- add conan.lock to the list (google#59)

* - add conan.lock to the list

* - conan lockfile parser

Signed-off-by: SSE4 <tomskside@gmail.com>

* - make CodeQL happy, use explicit uint64 cast

Signed-off-by: SSE4 <tomskside@gmail.com>

* Update pkg/lockfile/parse-conan-lock.go

* Update pkg/lockfile/parse-conan-lock.go

* Update pkg/lockfile/parse-conan-lock.go

Co-authored-by: Gareth Jones <Jones258@Gmail.com>

* Update pkg/lockfile/parse-conan-lock.go

Co-authored-by: Gareth Jones <Jones258@Gmail.com>

* Update pkg/lockfile/parse-conan-lock.go

Co-authored-by: Gareth Jones <Jones258@Gmail.com>

* Update pkg/lockfile/parse-conan-lock.go

Co-authored-by: Gareth Jones <Jones258@Gmail.com>

* - skip references with no name

Signed-off-by: SSE4 <tomskside@gmail.com>

* - add test for packages with no name specified

Signed-off-by: SSE4 <tomskside@gmail.com>

* Update README.md

* Update parse_test.go

* Update parse.go

* - fix test

Signed-off-by: SSE4 <tomskside@gmail.com>

Signed-off-by: SSE4 <tomskside@gmail.com>
Co-authored-by: Gareth Jones <Jones258@Gmail.com>

README.md

@@ -129,6 +129,7 @@ A wide range of lockfiles are supported by utilizing this [lockfile package](htt
 - `buildscript-gradle.lockfile`
 - `Cargo.lock`
 - `composer.lock`
+- `conan.lock`
 - `Gemfile.lock`
 - `go.mod`
 - `gradle.lockfile`

internal/semantic/parse.go

@@ -41,6 +41,8 @@ func Parse(str string, ecosystem Ecosystem) (Version, error) {
 		return parsePyPIVersion(str), nil
 	case "Pub":
 		return parseSemverVersion(str), nil
+	case "ConanCenter":
+		return parseSemverVersion(str), nil
 	}
 
 	return nil, fmt.Errorf("%w %s", ErrUnsupportedEcosystem, ecosystem)

pkg/lockfile/ecosystems.go

@@ -12,6 +12,7 @@ func KnownEcosystems() []Ecosystem {
 		MavenEcosystem,
 		PipEcosystem,
 		PubEcosystem,
+		ConanEcosystem,
 		// Disabled temporarily,
 		// see https://github.com/google/osv-scanner/pull/128 discussion for additional context
 		// AlpineEcosystem,

pkg/lockfile/fixtures/conan/empty.v1.json

@@ -0,0 +1,15 @@
+{
+    "graph_lock": {
+     "nodes": {
+      "0": {
+       "ref": "test/1.0",
+       "options": "fPIC=True\nshared=False",
+       "path": "conanfile.py",
+       "context": "host"
+      }
+     },
+     "revisions_enabled": false
+    },
+    "version": "0.4",
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n"
+   }

pkg/lockfile/fixtures/conan/empty.v1.revisions.json

@@ -0,0 +1,15 @@
+{
+    "graph_lock": {
+     "nodes": {
+      "0": {
+       "ref": "test/1.0",
+       "options": "fPIC=True\nshared=False",
+       "path": "conanfile.py",
+       "context": "host"
+      }
+     },
+     "revisions_enabled": true
+    },
+    "version": "0.4",
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n"
+   }

pkg/lockfile/fixtures/conan/empty.v2.json

@@ -0,0 +1,6 @@
+{
+    "version": "0.5",
+    "requires": [],
+    "build_requires": [],
+    "python_requires": []
+}

pkg/lockfile/fixtures/conan/nested-dependencies.v1.json

@@ -0,0 +1,62 @@
+{
+    "graph_lock": {
+     "nodes": {
+      "0": {
+       "ref": "test/1.0",
+       "options": "fPIC=True\nshared=False\nbrotli:enable_debug=False\nbrotli:enable_log=False\nbrotli:enable_portable=False\nbrotli:enable_rbit=True\nbrotli:endianness=None\nbrotli:fPIC=True\nbrotli:shared=False\nbrotli:target_bits=None\nbzip2:build_executable=True\nbzip2:fPIC=True\nbzip2:shared=False\nfreetype:fPIC=True\nfreetype:shared=False\nfreetype:subpixel=False\nfreetype:with_brotli=True\nfreetype:with_bzip2=True\nfreetype:with_png=True\nfreetype:with_zlib=True\nlibpng:api_prefix=\nlibpng:fPIC=True\nlibpng:shared=False\nlibpng:sse=True\nzlib:fPIC=True\nzlib:shared=False",
+       "requires": [
+        "1"
+       ],
+       "path": "conanfile.py",
+       "context": "host"
+      },
+      "1": {
+       "ref": "freetype/2.12.1",
+       "options": "fPIC=True\nshared=False\nsubpixel=False\nwith_brotli=True\nwith_bzip2=True\nwith_png=True\nwith_zlib=True\nbrotli:enable_debug=False\nbrotli:enable_log=False\nbrotli:enable_portable=False\nbrotli:enable_rbit=True\nbrotli:endianness=None\nbrotli:fPIC=True\nbrotli:shared=False\nbrotli:target_bits=None\nbzip2:build_executable=True\nbzip2:fPIC=True\nbzip2:shared=False\nlibpng:api_prefix=\nlibpng:fPIC=True\nlibpng:shared=False\nlibpng:sse=True\nzlib:fPIC=True\nzlib:shared=False",
+       "package_id": "bca7b8880d98719d556dd526ce612be20a815922",
+       "prev": "0",
+       "requires": [
+        "2",
+        "3",
+        "4",
+        "5"
+       ],
+       "context": "host"
+      },
+      "2": {
+       "ref": "libpng/1.6.39",
+       "options": "api_prefix=\nfPIC=True\nshared=False\nsse=True\nzlib:fPIC=True\nzlib:shared=False",
+       "package_id": "d5b3dc27faecfb4eb94086722000dd65bb9e6bff",
+       "prev": "0",
+       "requires": [
+        "3"
+       ],
+       "context": "host"
+      },
+      "3": {
+       "ref": "zlib/1.2.13",
+       "options": "fPIC=True\nshared=False",
+       "package_id": "19729b9559f3ae196cad45cb2b97468ccb75dcd1",
+       "prev": "0",
+       "context": "host"
+      },
+      "4": {
+       "ref": "bzip2/1.0.8",
+       "options": "build_executable=True\nfPIC=True\nshared=False",
+       "package_id": "91a8b22c2c5a149bc617cfc06cdd21bf23b12567",
+       "prev": "0",
+       "context": "host"
+      },
+      "5": {
+       "ref": "brotli/1.0.9",
+       "options": "enable_debug=False\nenable_log=False\nenable_portable=False\nenable_rbit=True\nendianness=None\nfPIC=True\nshared=False\ntarget_bits=None",
+       "package_id": "bfdbb855937046dc347fec082c59cb7f733e8855",
+       "prev": "0",
+       "context": "host"
+      }
+     },
+     "revisions_enabled": false
+    },
+    "version": "0.4",
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n"
+   }

pkg/lockfile/fixtures/conan/nested-dependencies.v1.revisions.json

@@ -0,0 +1,62 @@
+{
+    "graph_lock": {
+     "nodes": {
+      "0": {
+       "ref": "test/1.0",
+       "options": "fPIC=True\nshared=False\nbrotli:enable_debug=False\nbrotli:enable_log=False\nbrotli:enable_portable=False\nbrotli:enable_rbit=True\nbrotli:endianness=None\nbrotli:fPIC=True\nbrotli:shared=False\nbrotli:target_bits=None\nbzip2:build_executable=True\nbzip2:fPIC=True\nbzip2:shared=False\nfreetype:fPIC=True\nfreetype:shared=False\nfreetype:subpixel=False\nfreetype:with_brotli=True\nfreetype:with_bzip2=True\nfreetype:with_png=True\nfreetype:with_zlib=True\nlibpng:api_prefix=\nlibpng:fPIC=True\nlibpng:shared=False\nlibpng:sse=True\nzlib:fPIC=True\nzlib:shared=False",
+       "requires": [
+        "1"
+       ],
+       "path": "conanfile.py",
+       "context": "host"
+      },
+      "1": {
+       "ref": "freetype/2.12.1#7e1b67634f54f38a979bbad44fd09a2c",
+       "options": "fPIC=True\nshared=False\nsubpixel=False\nwith_brotli=True\nwith_bzip2=True\nwith_png=True\nwith_zlib=True\nbrotli:enable_debug=False\nbrotli:enable_log=False\nbrotli:enable_portable=False\nbrotli:enable_rbit=True\nbrotli:endianness=None\nbrotli:fPIC=True\nbrotli:shared=False\nbrotli:target_bits=None\nbzip2:build_executable=True\nbzip2:fPIC=True\nbzip2:shared=False\nlibpng:api_prefix=\nlibpng:fPIC=True\nlibpng:shared=False\nlibpng:sse=True\nzlib:fPIC=True\nzlib:shared=False",
+       "package_id": "bca7b8880d98719d556dd526ce612be20a815922",
+       "prev": "400c9a65b20f791ea05c47eb6817e80a",
+       "requires": [
+        "2",
+        "3",
+        "4",
+        "5"
+       ],
+       "context": "host"
+      },
+      "2": {
+       "ref": "libpng/1.6.39#7927e8ce5b2576a6ea497c6ca70e9751",
+       "options": "api_prefix=\nfPIC=True\nshared=False\nsse=True\nzlib:fPIC=True\nzlib:shared=False",
+       "package_id": "d5b3dc27faecfb4eb94086722000dd65bb9e6bff",
+       "prev": "3e3b7f79b03c52ab932089560ea2eb56",
+       "requires": [
+        "3"
+       ],
+       "context": "host"
+      },
+      "3": {
+       "ref": "zlib/1.2.13#13c96f538b52e1600c40b88994de240f",
+       "options": "fPIC=True\nshared=False",
+       "package_id": "19729b9559f3ae196cad45cb2b97468ccb75dcd1",
+       "prev": "562e6cc3d7987119418780e5c5697342",
+       "context": "host"
+      },
+      "4": {
+       "ref": "bzip2/1.0.8#464be69744fa6d48ed01928cfe470008",
+       "options": "build_executable=True\nfPIC=True\nshared=False",
+       "package_id": "91a8b22c2c5a149bc617cfc06cdd21bf23b12567",
+       "prev": "94d2f51be78e63879215a3b2ba014fda",
+       "context": "host"
+      },
+      "5": {
+       "ref": "brotli/1.0.9#4bfbb302b87df342ccd6a2b5fdad307a",
+       "options": "enable_debug=False\nenable_log=False\nenable_portable=False\nenable_rbit=True\nendianness=None\nfPIC=True\nshared=False\ntarget_bits=None",
+       "package_id": "bfdbb855937046dc347fec082c59cb7f733e8855",
+       "prev": "c2eaa7784f2988c35d8b8925a783e73b",
+       "context": "host"
+      }
+     },
+     "revisions_enabled": true
+    },
+    "version": "0.4",
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n"
+   }

pkg/lockfile/fixtures/conan/nested-dependencies.v2.json

@@ -0,0 +1,12 @@
+{
+    "version": "0.5",
+    "requires": [
+        "zlib/1.2.13#13c96f538b52e1600c40b88994de240f%1667396813.733",
+        "libpng/1.6.39#7927e8ce5b2576a6ea497c6ca70e9751%1669038072.946",
+        "freetype/2.12.1#7e1b67634f54f38a979bbad44fd09a2c%1669913185.923",
+        "bzip2/1.0.8#464be69744fa6d48ed01928cfe470008%1666580345.213",
+        "brotli/1.0.9#4bfbb302b87df342ccd6a2b5fdad307a%1661519995.45"
+    ],
+    "build_requires": [],
+    "python_requires": []
+}

pkg/lockfile/fixtures/conan/no-name.v1.json

@@ -0,0 +1,32 @@
+{
+    "graph_lock": {
+     "nodes": {
+      "0": {
+       "ref": "test/1.0",
+       "options": "fPIC=True\nshared=False\nzlib:fPIC=True\nzlib:shared=False",
+       "requires": [
+        "1", "2"
+       ],
+       "path": "conanfile.py",
+       "context": "host"
+      },
+      "1": {
+       "ref": "zlib/1.2.11",
+       "options": "fPIC=True\nshared=False",
+       "package_id": "19729b9559f3ae196cad45cb2b97468ccb75dcd1",
+       "prev": "0",
+       "context": "host"
+      },
+      "2": {
+        "ref": "1.2.3",
+        "options": "fPIC=True\nshared=False",
+        "package_id": "19729b9559f3ae196cad45cb2b97468ccb75dcd1",
+        "prev": "0",
+        "context": "host"
+       }
+     },
+     "revisions_enabled": false
+    },
+    "version": "0.4",
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n"
+   }

pkg/lockfile/fixtures/conan/no-name.v1.revisions.json

@@ -0,0 +1,32 @@
+{
+    "graph_lock": {
+     "nodes": {
+      "0": {
+       "ref": "test/1.0",
+       "options": "fPIC=True\nshared=False\nzlib:fPIC=True\nzlib:shared=False",
+       "requires": [
+        "1", "2"
+       ],
+       "path": "conanfile.py",
+       "context": "host"
+      },
+      "1": {
+       "ref": "zlib/1.2.11#ffa77daf83a57094149707928bdce823",
+       "options": "fPIC=True\nshared=False",
+       "package_id": "19729b9559f3ae196cad45cb2b97468ccb75dcd1",
+       "prev": "a636df1594de20e55e1c393ffb1eb166",
+       "context": "host"
+      },
+      "2": {
+        "ref": "1.2.3#ffa77daf83a57094149707928bdce823",
+        "options": "fPIC=True\nshared=False",
+        "package_id": "19729b9559f3ae196cad45cb2b97468ccb75dcd1",
+        "prev": "a636df1594de20e55e1c393ffb1eb166",
+        "context": "host"
+       }
+     },
+     "revisions_enabled": true
+    },
+    "version": "0.4",
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n"
+   }

pkg/lockfile/fixtures/conan/no-name.v2.json

@@ -0,0 +1,9 @@
+{
+    "version": "0.5",
+    "requires": [
+        "zlib/1.2.11#ffa77daf83a57094149707928bdce823%1667396813.184",
+        "1.2.3#ffa77daf83a57094149707928bdce823%1667396813.184"
+    ],
+    "build_requires": [],
+    "python_requires": []
+}

pkg/lockfile/fixtures/conan/not-json.txt

@@ -0,0 +1 @@
+this is not json!

pkg/lockfile/fixtures/conan/old-format-0.0.json

@@ -0,0 +1,18 @@
+{
+    "profile": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n",
+    "graph_lock": {
+     "nodes": {
+      "05b715be-7ec7-11ed-8a66-b537134a228d": {
+       "pref": null,
+       "options": "zlib:fPIC=True\nzlib:minizip=False\nzlib:shared=False",
+       "requires": {
+        "zlib/1.2.11@bincrafters/testing#5f4917ce0a630b102f472afd00102d40": "05b715bd-7ec7-11ed-8a66-b537134a228d"
+       }
+      },
+      "05b715bd-7ec7-11ed-8a66-b537134a228d": {
+       "pref": "zlib/1.2.11@bincrafters/testing#5f4917ce0a630b102f472afd00102d40:19729b9559f3ae196cad45cb2b97468ccb75dcd1#58846c4ed127f63e9c88c5be5190a6d9",
+       "options": "fPIC=True\nminizip=False\nshared=False"
+      }
+     }
+    }
+   }

pkg/lockfile/fixtures/conan/old-format-0.1.json

@@ -0,0 +1,20 @@
+{
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n",
+    "graph_lock": {
+     "nodes": {
+      "1058d05a-7ec6-11ed-8a66-b537134a228d": {
+       "pref": "test/1.0:2ce08bf790c58b729dda567426e810ed5e35e513",
+       "options": "fPIC=True\nshared=False\nzlib:fPIC=True\nzlib:minizip=False\nzlib:shared=False",
+       "requires": {
+        "zlib/1.2.11#5f4917ce0a630b102f472afd00102d40": "1058d059-7ec6-11ed-8a66-b537134a228d"
+       },
+       "path": "/home/sse4/projects/conan_test/v1/conanfile.py"
+      },
+      "1058d059-7ec6-11ed-8a66-b537134a228d": {
+       "pref": "zlib/1.2.11#5f4917ce0a630b102f472afd00102d40:19729b9559f3ae196cad45cb2b97468ccb75dcd1#58846c4ed127f63e9c88c5be5190a6d9",
+       "options": "fPIC=True\nminizip=False\nshared=False"
+      }
+     }
+    },
+    "version": "0.1"
+   }

pkg/lockfile/fixtures/conan/old-format-0.2.json

@@ -0,0 +1,20 @@
+{
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n",
+    "graph_lock": {
+     "nodes": {
+      "0": {
+       "pref": "test/1.0:2ce08bf790c58b729dda567426e810ed5e35e513",
+       "options": "fPIC=True\nshared=False\nzlib:fPIC=True\nzlib:minizip=False\nzlib:shared=False",
+       "requires": {
+        "zlib/1.2.11#5f4917ce0a630b102f472afd00102d40": "1"
+       },
+       "path": "/home/sse4/projects/conan_test/v1/conanfile.py"
+      },
+      "1": {
+       "pref": "zlib/1.2.11#5f4917ce0a630b102f472afd00102d40:19729b9559f3ae196cad45cb2b97468ccb75dcd1#58846c4ed127f63e9c88c5be5190a6d9",
+       "options": "fPIC=True\nminizip=False\nshared=False"
+      }
+     }
+    },
+    "version": "0.2"
+   }

pkg/lockfile/fixtures/conan/old-format-0.3.json

@@ -0,0 +1,21 @@
+{
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n",
+    "graph_lock": {
+     "nodes": {
+      "0": {
+       "pref": "test/1.0:2ce08bf790c58b729dda567426e810ed5e35e513",
+       "options": "fPIC=True\nshared=False\nzlib:fPIC=True\nzlib:minizip=False\nzlib:shared=False",
+       "requires": [
+        "1"
+       ],
+       "path": "/home/sse4/projects/conan_test/v1/conanfile.py"
+      },
+      "1": {
+       "pref": "zlib/1.2.11#5f4917ce0a630b102f472afd00102d40:19729b9559f3ae196cad45cb2b97468ccb75dcd1#58846c4ed127f63e9c88c5be5190a6d9",
+       "options": "fPIC=True\nminizip=False\nshared=False",
+       "modified": "built"
+      }
+     }
+    },
+    "version": "0.3"
+   }