Merge pull request #312 from anchore/omit-empty-packages

Omit empty packages
2024-11-10 06:14:16 +00:00 · 2021-01-22 16:10:06 -05:00 · 2021-01-22 16:10:06 -05:00 · 7bcdafe745
commit 7bcdafe745
parent 0f6288881b 4576c081b9
5 changed files with 39 additions and 3 deletions
--- a/syft/cataloger/javascript/parse_package_json.go
+++ b/syft/cataloger/javascript/parse_package_json.go
@ -7,6 +7,8 @@ import (
 	"io"
 	"regexp"

+	"github.com/anchore/syft/internal/log"
+
 	"github.com/anchore/syft/internal"

 	"github.com/mitchellh/mapstructure"
@ -172,6 +174,11 @@ func parsePackageJSON(_ string, reader io.Reader) ([]pkg.Package, error) {
 			return nil, fmt.Errorf("failed to parse package.json file: %w", err)
 		}

+		if !p.hasNameAndVersionValues() {
+			log.Debug("encountered package.json file without a name and/or version field, ignoring this file")
+			return nil, nil
+		}
+
 		licenses, err := licensesFromJSON(p)
 		if err != nil {
 			return nil, fmt.Errorf("failed to parse package.json file: %w", err)
@ -195,3 +202,7 @@ func parsePackageJSON(_ string, reader io.Reader) ([]pkg.Package, error) {

 	return packages, nil
 }
+
+func (p PackageJSON) hasNameAndVersionValues() bool {
+	return p.Name != "" && p.Version != ""
+}
--- a/syft/cataloger/javascript/parse_package_json_test.go
+++ b/syft/cataloger/javascript/parse_package_json_test.go
@ -142,3 +142,20 @@ func TestParsePackageJSON(t *testing.T) {
 		})
 	}
 }
+
+func TestParsePackageJSON_Partial(t *testing.T) { // see https://github.com/anchore/syft/issues/311
+	const fixtureFile = "test-fixtures/pkg-json/package-partial.json"
+	fixture, err := os.Open(fixtureFile)
+	if err != nil {
+		t.Fatalf("failed to open fixture: %+v", err)
+	}
+
+	actual, err := parsePackageJSON("", fixture)
+	if err != nil {
+		t.Fatalf("failed to parse package-lock.json: %+v", err)
+	}
+
+	if actualCount := len(actual); actualCount != 0 {
+		t.Errorf("no packages should've been returned (but got %d packages)", actualCount)
+	}
+}
--- a/syft/cataloger/javascript/test-fixtures/pkg-json/package-partial.json
+++ b/syft/cataloger/javascript/test-fixtures/pkg-json/package-partial.json
@ -0,0 +1,5 @@
+{
+  "sideEffects": false,
+  "module": "../../esm/fp/isSaturday/index.js",
+  "typings": "../../typings.d.ts"
+}
--- a/test/integration/regression_test.go
+++ b/test/integration/regression_test.go
@ -24,7 +24,7 @@ func TestRegression212ApkBufferSize(t *testing.T) {
 		t.Fatalf("failed to catalog image: %+v", err)
 	}

-	expectedPkgs := 57
+	expectedPkgs := 58
 	actualPkgs := 0
 	for range catalog.Enumerate(pkg.ApkPkg) {
 		actualPkgs += 1
--- a/test/integration/test-fixtures/image-large-apk-data/Dockerfile
+++ b/test/integration/test-fixtures/image-large-apk-data/Dockerfile
@ -1,2 +1,5 @@
-FROM alpine:latest
-RUN apk add tzdata vim alpine-sdk
+FROM alpine@sha256:d9a7354e3845ea8466bb00b22224d9116b183e594527fb5b6c3d30bc01a20378
+RUN apk add --no-cache \
+            tzdata=2020f-r0 \
+            vim=8.2.2320-r0 \
+            alpine-sdk=1.0-r0