Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Swift support audit #231

Merged
merged 138 commits into from
Dec 31, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
138 commits
Select commit Hold shift + click to select a range
3ea86ce
cocoapods-audit
barv-jfrog Sep 17, 2024
606169e
fixes
barv-jfrog Sep 18, 2024
fc6df17
cocoapods-audit
barv-jfrog Sep 29, 2024
243dfcd
cocoapods-audit
barv-jfrog Sep 29, 2024
a181880
cocoapods-audit
barv-jfrog Sep 30, 2024
08e3bd5
cocoapods-audit
barv-jfrog Sep 30, 2024
895ccfa
cocoapods-audit
barv-jfrog Sep 30, 2024
5f51f0a
cocoapods-audit
barv-jfrog Sep 30, 2024
4763b35
cocoapods-audit
barv-jfrog Oct 1, 2024
17d8b80
cocoapods-audit
barv-jfrog Oct 1, 2024
9db6be2
Merge branch 'dev' into cocoapods-audit
barv-jfrog Oct 6, 2024
de4c5fd
cocoapods-audit
srmish-jfrog Oct 31, 2024
26481ec
cocoapods-audit
barv-jfrog Nov 4, 2024
775f8e0
cocoapods-audit
barv-jfrog Nov 4, 2024
8c56a03
cocoapods-audit
barv-jfrog Nov 4, 2024
a9aebdb
cocoapods-audit
barv-jfrog Nov 4, 2024
93fdf5c
cocoapods-audit
barv-jfrog Nov 4, 2024
4cf116c
cocoapods-audit
barv-jfrog Nov 4, 2024
9d47eae
Merge branch 'dev' of https://github.com/jfrog/jfrog-cli-security int…
barv-jfrog Nov 6, 2024
56d08f9
cocoapods-audit
barv-jfrog Nov 6, 2024
1fad622
Merge branch 'dev' into cocoapods-audit
barv-jfrog Nov 6, 2024
28c54af
Merge branch 'dev' of https://github.com/jfrog/jfrog-cli-security int…
barv-jfrog Nov 6, 2024
5ce8592
cocoapods-audit
barv-jfrog Nov 6, 2024
8ba3f33
Merge remote-tracking branch 'origin/cocoapods-audit' into cocoapods-…
barv-jfrog Nov 6, 2024
34f274e
cocoapods-audit
barv-jfrog Nov 6, 2024
2cfe712
cocoapods-audit
barv-jfrog Nov 6, 2024
eab106d
cocoapods-audit
barv-jfrog Nov 6, 2024
cd9d4f5
cocoapods-audit
barv-jfrog Nov 6, 2024
c13100d
cocoapods-audit
barv-jfrog Nov 6, 2024
ebb37cd
cocoapods-audit
barv-jfrog Nov 6, 2024
da10ea2
cocoapods-audit
barv-jfrog Nov 7, 2024
27af044
cocoapods-audit
barv-jfrog Nov 7, 2024
8e2eb99
cocoapods-audit
barv-jfrog Nov 7, 2024
88079c2
cocoapods-audit
barv-jfrog Nov 7, 2024
fe71f16
swift-audit
barv-jfrog Nov 10, 2024
b162393
swift-audit
barv-jfrog Nov 10, 2024
fa6fce5
Merge branch 'dev' into cocoapods-audit
barv-jfrog Nov 10, 2024
bd31c8a
Merge branch 'dev' into cocoapods-audit
barv-jfrog Nov 10, 2024
18a3772
Merge branch 'dev' into swift-support-audit
barv-jfrog Nov 11, 2024
c3b98d0
Merge branch 'dev' into cocoapods-audit
barv-jfrog Nov 11, 2024
6364688
cocoapods-audit
barv-jfrog Nov 11, 2024
452920e
Align core changes (#228)
sverdlov93 Nov 7, 2024
63969c9
Add NoTech Technology for directories with no tech (#230)
attiasas Nov 10, 2024
7604a33
Enable allow-partial-results to Yarn V1 dependencies map construction…
eranturgeman Nov 11, 2024
5b92419
Merge remote-tracking branch 'origin/cocoapods-audit' into cocoapods-…
barv-jfrog Nov 11, 2024
10eb136
cocoapods-audit
barv-jfrog Nov 11, 2024
d227dc0
cocoapods-audit
barv-jfrog Nov 11, 2024
76d5d9b
cocoapods-audit
barv-jfrog Nov 11, 2024
ac58152
cocoapods-audit
barv-jfrog Nov 12, 2024
4f9d0cb
cocoapods-audit
barv-jfrog Nov 12, 2024
cc9adc7
cocoapods-audit
barv-jfrog Nov 12, 2024
914366a
cocoapods-audit
barv-jfrog Nov 12, 2024
0e21bff
cocoapods-audit
barv-jfrog Nov 12, 2024
d9a3355
cocoapods-audit
barv-jfrog Nov 12, 2024
4bea9a1
cocoapods-audit
barv-jfrog Nov 12, 2024
78445f4
cocoapods-audit
barv-jfrog Nov 12, 2024
9f423af
cocoapods-audit
barv-jfrog Nov 12, 2024
1d0632f
cocoapods-audit
barv-jfrog Nov 12, 2024
5bcd943
cocoapods-audit
barv-jfrog Nov 12, 2024
76b85aa
cocoapods-audit
barv-jfrog Nov 12, 2024
cf6b309
cocoapods-audit
barv-jfrog Nov 12, 2024
a27b3de
cocoapods-audit
barv-jfrog Nov 12, 2024
e0a6e8d
cocoapods-audit
barv-jfrog Nov 12, 2024
574efca
cocoapods-audit
barv-jfrog Nov 12, 2024
c26837e
cocoapods-audit
barv-jfrog Nov 12, 2024
067148e
cocoapods-audit
barv-jfrog Nov 12, 2024
a95c72e
cocoapods-audit
barv-jfrog Nov 13, 2024
fa5db32
swift-audit
barv-jfrog Nov 13, 2024
fca6c56
swift-audit
barv-jfrog Nov 13, 2024
391927e
cocoapods-audit
barv-jfrog Nov 13, 2024
a4e0c5d
swift-audit
barv-jfrog Nov 13, 2024
ced827e
cocoapods-audit
barv-jfrog Nov 13, 2024
490aa8f
cocoapods-audit
barv-jfrog Nov 13, 2024
4a1e634
cocoapods-audit
barv-jfrog Nov 13, 2024
9a7abd3
swift-audit
barv-jfrog Nov 13, 2024
17ec960
swift-audit
barv-jfrog Nov 13, 2024
3ed68cd
swift-audit
barv-jfrog Nov 13, 2024
6f36dac
swift-audit
barv-jfrog Nov 13, 2024
8878c7b
swift-audit
barv-jfrog Nov 13, 2024
24db4c1
swift-audit
barv-jfrog Nov 13, 2024
6165f5b
swift-audit
barv-jfrog Nov 13, 2024
7490eb0
swift-audit
barv-jfrog Nov 14, 2024
17548a4
swift-audit
barv-jfrog Nov 14, 2024
97496f0
swift-audit
barv-jfrog Nov 14, 2024
c068b15
swift-audit
barv-jfrog Nov 14, 2024
95647b9
swift-audit
barv-jfrog Nov 14, 2024
a88da1e
swift-audit
barv-jfrog Nov 14, 2024
6c35cd6
swift-audit
barv-jfrog Nov 14, 2024
4894da0
cocoapods-audit
barv-jfrog Nov 14, 2024
481e57b
cocoapods-audit
barv-jfrog Nov 14, 2024
318d469
swift-audit
barv-jfrog Nov 17, 2024
d64a632
swift-audit
barv-jfrog Nov 17, 2024
3aacf67
swift-audit
barv-jfrog Nov 17, 2024
c8a84bf
swift-audit
barv-jfrog Nov 17, 2024
bc59b78
swift-audit
barv-jfrog Nov 17, 2024
a7a6063
swift-audit
barv-jfrog Nov 17, 2024
004a085
cocoapods-fix
barv-jfrog Nov 17, 2024
ea5b311
cocoapods-test
barv-jfrog Nov 17, 2024
df8559b
cocoapods-test
barv-jfrog Nov 17, 2024
5f6c242
swift-test
barv-jfrog Nov 17, 2024
9a443ff
swift-test
barv-jfrog Nov 17, 2024
78cca2e
swift-audit
barv-jfrog Nov 18, 2024
3ff3495
Merge branch 'dev' into swift-support-audit
barv-jfrog Dec 8, 2024
9d7503c
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 8, 2024
dba18a6
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 8, 2024
5693a4f
Merge branch 'dev' into swift-support-audit
barv-jfrog Dec 15, 2024
a51c90a
Merge branch 'dev' of https://github.com/jfrog/jfrog-cli-security int…
barv-jfrog Dec 15, 2024
122768d
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 15, 2024
e599549
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 16, 2024
a85215d
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 16, 2024
dcf2d27
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 16, 2024
08faa0a
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 16, 2024
feae399
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 16, 2024
e3be3ab
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 16, 2024
30f93b2
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 17, 2024
4024ebc
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 17, 2024
dea6033
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 17, 2024
a8a45e5
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 17, 2024
f6619c5
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 17, 2024
db5e084
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 17, 2024
6e0be7d
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 17, 2024
765bd5d
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 17, 2024
985ff71
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 17, 2024
177e178
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 17, 2024
27e52d3
Merge branch 'dev' into swift-support-audit
barv-jfrog Dec 23, 2024
4dd6e96
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 25, 2024
fe8d237
Merge branch 'dev' of https://github.com/jfrog/jfrog-cli-security int…
barv-jfrog Dec 25, 2024
15af55d
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 25, 2024
ef3e7e7
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 25, 2024
efb534b
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 26, 2024
d32b428
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 26, 2024
ebf9f43
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 26, 2024
4c1a137
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 26, 2024
493ca8e
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 26, 2024
0376803
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 26, 2024
aa946c3
Merge branch 'dev' into swift-support-audit
barv-jfrog Dec 29, 2024
d96b556
swift audit fixes + small fix to cocoapods version
barv-jfrog Dec 31, 2024
629b0f7
Merge remote-tracking branch 'origin/swift-support-audit' into swift-…
barv-jfrog Dec 31, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions .github/actions/install-and-setup/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -74,3 +74,19 @@ runs:
python -m pip install conan
conan profile detect
shell: ${{ runner.os == 'Windows' && 'powershell' || 'bash' }}

- name: Install Swift on Linux
uses: swift-actions/setup-swift@v2
if: ${{ runner.os == 'Linux'}}

- name: Install Swift on MacOS
run: brew install swift
shell: ${{ runner.os == 'macOS' && 'sh' || 'bash' || 'pwsh' }}
if: ${{ runner.os == 'macOS'}}

- name: Install Swift on Windows
uses: compnerd/gha-setup-swift@main
with:
branch: swift-6.0.2-release
tag: 6.0.2-RELEASE
if: ${{ runner.os == 'Windows'}}
4 changes: 3 additions & 1 deletion .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,9 @@ jobs:
testFlags: '--test.audit.C'
- name: 'Cocoapods Suite'
testFlags: '--test.audit.Cocoapods'

- name: 'Swift Suite'
testFlags: '--test.audit.Swift'

steps:
# Prepare the environment
- name: Checkout code
Expand Down
18 changes: 17 additions & 1 deletion audit_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -447,13 +447,20 @@ func TestXrayAuditPipJson(t *testing.T) {
}

func TestXrayAuditCocoapods(t *testing.T) {
integration.InitAuditCocoapodsTest(t, scangraph.GraphScanMinXrayVersion)
integration.InitAuditCocoapodsTest(t, scangraph.CocoapodsScanMinXrayVersion)
output := testXrayAuditCocoapods(t, string(format.Json))
validations.VerifyJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 1,
})
}

func TestXrayAuditSwift(t *testing.T) {
output := testXrayAuditSwift(t, string(format.Json))
validations.VerifyJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 1,
})
}

func TestXrayAuditPipSimpleJson(t *testing.T) {
integration.InitAuditPythonTest(t, scangraph.GraphScanMinXrayVersion)
output := testXrayAuditPip(t, string(format.SimpleJson), "")
Expand Down Expand Up @@ -495,6 +502,15 @@ func testXrayAuditCocoapods(t *testing.T, format string) string {
return securityTests.PlatformCli.RunCliCmdWithOutput(t, args...)
}

func testXrayAuditSwift(t *testing.T, format string) string {
integration.InitAuditSwiftTest(t, scangraph.SwiftScanMinXrayVersion)
_, cleanUp := securityTestUtils.CreateTestProjectEnvAndChdir(t, filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), "projects", "package-managers", "swift"))
defer cleanUp()
// Add dummy descriptor file to check that we run only specific audit
args := []string{"audit", "--format=" + format}
return securityTests.PlatformCli.RunCliCmdWithOutput(t, args...)
}

func TestXrayAuditPipenvJson(t *testing.T) {
integration.InitAuditPythonTest(t, scangraph.GraphScanMinXrayVersion)
output := testXrayAuditPipenv(t, string(format.Json))
Expand Down
2 changes: 1 addition & 1 deletion commands/audit/sca/cocoapods/podcommand.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ func runPodCmd(executablePath, srcPath string, podArgs []string) (stdResult []by
err = fmt.Errorf("error while running '%s %s': %s\n%s", executablePath, strings.Join(args, " "), err.Error(), strings.TrimSpace(string(errResult)))
return
}
log.Debug("npm '" + strings.Join(args, " ") + "' standard output is:\n" + strings.TrimSpace(string(stdResult)))
log.Debug(fmt.Sprintf("cocoapods '%s' standard output is:\n%s", strings.Join(args, " "), strings.TrimSpace(string(stdResult))))
return
}

Expand Down
256 changes: 256 additions & 0 deletions commands/audit/sca/swift/swift.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,256 @@
package swift

import (
"bufio"
"encoding/json"
"fmt"
"github.com/jfrog/gofrog/datastructures"
"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
"github.com/jfrog/jfrog-cli-security/utils"
"github.com/jfrog/jfrog-cli-security/utils/formats/sarifutils"
"github.com/jfrog/jfrog-cli-security/utils/techutils"
"github.com/jfrog/jfrog-client-go/utils/log"
xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
"github.com/owenrumney/go-sarif/v2/sarif"
"os"
"path"
"path/filepath"
"regexp"
"strings"
)

const (
// VersionForMainModule - We don't have information in swift on the current package, or main module, we only have information on its
// dependencies.
VersionForMainModule = "0.0.0"
)

type Dependencies struct {
Name string `json:"url,omitempty"`
Version string `json:"version,omitempty"`
Dependencies []*Dependencies `json:"dependencies,omitempty"`
}

func GetTechDependencyLocation(directDependencyName, directDependencyVersion string, descriptorPaths ...string) ([]*sarif.Location, error) {
var swiftPositions []*sarif.Location
for _, descriptorPath := range descriptorPaths {
path.Clean(descriptorPath)
if !strings.HasSuffix(descriptorPath, "Package.swift") {
log.Logger.Warn("Cannot support other files besides Package.swift: %s", descriptorPath)
continue
}
data, err := os.ReadFile(descriptorPath)
if err != nil {
continue
}
lines := strings.Split(string(data), "\n")
var startLine, startCol int
foundDependency := false
var tempIndex int
for i, line := range lines {
foundDependency, tempIndex, startLine, startCol = parseSwiftLine(line, directDependencyName, directDependencyVersion, descriptorPath, i, tempIndex, startLine, startCol, lines, foundDependency, &swiftPositions)
}
}
return swiftPositions, nil
}

func parseSwiftLine(line, directDependencyName, directDependencyVersion, descriptorPath string, i, tempIndex, startLine, startCol int, lines []string, foundDependency bool, swiftPositions *[]*sarif.Location) (bool, int, int, int) {
if strings.Contains(line, directDependencyName) {
startLine = i
startCol = strings.Index(line, directDependencyName)
foundDependency = true
tempIndex = i
}
// This means we are in a new dependency (we cannot find dependency name and version together)
barv-jfrog marked this conversation as resolved.
Show resolved Hide resolved
if i > tempIndex && foundDependency && strings.Contains(line, ".package") {
foundDependency = false
} else if foundDependency && strings.Contains(line, directDependencyVersion) {
endLine := i
endCol := strings.Index(line, directDependencyVersion) + len(directDependencyVersion) + 1
var snippet string
// if the tech dependency is a one-liner
if endLine == startLine {
snippet = lines[startLine][startCol:endCol]
// else it is more than one line, so we need to parse all lines
} else {
for snippetLine := 0; snippetLine < endLine-startLine+1; snippetLine++ {
switch snippetLine {
case 0:
snippet += "\n" + lines[snippetLine][startLine:]
case endLine - startLine:
snippet += "\n" + lines[snippetLine][:endCol]
default:
snippet += "\n" + lines[snippetLine]
}
}
}
*swiftPositions = append(*swiftPositions, sarifutils.CreateLocation(descriptorPath, startLine, endLine, startCol, endCol, snippet))
foundDependency = false
}
return foundDependency, tempIndex, startLine, startCol
}

func FixTechDependency(dependencyName, dependencyVersion, fixVersion string, descriptorPaths ...string) error {
for _, descriptorPath := range descriptorPaths {
path.Clean(descriptorPath)
if !strings.HasSuffix(descriptorPath, "Package.swift") {
log.Logger.Warn("Cannot support other files besides Package.swift: %s", descriptorPath)
continue
}
data, err := os.ReadFile(descriptorPath)
var newLines []string
if err != nil {
continue
}
lines := strings.Split(string(data), "\n")
foundDependency := false
var tempIndex int
for index, line := range lines {
if strings.Contains(line, dependencyName) {
foundDependency = true
tempIndex = index
}
// This means we are in a new dependency (we cannot find dependency name and version together)
//nolint:gocritic
if index > tempIndex && foundDependency && strings.Contains(line, ".package") {
foundDependency = false
} else if foundDependency && strings.Contains(line, dependencyVersion) {
newLine := strings.Replace(line, dependencyVersion, fixVersion, 1)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

replace is enough to make the actual fix? should we install this so it will be changed in the "lock" file as well? (if exists one for swift)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't want to perform install. I think it is very invasive, I would prefer to let the customer know I changed the dependency and if he wants it to be committed he should install himself (maybe he wants to use flags?). Should I log this info?

newLines = append(newLines, newLine)
foundDependency = false
} else {
newLines = append(newLines, line)
}
}
output := strings.Join(newLines, "\n")
err = os.WriteFile(descriptorPath, []byte(output), 0644)
if err != nil {
return fmt.Errorf("failed to write file: %v", err)
}
}
return nil
}

func extractNameFromSwiftRepo(name string) string {
name = strings.TrimSuffix(name, ".git")
name = strings.TrimPrefix(name, "https://")
name = strings.TrimPrefix(name, "http://")
name = strings.TrimPrefix(name, "sso://")
return name
}

func GetSwiftDependenciesGraph(data *Dependencies, dependencyMap map[string][]string, versionMap map[string]string) {
data.Name = extractNameFromSwiftRepo(data.Name)
_, ok := dependencyMap[data.Name]
if !ok {
dependencyMap[data.Name] = []string{}
versionMap[data.Name] = data.Version
}
for _, dependency := range data.Dependencies {
dependency.Name = extractNameFromSwiftRepo(dependency.Name)
dependencyMap[data.Name] = append(dependencyMap[data.Name], dependency.Name)
GetSwiftDependenciesGraph(dependency, dependencyMap, versionMap)
}
}

func GetDependenciesData(exePath, currentDir string) (*Dependencies, error) {
result, err := runSwiftCmd(exePath, currentDir, []string{"package", "show-dependencies", "--format", "json"})
if err != nil {
return nil, err
}
var data *Dependencies
err = json.Unmarshal(result, &data)
if err != nil {
return nil, err
}
return data, nil
}

func GetMainPackageName(currentDir string) (string, error) {
file, err := os.Open(path.Join(currentDir, "Package.swift"))
if err != nil {
fmt.Println("Error opening file:", err)
return "", err
}
defer file.Close()

re := regexp.MustCompile(`name:\s*"([^"]+)"`)
scanner := bufio.NewScanner(file)
for scanner.Scan() {
line := scanner.Text()
matches := re.FindStringSubmatch(line)
if len(matches) > 1 {
return matches[1], nil
}
}
if err := scanner.Err(); err != nil {
return "", err
}
return "", nil
}

func BuildDependencyTree(params utils.AuditParams) (dependencyTree []*xrayUtils.GraphNode, uniqueDeps []string, err error) {
currentDir, err := coreutils.GetWorkingDirectory()
if err != nil {
return nil, nil, err
}
packageName, err := GetMainPackageName(currentDir)
if err != nil {
log.Warn("Failed to get package name from Package.swift file")
packageName = filepath.Base(currentDir)
}

packageInfo := fmt.Sprintf("%s:%s", packageName, VersionForMainModule)
version, exePath, err := getSwiftVersionAndExecPath()
if err != nil {
err = fmt.Errorf("failed while retrieving swift path: %s", err.Error())
return
}
log.Debug("Swift version: %s", version.GetVersion())
// Calculate pod dependencies
data, err := GetDependenciesData(exePath, currentDir)
if err != nil {
return nil, nil, err
}
uniqueDepsSet := datastructures.MakeSet[string]()
dependencyMap := make(map[string][]string)
versionMap := make(map[string]string)
data.Name = packageName
data.Version = VersionForMainModule
GetSwiftDependenciesGraph(data, dependencyMap, versionMap)
for key := range dependencyMap {
if key != packageName {
dependencyMap[packageName] = append(dependencyMap[packageName], key)
}
}
versionMap[packageName] = VersionForMainModule
rootNode := &xrayUtils.GraphNode{
Id: techutils.Swift.GetPackageTypeId() + packageInfo,
Nodes: []*xrayUtils.GraphNode{},
}
// Parse the dependencies into Xray dependency tree format
parseSwiftDependenciesList(rootNode, dependencyMap, versionMap, uniqueDepsSet)
dependencyTree = []*xrayUtils.GraphNode{rootNode}
uniqueDeps = uniqueDepsSet.ToSlice()
return
}

// Parse the dependencies into a Xray dependency tree format
func parseSwiftDependenciesList(currNode *xrayUtils.GraphNode, dependenciesGraph map[string][]string, versionMap map[string]string, uniqueDepsSet *datastructures.Set[string]) {
if currNode.NodeHasLoop() {
return
}
uniqueDepsSet.Add(currNode.Id)
pkgName := strings.Split(strings.TrimPrefix(currNode.Id, techutils.Swift.GetPackageTypeId()), ":")[0]
currDepChildren := dependenciesGraph[pkgName]
for _, childName := range currDepChildren {
fullChildName := fmt.Sprintf("%s:%s", childName, versionMap[childName])
childNode := &xrayUtils.GraphNode{
barv-jfrog marked this conversation as resolved.
Show resolved Hide resolved
Id: techutils.Swift.GetPackageTypeId() + fullChildName,
Nodes: []*xrayUtils.GraphNode{},
Parent: currNode,
}
currNode.Nodes = append(currNode.Nodes, childNode)
parseSwiftDependenciesList(childNode, dependenciesGraph, versionMap, uniqueDepsSet)
}
}
Loading
Loading