feat: add parser for canon.lock files #128
Conversation
pkg/c/conan/lock/parse.go
Outdated
| dio "github.com/aquasecurity/go-dep-parser/pkg/io" | ||
| "github.com/aquasecurity/go-dep-parser/pkg/types" | ||
| "golang.org/x/xerrors" | ||
| ) |
There was a problem hiding this comment.
doesn't golangci-lint show goimport error?
pkg/c/conan/lock/parse.go
Outdated
| // 'pkgc/system' | ||
| ref := strings.Split(strings.Split(nod.Ref, "@")[0], "/") | ||
| if len(ref) != 2 { | ||
| return nil, nil, xerrors.Errorf("unable to parse ref: %s", nod.Ref) |
There was a problem hiding this comment.
maybe i miss something.
there will be an error even for one broken ref. right?
I'd prefer to write logs and continue. but if we don't have logging, breaking is better way.
There was a problem hiding this comment.
It makes sense.
I have added a debug message. Can you take a look?
pkg/c/conan/lock/parse.go
Outdated
| // skip system dependencies | ||
| if ref[1] == "system" { | ||
| continue | ||
| } |
There was a problem hiding this comment.
why should we skip system deps?
There was a problem hiding this comment.
conan system dependencies have a system only version (e.g. glu)
At first I thought that we need to skip these dependencies, but currently I think we need to keep all dependencies.
Thank for your note! Changed it.
pkg/c/conan/lock/parse.go
Outdated
| Nodes map[string]Nod `json:"nodes"` | ||
| } | ||
|
|
||
| type Nod struct { |
There was a problem hiding this comment.
Any reason we cannot use Node?
There was a problem hiding this comment.
This is my typo, fixed. Thanks.
pkg/c/conan/lock/parse_test.go
Outdated
| f, err := os.Open(tt.inputFile) | ||
| require.NoError(t, err) |
There was a problem hiding this comment.
| f, err := os.Open(tt.inputFile) | |
| require.NoError(t, err) | |
| f, err := os.Open(tt.inputFile) | |
| require.NoError(t, err) | |
| defer f.Close() |
pkg/c/conan/lock/parse_test.go
Outdated
| @@ -0,0 +1,75 @@ | |||
| package lock | |||
There was a problem hiding this comment.
| package lock | |
| package lock_test |
pkg/c/conan/lock/parse.go
Outdated
| // 'pkgc/system' | ||
| ref := strings.Split(strings.Split(nod.Ref, "@")[0], "/") | ||
| if len(ref) != 2 { | ||
| once.Do(func() { |
There was a problem hiding this comment.
Do we need once.Do here? If there are multiple invalid versions, don't we display them?
There was a problem hiding this comment.
You are right. User should see all wrong dependencies.
Removed this.
pkg/c/conan/lock/parse.go
Outdated
| dio "github.com/aquasecurity/go-dep-parser/pkg/io" | ||
| "github.com/aquasecurity/go-dep-parser/pkg/log" | ||
| "github.com/aquasecurity/go-dep-parser/pkg/types" | ||
|
|
||
| "golang.org/x/xerrors" |
There was a problem hiding this comment.
nit
| dio "github.com/aquasecurity/go-dep-parser/pkg/io" | |
| "github.com/aquasecurity/go-dep-parser/pkg/log" | |
| "github.com/aquasecurity/go-dep-parser/pkg/types" | |
| "golang.org/x/xerrors" | |
| "golang.org/x/xerrors" | |
| dio "github.com/aquasecurity/go-dep-parser/pkg/io" | |
| "github.com/aquasecurity/go-dep-parser/pkg/log" | |
| "github.com/aquasecurity/go-dep-parser/pkg/types" |
Co-authored-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
Description
Added parser for canon.lock files
Related issues