STRLCPY/syft

feat: Add the origin field to the output format of syftjson (#1327)

* moved the relevant fields to the Metadata field

Signed-off-by: Asaf Greenholts <[email protected]>

* added metadata types

Signed-off-by: Asaf Greenholts <[email protected]>

* Added hashes to metadata of packge-lock.json and Pipfile.lock

Signed-off-by: Asaf Greenholts <[email protected]>

* move package metadata types to "pkg" package

Signed-off-by: Alex Goodman <[email protected]>

* re-generate json schema to include new npm, python, and binary metadatas

Signed-off-by: Alex Goodman <[email protected]>

Signed-off-by: Asaf Greenholts <[email protected]>
Signed-off-by: Alex Goodman <[email protected]>
Co-authored-by: Alex Goodman <[email protected]>

Asi Greenholts committed with GitHub 1 year ago

260cb4c7

1 parent 85bddaa4

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

Total 13 files Show one by one

■ ■ ■ ■ ■ ■

schema/json/generate.go

		skipped 26 lines
27	27		// This should represent all possible metadatas represented in the pkg.Package.Metadata field (an interface{}).
28	28		// When a new package metadata definition is created it will need to be manually added here. The variable name does
29	29		// not matter as long as it is exported.
	30	+
	31	+	// TODO: this should be generated from reflection of whats in the pkg package
30	32		type artifactMetadataContainer struct {
31		-	Apk pkg.ApkMetadata
32		-	Alpm pkg.AlpmMetadata
33		-	Dpkg pkg.DpkgMetadata
34		-	Gem pkg.GemMetadata
35		-	Java pkg.JavaMetadata
36		-	Npm pkg.NpmPackageJSONMetadata
37		-	Python pkg.PythonPackageMetadata
38		-	Rpm pkg.RpmMetadata
39		-	Cargo pkg.CargoPackageMetadata
40		-	Go pkg.GolangMetadata
41		-	Php pkg.PhpComposerJSONMetadata
42		-	Dart pkg.DartPubMetadata
43		-	Dotnet pkg.DotnetDepsMetadata
44		-	Portage pkg.PortageMetadata
45		-	Conan pkg.ConanMetadata
46		-	ConanLock pkg.ConanLockMetadata
47		-	KbPackage pkg.KbPackageMetadata
48		-	Hackage pkg.HackageMetadata
49		-	SwiftCocopods pkg.CocoapodsMetadata
	33	+	Alpm pkg.AlpmMetadata
	34	+	Apk pkg.ApkMetadata
	35	+	Binary pkg.BinaryMetadata
	36	+	Cocopods pkg.CocoapodsMetadata
	37	+	Conan pkg.ConanMetadata
	38	+	ConanLock pkg.ConanLockMetadata
	39	+	Dart pkg.DartPubMetadata
	40	+	Dotnet pkg.DotnetDepsMetadata
	41	+	Dpkg pkg.DpkgMetadata
	42	+	Gem pkg.GemMetadata
	43	+	Go pkg.GolangMetadata
	44	+	Hackage pkg.HackageMetadata
	45	+	Java pkg.JavaMetadata
	46	+	KbPackage pkg.KbPackageMetadata
	47	+	NpmPackage pkg.NpmPackageJSONMetadata
	48	+	NpmPackageLock pkg.NpmPackageLockJSONMetadata
	49	+	MixLock pkg.MixLockMetadata
	50	+	Php pkg.PhpComposerJSONMetadata
	51	+	Portage pkg.PortageMetadata
	52	+	PythonPackage pkg.PythonPackageMetadata
	53	+	PythonPipfilelock pkg.PythonPipfileLockMetadata
	54	+	Rebar pkg.RebarLockMetadata
	55	+	Rpm pkg.RpmMetadata
	56	+	RustCargo pkg.CargoPackageMetadata
50	57		}
51	58
52	59		func main() {
		skipped 105 lines

■ ■ ■ ■ ■ ■

schema/json/schema-6.1.0.json

		skipped 199 lines
200	200		"files"
201	201		]
202	202		},
	203	+	"BinaryMetadata": {
	204	+	"properties": {
	205	+	"classifier": {
	206	+	"type": "string"
	207	+	},
	208	+	"realPath": {
	209	+	"type": "string"
	210	+	},
	211	+	"virtualPath": {
	212	+	"type": "string"
	213	+	}
	214	+	},
	215	+	"type": "object",
	216	+	"required": [
	217	+	"classifier",
	218	+	"realPath",
	219	+	"virtualPath"
	220	+	]
	221	+	},
203	222		"CargoPackageMetadata": {
204	223		"properties": {
205	224		"name": {
		skipped 560 lines
766	785		},
767	786		"type": "object"
768	787		},
	788	+	"MixLockMetadata": {
	789	+	"properties": {
	790	+	"name": {
	791	+	"type": "string"
	792	+	},
	793	+	"version": {
	794	+	"type": "string"
	795	+	},
	796	+	"pkgHash": {
	797	+	"type": "string"
	798	+	},
	799	+	"pkgHashExt": {
	800	+	"type": "string"
	801	+	}
	802	+	},
	803	+	"type": "object",
	804	+	"required": [
	805	+	"name",
	806	+	"version",
	807	+	"pkgHash",
	808	+	"pkgHashExt"
	809	+	]
	810	+	},
769	811		"NpmPackageJSONMetadata": {
770	812		"properties": {
771	813		"name": {
		skipped 40 lines
812	854		"description",
813	855		"url",
814	856		"private"
	857	+	]
	858	+	},
	859	+	"NpmPackageLockJSONMetadata": {
	860	+	"properties": {
	861	+	"resolved": {
	862	+	"type": "string"
	863	+	},
	864	+	"integrity": {
	865	+	"type": "string"
	866	+	}
	867	+	},
	868	+	"type": "object",
	869	+	"required": [
	870	+	"resolved",
	871	+	"integrity"
815	872		]
816	873		},
817	874		"Package": {
		skipped 52 lines
870	927		"$ref": "#/$defs/ApkMetadata"
871	928		},
872	929		{
	930	+	"$ref": "#/$defs/BinaryMetadata"
	931	+	},
	932	+	{
873	933		"$ref": "#/$defs/CargoPackageMetadata"
874	934		},
875	935		{
		skipped 30 lines
906	966		"$ref": "#/$defs/KbPackageMetadata"
907	967		},
908	968		{
	969	+	"$ref": "#/$defs/MixLockMetadata"
	970	+	},
	971	+	{
909	972		"$ref": "#/$defs/NpmPackageJSONMetadata"
	973	+	},
	974	+	{
	975	+	"$ref": "#/$defs/NpmPackageLockJSONMetadata"
910	976		},
911	977		{
912	978		"$ref": "#/$defs/PhpComposerJSONMetadata"
		skipped 3 lines
916	982		},
917	983		{
918	984		"$ref": "#/$defs/PythonPackageMetadata"
	985	+	},
	986	+	{
	987	+	"$ref": "#/$defs/PythonPipfileLockMetadata"
	988	+	},
	989	+	{
	990	+	"$ref": "#/$defs/RebarLockMetadata"
919	991		},
920	992		{
921	993		"$ref": "#/$defs/RpmMetadata"
		skipped 367 lines
1289	1361		"authorEmail",
1290	1362		"platform",
1291	1363		"sitePackagesRootPath"
	1364	+	]
	1365	+	},
	1366	+	"PythonPipfileLockMetadata": {
	1367	+	"properties": {
	1368	+	"hashes": {
	1369	+	"items": {
	1370	+	"type": "string"
	1371	+	},
	1372	+	"type": "array"
	1373	+	},
	1374	+	"index": {
	1375	+	"type": "string"
	1376	+	}
	1377	+	},
	1378	+	"type": "object",
	1379	+	"required": [
	1380	+	"hashes",
	1381	+	"index"
	1382	+	]
	1383	+	},
	1384	+	"RebarLockMetadata": {
	1385	+	"properties": {
	1386	+	"name": {
	1387	+	"type": "string"
	1388	+	},
	1389	+	"version": {
	1390	+	"type": "string"
	1391	+	},
	1392	+	"pkgHash": {
	1393	+	"type": "string"
	1394	+	},
	1395	+	"pkgHashExt": {
	1396	+	"type": "string"
	1397	+	}
	1398	+	},
	1399	+	"type": "object",
	1400	+	"required": [
	1401	+	"name",
	1402	+	"version",
	1403	+	"pkgHash",
	1404	+	"pkgHashExt"
1292	1405		]
1293	1406		},
1294	1407		"Relationship": {
		skipped 198 lines

■ ■ ■ ■ ■ ■

syft/pkg/cataloger/javascript/cataloger_test.go

		skipped 11 lines
12	12		locationSet := source.NewLocationSet(source.NewLocation("package-lock.json"))
13	13		expectedPkgs := []pkg.Package{
14	14		{
15		-	Name: "@actions/core",
16		-	Version: "1.6.0",
17		-	FoundBy: "javascript-lock-cataloger",
18		-	PURL: "pkg:npm/%40actions/[email protected]",
19		-	Locations: locationSet,
20		-	Language: pkg.JavaScript,
21		-	Type: pkg.NpmPkg,
22		-	Licenses: []string{"MIT"},
	15	+	Name: "@actions/core",
	16	+	Version: "1.6.0",
	17	+	FoundBy: "javascript-lock-cataloger",
	18	+	PURL: "pkg:npm/%40actions/[email protected]",
	19	+	Locations: locationSet,
	20	+	Language: pkg.JavaScript,
	21	+	Type: pkg.NpmPkg,
	22	+	Licenses: []string{"MIT"},
	23	+	MetadataType: pkg.NpmPackageLockJSONMetadataType,
	24	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/@actions/core/-/core-1.6.0.tgz", Integrity: "sha512-NB1UAZomZlCV/LmJqkLhNTqtKfFXJZAUPcfl/zqG7EfsQdeUJtaWO98SGbuQ3pydJ3fHl2CvI/51OKYlCYYcaw=="},
23	25		},
24	26		{
25		-	Name: "ansi-regex",
26		-	Version: "3.0.0",
27		-	FoundBy: "javascript-lock-cataloger",
28		-	PURL: "pkg:npm/[email protected]",
29		-	Locations: locationSet,
30		-	Language: pkg.JavaScript,
31		-	Type: pkg.NpmPkg,
	27	+	Name: "ansi-regex",
	28	+	Version: "3.0.0",
	29	+	FoundBy: "javascript-lock-cataloger",
	30	+	PURL: "pkg:npm/[email protected]",
	31	+	Locations: locationSet,
	32	+	Language: pkg.JavaScript,
	33	+	Type: pkg.NpmPkg,
	34	+	MetadataType: pkg.NpmPackageLockJSONMetadataType,
	35	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz", Integrity: "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg="},
32	36		},
33	37		{
34		-	Name: "cowsay",
35		-	Version: "1.4.0",
36		-	FoundBy: "javascript-lock-cataloger",
37		-	PURL: "pkg:npm/[email protected]",
38		-	Locations: locationSet,
39		-	Language: pkg.JavaScript,
40		-	Type: pkg.NpmPkg,
41		-	Licenses: []string{"MIT"},
	38	+	Name: "cowsay",
	39	+	Version: "1.4.0",
	40	+	FoundBy: "javascript-lock-cataloger",
	41	+	PURL: "pkg:npm/[email protected]",
	42	+	Locations: locationSet,
	43	+	Language: pkg.JavaScript,
	44	+	Type: pkg.NpmPkg,
	45	+	Licenses: []string{"MIT"},
	46	+	MetadataType: pkg.NpmPackageLockJSONMetadataType,
	47	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/cowsay/-/cowsay-1.4.0.tgz", Integrity: "sha512-rdg5k5PsHFVJheO/pmE3aDg2rUDDTfPJau6yYkZYlHFktUz+UxbE+IgnUAEyyCyv4noL5ltxXD0gZzmHPCy/9g=="},
42	48		},
43	49		{
44		-	Name: "get-stdin",
45		-	Version: "5.0.1",
46		-	FoundBy: "javascript-lock-cataloger",
47		-	PURL: "pkg:npm/[email protected]",
48		-	Locations: locationSet,
49		-	Language: pkg.JavaScript,
50		-	Type: pkg.NpmPkg,
	50	+	Name: "get-stdin",
	51	+	Version: "5.0.1",
	52	+	FoundBy: "javascript-lock-cataloger",
	53	+	PURL: "pkg:npm/[email protected]",
	54	+	Locations: locationSet,
	55	+	Language: pkg.JavaScript,
	56	+	Type: pkg.NpmPkg,
	57	+	MetadataType: pkg.NpmPackageLockJSONMetadataType,
	58	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/get-stdin/-/get-stdin-5.0.1.tgz", Integrity: "sha1-Ei4WFZHiH/TFJTAwVpPyDmOTo5g="},
51	59		},
52	60		{
53		-	Name: "is-fullwidth-code-point",
54		-	Version: "2.0.0",
55		-	FoundBy: "javascript-lock-cataloger",
56		-	PURL: "pkg:npm/[email protected]",
57		-	Locations: locationSet,
58		-	Language: pkg.JavaScript,
59		-	Type: pkg.NpmPkg,
	61	+	Name: "is-fullwidth-code-point",
	62	+	Version: "2.0.0",
	63	+	FoundBy: "javascript-lock-cataloger",
	64	+	PURL: "pkg:npm/[email protected]",
	65	+	Locations: locationSet,
	66	+	Language: pkg.JavaScript,
	67	+	Type: pkg.NpmPkg,
	68	+	MetadataType: pkg.NpmPackageLockJSONMetadataType,
	69	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz", Integrity: "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8="},
60	70		},
61	71		{
62		-	Name: "minimist",
63		-	Version: "0.0.10",
64		-	FoundBy: "javascript-lock-cataloger",
65		-	PURL: "pkg:npm/[email protected]",
66		-	Locations: locationSet,
67		-	Language: pkg.JavaScript,
68		-	Type: pkg.NpmPkg,
	72	+	Name: "minimist",
	73	+	Version: "0.0.10",
	74	+	FoundBy: "javascript-lock-cataloger",
	75	+	PURL: "pkg:npm/[email protected]",
	76	+	Locations: locationSet,
	77	+	Language: pkg.JavaScript,
	78	+	Type: pkg.NpmPkg,
	79	+	MetadataType: pkg.NpmPackageLockJSONMetadataType,
	80	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz", Integrity: "sha1-3j+YVD2/lggr5IrRoMfNqDYwHc8="},
69	81		},
70	82		{
71		-	Name: "optimist",
72		-	Version: "0.6.1",
73		-	FoundBy: "javascript-lock-cataloger",
74		-	PURL: "pkg:npm/[email protected]",
75		-	Locations: locationSet,
76		-	Language: pkg.JavaScript,
77		-	Type: pkg.NpmPkg,
	83	+	Name: "optimist",
	84	+	Version: "0.6.1",
	85	+	FoundBy: "javascript-lock-cataloger",
	86	+	PURL: "pkg:npm/[email protected]",
	87	+	Locations: locationSet,
	88	+	Language: pkg.JavaScript,
	89	+	Type: pkg.NpmPkg,
	90	+	MetadataType: pkg.NpmPackageLockJSONMetadataType,
	91	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/optimist/-/optimist-0.6.1.tgz", Integrity: "sha1-2j6nRob6IaGaERwybpDrFaAZZoY="},
78	92		},
79	93		{
80		-	Name: "string-width",
81		-	Version: "2.1.1",
82		-	FoundBy: "javascript-lock-cataloger",
83		-	PURL: "pkg:npm/[email protected]",
84		-	Locations: locationSet,
85		-	Language: pkg.JavaScript,
86		-	Type: pkg.NpmPkg,
	94	+	Name: "string-width",
	95	+	Version: "2.1.1",
	96	+	FoundBy: "javascript-lock-cataloger",
	97	+	PURL: "pkg:npm/[email protected]",
	98	+	Locations: locationSet,
	99	+	Language: pkg.JavaScript,
	100	+	Type: pkg.NpmPkg,
	101	+	MetadataType: pkg.NpmPackageLockJSONMetadataType,
	102	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz", Integrity: "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw=="},
87	103		},
88	104		{
89		-	Name: "strip-ansi",
90		-	Version: "4.0.0",
91		-	FoundBy: "javascript-lock-cataloger",
92		-	PURL: "pkg:npm/[email protected]",
93		-	Locations: locationSet,
94		-	Language: pkg.JavaScript,
95		-	Type: pkg.NpmPkg,
	105	+	Name: "strip-ansi",
	106	+	Version: "4.0.0",
	107	+	FoundBy: "javascript-lock-cataloger",
	108	+	PURL: "pkg:npm/[email protected]",
	109	+	Locations: locationSet,
	110	+	Language: pkg.JavaScript,
	111	+	Type: pkg.NpmPkg,
	112	+	MetadataType: pkg.NpmPackageLockJSONMetadataType,
	113	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz", Integrity: "sha1-qEeQIusaw2iocTibY1JixQXuNo8="},
96	114		},
97	115		{
98		-	Name: "strip-eof",
99		-	Version: "1.0.0",
100		-	FoundBy: "javascript-lock-cataloger",
101		-	PURL: "pkg:npm/[email protected]",
102		-	Locations: locationSet,
103		-	Language: pkg.JavaScript,
104		-	Type: pkg.NpmPkg,
	116	+	Name: "strip-eof",
	117	+	Version: "1.0.0",
	118	+	FoundBy: "javascript-lock-cataloger",
	119	+	PURL: "pkg:npm/[email protected]",
	120	+	Locations: locationSet,
	121	+	Language: pkg.JavaScript,
	122	+	Type: pkg.NpmPkg,
	123	+	MetadataType: pkg.NpmPackageLockJSONMetadataType,
	124	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/strip-eof/-/strip-eof-1.0.0.tgz", Integrity: "sha1-u0P/VZim6wXYm1n80SnJgzE2Br8="},
105	125		},
106	126		{
107		-	Name: "wordwrap",
108		-	Version: "0.0.3",
109		-	FoundBy: "javascript-lock-cataloger",
110		-	PURL: "pkg:npm/[email protected]",
111		-	Locations: locationSet,
112		-	Language: pkg.JavaScript,
113		-	Type: pkg.NpmPkg,
	127	+	Name: "wordwrap",
	128	+	Version: "0.0.3",
	129	+	FoundBy: "javascript-lock-cataloger",
	130	+	PURL: "pkg:npm/[email protected]",
	131	+	Locations: locationSet,
	132	+	Language: pkg.JavaScript,
	133	+	Type: pkg.NpmPkg,
	134	+	MetadataType: pkg.NpmPackageLockJSONMetadataType,
	135	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/wordwrap/-/wordwrap-0.0.3.tgz", Integrity: "sha1-o9XabNXAvAAI03I0u68b7WMFkQc="},
114	136		},
115	137		}
116	138
		skipped 7 lines

■ ■ ■ ■ ■ ■

syft/pkg/cataloger/javascript/package.go

		skipped 62 lines
63	63		resolver,
64	64		location,
65	65		pkg.Package{
66		-	Name: name,
67		-	Version: version,
68		-	Locations: source.NewLocationSet(location),
69		-	PURL: packageURL(name, version),
70		-	Language: pkg.JavaScript,
71		-	Type: pkg.NpmPkg,
	66	+	Name: name,
	67	+	Version: version,
	68	+	Locations: source.NewLocationSet(location),
	69	+	PURL: packageURL(name, version),
	70	+	Language: pkg.JavaScript,
	71	+	Type: pkg.NpmPkg,
	72	+	MetadataType: pkg.NpmPackageLockJSONMetadataType,
	73	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: u.Resolved, Integrity: u.Integrity},
72	74		},
73	75		)
74	76		}
		skipped 9 lines
84	86		resolver,
85	87		location,
86	88		pkg.Package{
87		-	Name: name,
88		-	Version: u.Version,
89		-	Locations: source.NewLocationSet(location),
90		-	PURL: packageURL(name, u.Version),
91		-	Language: pkg.JavaScript,
92		-	Type: pkg.NpmPkg,
93		-	Licenses: licenses,
	89	+	Name: name,
	90	+	Version: u.Version,
	91	+	Locations: source.NewLocationSet(location),
	92	+	PURL: packageURL(name, u.Version),
	93	+	Language: pkg.JavaScript,
	94	+	Type: pkg.NpmPkg,
	95	+	Licenses: licenses,
	96	+	MetadataType: pkg.NpmPackageLockJSONMetadataType,
	97	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: u.Resolved, Integrity: u.Integrity},
94	98		},
95	99		)
96	100		}
		skipped 109 lines

■ ■ ■ ■ ■ ■

syft/pkg/cataloger/javascript/parse_package_lock_test.go

		skipped 12 lines
13	13		var expectedRelationships []artifact.Relationship
14	14		expectedPkgs := []pkg.Package{
15	15		{
16		-	Name: "@actions/core",
17		-	Version: "1.6.0",
18		-	PURL: "pkg:npm/%40actions/[email protected]",
19		-	Language: pkg.JavaScript,
20		-	Type: pkg.NpmPkg,
	16	+	Name: "@actions/core",
	17	+	Version: "1.6.0",
	18	+	PURL: "pkg:npm/%40actions/[email protected]",
	19	+	Language: pkg.JavaScript,
	20	+	Type: pkg.NpmPkg,
	21	+	MetadataType: "NpmPackageLockJsonMetadata",
	22	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/@actions/core/-/core-1.6.0.tgz", Integrity: "sha512-NB1UAZomZlCV/LmJqkLhNTqtKfFXJZAUPcfl/zqG7EfsQdeUJtaWO98SGbuQ3pydJ3fHl2CvI/51OKYlCYYcaw=="},
21	23		},
22	24		{
23		-	Name: "ansi-regex",
24		-	Version: "3.0.0",
25		-	PURL: "pkg:npm/[email protected]",
26		-	Language: pkg.JavaScript,
27		-	Type: pkg.NpmPkg,
	25	+	Name: "ansi-regex",
	26	+	Version: "3.0.0",
	27	+	PURL: "pkg:npm/[email protected]",
	28	+	Language: pkg.JavaScript,
	29	+	Type: pkg.NpmPkg,
	30	+	MetadataType: "NpmPackageLockJsonMetadata",
	31	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz", Integrity: "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg="},
28	32		},
29	33		{
30		-	Name: "cowsay",
31		-	Version: "1.4.0",
32		-	PURL: "pkg:npm/[email protected]",
33		-	Language: pkg.JavaScript,
34		-	Type: pkg.NpmPkg,
	34	+	Name: "cowsay",
	35	+	Version: "1.4.0",
	36	+	PURL: "pkg:npm/[email protected]",
	37	+	Language: pkg.JavaScript,
	38	+	Type: pkg.NpmPkg,
	39	+	MetadataType: "NpmPackageLockJsonMetadata",
	40	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/cowsay/-/cowsay-1.4.0.tgz", Integrity: "sha512-rdg5k5PsHFVJheO/pmE3aDg2rUDDTfPJau6yYkZYlHFktUz+UxbE+IgnUAEyyCyv4noL5ltxXD0gZzmHPCy/9g=="},
35	41		},
36	42		{
37		-	Name: "get-stdin",
38		-	Version: "5.0.1",
39		-	PURL: "pkg:npm/[email protected]",
40		-	Language: pkg.JavaScript,
41		-	Type: pkg.NpmPkg,
	43	+	Name: "get-stdin",
	44	+	Version: "5.0.1",
	45	+	PURL: "pkg:npm/[email protected]",
	46	+	Language: pkg.JavaScript,
	47	+	Type: pkg.NpmPkg,
	48	+	MetadataType: "NpmPackageLockJsonMetadata",
	49	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/get-stdin/-/get-stdin-5.0.1.tgz", Integrity: "sha1-Ei4WFZHiH/TFJTAwVpPyDmOTo5g="},
42	50		},
43	51		{
44		-	Name: "is-fullwidth-code-point",
45		-	Version: "2.0.0",
46		-	PURL: "pkg:npm/[email protected]",
47		-	Language: pkg.JavaScript,
48		-	Type: pkg.NpmPkg,
	52	+	Name: "is-fullwidth-code-point",
	53	+	Version: "2.0.0",
	54	+	PURL: "pkg:npm/[email protected]",
	55	+	Language: pkg.JavaScript,
	56	+	Type: pkg.NpmPkg,
	57	+	MetadataType: "NpmPackageLockJsonMetadata",
	58	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz", Integrity: "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8="},
49	59		},
50	60		{
51		-	Name: "minimist",
52		-	Version: "0.0.10",
53		-	PURL: "pkg:npm/[email protected]",
54		-	Language: pkg.JavaScript,
55		-	Type: pkg.NpmPkg,
	61	+	Name: "minimist",
	62	+	Version: "0.0.10",
	63	+	PURL: "pkg:npm/[email protected]",
	64	+	Language: pkg.JavaScript,
	65	+	Type: pkg.NpmPkg,
	66	+	MetadataType: "NpmPackageLockJsonMetadata",
	67	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz", Integrity: "sha1-3j+YVD2/lggr5IrRoMfNqDYwHc8="},
56	68		},
57	69		{
58		-	Name: "optimist",
59		-	Version: "0.6.1",
60		-	PURL: "pkg:npm/[email protected]",
61		-	Language: pkg.JavaScript,
62		-	Type: pkg.NpmPkg,
	70	+	Name: "optimist",
	71	+	Version: "0.6.1",
	72	+	PURL: "pkg:npm/[email protected]",
	73	+	Language: pkg.JavaScript,
	74	+	Type: pkg.NpmPkg,
	75	+	MetadataType: "NpmPackageLockJsonMetadata",
	76	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/optimist/-/optimist-0.6.1.tgz", Integrity: "sha1-2j6nRob6IaGaERwybpDrFaAZZoY="},
63	77		},
64	78		{
65		-	Name: "string-width",
66		-	Version: "2.1.1",
67		-	PURL: "pkg:npm/[email protected]",
68		-	Language: pkg.JavaScript,
69		-	Type: pkg.NpmPkg,
	79	+	Name: "string-width",
	80	+	Version: "2.1.1",
	81	+	PURL: "pkg:npm/[email protected]",
	82	+	Language: pkg.JavaScript,
	83	+	Type: pkg.NpmPkg,
	84	+	MetadataType: "NpmPackageLockJsonMetadata",
	85	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz", Integrity: "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw=="},
70	86		},
71	87		{
72		-	Name: "strip-ansi",
73		-	Version: "4.0.0",
74		-	PURL: "pkg:npm/[email protected]",
75		-	Language: pkg.JavaScript,
76		-	Type: pkg.NpmPkg,
	88	+	Name: "strip-ansi",
	89	+	Version: "4.0.0",
	90	+	PURL: "pkg:npm/[email protected]",
	91	+	Language: pkg.JavaScript,
	92	+	Type: pkg.NpmPkg,
	93	+	MetadataType: "NpmPackageLockJsonMetadata",
	94	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz", Integrity: "sha1-qEeQIusaw2iocTibY1JixQXuNo8="},
77	95		},
78	96		{
79		-	Name: "strip-eof",
80		-	Version: "1.0.0",
81		-	PURL: "pkg:npm/[email protected]",
82		-	Language: pkg.JavaScript,
83		-	Type: pkg.NpmPkg,
	97	+	Name: "strip-eof",
	98	+	Version: "1.0.0",
	99	+	PURL: "pkg:npm/[email protected]",
	100	+	Language: pkg.JavaScript,
	101	+	Type: pkg.NpmPkg,
	102	+	MetadataType: "NpmPackageLockJsonMetadata",
	103	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/strip-eof/-/strip-eof-1.0.0.tgz", Integrity: "sha1-u0P/VZim6wXYm1n80SnJgzE2Br8="},
84	104		},
85	105		{
86		-	Name: "wordwrap",
87		-	Version: "0.0.3",
88		-	PURL: "pkg:npm/[email protected]",
89		-	Language: pkg.JavaScript,
90		-	Type: pkg.NpmPkg,
	106	+	Name: "wordwrap",
	107	+	Version: "0.0.3",
	108	+	PURL: "pkg:npm/[email protected]",
	109	+	Language: pkg.JavaScript,
	110	+	Type: pkg.NpmPkg,
	111	+	MetadataType: "NpmPackageLockJsonMetadata",
	112	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/wordwrap/-/wordwrap-0.0.3.tgz", Integrity: "sha1-o9XabNXAvAAI03I0u68b7WMFkQc="},
91	113		},
92	114		}
93	115		fixture := "test-fixtures/pkg-lock/package-lock.json"
		skipped 9 lines
103	125		var expectedRelationships []artifact.Relationship
104	126		expectedPkgs := []pkg.Package{
105	127		{
106		-	Name: "npm",
107		-	Version: "6.14.6",
108		-	Language: pkg.JavaScript,
109		-	Type: pkg.NpmPkg,
110		-	PURL: "pkg:npm/[email protected]",
	128	+	Name: "npm",
	129	+	Version: "6.14.6",
	130	+	Language: pkg.JavaScript,
	131	+	Type: pkg.NpmPkg,
	132	+	PURL: "pkg:npm/[email protected]",
	133	+	MetadataType: "NpmPackageLockJsonMetadata",
	134	+	Metadata: pkg.NpmPackageLockJSONMetadata{},
111	135		},
112	136		{
113		-	Name: "@types/prop-types",
114		-	Version: "15.7.5",
115		-	PURL: "pkg:npm/%40types/[email protected]",
116		-	Language: pkg.JavaScript,
117		-	Type: pkg.NpmPkg,
118		-	Licenses: []string{"MIT"},
	137	+	Name: "@types/prop-types",
	138	+	Version: "15.7.5",
	139	+	PURL: "pkg:npm/%40types/[email protected]",
	140	+	Language: pkg.JavaScript,
	141	+	Type: pkg.NpmPkg,
	142	+	Licenses: []string{"MIT"},
	143	+	MetadataType: "NpmPackageLockJsonMetadata",
	144	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.5.tgz", Integrity: "sha1-XxnSuFqY6VWANvajysyIGUIPBc8="},
119	145		},
120	146		{
121		-	Name: "@types/react",
122		-	Version: "18.0.17",
123		-	PURL: "pkg:npm/%40types/[email protected]",
124		-	Language: pkg.JavaScript,
125		-	Type: pkg.NpmPkg,
126		-	Licenses: []string{"MIT"},
	147	+	Name: "@types/react",
	148	+	Version: "18.0.17",
	149	+	PURL: "pkg:npm/%40types/[email protected]",
	150	+	Language: pkg.JavaScript,
	151	+	Type: pkg.NpmPkg,
	152	+	Licenses: []string{"MIT"},
	153	+	MetadataType: "NpmPackageLockJsonMetadata",
	154	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/@types/react/-/react-18.0.17.tgz", Integrity: "sha1-RYPZwyLWfv5LOak10iPtzHBQzPQ="},
127	155		},
128	156		{
129		-	Name: "@types/scheduler",
130		-	Version: "0.16.2",
131		-	PURL: "pkg:npm/%40types/[email protected]",
132		-	Language: pkg.JavaScript,
133		-	Type: pkg.NpmPkg,
134		-	Licenses: []string{"MIT"},
	157	+	Name: "@types/scheduler",
	158	+	Version: "0.16.2",
	159	+	PURL: "pkg:npm/%40types/[email protected]",
	160	+	Language: pkg.JavaScript,
	161	+	Type: pkg.NpmPkg,
	162	+	Licenses: []string{"MIT"},
	163	+	MetadataType: "NpmPackageLockJsonMetadata",
	164	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.2.tgz", Integrity: "sha1-GmL4lSVyPd4kuhsBsJK/XfitTTk="},
135	165		},
136	166		{
137		-	Name: "csstype",
138		-	Version: "3.1.0",
139		-	PURL: "pkg:npm/[email protected]",
140		-	Language: pkg.JavaScript,
141		-	Type: pkg.NpmPkg,
142		-	Licenses: []string{"MIT"},
	167	+	Name: "csstype",
	168	+	Version: "3.1.0",
	169	+	PURL: "pkg:npm/[email protected]",
	170	+	Language: pkg.JavaScript,
	171	+	Type: pkg.NpmPkg,
	172	+	Licenses: []string{"MIT"},
	173	+	MetadataType: "NpmPackageLockJsonMetadata",
	174	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/csstype/-/csstype-3.1.0.tgz", Integrity: "sha1-TdysNxjXh8+d8NG30VAzklyPKfI="},
143	175		},
144	176		}
145	177		for i := range expectedPkgs {
		skipped 7 lines
153	185		var expectedRelationships []artifact.Relationship
154	186		expectedPkgs := []pkg.Package{
155	187		{
156		-	Name: "lock-v3-fixture",
157		-	Version: "1.0.0",
158		-	Language: pkg.JavaScript,
159		-	Type: pkg.NpmPkg,
160		-	PURL: "pkg:npm/[email protected]",
	188	+	Name: "lock-v3-fixture",
	189	+	Version: "1.0.0",
	190	+	Language: pkg.JavaScript,
	191	+	Type: pkg.NpmPkg,
	192	+	PURL: "pkg:npm/[email protected]",
	193	+	MetadataType: "NpmPackageLockJsonMetadata",
	194	+	Metadata: pkg.NpmPackageLockJSONMetadata{},
161	195		},
162	196		{
163		-	Name: "@types/prop-types",
164		-	Version: "15.7.5",
165		-	Language: pkg.JavaScript,
166		-	Type: pkg.NpmPkg,
167		-	PURL: "pkg:npm/%40types/[email protected]",
	197	+	Name: "@types/prop-types",
	198	+	Version: "15.7.5",
	199	+	Language: pkg.JavaScript,
	200	+	Type: pkg.NpmPkg,
	201	+	PURL: "pkg:npm/%40types/[email protected]",
	202	+	MetadataType: "NpmPackageLockJsonMetadata",
	203	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.5.tgz", Integrity: "sha512-JCB8C6SnDoQf0cNycqd/35A7MjcnK+ZTqE7judS6o7utxUCg6imJg3QK2qzHKszlTjcj2cn+NwMB2i96ubpj7w=="},
168	204		},
169	205		{
170		-	Name: "@types/react",
171		-	Version: "18.0.20",
172		-	Language: pkg.JavaScript,
173		-	Type: pkg.NpmPkg,
174		-	PURL: "pkg:npm/%40types/[email protected]",
	206	+	Name: "@types/react",
	207	+	Version: "18.0.20",
	208	+	Language: pkg.JavaScript,
	209	+	Type: pkg.NpmPkg,
	210	+	PURL: "pkg:npm/%40types/[email protected]",
	211	+	MetadataType: "NpmPackageLockJsonMetadata",
	212	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/@types/react/-/react-18.0.20.tgz", Integrity: "sha512-MWul1teSPxujEHVwZl4a5HxQ9vVNsjTchVA+xRqv/VYGCuKGAU6UhfrTdF5aBefwD1BHUD8i/zq+O/vyCm/FrA=="},
175	213		},
176	214		{
177		-	Name: "@types/scheduler",
178		-	Version: "0.16.2",
179		-	Language: pkg.JavaScript,
180		-	Type: pkg.NpmPkg,
181		-	PURL: "pkg:npm/%40types/[email protected]",
	215	+	Name: "@types/scheduler",
	216	+	Version: "0.16.2",
	217	+	Language: pkg.JavaScript,
	218	+	Type: pkg.NpmPkg,
	219	+	PURL: "pkg:npm/%40types/[email protected]",
	220	+	MetadataType: "NpmPackageLockJsonMetadata",
	221	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.2.tgz", Integrity: "sha512-hppQEBDmlwhFAXKJX2KnWLYu5yMfi91yazPb2l+lbJiwW+wdo1gNeRA+3RgNSO39WYX2euey41KEwnqesU2Jew=="},
182	222		},
183	223		{
184		-	Name: "csstype",
185		-	Version: "3.1.1",
186		-	Language: pkg.JavaScript,
187		-	Type: pkg.NpmPkg,
188		-	PURL: "pkg:npm/[email protected]",
	224	+	Name: "csstype",
	225	+	Version: "3.1.1",
	226	+	Language: pkg.JavaScript,
	227	+	Type: pkg.NpmPkg,
	228	+	PURL: "pkg:npm/[email protected]",
	229	+	MetadataType: "NpmPackageLockJsonMetadata",
	230	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/csstype/-/csstype-3.1.1.tgz", Integrity: "sha512-DJR/VvkAvSZW9bTouZue2sSxDwdTN92uHjqeKVm+0dAqdfNykRzQ95tay8aXMBAAPpUiq4Qcug2L7neoRh2Egw=="},
189	231		},
190	232		}
191	233		for i := range expectedPkgs {
		skipped 6 lines
198	240		var expectedRelationships []artifact.Relationship
199	241		commonPkgs := []pkg.Package{
200	242		{
201		-	Name: "case",
202		-	Version: "1.6.2",
203		-	PURL: "pkg:npm/[email protected]",
204		-	Language: pkg.JavaScript,
205		-	Type: pkg.NpmPkg,
	243	+	Name: "case",
	244	+	Version: "1.6.2",
	245	+	PURL: "pkg:npm/[email protected]",
	246	+	Language: pkg.JavaScript,
	247	+	Type: pkg.NpmPkg,
	248	+	MetadataType: "NpmPackageLockJsonMetadata",
	249	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/case/-/case-1.6.2.tgz", Integrity: "sha512-ll380ZRoraT7mUK2G92UbH+FJVD5AwdVIAYk9xhV1tauh0carDgYByUD1HhjCWsWgxrfQvCeHvtfj7IYR6TKeg=="},
206	250		},
207	251		{
208		-	Name: "case",
209		-	Version: "1.6.3",
210		-	PURL: "pkg:npm/[email protected]",
211		-	Language: pkg.JavaScript,
212		-	Type: pkg.NpmPkg,
	252	+	Name: "case",
	253	+	Version: "1.6.3",
	254	+	PURL: "pkg:npm/[email protected]",
	255	+	Language: pkg.JavaScript,
	256	+	Type: pkg.NpmPkg,
	257	+	MetadataType: "NpmPackageLockJsonMetadata",
	258	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/case/-/case-1.6.3.tgz", Integrity: "sha512-mzDSXIPaFwVDvZAHqZ9VlbyF4yyXRuX6IvB06WvPYkqJVO24kX1PPhv9bfpKNFZyxYFmmgo03HUiD8iklmJYRQ=="},
213	259		},
214	260		{
215		-	Name: "@bundled-es-modules/chai",
216		-	Version: "4.2.2",
217		-	PURL: "pkg:npm/%40bundled-es-modules/[email protected]",
218		-	Language: pkg.JavaScript,
219		-	Type: pkg.NpmPkg,
	261	+	Name: "@bundled-es-modules/chai",
	262	+	Version: "4.2.2",
	263	+	PURL: "pkg:npm/%40bundled-es-modules/[email protected]",
	264	+	Language: pkg.JavaScript,
	265	+	Type: pkg.NpmPkg,
	266	+	MetadataType: "NpmPackageLockJsonMetadata",
	267	+	Metadata: pkg.NpmPackageLockJSONMetadata{Resolved: "https://registry.npmjs.org/@bundled-es-modules/chai/-/chai-4.2.2.tgz", Integrity: "sha512-iGmVYw2/zJCoqyKTtWEYCtFmMyi8WmACQKtky0lpNyEKWX0YIOpKWGD7saMXL+tPpllss0otilxV0SLwyi3Ytg=="},
220	268		},
221	269		}
222	270
223	271		v2Pkg := pkg.Package{
224		-	Name: "alias-check",
225		-	Version: "1.0.0",
226		-	PURL: "pkg:npm/[email protected]",
227		-	Language: pkg.JavaScript,
228		-	Type: pkg.NpmPkg,
229		-	Licenses: []string{"ISC"},
	272	+	Name: "alias-check",
	273	+	Version: "1.0.0",
	274	+	PURL: "pkg:npm/[email protected]",
	275	+	Language: pkg.JavaScript,
	276	+	Type: pkg.NpmPkg,
	277	+	Licenses: []string{"ISC"},
	278	+	MetadataType: "NpmPackageLockJsonMetadata",
	279	+	Metadata: pkg.NpmPackageLockJSONMetadata{},
230	280		}
231	281
232	282		packageLockV1 := "test-fixtures/pkg-lock/alias-package-lock-1.json"
		skipped 18 lines

■ ■ ■ ■ ■ ■

syft/pkg/cataloger/python/package.go

		skipped 22 lines
23	23		return p
24	24		}
25	25
	26	+	func newPackageForIndexWithMetadata(name, version string, metadata pkg.PythonPipfileLockMetadata, locations ...source.Location) pkg.Package {
	27	+	p := pkg.Package{
	28	+	Name: name,
	29	+	Version: version,
	30	+	Locations: source.NewLocationSet(locations...),
	31	+	PURL: packageURL(name, version, nil),
	32	+	Language: pkg.Python,
	33	+	Type: pkg.PythonPkg,
	34	+	MetadataType: pkg.PythonPipfileLockMetadataType,
	35	+	Metadata: metadata,
	36	+	}
	37	+
	38	+	p.SetID()
	39	+
	40	+	return p
	41	+	}
	42	+
26	43		func newPackageForPackage(m pkg.PythonPackageMetadata, sources ...source.Location) pkg.Package {
27	44		var licenses []string
28	45		if m.License != "" {
		skipped 54 lines

■ ■ ■ ■ ■ ■

syft/pkg/cataloger/python/parse_pipfile_lock.go

		skipped 32 lines
33	33		}
34	34
35	35		type Dependency struct {
36		-	Version string `json:"version"`
	36	+	Hashes []string `json:"hashes"`
	37	+	Version string `json:"version"`
	38	+	Index string `json:"index"`
37	39		}
38	40
39	41		var _ generic.Parser = parsePipfileLock
		skipped 10 lines
50	52		} else if err != nil {
51	53		return nil, nil, fmt.Errorf("failed to parse Pipfile.lock file: %w", err)
52	54		}
	55	+	sourcesMap := map[string]string{}
	56	+	for _, source := range lock.Meta.Sources {
	57	+	sourcesMap[source.Name] = source.URL
	58	+	}
53	59		for name, pkgMeta := range lock.Default {
	60	+	var index string
	61	+	if pkgMeta.Index != "" {
	62	+	index = sourcesMap[pkgMeta.Index]
	63	+	} else {
	64	+	// https://pipenv.pypa.io/en/latest/advanced/#specifying-package-indexes
	65	+	index = "https://pypi.org/simple"
	66	+	}
54	67		version := strings.TrimPrefix(pkgMeta.Version, "==")
55		-	pkgs = append(pkgs, newPackageForIndex(name, version, reader.Location))
	68	+	pkgs = append(pkgs, newPackageForIndexWithMetadata(name, version, pkg.PythonPipfileLockMetadata{Index: index, Hashes: pkgMeta.Hashes}, reader.Location))
56	69		}
57	70		}
58	71
		skipped 5 lines

■ ■ ■ ■ ■ ■

syft/pkg/cataloger/python/parse_pipfile_lock_test.go

		skipped 14 lines
15	15		locations := source.NewLocationSet(source.NewLocation(fixture))
16	16		expectedPkgs := []pkg.Package{
17	17		{
18		-	Name: "aio-pika",
19		-	Version: "6.8.0",
20		-	PURL: "pkg:pypi/[email protected]",
21		-	Locations: locations,
22		-	Language: pkg.Python,
23		-	Type: pkg.PythonPkg,
	18	+	Name: "aio-pika",
	19	+	Version: "6.8.0",
	20	+	PURL: "pkg:pypi/[email protected]",
	21	+	Locations: locations,
	22	+	Language: pkg.Python,
	23	+	Type: pkg.PythonPkg,
	24	+	MetadataType: pkg.PythonPipfileLockMetadataType,
	25	+	Metadata: pkg.PythonPipfileLockMetadata{
	26	+	Index: "https://pypi.org/simple",
	27	+	Hashes: []string{
	28	+	"sha256:1d4305a5f78af3857310b4fe48348cdcf6c097e0e275ea88c2cd08570531a369",
	29	+	"sha256:e69afef8695f47c5d107bbdba21bdb845d5c249acb3be53ef5c2d497b02657c0",
	30	+	}},
24	31		},
25	32		{
26		-	Name: "aiodns",
27		-	Version: "2.0.0",
28		-	PURL: "pkg:pypi/[email protected]",
29		-	Locations: locations,
30		-	Language: pkg.Python,
31		-	Type: pkg.PythonPkg,
	33	+	Name: "aiodns",
	34	+	Version: "2.0.0",
	35	+	PURL: "pkg:pypi/[email protected]",
	36	+	Locations: locations,
	37	+	Language: pkg.Python,
	38	+	Type: pkg.PythonPkg,
	39	+	MetadataType: pkg.PythonPipfileLockMetadataType,
	40	+	Metadata: pkg.PythonPipfileLockMetadata{
	41	+	Index: "https://test.pypi.org/simple",
	42	+	Hashes: []string{
	43	+	"sha256:815fdef4607474295d68da46978a54481dd1e7be153c7d60f9e72773cd38d77d",
	44	+	"sha256:aaa5ac584f40fe778013df0aa6544bf157799bd3f608364b451840ed2c8688de",
	45	+	},
	46	+	},
32	47		},
33	48		{
34		-	Name: "aiohttp",
35		-	Version: "3.7.4.post0",
36		-	PURL: "pkg:pypi/[email protected]",
37		-	Locations: locations,
38		-	Language: pkg.Python,
39		-	Type: pkg.PythonPkg,
	49	+	Name: "aiohttp",
	50	+	Version: "3.7.4.post0",
	51	+	PURL: "pkg:pypi/[email protected]",
	52	+	Locations: locations,
	53	+	Language: pkg.Python,
	54	+	Type: pkg.PythonPkg,
	55	+	MetadataType: pkg.PythonPipfileLockMetadataType,
	56	+	Metadata: pkg.PythonPipfileLockMetadata{
	57	+	Index: "https://pypi.org/simple",
	58	+	Hashes: []string{
	59	+	"sha256:02f46fc0e3c5ac58b80d4d56eb0a7c7d97fcef69ace9326289fb9f1955e65cfe",
	60	+	"sha256:0563c1b3826945eecd62186f3f5c7d31abb7391fedc893b7e2b26303b5a9f3fe",
	61	+	},
	62	+	},
40	63		},
41	64		{
42		-	Name: "aiohttp-jinja2",
43		-	Version: "1.4.2",
44		-	PURL: "pkg:pypi/[email protected]",
45		-	Locations: locations,
46		-	Language: pkg.Python,
47		-	Type: pkg.PythonPkg,
	65	+	Name: "aiohttp-jinja2",
	66	+	Version: "1.4.2",
	67	+	PURL: "pkg:pypi/[email protected]",
	68	+	Locations: locations,
	69	+	Language: pkg.Python,
	70	+	Type: pkg.PythonPkg,
	71	+	MetadataType: pkg.PythonPipfileLockMetadataType,
	72	+	Metadata: pkg.PythonPipfileLockMetadata{
	73	+	Index: "https://pypi.org/simple",
	74	+	Hashes: []string{
	75	+	"sha256:860da7582efa866744bad5883947557d0f82e457d69903ea65d666b66f8a69ca",
	76	+	"sha256:9c22a0e48e3b277fc145c67dd8c3b8f609dab36bce9eb337f70dfe716663c9a0",
	77	+	},
	78	+	},
48	79		},
49	80		}
50	81
		skipped 6 lines

■ ■ ■ ■ ■ ■

syft/pkg/cataloger/python/test-fixtures/pipfile-lock/Pipfile.lock

		skipped 11 lines
12	12		"name": "pypi",
13	13		"url": "https://pypi.org/simple",
14	14		"verify_ssl": true
	15	+	},
	16	+	{
	17	+	"name": "test",
	18	+	"url": "https://test.pypi.org/simple",
	19	+	"verify_ssl": true
15	20		}
16	21		]
17	22		},
		skipped 11 lines
29	34		"sha256:815fdef4607474295d68da46978a54481dd1e7be153c7d60f9e72773cd38d77d",
30	35		"sha256:aaa5ac584f40fe778013df0aa6544bf157799bd3f608364b451840ed2c8688de"
31	36		],
32		-	"index": "pypi",
	37	+	"index": "test",
33	38		"version": "==2.0.0"
34	39		},
35	40		"aiohttp": {
		skipped 34 lines

■ ■ ■ ■ ■ ■

syft/pkg/metadata.go

		skipped 8 lines
9	9
10	10		const (
11	11		// this is the full set of data shapes that can be represented within the pkg.Package.Metadata field
12		-	AlpmMetadataType MetadataType = "AlpmMetadata"
13		-	ApkMetadataType MetadataType = "ApkMetadata"
14		-	BinaryMetadataType MetadataType = "BinaryMetadata"
15		-	CocoapodsMetadataType MetadataType = "CocoapodsMetadataType"
16		-	ConanLockMetadataType MetadataType = "ConanLockMetadataType"
17		-	ConanMetadataType MetadataType = "ConanMetadataType"
18		-	DartPubMetadataType MetadataType = "DartPubMetadata"
19		-	DotnetDepsMetadataType MetadataType = "DotnetDepsMetadata"
20		-	DpkgMetadataType MetadataType = "DpkgMetadata"
21		-	GemMetadataType MetadataType = "GemMetadata"
22		-	GolangMetadataType MetadataType = "GolangMetadata"
23		-	HackageMetadataType MetadataType = "HackageMetadataType"
24		-	JavaMetadataType MetadataType = "JavaMetadata"
25		-	KbPackageMetadataType MetadataType = "KbPackageMetadata"
26		-	MixLockMetadataType MetadataType = "MixLockMetadataType"
27		-	NpmPackageJSONMetadataType MetadataType = "NpmPackageJsonMetadata"
28		-	PhpComposerJSONMetadataType MetadataType = "PhpComposerJsonMetadata"
29		-	PortageMetadataType MetadataType = "PortageMetadata"
30		-	PythonPackageMetadataType MetadataType = "PythonPackageMetadata"
31		-	RebarLockMetadataType MetadataType = "RebarLockMetadataType"
32		-	RpmMetadataType MetadataType = "RpmMetadata"
33		-	RustCargoPackageMetadataType MetadataType = "RustCargoPackageMetadata"
34		-	UnknownMetadataType MetadataType = "UnknownMetadata"
	12	+	UnknownMetadataType MetadataType = "UnknownMetadata"
	13	+	AlpmMetadataType MetadataType = "AlpmMetadata"
	14	+	ApkMetadataType MetadataType = "ApkMetadata"
	15	+	BinaryMetadataType MetadataType = "BinaryMetadata"
	16	+	CocoapodsMetadataType MetadataType = "CocoapodsMetadataType"
	17	+	ConanLockMetadataType MetadataType = "ConanLockMetadataType"
	18	+	ConanMetadataType MetadataType = "ConanMetadataType"
	19	+	DartPubMetadataType MetadataType = "DartPubMetadata"
	20	+	DotnetDepsMetadataType MetadataType = "DotnetDepsMetadata"
	21	+	DpkgMetadataType MetadataType = "DpkgMetadata"
	22	+	GemMetadataType MetadataType = "GemMetadata"
	23	+	GolangMetadataType MetadataType = "GolangMetadata"
	24	+	HackageMetadataType MetadataType = "HackageMetadataType"
	25	+	JavaMetadataType MetadataType = "JavaMetadata"
	26	+	KbPackageMetadataType MetadataType = "KbPackageMetadata"
	27	+	MixLockMetadataType MetadataType = "MixLockMetadataType"
	28	+	NpmPackageJSONMetadataType MetadataType = "NpmPackageJsonMetadata"
	29	+	NpmPackageLockJSONMetadataType MetadataType = "NpmPackageLockJsonMetadata"
	30	+	PhpComposerJSONMetadataType MetadataType = "PhpComposerJsonMetadata"
	31	+	PortageMetadataType MetadataType = "PortageMetadata"
	32	+	PythonPackageMetadataType MetadataType = "PythonPackageMetadata"
	33	+	PythonPipfileLockMetadataType MetadataType = "PythonPipfileLockMetadata"
	34	+	RebarLockMetadataType MetadataType = "RebarLockMetadataType"
	35	+	RpmMetadataType MetadataType = "RpmMetadata"
	36	+	RustCargoPackageMetadataType MetadataType = "RustCargoPackageMetadata"
35	37		)
36	38
37	39		var AllMetadataTypes = []MetadataType{
		skipped 13 lines
51	53		KbPackageMetadataType,
52	54		MixLockMetadataType,
53	55		NpmPackageJSONMetadataType,
	56	+	NpmPackageLockJSONMetadataType,
54	57		PhpComposerJSONMetadataType,
55	58		PortageMetadataType,
56	59		PythonPackageMetadataType,
	60	+	PythonPipfileLockMetadataType,
57	61		RebarLockMetadataType,
58	62		RpmMetadataType,
59	63		RustCargoPackageMetadataType,
60	64		}
61	65
62	66		var MetadataTypeByName = map[MetadataType]reflect.Type{
63		-	AlpmMetadataType: reflect.TypeOf(AlpmMetadata{}),
64		-	ApkMetadataType: reflect.TypeOf(ApkMetadata{}),
65		-	BinaryMetadataType: reflect.TypeOf(BinaryMetadata{}),
66		-	CocoapodsMetadataType: reflect.TypeOf(CocoapodsMetadata{}),
67		-	ConanLockMetadataType: reflect.TypeOf(ConanLockMetadata{}),
68		-	ConanMetadataType: reflect.TypeOf(ConanMetadata{}),
69		-	DartPubMetadataType: reflect.TypeOf(DartPubMetadata{}),
70		-	DotnetDepsMetadataType: reflect.TypeOf(DotnetDepsMetadata{}),
71		-	DpkgMetadataType: reflect.TypeOf(DpkgMetadata{}),
72		-	GemMetadataType: reflect.TypeOf(GemMetadata{}),
73		-	GolangMetadataType: reflect.TypeOf(GolangMetadata{}),
74		-	HackageMetadataType: reflect.TypeOf(HackageMetadata{}),
75		-	JavaMetadataType: reflect.TypeOf(JavaMetadata{}),
76		-	KbPackageMetadataType: reflect.TypeOf(KbPackageMetadata{}),
77		-	MixLockMetadataType: reflect.TypeOf(MixLockMetadata{}),
78		-	NpmPackageJSONMetadataType: reflect.TypeOf(NpmPackageJSONMetadata{}),
79		-	PhpComposerJSONMetadataType: reflect.TypeOf(PhpComposerJSONMetadata{}),
80		-	PortageMetadataType: reflect.TypeOf(PortageMetadata{}),
81		-	PythonPackageMetadataType: reflect.TypeOf(PythonPackageMetadata{}),
82		-	RebarLockMetadataType: reflect.TypeOf(RebarLockMetadata{}),
83		-	RpmMetadataType: reflect.TypeOf(RpmMetadata{}),
84		-	RustCargoPackageMetadataType: reflect.TypeOf(CargoPackageMetadata{}),
	67	+	AlpmMetadataType: reflect.TypeOf(AlpmMetadata{}),
	68	+	ApkMetadataType: reflect.TypeOf(ApkMetadata{}),
	69	+	BinaryMetadataType: reflect.TypeOf(BinaryMetadata{}),
	70	+	CocoapodsMetadataType: reflect.TypeOf(CocoapodsMetadata{}),
	71	+	ConanLockMetadataType: reflect.TypeOf(ConanLockMetadata{}),
	72	+	ConanMetadataType: reflect.TypeOf(ConanMetadata{}),
	73	+	DartPubMetadataType: reflect.TypeOf(DartPubMetadata{}),
	74	+	DotnetDepsMetadataType: reflect.TypeOf(DotnetDepsMetadata{}),
	75	+	DpkgMetadataType: reflect.TypeOf(DpkgMetadata{}),
	76	+	GemMetadataType: reflect.TypeOf(GemMetadata{}),
	77	+	GolangMetadataType: reflect.TypeOf(GolangMetadata{}),
	78	+	HackageMetadataType: reflect.TypeOf(HackageMetadata{}),
	79	+	JavaMetadataType: reflect.TypeOf(JavaMetadata{}),
	80	+	KbPackageMetadataType: reflect.TypeOf(KbPackageMetadata{}),
	81	+	MixLockMetadataType: reflect.TypeOf(MixLockMetadata{}),
	82	+	NpmPackageJSONMetadataType: reflect.TypeOf(NpmPackageJSONMetadata{}),
	83	+	NpmPackageLockJSONMetadataType: reflect.TypeOf(NpmPackageLockJSONMetadata{}),
	84	+	PhpComposerJSONMetadataType: reflect.TypeOf(PhpComposerJSONMetadata{}),
	85	+	PortageMetadataType: reflect.TypeOf(PortageMetadata{}),
	86	+	PythonPackageMetadataType: reflect.TypeOf(PythonPackageMetadata{}),
	87	+	PythonPipfileLockMetadataType: reflect.TypeOf(PythonPipfileLockMetadata{}),
	88	+	RebarLockMetadataType: reflect.TypeOf(RebarLockMetadata{}),
	89	+	RpmMetadataType: reflect.TypeOf(RpmMetadata{}),
	90	+	RustCargoPackageMetadataType: reflect.TypeOf(CargoPackageMetadata{}),
85	91		}
86	92
87	93		func CleanMetadataType(typ MetadataType) MetadataType {
		skipped 9 lines

■ ■ ■ ■ ■ ■

syft/pkg/npm_package_json_metadata.go

1	1		package pkg
2	2
3		-	// NpmPackageJSONMetadata holds extra information that is used in pkg.Package
	3	+	// NpmPackageJSONMetadata holds parsing information for a javascript package.json file
4	4		type NpmPackageJSONMetadata struct {
5	5		Name string `mapstructure:"name" json:"name"`
6	6		Version string `mapstructure:"version" json:"version"`
		skipped 9 lines

■ ■ ■ ■ ■ ■

syft/pkg/npm_package_lock_json_metadata.go

1	+	package pkg
2	+
3	+	// NpmPackageLockJSONMetadata holds parsing information for a javascript package-lock.json file
4	+	type NpmPackageLockJSONMetadata struct {
5	+	Resolved string `mapstructure:"resolved" json:"resolved"`
6	+	Integrity string `mapstructure:"integrity" json:"integrity"`
7	+	}
8	+

■ ■ ■ ■ ■ ■

syft/pkg/python_pipefile_lock_metadata.go

1	+	package pkg
2	+
3	+	type PythonPipfileLockMetadata struct {
4	+	Hashes []string `mapstructure:"hashes" json:"hashes"`
5	+	Index string `mapstructure:"index" json:"index"`
6	+	}
7	+