|
1 | 1 | package lockfile |
2 | 2 |
|
3 | 3 | import ( |
4 | | - "fmt" |
5 | | - "os" |
6 | | - "strings" |
7 | | - |
8 | | - "github.com/BurntSushi/toml" |
| 4 | + "github.com/google/osv-scalibr/extractor/filesystem/language/python/uvlock" |
9 | 5 | ) |
10 | 6 |
|
11 | | -type UvLockPackageSource struct { |
12 | | - Virtual string `toml:"virtual"` |
13 | | - Git string `toml:"git"` |
14 | | -} |
15 | | - |
16 | | -type UvLockPackage struct { |
17 | | - Name string `toml:"name"` |
18 | | - Version string `toml:"version"` |
19 | | - Source UvLockPackageSource `toml:"source"` |
20 | | - |
21 | | - // uv stores "groups" as a table under "package" after all the packages, which due |
22 | | - // to how TOML works means it ends up being a property on the last package, even |
23 | | - // through in this context it's a global property rather than being per-package |
24 | | - Groups map[string][]UvOptionalDependency `toml:"optional-dependencies"` |
25 | | -} |
26 | | - |
27 | | -type UvOptionalDependency struct { |
28 | | - Name string `toml:"name"` |
29 | | -} |
30 | | -type UvLockFile struct { |
31 | | - Version int `toml:"version"` |
32 | | - Packages []UvLockPackage `toml:"package"` |
33 | | -} |
34 | | - |
35 | 7 | const UvEcosystem = PipEcosystem |
36 | 8 |
|
37 | 9 | func ParseUvLock(pathToLockfile string) ([]PackageDetails, error) { |
38 | | - var parsedLockfile *UvLockFile |
39 | | - |
40 | | - lockfileContents, err := os.ReadFile(pathToLockfile) |
41 | | - |
42 | | - if err != nil { |
43 | | - return []PackageDetails{}, fmt.Errorf("could not read %s: %w", pathToLockfile, err) |
44 | | - } |
45 | | - |
46 | | - err = toml.Unmarshal(lockfileContents, &parsedLockfile) |
47 | | - |
48 | | - if err != nil { |
49 | | - return []PackageDetails{}, fmt.Errorf("could not parse %s: %w", pathToLockfile, err) |
50 | | - } |
51 | | - |
52 | | - packages := make([]PackageDetails, 0, len(parsedLockfile.Packages)) |
53 | | - |
54 | | - for _, lockPackage := range parsedLockfile.Packages { |
55 | | - // skip including the root "package", since its name and version are most likely arbitrary |
56 | | - if lockPackage.Source.Virtual == "." { |
57 | | - continue |
58 | | - } |
59 | | - |
60 | | - _, commit, _ := strings.Cut(lockPackage.Source.Git, "#") |
61 | | - |
62 | | - packages = append(packages, PackageDetails{ |
63 | | - Name: lockPackage.Name, |
64 | | - Version: lockPackage.Version, |
65 | | - Ecosystem: UvEcosystem, |
66 | | - CompareAs: UvEcosystem, |
67 | | - Commit: commit, |
68 | | - }) |
69 | | - } |
70 | | - |
71 | | - return packages, nil |
| 10 | + return extract(pathToLockfile, uvlock.New(), UvEcosystem) |
72 | 11 | } |
0 commit comments