/
tar_wrapped_archive_parser.go
67 lines (59 loc) · 2.08 KB
/
tar_wrapped_archive_parser.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package java
import (
"fmt"
"github.com/nextlinux/sbom/internal/file"
"github.com/nextlinux/sbom/sbom/artifact"
"github.com/nextlinux/sbom/sbom/pkg"
"github.com/nextlinux/sbom/sbom/pkg/cataloger/generic"
"github.com/nextlinux/sbom/sbom/source"
)
var genericTarGlobs = []string{
"**/*.tar",
// gzipped tar
"**/*.tar.gz",
"**/*.tgz",
// bzip2
"**/*.tar.bz",
"**/*.tar.bz2",
"**/*.tbz",
"**/*.tbz2",
// brotli
"**/*.tar.br",
"**/*.tbr",
// lz4
"**/*.tar.lz4",
"**/*.tlz4",
// sz
"**/*.tar.sz",
"**/*.tsz",
// xz
"**/*.tar.xz",
"**/*.txz",
// zst
"**/*.tar.zst",
"**/*.tzst",
"**/*.tar.zstd",
"**/*.tzstd",
}
// TODO: when the generic archive cataloger is implemented, this should be removed (https://github.com/nextlinux/sbom/issues/246)
// parseTarWrappedJavaArchive is a parser function for java archive contents contained within arbitrary tar files.
// note: for compressed tars this is an extremely expensive operation and can lead to performance degradation. This is
// due to the fact that there is no central directory header (say as in zip), which means that in order to get
// a file listing within the archive you must decompress the entire archive and seek through all of the entries.
func parseTarWrappedJavaArchive(_ source.FileResolver, _ *generic.Environment, reader source.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) {
contentPath, archivePath, cleanupFn, err := saveArchiveToTmp(reader.AccessPath(), reader)
// note: even on error, we should always run cleanup functions
defer cleanupFn()
if err != nil {
return nil, nil, err
}
// look for java archives within the tar archive
return discoverPkgsFromTar(reader.Location, archivePath, contentPath)
}
func discoverPkgsFromTar(location source.Location, archivePath, contentPath string) ([]pkg.Package, []artifact.Relationship, error) {
openers, err := file.ExtractGlobsFromTarToUniqueTempFile(archivePath, contentPath, archiveFormatGlobs...)
if err != nil {
return nil, nil, fmt.Errorf("unable to extract files from tar: %w", err)
}
return discoverPkgsFromOpeners(location, openers, nil)
}