search

anchore / syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems
Apache License 2.0
5.73k stars 526 forks source link

fix: fix parsing for complex toml types #2965

Closed spiffcs closed 2 weeks ago

spiffcs commented 2 weeks ago

Summary

Fixes #2954

The poetry lock file allows for different types to be set as values when parsing dependencies:

msl = "x.x.x" <-- string
postlocker = [
    {version: "string", markers: "string"} 
    {version: "string", markers: "string"}
]

Because of this we needed to do two things.

We needed a new Toml library that allowed us to hook into UnmarshalTOML and we needed to write a custom unmarshal function for the complex type that is a poetry dependency. We do this using the new primitive toml type from the newly imported toml library.

Tests have been updated to reflect the correct state of a poetry.lock file.