provenant/parsers/
carthage.rs

1// SPDX-FileCopyrightText: Provenant contributors
2// SPDX-License-Identifier: Apache-2.0
3
4use std::path::Path;
5
6use super::metadata::ParserMetadata;
7use crate::models::{DatasourceId, Dependency, PackageData, PackageType};
8use crate::parser_warn as warn;
9use crate::parsers::utils::{MAX_ITERATION_COUNT, read_file_to_string, truncate_field};
10use packageurl::PackageUrl;
11
12use super::PackageParser;
13
14pub struct CarthageCartfileParser;
15
16impl PackageParser for CarthageCartfileParser {
17    const PACKAGE_TYPE: PackageType = PackageType::Carthage;
18
19    fn metadata() -> Vec<ParserMetadata> {
20        vec![ParserMetadata {
21            description: "Carthage Cartfile dependency manifest",
22            file_patterns: &["**/Cartfile", "**/Cartfile.private"],
23            package_type: "carthage",
24            primary_language: "Objective-C",
25            documentation_url: Some(
26                "https://github.com/Carthage/Carthage/blob/master/Documentation/Artifacts.md",
27            ),
28        }]
29    }
30
31    fn extract_packages(path: &Path) -> Vec<PackageData> {
32        let is_private = is_private_cartfile_path(path);
33        let content = match read_file_to_string(path, None) {
34            Ok(c) => c,
35            Err(e) => {
36                warn!("Failed to read Cartfile at {:?}: {}", path, e);
37                return vec![default_cartfile_package_data(is_private)];
38            }
39        };
40
41        let dependencies = parse_cartfile_lines(&content, false);
42
43        vec![PackageData {
44            package_type: Some(Self::PACKAGE_TYPE),
45            primary_language: Some("Objective-C".to_string()),
46            is_private,
47            dependencies,
48            datasource_id: Some(DatasourceId::CarthageCartfile),
49            ..Default::default()
50        }]
51    }
52
53    fn is_match(path: &Path) -> bool {
54        path.file_name()
55            .is_some_and(|name| name == "Cartfile" || name == "Cartfile.private")
56    }
57}
58
59pub struct CarthageCartfileResolvedParser;
60
61impl PackageParser for CarthageCartfileResolvedParser {
62    const PACKAGE_TYPE: PackageType = PackageType::Carthage;
63
64    fn metadata() -> Vec<ParserMetadata> {
65        vec![ParserMetadata {
66            description: "Carthage Cartfile.resolved pinned dependencies",
67            file_patterns: &["**/Cartfile.resolved"],
68            package_type: "carthage",
69            primary_language: "Objective-C",
70            documentation_url: Some(
71                "https://github.com/Carthage/Carthage/blob/master/Documentation/Artifacts.md",
72            ),
73        }]
74    }
75
76    fn extract_packages(path: &Path) -> Vec<PackageData> {
77        let content = match read_file_to_string(path, None) {
78            Ok(c) => c,
79            Err(e) => {
80                warn!("Failed to read Cartfile.resolved at {:?}: {}", path, e);
81                return vec![default_cartfile_resolved_package_data()];
82            }
83        };
84
85        let dependencies = parse_cartfile_lines(&content, true);
86
87        vec![PackageData {
88            package_type: Some(Self::PACKAGE_TYPE),
89            primary_language: Some("Objective-C".to_string()),
90            dependencies,
91            datasource_id: Some(DatasourceId::CarthageCartfileResolved),
92            ..Default::default()
93        }]
94    }
95
96    fn is_match(path: &Path) -> bool {
97        path.file_name()
98            .is_some_and(|name| name == "Cartfile.resolved")
99    }
100}
101
102#[derive(Debug, PartialEq)]
103enum OriginType {
104    Github,
105    Git,
106    Binary,
107}
108
109struct ParsedLine {
110    origin: OriginType,
111    source: String,
112    version_spec: Option<String>,
113}
114
115fn parse_cartfile_lines(content: &str, is_resolved: bool) -> Vec<Dependency> {
116    let mut dependencies = Vec::new();
117
118    for line in content.lines().take(MAX_ITERATION_COUNT) {
119        let line = line.trim();
120        if line.is_empty() || line.starts_with('#') {
121            continue;
122        }
123
124        let Some(parsed) = parse_line(line) else {
125            warn!("Failed to parse Cartfile line: {}", line);
126            continue;
127        };
128
129        let purl_version = if is_resolved {
130            parsed.version_spec.as_deref()
131        } else {
132            None
133        };
134
135        let (purl, name) = match parsed.origin {
136            OriginType::Github => make_github_purl(&parsed.source, purl_version),
137            OriginType::Git => make_git_dep_info(&parsed.source),
138            OriginType::Binary => make_binary_dep_info(&parsed.source),
139        };
140
141        let extracted_requirement = parsed.version_spec.map(truncate_field);
142
143        let is_pinned = if is_resolved { Some(true) } else { None };
144
145        dependencies.push(Dependency {
146            purl: purl.map(truncate_field),
147            extracted_requirement,
148            scope: Some("dependencies".to_string()),
149            is_runtime: None,
150            is_optional: None,
151            is_pinned,
152            is_direct: Some(true),
153            resolved_package: None,
154            extra_data: name.map(|n| {
155                let mut map = std::collections::HashMap::new();
156                map.insert("name".to_string(), serde_json::json!(n));
157                map
158            }),
159        });
160    }
161
162    dependencies
163}
164
165fn parse_line(line: &str) -> Option<ParsedLine> {
166    let (origin, rest) = if let Some(rest) = line.strip_prefix("github") {
167        (OriginType::Github, rest.trim())
168    } else if let Some(rest) = line.strip_prefix("git") {
169        (OriginType::Git, rest.trim())
170    } else if let Some(rest) = line.strip_prefix("binary") {
171        (OriginType::Binary, rest.trim())
172    } else {
173        return None;
174    };
175
176    let (source, remaining) = extract_quoted_string(rest)?;
177
178    let version_spec = extract_version_spec(remaining.trim());
179
180    Some(ParsedLine {
181        origin,
182        source,
183        version_spec,
184    })
185}
186
187fn extract_quoted_string(s: &str) -> Option<(String, &str)> {
188    let s = s.trim();
189    if !s.starts_with('"') {
190        return None;
191    }
192    let rest = &s[1..];
193    let end = rest.find('"')?;
194    Some((rest[..end].to_string(), &rest[end + 1..]))
195}
196
197fn extract_version_spec(s: &str) -> Option<String> {
198    let s = strip_inline_comment(s.trim());
199    if s.is_empty() || s.starts_with('#') {
200        return None;
201    }
202
203    let spec = if let Some(rest) = s.strip_prefix("~>") {
204        format!("~> {}", rest.trim())
205    } else if let Some(rest) = s.strip_prefix(">=") {
206        format!(">= {}", rest.trim())
207    } else if let Some(rest) = s.strip_prefix("==") {
208        format!("== {}", rest.trim())
209    } else if s.starts_with('"') {
210        let (version, _) = extract_quoted_string(s)?;
211        version
212    } else {
213        s.to_string()
214    };
215
216    if spec.is_empty() { None } else { Some(spec) }
217}
218
219fn strip_inline_comment(s: &str) -> &str {
220    s.find('#').map_or(s, |i| s[..i].trim_end())
221}
222
223fn make_github_purl(source: &str, version: Option<&str>) -> (Option<String>, Option<String>) {
224    let parts: Vec<&str> = source.splitn(2, '/').collect();
225    if parts.len() != 2 {
226        warn!("Invalid GitHub source in Cartfile: {}", source);
227        return (None, Some(source.to_string()));
228    }
229
230    let namespace = parts[0];
231    let name = parts[1];
232
233    let purl = match PackageUrl::new("github", name) {
234        Ok(mut p) => {
235            if let Err(e) = p.with_namespace(namespace) {
236                warn!(
237                    "Failed to set namespace for github purl '{}': {}",
238                    source, e
239                );
240                return (None, Some(name.to_string()));
241            }
242            if let Some(v) = version
243                && let Err(e) = p.with_version(v)
244            {
245                warn!(
246                    "Failed to set version '{}' for github purl '{}': {}",
247                    v, source, e
248                );
249            }
250            Some(p.to_string())
251        }
252        Err(e) => {
253            warn!("Failed to create PackageUrl for github '{}': {}", source, e);
254            None
255        }
256    };
257
258    (purl, Some(name.to_string()))
259}
260
261fn make_git_dep_info(source: &str) -> (Option<String>, Option<String>) {
262    let name = source
263        .rsplit('/')
264        .next()
265        .map(|s| s.strip_suffix(".git").unwrap_or(s))
266        .filter(|s| !s.is_empty())
267        .map(String::from);
268
269    (None, name)
270}
271
272fn make_binary_dep_info(source: &str) -> (Option<String>, Option<String>) {
273    let name = source
274        .rsplit('/')
275        .next()
276        .and_then(|s| s.strip_suffix(".json"))
277        .filter(|s| !s.is_empty())
278        .map(String::from);
279
280    (None, name)
281}
282
283fn is_private_cartfile_path(path: &Path) -> bool {
284    path.file_name()
285        .is_some_and(|name| name == "Cartfile.private")
286}
287
288fn default_cartfile_package_data(is_private: bool) -> PackageData {
289    PackageData {
290        package_type: Some(PackageType::Carthage),
291        primary_language: Some("Objective-C".to_string()),
292        is_private,
293        datasource_id: Some(DatasourceId::CarthageCartfile),
294        ..Default::default()
295    }
296}
297
298fn default_cartfile_resolved_package_data() -> PackageData {
299    PackageData {
300        package_type: Some(PackageType::Carthage),
301        primary_language: Some("Objective-C".to_string()),
302        datasource_id: Some(DatasourceId::CarthageCartfileResolved),
303        ..Default::default()
304    }
305}
provenant/parsers/carthage.rs

provenant/parsers/
carthage.rs
