pkg

package
v0.15.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 12, 2021 License: Apache-2.0 Imports: 14 Imported by: 241

Documentation

Overview

Package pkg provides the data structures for a package, a package catalog, package types, and domain-specific metadata.

Index

Constants

View Source
const ApkDbGlob = "**/lib/apk/db/installed"
View Source
const DpkgDbGlob = "**/var/lib/dpkg/{status,status.d/**}"
View Source
const JiraPluginPomPropertiesGroupID = "com.atlassian.jira.plugins"
View Source
const RpmDbGlob = "**/var/lib/rpm/Packages"

Variables

View Source
var AllLanguages = []Language{
	Java,
	JavaScript,
	Python,
	Ruby,
	Go,
	Rust,
}

AllLanguages is a set of all programming languages detected by syft.

AllPkgs represents all supported package types

View Source
var JenkinsPluginPomPropertiesGroupIDs = []string{
	"io.jenkins.plugins",
	"org.jenkins.plugins",
	"org.jenkins-ci.plugins",
	"io.jenkins-ci.plugins",
	"com.cloudbees.jenkins.plugins",
}

Functions

This section is empty.

Types

type ApkFileRecord

type ApkFileRecord struct {
	Path        string      `json:"path"`
	OwnerUID    string      `json:"ownerUid,omitempty"`
	OwnerGID    string      `json:"ownerGid,omitempty"`
	Permissions string      `json:"permissions,omitempty"`
	Digest      file.Digest `json:"digest,omitempty"`
}

ApkFileRecord represents a single file listing and metadata from a APK DB entry (which may have many of these file records).

type ApkMetadata

type ApkMetadata struct {
	Package          string          `mapstructure:"P" json:"package"`
	OriginPackage    string          `mapstructure:"o" json:"originPackage"`
	Maintainer       string          `mapstructure:"m" json:"maintainer"`
	Version          string          `mapstructure:"V" json:"version"`
	License          string          `mapstructure:"L" json:"license"`
	Architecture     string          `mapstructure:"A" json:"architecture"`
	URL              string          `mapstructure:"U" json:"url"`
	Description      string          `mapstructure:"T" json:"description"`
	Size             int             `mapstructure:"S" json:"size"`
	InstalledSize    int             `mapstructure:"I" json:"installedSize"`
	PullDependencies string          `mapstructure:"D" json:"pullDependencies"`
	PullChecksum     string          `mapstructure:"C" json:"pullChecksum"`
	GitCommitOfAport string          `mapstructure:"c" json:"gitCommitOfApkPort"`
	Files            []ApkFileRecord `json:"files"`
}

ApkMetadata represents all captured data for a Alpine DB package entry. See the following sources for more information: - https://wiki.alpinelinux.org/wiki/Apk_spec - https://git.alpinelinux.org/apk-tools/tree/src/package.c - https://git.alpinelinux.org/apk-tools/tree/src/database.c

func (ApkMetadata) PackageURL

func (m ApkMetadata) PackageURL() string

PackageURL returns the PURL for the specific Alpine package (see https://github.com/package-url/purl-spec)

type CPE added in v0.9.0

type CPE = wfn.Attributes

func NewCPE added in v0.9.0

func NewCPE(cpeStr string) (CPE, error)

type CargoPackageMetadata added in v0.15.0

type CargoPackageMetadata struct {
	Name         string   `toml:"name" json:"name"`
	Version      string   `toml:"version" json:"version"`
	Source       string   `toml:"source" json:"source"`
	Checksum     string   `toml:"checksum" json:"checksum"`
	Dependencies []string `toml:"dependencies" json:"dependencies"`
}

func (CargoPackageMetadata) Pkg added in v0.15.0

func (p CargoPackageMetadata) Pkg() Package

Pkg returns the standard `pkg.Package` representation of the package referenced within the Cargo.lock metadata.

type Catalog

type Catalog struct {
	// contains filtered or unexported fields
}

Catalog represents a collection of Packages.

func NewCatalog

func NewCatalog(pkgs ...Package) *Catalog

NewCatalog returns a new empty Catalog

func (*Catalog) Add

func (c *Catalog) Add(p Package)

Add a package to the Catalog.

func (*Catalog) Enumerate

func (c *Catalog) Enumerate(types ...Type) <-chan *Package

Enumerate all packages for the given type(s), enumerating all packages if no type is specified.

func (*Catalog) Package

func (c *Catalog) Package(id ID) *Package

Package returns the package with the given ID.

func (*Catalog) PackageCount

func (c *Catalog) PackageCount() int

PackageCount returns the total number of packages that have been added.

func (*Catalog) Packages added in v0.13.0

func (c *Catalog) Packages(ids []ID) (result []*Package)

Packages returns all packages for the given ID.

func (*Catalog) PackagesByPath added in v0.13.0

func (c *Catalog) PackagesByPath(path string) []*Package

PackagesByPath returns all packages that were discovered from the given path.

func (*Catalog) Remove added in v0.13.0

func (c *Catalog) Remove(id ID)

func (*Catalog) Sorted

func (c *Catalog) Sorted(types ...Type) []*Package

Sorted enumerates all packages for the given types sorted by package name. Enumerates all packages if no type is specified.

type DpkgFileRecord added in v0.7.0

type DpkgFileRecord struct {
	Path         string       `json:"path"`
	Digest       *file.Digest `json:"digest,omitempty"`
	IsConfigFile bool         `json:"isConfigFile"`
}

DpkgFileRecord represents a single file attributed to a debian package.

type DpkgMetadata

type DpkgMetadata struct {
	Package       string           `mapstructure:"Package" json:"package"`
	Source        string           `mapstructure:"Source" json:"source"`
	Version       string           `mapstructure:"Version" json:"version"`
	SourceVersion string           `mapstructure:"SourceVersion" json:"sourceVersion"`
	Architecture  string           `mapstructure:"Architecture" json:"architecture"`
	Maintainer    string           `mapstructure:"Maintainer" json:"maintainer"`
	InstalledSize int              `mapstructure:"InstalledSize" json:"installedSize"`
	Files         []DpkgFileRecord `json:"files"`
}

DpkgMetadata represents all captured data for a Debian package DB entry; available fields are described at http://manpages.ubuntu.com/manpages/xenial/man1/dpkg-query.1.html in the --showformat section.

func (DpkgMetadata) PackageURL

func (m DpkgMetadata) PackageURL(d *distro.Distro) string

PackageURL returns the PURL for the specific Debian package (see https://github.com/package-url/purl-spec)

type GemMetadata added in v0.2.0

type GemMetadata struct {
	Name     string   `mapstructure:"name" json:"name"`
	Version  string   `mapstructure:"version" json:"version"`
	Files    []string `mapstructure:"files" json:"files,omitempty"`
	Authors  []string `mapstructure:"authors" json:"authors,omitempty"`
	Licenses []string `mapstructure:"licenses" json:"licenses,omitempty"`
	Homepage string   `mapstructure:"homepage" json:"homepage,omitempty"`
}

GemMetadata represents all metadata parsed from the gemspec file

type ID

type ID string

ID represents a unique value for each package added to a package catalog.

type JavaManifest

type JavaManifest struct {
	Main          map[string]string            `json:"main,omitempty"`
	NamedSections map[string]map[string]string `json:"namedSections,omitempty"`
}

JavaManifest represents the fields of interest extracted from a Java archive's META-INF/MANIFEST.MF file.

type JavaMetadata

type JavaMetadata struct {
	VirtualPath   string         `json:"virtualPath"`
	Manifest      *JavaManifest  `mapstructure:"Manifest" json:"manifest,omitempty"`
	PomProperties *PomProperties `mapstructure:"PomProperties" json:"pomProperties,omitempty"`
	Parent        *Package       `json:"-"`
}

JavaMetadata encapsulates all Java ecosystem metadata for a package as well as an (optional) parent relationship.

func (JavaMetadata) PackageURL

func (m JavaMetadata) PackageURL() string

PackageURL returns the PURL for the specific Alpine package (see https://github.com/package-url/purl-spec)

type KbPackageMetadata added in v0.15.2

type KbPackageMetadata struct {
	ProductID string `toml:"product_id" json:"product_id"`
	Kb        string `toml:"kb" json:"kb"`
}

KbPackageMetadata is slightly odd in how it is expected to map onto data. This is critical to grasp because there is no MSRC cataloger. The `ProductID` field is expected to be the MSRC Product ID, for example: "Windows 10 Version 1703 for 32-bit Systems". `Kb` is expected to be the actual KB number, for example "5001028"

type Language

type Language string

Language represents a single programming language.

const (
	// the full set of supported programming languages
	UnknownLanguage Language = "UnknownLanguage"
	Java            Language = "java"
	JavaScript      Language = "javascript"
	Python          Language = "python"
	Ruby            Language = "ruby"
	Go              Language = "go"
	Rust            Language = "rust"
)

func (Language) String

func (l Language) String() string

String returns the string representation of the language.

type MetadataType added in v0.4.0

type MetadataType string

MetadataType represents the data shape stored within pkg.Package.Metadata.

const (
	// this is the full set of data shapes that can be represented within the pkg.Package.Metadata field
	UnknownMetadataType          MetadataType = "UnknownMetadata"
	ApkMetadataType              MetadataType = "ApkMetadata"
	DpkgMetadataType             MetadataType = "DpkgMetadata"
	GemMetadataType              MetadataType = "GemMetadata"
	JavaMetadataType             MetadataType = "JavaMetadata"
	NpmPackageJSONMetadataType   MetadataType = "NpmPackageJsonMetadata"
	RpmdbMetadataType            MetadataType = "RpmdbMetadata"
	PythonPackageMetadataType    MetadataType = "PythonPackageMetadata"
	RustCargoPackageMetadataType MetadataType = "RustCargoPackageMetadata"
	KbPackageMetadataType        MetadataType = "KbPackageMetadata"
)

type NpmPackageJSONMetadata added in v0.4.0

type NpmPackageJSONMetadata struct {
	Files       []string `mapstructure:"files" json:"files,omitempty"`
	Author      string   `mapstructure:"author" json:"author"`
	Licenses    []string `mapstructure:"licenses" json:"licenses"`
	Homepage    string   `mapstructure:"homepage" json:"homepage"`
	Description string   `mapstructure:"description" json:"description"`
	URL         string   `mapstructure:"url" json:"url"`
}

NpmPackageJSONMetadata holds extra information that is used in pkg.Package

type Package

type Package struct {
	ID        ID                // uniquely identifies a package, set by the cataloger
	Name      string            // the package name
	Version   string            // the version of the package
	FoundBy   string            // the specific cataloger that discovered this package
	Locations []source.Location // the locations that lead to the discovery of this package (note: this is not necessarily the locations that make up this package)
	// TODO: should we move licenses into metadata?
	Licenses     []string     // licenses discovered with the package metadata
	Language     Language     // the language ecosystem this package belongs to (e.g. JavaScript, Python, etc)
	Type         Type         // the package type (e.g. Npm, Yarn, Python, Rpm, Deb, etc)
	CPEs         []CPE        // all possible Common Platform Enumerators
	PURL         string       // the Package URL (see https://github.com/package-url/purl-spec)
	MetadataType MetadataType // the shape of the additional data in the "metadata" field
	Metadata     interface{}  // additional data found while parsing the package source
}

Package represents an application or library that has been bundled into a distributable format.

func (Package) String

func (p Package) String() string

Stringer to represent a package.

type PomProperties

type PomProperties struct {
	Path       string            `mapstructure:"path" json:"path"`
	Name       string            `mapstructure:"name" json:"name"`
	GroupID    string            `mapstructure:"groupId" json:"groupId"`
	ArtifactID string            `mapstructure:"artifactId" json:"artifactId"`
	Version    string            `mapstructure:"version" json:"version"`
	Extra      map[string]string `mapstructure:",remain" json:"extraFields"`
}

PomProperties represents the fields of interest extracted from a Java archive's pom.xml file.

func (PomProperties) PkgTypeIndicated added in v0.15.0

func (p PomProperties) PkgTypeIndicated() Type

PkgTypeIndicated returns the package Type indicated by the data contained in the PomProperties.

type PythonFileDigest added in v0.8.0

type PythonFileDigest struct {
	Algorithm string `json:"algorithm"`
	Value     string `json:"value"`
}

PythonFileDigest represents the file metadata for a single file attributed to a python package.

type PythonFileRecord added in v0.4.0

type PythonFileRecord struct {
	Path   string            `json:"path"`
	Digest *PythonFileDigest `json:"digest,omitempty"`
	Size   string            `json:"size,omitempty"`
}

PythonFileRecord represents a single entry within a RECORD file for a python wheel or egg package

type PythonPackageMetadata added in v0.4.0

type PythonPackageMetadata struct {
	Name                 string             `json:"name" mapstruct:"Name"`
	Version              string             `json:"version" mapstruct:"Version"`
	License              string             `json:"license" mapstruct:"License"`
	Author               string             `json:"author" mapstruct:"Author"`
	AuthorEmail          string             `json:"authorEmail" mapstruct:"Authoremail"`
	Platform             string             `json:"platform" mapstruct:"Platform"`
	Files                []PythonFileRecord `json:"files,omitempty"`
	SitePackagesRootPath string             `json:"sitePackagesRootPath"`
	TopLevelPackages     []string           `json:"topLevelPackages,omitempty"`
}

PythonPackageMetadata represents all captured data for a python egg or wheel package.

type Relationship added in v0.13.0

type Relationship struct {
	Parent   ID
	Child    ID
	Type     RelationshipType
	Metadata interface{}
}

func NewRelationships added in v0.13.0

func NewRelationships(catalog *Catalog) []Relationship

TODO: as more relationships are added, this function signature will probably accommodate selection

type RelationshipType added in v0.13.0

type RelationshipType string
const (
	// OwnershipByFileOverlapRelationship indicates that the parent package owns the child package made evident by the set of provided files
	OwnershipByFileOverlapRelationship RelationshipType = "ownership-by-file-overlap"
)

type RpmdbFileMode added in v0.6.0

type RpmdbFileMode uint16

RpmdbFileMode is the raw file mode for a single file. This can be interpreted as the linux stat.h mode (see https://pubs.opengroup.org/onlinepubs/007908799/xsh/sysstat.h.html)

type RpmdbFileRecord added in v0.6.0

type RpmdbFileRecord struct {
	Path      string        `json:"path"`
	Mode      RpmdbFileMode `json:"mode"`
	Size      int           `json:"size"`
	Digest    file.Digest   `json:"digest"`
	UserName  string        `json:"userName"`
	GroupName string        `json:"groupName"`
	Flags     string        `json:"flags"`
}

RpmdbFileRecord represents the file metadata for a single file attributed to a RPM package.

type RpmdbMetadata added in v0.4.0

type RpmdbMetadata struct {
	Name      string            `json:"name"`
	Version   string            `json:"version"`
	Epoch     int               `json:"epoch"`
	Arch      string            `json:"architecture"`
	Release   string            `json:"release"`
	SourceRpm string            `json:"sourceRpm"`
	Size      int               `json:"size"`
	License   string            `json:"license"`
	Vendor    string            `json:"vendor"`
	Files     []RpmdbFileRecord `json:"files"`
}

RpmdbMetadata represents all captured data for a RPM DB package entry.

func (RpmdbMetadata) PackageURL added in v0.4.0

func (m RpmdbMetadata) PackageURL(d *distro.Distro) string

PackageURL returns the PURL for the specific RHEL package (see https://github.com/package-url/purl-spec)

type Type

type Type string

Type represents a Package Type for or within a language ecosystem (there may be multiple package types within a language ecosystem)

const (
	// the full set of supported packages
	UnknownPkg       Type = "UnknownPackage"
	ApkPkg           Type = "apk"
	GemPkg           Type = "gem"
	DebPkg           Type = "deb"
	RpmPkg           Type = "rpm"
	NpmPkg           Type = "npm"
	PythonPkg        Type = "python"
	JavaPkg          Type = "java-archive"
	JenkinsPluginPkg Type = "jenkins-plugin"
	GoModulePkg      Type = "go-module"
	RustPkg          Type = "rust-crate"
	KbPkg            Type = "msrc-kb"
)

func (Type) PackageURLType

func (t Type) PackageURLType() string

PackageURLType returns the PURL package type for the current package.

Directories

Path Synopsis
Package cataloger provides the ability to process files from a container image or file system and discover packages (gems, wheels, jars, rpms, debs, etc).
Package cataloger provides the ability to process files from a container image or file system and discover packages (gems, wheels, jars, rpms, debs, etc).
apkdb
Package apkdb provides a concrete Cataloger implementation for Alpine DB files.
Package apkdb provides a concrete Cataloger implementation for Alpine DB files.
common
Package common provides generic utilities used by multiple catalogers.
Package common provides generic utilities used by multiple catalogers.
deb
Package dpkg provides a concrete Cataloger implementation for Debian package DB status files.
Package dpkg provides a concrete Cataloger implementation for Debian package DB status files.
golang
Package golang provides a concrete Cataloger implementation for go.mod files.
Package golang provides a concrete Cataloger implementation for go.mod files.
java
Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, jpi, hpi formats).
Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, jpi, hpi formats).
javascript
Package javascript provides a concrete Cataloger implementation for JavaScript ecosystem files (yarn and npm).
Package javascript provides a concrete Cataloger implementation for JavaScript ecosystem files (yarn and npm).
python
Package python provides a concrete Cataloger implementation for Python ecosystem files (egg, wheel, requirements.txt).
Package python provides a concrete Cataloger implementation for Python ecosystem files (egg, wheel, requirements.txt).
rpmdb
Package rpmdb provides a concrete Cataloger implementation for RPM "Package" DB files.
Package rpmdb provides a concrete Cataloger implementation for RPM "Package" DB files.
ruby
Package bundler provides a concrete Cataloger implementation for Ruby Gemfile.lock bundler files.
Package bundler provides a concrete Cataloger implementation for Ruby Gemfile.lock bundler files.
rust
Package rust provides a concrete Cataloger implementation for Cargo.lock files.
Package rust provides a concrete Cataloger implementation for Cargo.lock files.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL