Skip to content

feat: added PURL generation for swift parser #3957

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Mar 21, 2024
Merged

feat: added PURL generation for swift parser #3957

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
737bb74
feat: added PURL generation to swift parser
inosmeet Mar 20, 2024
39e21e6
feat: added domain information
inosmeet Mar 20, 2024
2c3da85
chore: requested changes
inosmeet Mar 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 61 additions & 4 deletions cve_bin_tool/parsers/swift.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,80 @@
# SPDX-License-Identifier: GPL-3.0-or-later

import json
import re
from json.decoder import JSONDecodeError
from urllib.parse import urlparse

from cve_bin_tool.parsers import Parser


class SwiftParser(Parser):
"""
Parser implementation for Swift dependency files (Package.resolved).

This parser is designed to parse Swift dependencies files and generate Package URL (PURL) strings
based on the modules and their dependencies listed in the file.

Attributes:
cve_db (CVEDB): The CVE database instance used for vulnerability information.
logger (Logger): The logger instance for logging messages and debugging information.

Methods:
generate_purl(product, version, vendor):
Generates PURL after normalizing all components.
run_checker(filename):
Parse the Swift dependency file and yield valid PURLs for the modules listed in the file.

"""

def __init__(self, cve_db, logger):
super().__init__(cve_db, logger)
self.purl_pkg_type = "swift"

def generate_purl(self, product, version, vendor, qualifier={}, subpath=None):
"""Generates PURL after normalizing all components."""

product = re.sub(r"[^a-zA-Z0-9_-]", "", product)
version = re.sub(r"[^a-zA-Z0-9.+-]", "", version)

if not re.match(r"[a-zA-Z0-9_-]", product):
return
if not vendor:
vendor = "UNKNOWN"
if not version:
version = "UNKNOWN"

purl = super().generate_purl(
product,
version,
vendor,
qualifier,
subpath,
)

return purl

def run_checker(self, filename):
"""Parse the file and yield valid PURLs."""
self.filename = filename
with open(self.filename) as fh:
# parse the json structure for extracting product version pairs
content = json.load(fh)
try:
content = json.load(fh)
except JSONDecodeError as e:
self.logger.debug(f"Error occurred while parsing {filename}: {e}")
return
for package in content["object"]["pins"]:
product = package["package"]
version = package["state"]["version"]
vendor = self.find_vendor(product, version)
if vendor is not None:
yield from vendor
repository_url = package.get("repositoryURL", None)
domain = None
if repository_url:
parse = urlparse(repository_url)
domain = parse.netloc
self.logger.debug(domain)

vendors = self.find_vendor(product, version)
if vendors is not None:
yield from vendors
self.logger.debug(f"Done scanning file: {self.filename}")