "hackage"
)

func TypeByName 

func TypeByName(name string) Type

func TypeFromPURL 

func TypeFromPURL(p string) Type

func (Type) PackageURLType 

func (t Type) PackageURLType() string

PackageURLType returns the PURL package type for the current package.

type VCSInfo 

type VCSInfo struct {
	CommitID          string `json:"commit_id"`
	VCS               string `json:"vcs"`
	RequestedRevision string `json:"requested_revision"`
}

Source Files

View all Source files

Directories

Path Synopsis
Package cataloger provides the ability to process files from a container image or file system and discover packages (gems, wheels, jars, rpms, debs, etc).
 Package cataloger provides the ability to process files from a container image or file system and discover packages (gems, wheels, jars, rpms, debs, etc).
alpm
apkdb
Package apkdb provides a concrete Cataloger implementation for Alpine DB files.
 Package apkdb provides a concrete Cataloger implementation for Alpine DB files.
common
Package common provides generic utilities used by multiple catalogers.
 Package common provides generic utilities used by multiple catalogers.
common/cpe
cpp
dart
deb
Package dpkg provides a concrete Cataloger implementation for Debian package DB status files.
 Package dpkg provides a concrete Cataloger implementation for Debian package DB status files.
dotnet
golang
Package golang provides a concrete Cataloger implementation for go.mod files.
 Package golang provides a concrete Cataloger implementation for go.mod files.
golang/internal/xcoff
haskell
internal/unionreader
java
Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, par, sar, jpi, hpi formats).
 Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, par, sar, jpi, hpi formats).
javascript
Package javascript provides a concrete Cataloger implementation for JavaScript ecosystem files (yarn and npm).
 Package javascript provides a concrete Cataloger implementation for JavaScript ecosystem files (yarn and npm).
php
Package php provides a concrete Cataloger implementation for PHP ecosystem files.
 Package php provides a concrete Cataloger implementation for PHP ecosystem files.
portage
Package portage provides a concrete Cataloger implementation for Gentoo Portage.
 Package portage provides a concrete Cataloger implementation for Gentoo Portage.
python
Package python provides a concrete Cataloger implementation for Python ecosystem files (egg, wheel, requirements.txt).
 Package python provides a concrete Cataloger implementation for Python ecosystem files (egg, wheel, requirements.txt).
rpm
Package rpm provides a concrete DBCataloger implementation for RPM "Package" DB files and a FileCataloger for RPM files.
 Package rpm provides a concrete DBCataloger implementation for RPM "Package" DB files and a FileCataloger for RPM files.
ruby
Package ruby bundler provides a concrete Cataloger implementation for Ruby Gemfile.lock bundler files.
 Package ruby bundler provides a concrete Cataloger implementation for Ruby Gemfile.lock bundler files.
rust
Package rust provides a concrete Cataloger implementation for Cargo.lock files.
 Package rust provides a concrete Cataloger implementation for Cargo.lock files.
swift
Package swift provides a concrete Cataloger implementation for Podfile.lock files.
 Package swift provides a concrete Cataloger implementation for Podfile.lock files.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.