search

snyk / snyk-paket-parser

Other
3 stars 4 forks source link

[WIP] Feat/parse paket mvp #9

Closed justshiv closed 5 years ago

justshiv commented 5 years ago

MVP parsing a paket.lock and returning a flat tree object which is indexed by dependency name as with our other parsers.

Basic syntax of paket.lock is something like this:

NUGET
  remote: https://nuget.org/api/v2
    FSharp.Core (4.0.0.1)
    Newtonsoft.Json (7.0.1)
      UnionArgParser (>=0.6.3)
    UnionArgParser (0.6.3)
GITHUB
  remote: forki/FsUnit
    FsUnit.fs (81d27fd09575a32c4ed52eadb2eeac5f365b8348)
  remote: fsharp/FAKE
    src/app/FakeLib/Globbing/Globbing.fs (991bea743c5d5e8eec0defc7338a89281ed3f51a)
  remote: fsprojects/Chessie
    src/Chessie/ErrorHandling.fs (1f23b1caeb1f87e750abc96a25109376771dd090)

GROUP Test
NUGET
  remote: https://nuget.org/api/v2
    NUnit (2.6.4)
    NUnit.Runners (2.6.4)

For this we currently return this

{
  dependencies: { 
    "FSharp.Core": {
      name: "FSharp.Core",
      version: "4.0.0.1",
      restriction: undefined
    },
    "Newtonsoft.Json": {
      name: "Newtonsoft.Json",
      version: "7.0.1",
      restriction: undefined
    },
    NUnit: {
      name: "NUnit", 
      version: "2.6.4",
      restriction: undefined
    },
    "NUnit.Runners": {
      name: "NUnit.Runners",
      version: "2.6.4",
      restriction: undefined
    }
  },
  hasDevDependencies: false,
  name: "" 
}

Any background context you want to provide?

Please note: this implementation is not performant & still very green. We were doing discovery alongside development and intend on restructuring the indent-parser significantly as well as the tree traversal in the index. We are currently traversing the tree multiple times (too many). We will be iterating on this.

We will be looking at https://github.com/snyk/gemfile for inspiration to address concerns listed here.

What are the relevant tickets?

https://snyksec.atlassian.net/browse/BST-344

CLAassistant commented 5 years ago

CLA assistant check
Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

:white_check_mark: justshiv
:x: orsagie
You have signed the CLA already but the status is still pending? Let us recheck it.