snyk-docker-plugin
Version:
Snyk CLI docker plugin
113 lines • 4.25 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.mapRpmSqlitePackages = exports.parseSourceRPM = exports.analyze = void 0;
const rpm_parser_1 = require("@snyk/rpm-parser");
const packageurl_js_1 = require("packageurl-js");
const types_1 = require("../types");
function analyze(targetImage, pkgs, repositories, osRelease) {
return Promise.resolve({
Image: targetImage,
AnalyzeType: types_1.AnalysisType.Rpm,
Analysis: pkgs.map((pkgInfo) => {
const generatedPurl = purl(pkgInfo, repositories, osRelease);
return {
Name: pkgInfo.name,
Version: (0, rpm_parser_1.formatRpmPackageVersion)(pkgInfo),
Source: undefined,
Provides: [],
Deps: {},
AutoInstalled: undefined,
Purl: generatedPurl,
};
}),
});
}
exports.analyze = analyze;
function purl(pkg, repos, osRelease) {
let vendor = "";
const qualifiers = {};
if (pkg.module) {
const [modName, modVersion] = pkg.module.split(":");
qualifiers.module = modName + ":" + modVersion;
}
if (pkg.sourceRPM) {
const sourcePackage = parseSourceRPM(pkg.sourceRPM);
if (sourcePackage) {
let upstream = sourcePackage.name;
if (sourcePackage.version) {
upstream += `@${sourcePackage.version}`;
}
qualifiers.upstream = upstream;
}
}
if (repos.length > 0) {
qualifiers.repositories = repos.join(",");
}
if (pkg.epoch) {
qualifiers.epoch = String(pkg.epoch);
}
if (osRelease) {
qualifiers.distro = `${osRelease.name}-${osRelease.version}`;
vendor = osRelease.name;
}
return new packageurl_js_1.PackageURL(types_1.AnalysisType.Rpm.toLowerCase(), vendor, pkg.name, (0, rpm_parser_1.formatRpmPackageVersion)(pkg), Object.keys(qualifiers).length !== 0 ? qualifiers : undefined, undefined).toString();
}
function parseSourceRPM(sourceRPM) {
if (!sourceRPM || !sourceRPM.endsWith(".src.rpm")) {
return undefined;
}
const baseName = sourceRPM.substring(0, sourceRPM.length - ".src.rpm".length);
const lastHyphenIdx = baseName.lastIndexOf("-");
// Ensure there's something after the last hyphen (release) and something before it (name-version)
if (lastHyphenIdx === -1 ||
lastHyphenIdx === 0 ||
lastHyphenIdx === baseName.length - 1) {
return undefined;
}
const release = baseName.substring(lastHyphenIdx + 1);
const nameVersionPart = baseName.substring(0, lastHyphenIdx);
const secondLastHyphenIdx = nameVersionPart.lastIndexOf("-");
// Ensure there's something after the second-last hyphen (version) and something before it (name)
if (secondLastHyphenIdx === -1 ||
secondLastHyphenIdx === 0 ||
secondLastHyphenIdx === nameVersionPart.length - 1) {
return undefined;
}
const version = nameVersionPart.substring(secondLastHyphenIdx + 1);
const name = nameVersionPart.substring(0, secondLastHyphenIdx);
// Final check for empty parts, which could happen with malformed inputs
// or if hyphens were at the very start/end of segments.
if (!name || !version || !release) {
return undefined;
}
return {
name,
version,
release,
};
}
exports.parseSourceRPM = parseSourceRPM;
function mapRpmSqlitePackages(targetImage, rpmPackages, repositories, osRelease) {
let analysis = [];
if (rpmPackages) {
analysis = rpmPackages.map((pkg) => {
const generatedPurl = purl(pkg, repositories, osRelease);
return {
Name: pkg.name,
Version: (0, rpm_parser_1.formatRpmPackageVersion)(pkg),
Source: undefined,
Provides: [],
Deps: {},
AutoInstalled: undefined,
Purl: generatedPurl,
};
});
}
return {
Image: targetImage,
AnalyzeType: types_1.AnalysisType.Rpm,
Analysis: analysis,
};
}
exports.mapRpmSqlitePackages = mapRpmSqlitePackages;
//# sourceMappingURL=rpm.js.map