New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add parser for canon.lock files #128
Conversation
pkg/c/conan/lock/parse.go
Outdated
dio "github.com/aquasecurity/go-dep-parser/pkg/io" | ||
"github.com/aquasecurity/go-dep-parser/pkg/types" | ||
"golang.org/x/xerrors" | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
doesn't golangci-lint
show goimport
error?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
pkg/c/conan/lock/parse.go
Outdated
// 'pkgc/system' | ||
ref := strings.Split(strings.Split(nod.Ref, "@")[0], "/") | ||
if len(ref) != 2 { | ||
return nil, nil, xerrors.Errorf("unable to parse ref: %s", nod.Ref) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe i miss something.
there will be an error even for one broken ref. right?
I'd prefer to write logs and continue. but if we don't have logging, breaking is better way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It makes sense.
I have added a debug message. Can you take a look?
pkg/c/conan/lock/parse.go
Outdated
// skip system dependencies | ||
if ref[1] == "system" { | ||
continue | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why should we skip system
deps?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
conan system dependencies have a system
only version (e.g. glu)
At first I thought that we need to skip these dependencies, but currently I think we need to keep all dependencies.
Thank for your note! Changed it.
pkg/c/conan/lock/parse.go
Outdated
Nodes map[string]Nod `json:"nodes"` | ||
} | ||
|
||
type Nod struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any reason we cannot use Node
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is my typo, fixed. Thanks.
pkg/c/conan/lock/parse_test.go
Outdated
f, err := os.Open(tt.inputFile) | ||
require.NoError(t, err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
f, err := os.Open(tt.inputFile) | |
require.NoError(t, err) | |
f, err := os.Open(tt.inputFile) | |
require.NoError(t, err) | |
defer f.Close() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
pkg/c/conan/lock/parse_test.go
Outdated
@@ -0,0 +1,75 @@ | |||
package lock |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
package lock | |
package lock_test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
pkg/c/conan/lock/parse.go
Outdated
// 'pkgc/system' | ||
ref := strings.Split(strings.Split(nod.Ref, "@")[0], "/") | ||
if len(ref) != 2 { | ||
once.Do(func() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need once.Do
here? If there are multiple invalid versions, don't we display them?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are right. User should see all wrong dependencies.
Removed this.
pkg/c/conan/lock/parse.go
Outdated
dio "github.com/aquasecurity/go-dep-parser/pkg/io" | ||
"github.com/aquasecurity/go-dep-parser/pkg/log" | ||
"github.com/aquasecurity/go-dep-parser/pkg/types" | ||
|
||
"golang.org/x/xerrors" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit
dio "github.com/aquasecurity/go-dep-parser/pkg/io" | |
"github.com/aquasecurity/go-dep-parser/pkg/log" | |
"github.com/aquasecurity/go-dep-parser/pkg/types" | |
"golang.org/x/xerrors" | |
"golang.org/x/xerrors" | |
dio "github.com/aquasecurity/go-dep-parser/pkg/io" | |
"github.com/aquasecurity/go-dep-parser/pkg/log" | |
"github.com/aquasecurity/go-dep-parser/pkg/types" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
Co-authored-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
Description
Added parser for canon.lock files
Related issues