Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Fix: Parse package.json with non-standard fields in 'author' section #3300

Merged
merged 2 commits into from
Oct 7, 2024
Merged

Fix: Parse package.json with non-standard fields in 'author' section #3300

merged 2 commits into from
Oct 7, 2024

Conversation

nuada
Copy link
Contributor

@nuada nuada commented Oct 4, 2024

Several npm packages, including those within the AWS CDK ecosystem, use non-standard fields within their package.json files (e.g., "organization": true). This caused parsing errors and excluded these packages from reports.

This fix modifies the JavaScript package cataloger to correctly handle these non-standard fields, ensuring accurate parsing and inclusion of all packages in the report.

aws-cdk/package.json:

...
"author": {
  "name": "Amazon Web Services",
  "url": "https://aws.amazon.com",
  "organization": true
},
...

Scan example before fix:

syft scan XXX
 ✔ Parsed image sha256:XXX
 ✔ Cataloged contents XXX
   ├── ✔ Packages                        [1,519 packages]
   ├── ✔ File digests                    [32,435 files]
   ├── ✔ File metadata                   [32,435 locations]
   └── ✔ Executables                     [2,057 executables]
[0036]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable to parse package.json author: json: cannot unmarshal bool into Go value of type string location=/usr/local/lib/node_modules/aws-cdk-lib/node_modules/@aws-cdk/asset-awscli-v1/package.json
[0036]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable to parse package.json author: json: cannot unmarshal bool into Go value of type string location=/usr/local/lib/node_modules/aws-cdk-lib/node_modules/@aws-cdk/asset-kubectl-v20/package.json
[0036]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable to parse package.json author: json: cannot unmarshal bool into Go value of type string location=/usr/local/lib/node_modules/aws-cdk-lib/node_modules/@aws-cdk/asset-node-proxy-agent-v6/package.json
[0036]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable to parse package.json author: json: cannot unmarshal bool into Go value of type string location=/usr/local/lib/node_modules/aws-cdk-lib/node_modules/@aws-cdk/cloud-assembly-schema/package.json
[0036]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable to parse package.json author: json: cannot unmarshal bool into Go value of type string location=/usr/local/lib/node_modules/aws-cdk-lib/node_modules/constructs/package.json
[0036]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable to parse package.json author: json: cannot unmarshal bool into Go value of type string location=/usr/local/lib/node_modules/aws-cdk-lib/package.json
[0036]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable to parse package.json author: json: cannot unmarshal bool into Go value of type string location=/usr/local/lib/node_modules/aws-cdk/package.json
[0036]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable to parse package.json author: json: cannot unmarshal bool into Go value of type string location=/usr/local/lib/node_modules/cdk-nag/node_modules/@aws-cdk/asset-awscli-v1/package.json
[0036]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable to parse package.json author: json: cannot unmarshal bool into Go value of type string location=/usr/local/lib/node_modules/cdk-nag/node_modules/@aws-cdk/asset-kubectl-v20/package.json
[0036]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable to parse package.json author: json: cannot unmarshal bool into Go value of type string location=/usr/local/lib/node_modules/cdk-nag/node_modules/@aws-cdk/asset-node-proxy-agent-v6/package.json
[0036]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable to parse package.json author: json: cannot unmarshal bool into Go value of type string location=/usr/local/lib/node_modules/cdk-nag/node_modules/@aws-cdk/cloud-assembly-schema/package.json
[0036]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable to parse package.json author: json: cannot unmarshal bool into Go value of type string location=/usr/local/lib/node_modules/cdk-nag/node_modules/aws-cdk-lib/package.json
[0036]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable to parse package.json author: json: cannot unmarshal bool into Go value of type string location=/usr/local/lib/node_modules/cdk-nag/node_modules/constructs/package.json
[0036]  WARN cataloger failed cataloger=javascript-package-cataloger error=failed to parse package.json file: unable to parse package.json author: json: cannot unmarshal bool into Go value of type string location=/usr/local/lib/node_modules/cdk-nag/package.json

@willmurphyscode
Copy link
Contributor

Hi @nuada,

Thanks very much for this fix! We really appreciate it.

Would you mind making 2 changes?

  1. Can you add a unit test that covers the new behavior?
  2. Please commit with sign-off (git commit -s) for all commits on the branch. You can see more about DCO here. You'll have to re-create / amend the existing commit.

@nuada nuada force-pushed the npm-package-json-author-fix branch from 6550355 to aed89aa Compare October 7, 2024 11:46
Improved parsing of package.json 'author' section
28ba7a3 
Signed-off-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>
@nuada nuada force-pushed the npm-package-json-author-fix branch from aed89aa to 28ba7a3 Compare October 7, 2024 11:51
test: parse 'package.json' files with non-standard fields in author s…
b713c5b 
…ection

Signed-off-by: Piotr Radkowski <piotr.radkowski@contractors.roche.com>
@nuada
Copy link
Contributor Author

nuada commented Oct 7, 2024

Hi @willmurphyscode,

Happy to help! DCO fixed.

How about such a test?

willmurphyscode
willmurphyscode approved these changes Oct 7, 2024
View reviewed changes
Copy link
Contributor

@willmurphyscode willmurphyscode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great. Thanks @nuada!

@willmurphyscode willmurphyscode merged commit 3b9c55d into anchore:main Oct 7, 2024
12 checks passed
@willmurphyscode willmurphyscode added the bug Something isn't working label Oct 7, 2024
@BrewTestBot BrewTestBot mentioned this pull request Oct 7, 2024
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@willmurphyscode willmurphyscode willmurphyscode approved these changes

Assignees
No one assigned
Labels
bug Something isn't working
Projects
OSS
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nuada @willmurphyscode