Skip to content

Commit

Permalink
Make the dependency list tight by only dealing with deps we know
Browse files Browse the repository at this point in the history 
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
  • Loading branch information
@prabhu
prabhu committed Oct 8, 2023
1 parent 423535f commit 48f1569
Showing 1 changed file with 10 additions and 12 deletions.
22 changes: 10 additions & 12 deletions utils.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3242,14 +3242,15 @@ export const parseGoModGraph = async function (
try {
const sourcePurl = PackageURL.fromString("pkg:golang/" + tmpA[0]);
const dependsPurl = PackageURL.fromString("pkg:golang/" + tmpA[1]);
const sourcePurlString = decodeURIComponent(sourcePurl.toString());
const dependsPurlString = decodeURIComponent(dependsPurl.toString());
const sourceRefString = decodeURIComponent(sourcePurl.toString());
const dependsRefString = decodeURIComponent(dependsPurl.toString());
// Since go mod graph over-reports direct dependencies we use the existing list
// from go deps to filter the result
if (
existingPkgMap &&
Object.keys(existingPkgMap).length &&
!existingPkgMap[sourcePurlString]
(!existingPkgMap[sourceRefString] ||
!existingPkgMap[dependsRefString])
) {
continue;
}
Expand All @@ -3275,19 +3276,16 @@ export const parseGoModGraph = async function (
dependsPurl.version,
gosumMap[tmpA[1]]
);
pkgList.push(_addGoComponentEvidence(component, goModFile));
pkgList.push(component);
addedPkgs[tmpA[1]] = true;
}
if (!depsMap[sourcePurlString]) {
depsMap[sourcePurlString] = new Set();
if (!depsMap[sourceRefString]) {
depsMap[sourceRefString] = new Set();
}
if (
existingPkgMap &&
Object.keys(existingPkgMap).length &&
existingPkgMap[dependsPurlString]
) {
depsMap[sourcePurlString].add(dependsPurlString);
if (!depsMap[dependsRefString]) {
depsMap[dependsRefString] = new Set();
}
depsMap[sourceRefString].add(dependsRefString);
} catch (_e) {
// pass
}
Expand Down

0 comments on commit 48f1569

Please sign in to comment.