feat(gradle): add *gradle.lockfile parser

pkg/gradle/lockfile/parse.go

@@ -0,0 +1,39 @@
+package lockfile
+
+import (
+	"bufio"
+	"strings"
+
+	dio "github.com/aquasecurity/go-dep-parser/pkg/io"
+	"github.com/aquasecurity/go-dep-parser/pkg/types"
+	"github.com/aquasecurity/go-dep-parser/pkg/utils"
+)
+
+type Parser struct{}
+
+func NewParser() types.Parser {
+	return &Parser{}
+}
+
+func (Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+	var libs []types.Library
+	scanner := bufio.NewScanner(r)
+	for scanner.Scan() {
+		line := strings.TrimSpace(scanner.Text())
+		if strings.HasPrefix(line, "#") { // skip comments
+			continue
+		}
+
+		// dependency format: group:artifact:version=classPaths
+		dep := strings.Split(line, ":")
+		if len(dep) != 3 { // skip the last line with lists of empty configurations
+			continue
+		}
+		libs = append(libs, types.Library{
+			Name:    strings.Join(dep[:2], ":"),
+			Version: strings.Split(dep[2], "=")[0], // remove classPaths
+		})
+
+	}
+	return utils.UniqueLibraries(libs), nil, nil
+}

pkg/gradle/lockfile/parse_test.go

@@ -0,0 +1,52 @@
+package lockfile
+
+import (
+	"os"
+	"testing"
+
+	"github.com/aquasecurity/go-dep-parser/pkg/types"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestParser_Parse(t *testing.T) {
+	tests := []struct {
+		name      string
+		inputFile string
+		want      []types.Library
+	}{
+		{
+			name:      "happy path",
+			inputFile: "testdata/happy.lockfile",
+			want: []types.Library{
+				{
+					Name:    "cglib:cglib-nodep",
+					Version: "2.1.2",
+				},
+				{
+					Name:    "org.springframework:spring-asm",
+					Version: "3.1.3.RELEASE",
+				},
+				{
+					Name:    "org.springframework:spring-beans",
+					Version: "5.0.5.RELEASE",
+				},
+			},
+		},
+		{
+			name:      "empty",
+			inputFile: "testdata/empty.lockfile",
+			want:      nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			parser := NewParser()
+			f, err := os.Open(tt.inputFile)
+			assert.NoError(t, err)
+
+			libs, _, _ := parser.Parse(f)
+			assert.Equal(t, tt.want, libs)
+		})
+	}
+}

pkg/gradle/lockfile/testdata/empty.lockfile

@@ -0,0 +1,4 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+empty=incomingCatalog

pkg/gradle/lockfile/testdata/happy.lockfile

@@ -0,0 +1,8 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+cglib:cglib-nodep:2.1.2=testRuntimeClasspath,classpath
+ org.springframework:spring-asm:3.1.3.RELEASE=classpath
+org.springframework:spring-beans:5.0.5.RELEASE=compileClasspath, runtimeClasspath
+ # io.grpc:grpc-api:1.21.1=classpath
+empty=