mirror of
https://github.com/anchore/syft
synced 2024-11-10 06:14:16 +00:00
add linter for type assertion checks (#1469)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
This commit is contained in:
parent
fc4d28f365
commit
2ec4371c95
7 changed files with 68 additions and 15 deletions
|
@ -1,9 +1,12 @@
|
|||
# TODO: enable this when we have coverage on docstring comments
|
||||
#issues:
|
||||
issues:
|
||||
max-same-issues: 25
|
||||
|
||||
# TODO: enable this when we have coverage on docstring comments
|
||||
# # The list of ids of default excludes to include or disable.
|
||||
# include:
|
||||
# - EXC0002 # disable excluding of issues about comments from golint
|
||||
|
||||
|
||||
linters:
|
||||
# inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint
|
||||
disable-all: true
|
||||
|
@ -15,6 +18,7 @@ linters:
|
|||
- errcheck
|
||||
- errorlint
|
||||
- exportloopref
|
||||
- forcetypeassert
|
||||
- funlen
|
||||
- gocognit
|
||||
- goconst
|
||||
|
|
|
@ -366,10 +366,10 @@
|
|||
"type" : "string"
|
||||
},
|
||||
"licenseInfoFromFiles" : {
|
||||
"description" : "The licensing information that was discovered directly within the package. There will be an instance of this property for each distinct value of alllicenseInfoInFile properties of all files contained in the package.\n\nIf the licenseInfoFromFiles field is not present for a package and filesAnalyzed property for that same pacakge is true or omitted, it implies an equivalent meaning to NOASSERTION.",
|
||||
"description" : "The licensing information that was discovered directly within the package. There will be an instance of this property for each distinct value of alllicenseInfoInFile properties of all files contained in the package.\n\nIf the licenseInfoFromFiles field is not present for a package and filesAnalyzed property for that same package is true or omitted, it implies an equivalent meaning to NOASSERTION.",
|
||||
"type" : "array",
|
||||
"items" : {
|
||||
"description" : "License expression for licenseInfoFromFiles. See SPDX Annex D for the license expression syntax. The licensing information that was discovered directly within the package. There will be an instance of this property for each distinct value of alllicenseInfoInFile properties of all files contained in the package.\n\nIf the licenseInfoFromFiles field is not present for a package and filesAnalyzed property for that same pacakge is true or omitted, it implies an equivalent meaning to NOASSERTION.",
|
||||
"description" : "License expression for licenseInfoFromFiles. See SPDX Annex D for the license expression syntax. The licensing information that was discovered directly within the package. There will be an instance of this property for each distinct value of alllicenseInfoInFile properties of all files contained in the package.\n\nIf the licenseInfoFromFiles field is not present for a package and filesAnalyzed property for that same package is true or omitted, it implies an equivalent meaning to NOASSERTION.",
|
||||
"type" : "string"
|
||||
}
|
||||
},
|
||||
|
|
|
@ -145,22 +145,37 @@ func toSyftDescriptor(d model.Descriptor) sbom.Descriptor {
|
|||
func toSyftSourceData(s model.Source) *source.Metadata {
|
||||
switch s.Type {
|
||||
case "directory":
|
||||
path, ok := s.Target.(string)
|
||||
if !ok {
|
||||
log.Warnf("unable to parse source target as string: %+v", s.Target)
|
||||
return nil
|
||||
}
|
||||
return &source.Metadata{
|
||||
ID: s.ID,
|
||||
Scheme: source.DirectoryScheme,
|
||||
Path: s.Target.(string),
|
||||
Path: path,
|
||||
}
|
||||
case "file":
|
||||
path, ok := s.Target.(string)
|
||||
if !ok {
|
||||
log.Warnf("unable to parse source target as string: %+v", s.Target)
|
||||
return nil
|
||||
}
|
||||
return &source.Metadata{
|
||||
ID: s.ID,
|
||||
Scheme: source.FileScheme,
|
||||
Path: s.Target.(string),
|
||||
Path: path,
|
||||
}
|
||||
case "image":
|
||||
metadata, ok := s.Target.(source.ImageMetadata)
|
||||
if !ok {
|
||||
log.Warnf("unable to parse source target as image metadata: %+v", s.Target)
|
||||
return nil
|
||||
}
|
||||
return &source.Metadata{
|
||||
ID: s.ID,
|
||||
Scheme: source.ImageScheme,
|
||||
ImageMetadata: s.Target.(source.ImageMetadata),
|
||||
ImageMetadata: metadata,
|
||||
}
|
||||
}
|
||||
return nil
|
||||
|
|
|
@ -81,7 +81,11 @@ func packageURL(m pkg.DpkgMetadata, distro *linux.Release) string {
|
|||
}
|
||||
|
||||
func addLicenses(resolver source.FileResolver, dbLocation source.Location, p *pkg.Package) {
|
||||
metadata := p.Metadata.(pkg.DpkgMetadata)
|
||||
metadata, ok := p.Metadata.(pkg.DpkgMetadata)
|
||||
if !ok {
|
||||
log.WithFields("package", p.String()).Warn("unable to extract DPKG metadata to add licenses")
|
||||
return
|
||||
}
|
||||
|
||||
// get license information from the copyright file
|
||||
copyrightReader, copyrightLocation := fetchCopyrightContents(resolver, dbLocation, metadata)
|
||||
|
@ -97,7 +101,11 @@ func addLicenses(resolver source.FileResolver, dbLocation source.Location, p *pk
|
|||
}
|
||||
|
||||
func mergeFileListing(resolver source.FileResolver, dbLocation source.Location, p *pkg.Package) {
|
||||
metadata := p.Metadata.(pkg.DpkgMetadata)
|
||||
metadata, ok := p.Metadata.(pkg.DpkgMetadata)
|
||||
if !ok {
|
||||
log.WithFields("package", p.String()).Warn("unable to extract DPKG metadata to file listing")
|
||||
return
|
||||
}
|
||||
|
||||
// get file listing (package files + additional config files)
|
||||
files, infoLocations := getAdditionalFileListing(resolver, dbLocation, metadata)
|
||||
|
|
|
@ -7,6 +7,7 @@ import (
|
|||
"io"
|
||||
"regexp"
|
||||
|
||||
"github.com/anchore/syft/internal/log"
|
||||
"github.com/anchore/syft/syft/artifact"
|
||||
"github.com/anchore/syft/syft/pkg"
|
||||
"github.com/anchore/syft/syft/pkg/cataloger/generic"
|
||||
|
@ -42,7 +43,12 @@ loop:
|
|||
if len(tokens) < 5 {
|
||||
name, hash := tokens[1], tokens[2]
|
||||
sourcePkg := pkgMap[name]
|
||||
metadata := sourcePkg.Metadata.(pkg.RebarLockMetadata)
|
||||
metadata, ok := sourcePkg.Metadata.(pkg.RebarLockMetadata)
|
||||
if !ok {
|
||||
log.WithFields("package", name).Warn("unable to extract rebar.lock metadata to add hash metadata")
|
||||
continue
|
||||
}
|
||||
|
||||
if metadata.PkgHash == "" {
|
||||
metadata.PkgHash = hash
|
||||
} else {
|
||||
|
|
|
@ -134,7 +134,11 @@ func (j *archiveParser) parse() ([]pkg.Package, []artifact.Relationship, error)
|
|||
// note: since package information may change after initial creation when parsing multiple locations within the
|
||||
// jar, we wait until the conclusion of the parsing process before synthesizing pURLs.
|
||||
for i, p := range pkgs {
|
||||
pkgs[i].PURL = packageURL(p.Name, p.Version, p.Metadata.(pkg.JavaMetadata))
|
||||
if m, ok := p.Metadata.(pkg.JavaMetadata); ok {
|
||||
pkgs[i].PURL = packageURL(p.Name, p.Version, m)
|
||||
} else {
|
||||
log.WithFields("package", p.String()).Warn("unable to extract java metadata to generate purl")
|
||||
}
|
||||
}
|
||||
|
||||
return pkgs, relationships, nil
|
||||
|
@ -401,10 +405,20 @@ func packageIdentitiesMatch(p pkg.Package, parentPkg *pkg.Package) bool {
|
|||
return true
|
||||
}
|
||||
|
||||
metadata := p.Metadata.(pkg.JavaMetadata)
|
||||
metadata, ok := p.Metadata.(pkg.JavaMetadata)
|
||||
if !ok {
|
||||
log.WithFields("package", p.String()).Warn("unable to extract java metadata to check for matching package identity")
|
||||
return false
|
||||
}
|
||||
|
||||
parentMetadata, ok := parentPkg.Metadata.(pkg.JavaMetadata)
|
||||
if !ok {
|
||||
log.WithFields("package", p.String()).Warn("unable to extract java metadata from parent for verifying virtual path")
|
||||
return false
|
||||
}
|
||||
|
||||
// the virtual path matches...
|
||||
if parentPkg.Metadata.(pkg.JavaMetadata).VirtualPath == metadata.VirtualPath {
|
||||
if parentMetadata.VirtualPath == metadata.VirtualPath {
|
||||
return true
|
||||
}
|
||||
|
||||
|
|
|
@ -604,7 +604,10 @@ func AttestationStartedHandler(ctx context.Context, fr *frame.Frame, event party
|
|||
line, _ := fr.Append()
|
||||
if l.Len() > 5 {
|
||||
elem := l.Front()
|
||||
line := elem.Value.(*frame.Line)
|
||||
line, ok := elem.Value.(*frame.Line)
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
err = line.Remove()
|
||||
if err != nil {
|
||||
return
|
||||
|
@ -627,7 +630,10 @@ func AttestationStartedHandler(ctx context.Context, fr *frame.Frame, event party
|
|||
if !failed {
|
||||
// roll up logs into completed status (only if successful)
|
||||
for e := l.Back(); e != nil; e = e.Prev() {
|
||||
line := e.Value.(*frame.Line)
|
||||
line, ok := e.Value.(*frame.Line)
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
err = line.Remove()
|
||||
if err != nil {
|
||||
return
|
||||
|
|
Loading…
Reference in a new issue