Documentation ¶
Overview ¶
Package pkg provides the data structures for a package, a package catalog, package types, and domain-specific metadata.
Index ¶
- Constants
- Variables
- type ApkFileRecord
- type ApkMetadata
- type CPE
- type CargoPackageMetadata
- type Catalog
- func (c *Catalog) Add(p Package)
- func (c *Catalog) Enumerate(types ...Type) <-chan *Package
- func (c *Catalog) Package(id ID) *Package
- func (c *Catalog) PackageCount() int
- func (c *Catalog) Packages(ids []ID) (result []*Package)
- func (c *Catalog) PackagesByPath(path string) []*Package
- func (c *Catalog) Remove(id ID)
- func (c *Catalog) Sorted(types ...Type) []*Package
- type DpkgFileRecord
- type DpkgMetadata
- type GemMetadata
- type ID
- type JavaManifest
- type JavaMetadata
- type KbPackageMetadata
- type Language
- type MetadataType
- type NpmPackageJSONMetadata
- type Package
- type PomProperties
- type PythonFileDigest
- type PythonFileRecord
- type PythonPackageMetadata
- type Relationship
- type RelationshipType
- type RpmdbFileMode
- type RpmdbFileRecord
- type RpmdbMetadata
- type Type
Constants ¶
const ApkDbGlob = "**/lib/apk/db/installed"
const DpkgDbGlob = "**/var/lib/dpkg/{status,status.d/**}"
const JiraPluginPomPropertiesGroupID = "com.atlassian.jira.plugins"
const RpmDbGlob = "**/var/lib/rpm/Packages"
Variables ¶
var AllLanguages = []Language{ Java, JavaScript, Python, Ruby, Go, Rust, }
AllLanguages is a set of all programming languages detected by syft.
var AllPkgs = []Type{ ApkPkg, GemPkg, DebPkg, RpmPkg, NpmPkg, PythonPkg, JavaPkg, JenkinsPluginPkg, GoModulePkg, RustPkg, KbPkg, }
AllPkgs represents all supported package types
var JenkinsPluginPomPropertiesGroupIDs = []string{
"io.jenkins.plugins",
"org.jenkins.plugins",
"org.jenkins-ci.plugins",
"io.jenkins-ci.plugins",
"com.cloudbees.jenkins.plugins",
}
Functions ¶
This section is empty.
Types ¶
type ApkFileRecord ¶
type ApkFileRecord struct { Path string `json:"path"` OwnerUID string `json:"ownerUid,omitempty"` OwnerGID string `json:"ownerGid,omitempty"` Permissions string `json:"permissions,omitempty"` Digest file.Digest `json:"digest,omitempty"` }
ApkFileRecord represents a single file listing and metadata from a APK DB entry (which may have many of these file records).
type ApkMetadata ¶
type ApkMetadata struct { Package string `mapstructure:"P" json:"package"` OriginPackage string `mapstructure:"o" json:"originPackage"` Maintainer string `mapstructure:"m" json:"maintainer"` Version string `mapstructure:"V" json:"version"` License string `mapstructure:"L" json:"license"` Architecture string `mapstructure:"A" json:"architecture"` URL string `mapstructure:"U" json:"url"` Description string `mapstructure:"T" json:"description"` Size int `mapstructure:"S" json:"size"` InstalledSize int `mapstructure:"I" json:"installedSize"` PullDependencies string `mapstructure:"D" json:"pullDependencies"` PullChecksum string `mapstructure:"C" json:"pullChecksum"` GitCommitOfAport string `mapstructure:"c" json:"gitCommitOfApkPort"` Files []ApkFileRecord `json:"files"` }
ApkMetadata represents all captured data for a Alpine DB package entry. See the following sources for more information: - https://wiki.alpinelinux.org/wiki/Apk_spec - https://git.alpinelinux.org/apk-tools/tree/src/package.c - https://git.alpinelinux.org/apk-tools/tree/src/database.c
func (ApkMetadata) PackageURL ¶
func (m ApkMetadata) PackageURL() string
PackageURL returns the PURL for the specific Alpine package (see https://github.com/package-url/purl-spec)
type CPE ¶ added in v0.9.0
type CPE = wfn.Attributes
type CargoPackageMetadata ¶ added in v0.15.0
type CargoPackageMetadata struct { Name string `toml:"name" json:"name"` Version string `toml:"version" json:"version"` Source string `toml:"source" json:"source"` Checksum string `toml:"checksum" json:"checksum"` Dependencies []string `toml:"dependencies" json:"dependencies"` }
func (CargoPackageMetadata) Pkg ¶ added in v0.15.0
func (p CargoPackageMetadata) Pkg() Package
Pkg returns the standard `pkg.Package` representation of the package referenced within the Cargo.lock metadata.
type Catalog ¶
type Catalog struct {
// contains filtered or unexported fields
}
Catalog represents a collection of Packages.
func (*Catalog) Enumerate ¶
Enumerate all packages for the given type(s), enumerating all packages if no type is specified.
func (*Catalog) PackageCount ¶
PackageCount returns the total number of packages that have been added.
func (*Catalog) PackagesByPath ¶ added in v0.13.0
PackagesByPath returns all packages that were discovered from the given path.
type DpkgFileRecord ¶ added in v0.7.0
type DpkgFileRecord struct { Path string `json:"path"` Digest *file.Digest `json:"digest,omitempty"` IsConfigFile bool `json:"isConfigFile"` }
DpkgFileRecord represents a single file attributed to a debian package.
type DpkgMetadata ¶
type DpkgMetadata struct { Package string `mapstructure:"Package" json:"package"` Source string `mapstructure:"Source" json:"source"` Version string `mapstructure:"Version" json:"version"` SourceVersion string `mapstructure:"SourceVersion" json:"sourceVersion"` Architecture string `mapstructure:"Architecture" json:"architecture"` Maintainer string `mapstructure:"Maintainer" json:"maintainer"` InstalledSize int `mapstructure:"InstalledSize" json:"installedSize"` Files []DpkgFileRecord `json:"files"` }
DpkgMetadata represents all captured data for a Debian package DB entry; available fields are described at http://manpages.ubuntu.com/manpages/xenial/man1/dpkg-query.1.html in the --showformat section.
func (DpkgMetadata) PackageURL ¶
func (m DpkgMetadata) PackageURL(d *distro.Distro) string
PackageURL returns the PURL for the specific Debian package (see https://github.com/package-url/purl-spec)
type GemMetadata ¶ added in v0.2.0
type GemMetadata struct { Name string `mapstructure:"name" json:"name"` Version string `mapstructure:"version" json:"version"` Files []string `mapstructure:"files" json:"files,omitempty"` Authors []string `mapstructure:"authors" json:"authors,omitempty"` Licenses []string `mapstructure:"licenses" json:"licenses,omitempty"` Homepage string `mapstructure:"homepage" json:"homepage,omitempty"` }
GemMetadata represents all metadata parsed from the gemspec file
type JavaManifest ¶
type JavaManifest struct { Main map[string]string `json:"main,omitempty"` NamedSections map[string]map[string]string `json:"namedSections,omitempty"` }
JavaManifest represents the fields of interest extracted from a Java archive's META-INF/MANIFEST.MF file.
type JavaMetadata ¶
type JavaMetadata struct { VirtualPath string `json:"virtualPath"` Manifest *JavaManifest `mapstructure:"Manifest" json:"manifest,omitempty"` PomProperties *PomProperties `mapstructure:"PomProperties" json:"pomProperties,omitempty"` Parent *Package `json:"-"` }
JavaMetadata encapsulates all Java ecosystem metadata for a package as well as an (optional) parent relationship.
func (JavaMetadata) PackageURL ¶
func (m JavaMetadata) PackageURL() string
PackageURL returns the PURL for the specific Alpine package (see https://github.com/package-url/purl-spec)
type KbPackageMetadata ¶ added in v0.15.2
type KbPackageMetadata struct { ProductID string `toml:"product_id" json:"product_id"` Kb string `toml:"kb" json:"kb"` }
KbPackageMetadata is slightly odd in how it is expected to map onto data. This is critical to grasp because there is no MSRC cataloger. The `ProductID` field is expected to be the MSRC Product ID, for example: "Windows 10 Version 1703 for 32-bit Systems". `Kb` is expected to be the actual KB number, for example "5001028"
type MetadataType ¶ added in v0.4.0
type MetadataType string
MetadataType represents the data shape stored within pkg.Package.Metadata.
const ( // this is the full set of data shapes that can be represented within the pkg.Package.Metadata field UnknownMetadataType MetadataType = "UnknownMetadata" ApkMetadataType MetadataType = "ApkMetadata" DpkgMetadataType MetadataType = "DpkgMetadata" GemMetadataType MetadataType = "GemMetadata" JavaMetadataType MetadataType = "JavaMetadata" NpmPackageJSONMetadataType MetadataType = "NpmPackageJsonMetadata" RpmdbMetadataType MetadataType = "RpmdbMetadata" PythonPackageMetadataType MetadataType = "PythonPackageMetadata" RustCargoPackageMetadataType MetadataType = "RustCargoPackageMetadata" KbPackageMetadataType MetadataType = "KbPackageMetadata" )
type NpmPackageJSONMetadata ¶ added in v0.4.0
type NpmPackageJSONMetadata struct { Files []string `mapstructure:"files" json:"files,omitempty"` Author string `mapstructure:"author" json:"author"` Licenses []string `mapstructure:"licenses" json:"licenses"` Homepage string `mapstructure:"homepage" json:"homepage"` Description string `mapstructure:"description" json:"description"` URL string `mapstructure:"url" json:"url"` }
NpmPackageJSONMetadata holds extra information that is used in pkg.Package
type Package ¶
type Package struct { ID ID // uniquely identifies a package, set by the cataloger Name string // the package name Version string // the version of the package FoundBy string // the specific cataloger that discovered this package Locations []source.Location // the locations that lead to the discovery of this package (note: this is not necessarily the locations that make up this package) // TODO: should we move licenses into metadata? Licenses []string // licenses discovered with the package metadata Language Language // the language ecosystem this package belongs to (e.g. JavaScript, Python, etc) Type Type // the package type (e.g. Npm, Yarn, Python, Rpm, Deb, etc) CPEs []CPE // all possible Common Platform Enumerators PURL string // the Package URL (see https://github.com/package-url/purl-spec) MetadataType MetadataType // the shape of the additional data in the "metadata" field Metadata interface{} // additional data found while parsing the package source }
Package represents an application or library that has been bundled into a distributable format.
type PomProperties ¶
type PomProperties struct { Path string `mapstructure:"path" json:"path"` Name string `mapstructure:"name" json:"name"` GroupID string `mapstructure:"groupId" json:"groupId"` ArtifactID string `mapstructure:"artifactId" json:"artifactId"` Version string `mapstructure:"version" json:"version"` Extra map[string]string `mapstructure:",remain" json:"extraFields"` }
PomProperties represents the fields of interest extracted from a Java archive's pom.xml file.
func (PomProperties) PkgTypeIndicated ¶ added in v0.15.0
func (p PomProperties) PkgTypeIndicated() Type
PkgTypeIndicated returns the package Type indicated by the data contained in the PomProperties.
type PythonFileDigest ¶ added in v0.8.0
PythonFileDigest represents the file metadata for a single file attributed to a python package.
type PythonFileRecord ¶ added in v0.4.0
type PythonFileRecord struct { Path string `json:"path"` Digest *PythonFileDigest `json:"digest,omitempty"` Size string `json:"size,omitempty"` }
PythonFileRecord represents a single entry within a RECORD file for a python wheel or egg package
type PythonPackageMetadata ¶ added in v0.4.0
type PythonPackageMetadata struct { Name string `json:"name" mapstruct:"Name"` Version string `json:"version" mapstruct:"Version"` License string `json:"license" mapstruct:"License"` Author string `json:"author" mapstruct:"Author"` AuthorEmail string `json:"authorEmail" mapstruct:"Authoremail"` Platform string `json:"platform" mapstruct:"Platform"` Files []PythonFileRecord `json:"files,omitempty"` SitePackagesRootPath string `json:"sitePackagesRootPath"` TopLevelPackages []string `json:"topLevelPackages,omitempty"` }
PythonPackageMetadata represents all captured data for a python egg or wheel package.
type Relationship ¶ added in v0.13.0
type Relationship struct { Parent ID Child ID Type RelationshipType Metadata interface{} }
func NewRelationships ¶ added in v0.13.0
func NewRelationships(catalog *Catalog) []Relationship
TODO: as more relationships are added, this function signature will probably accommodate selection
type RelationshipType ¶ added in v0.13.0
type RelationshipType string
const ( // OwnershipByFileOverlapRelationship indicates that the parent package owns the child package made evident by the set of provided files OwnershipByFileOverlapRelationship RelationshipType = "ownership-by-file-overlap" )
type RpmdbFileMode ¶ added in v0.6.0
type RpmdbFileMode uint16
RpmdbFileMode is the raw file mode for a single file. This can be interpreted as the linux stat.h mode (see https://pubs.opengroup.org/onlinepubs/007908799/xsh/sysstat.h.html)
type RpmdbFileRecord ¶ added in v0.6.0
type RpmdbFileRecord struct { Path string `json:"path"` Mode RpmdbFileMode `json:"mode"` Size int `json:"size"` Digest file.Digest `json:"digest"` UserName string `json:"userName"` GroupName string `json:"groupName"` Flags string `json:"flags"` }
RpmdbFileRecord represents the file metadata for a single file attributed to a RPM package.
type RpmdbMetadata ¶ added in v0.4.0
type RpmdbMetadata struct { Name string `json:"name"` Version string `json:"version"` Epoch int `json:"epoch"` Arch string `json:"architecture"` Release string `json:"release"` SourceRpm string `json:"sourceRpm"` Size int `json:"size"` License string `json:"license"` Vendor string `json:"vendor"` Files []RpmdbFileRecord `json:"files"` }
RpmdbMetadata represents all captured data for a RPM DB package entry.
func (RpmdbMetadata) PackageURL ¶ added in v0.4.0
func (m RpmdbMetadata) PackageURL(d *distro.Distro) string
PackageURL returns the PURL for the specific RHEL package (see https://github.com/package-url/purl-spec)
type Type ¶
type Type string
Type represents a Package Type for or within a language ecosystem (there may be multiple package types within a language ecosystem)
const ( // the full set of supported packages UnknownPkg Type = "UnknownPackage" ApkPkg Type = "apk" GemPkg Type = "gem" DebPkg Type = "deb" RpmPkg Type = "rpm" NpmPkg Type = "npm" PythonPkg Type = "python" JavaPkg Type = "java-archive" JenkinsPluginPkg Type = "jenkins-plugin" GoModulePkg Type = "go-module" RustPkg Type = "rust-crate" KbPkg Type = "msrc-kb" )
func (Type) PackageURLType ¶
PackageURLType returns the PURL package type for the current package.
Source Files ¶
- apk_metadata.go
- cargo_package_metadata.go
- catalog.go
- cpe.go
- dpkg_metadata.go
- file_owner.go
- gem_metadata.go
- id.go
- java_metadata.go
- kb_package_metadata.go
- language.go
- metadata.go
- npm_metadata.go
- ownership_by_files_relationship.go
- package.go
- python_package_metadata.go
- relationship.go
- rpmdb_metadata.go
- type.go
Directories ¶
Path | Synopsis |
---|---|
Package cataloger provides the ability to process files from a container image or file system and discover packages (gems, wheels, jars, rpms, debs, etc).
|
Package cataloger provides the ability to process files from a container image or file system and discover packages (gems, wheels, jars, rpms, debs, etc). |
apkdb
Package apkdb provides a concrete Cataloger implementation for Alpine DB files.
|
Package apkdb provides a concrete Cataloger implementation for Alpine DB files. |
common
Package common provides generic utilities used by multiple catalogers.
|
Package common provides generic utilities used by multiple catalogers. |
deb
Package dpkg provides a concrete Cataloger implementation for Debian package DB status files.
|
Package dpkg provides a concrete Cataloger implementation for Debian package DB status files. |
golang
Package golang provides a concrete Cataloger implementation for go.mod files.
|
Package golang provides a concrete Cataloger implementation for go.mod files. |
java
Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, jpi, hpi formats).
|
Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, jpi, hpi formats). |
javascript
Package javascript provides a concrete Cataloger implementation for JavaScript ecosystem files (yarn and npm).
|
Package javascript provides a concrete Cataloger implementation for JavaScript ecosystem files (yarn and npm). |
python
Package python provides a concrete Cataloger implementation for Python ecosystem files (egg, wheel, requirements.txt).
|
Package python provides a concrete Cataloger implementation for Python ecosystem files (egg, wheel, requirements.txt). |
rpmdb
Package rpmdb provides a concrete Cataloger implementation for RPM "Package" DB files.
|
Package rpmdb provides a concrete Cataloger implementation for RPM "Package" DB files. |
ruby
Package bundler provides a concrete Cataloger implementation for Ruby Gemfile.lock bundler files.
|
Package bundler provides a concrete Cataloger implementation for Ruby Gemfile.lock bundler files. |
rust
Package rust provides a concrete Cataloger implementation for Cargo.lock files.
|
Package rust provides a concrete Cataloger implementation for Cargo.lock files. |