refactor(deps): move dependencies to package (fanal#535)

Co-authored-by: knqyf263 <[email protected]>

Author: AndreyLevchenko

analyzer/language/analyze.go

@@ -20,27 +20,32 @@ func Analyze(fileType, filePath string, r dio.ReadSeekerAt, parser godeptypes.Pa
 	return ToAnalysisResult(fileType, filePath, "", parsedLibs, parsedDependencies), nil
 }
 
-func ToAnalysisResult(fileType, filePath, libFilePath string, libs []godeptypes.Library, deps []godeptypes.Dependency) *analyzer.AnalysisResult {
+func ToAnalysisResult(fileType, filePath, libFilePath string, libs []godeptypes.Library, depGraph []godeptypes.Dependency) *analyzer.AnalysisResult {
 	if len(libs) == 0 {
 		return nil
 	}
 
+	deps := make(map[string][]string)
+	for _, dep := range depGraph {
+		deps[dep.ID] = dep.DependsOn
+	}
+
 	var pkgs []types.Package
 	for _, lib := range libs {
 		pkgs = append(pkgs, types.Package{
-			ID:       lib.ID,
-			Name:     lib.Name,
-			Version:  lib.Version,
-			FilePath: libFilePath,
-			Indirect: lib.Indirect,
-			License:  lib.License,
+			ID:        lib.ID,
+			Name:      lib.Name,
+			Version:   lib.Version,
+			FilePath:  libFilePath,
+			Indirect:  lib.Indirect,
+			License:   lib.License,
+			DependsOn: deps[lib.ID],
 		})
 	}
 	apps := []types.Application{{
-		Type:         fileType,
-		FilePath:     filePath,
-		Libraries:    pkgs,
-		Dependencies: deps,
+		Type:      fileType,
+		FilePath:  filePath,
+		Libraries: pkgs,
 	}}
 
 	return &analyzer.AnalysisResult{Applications: apps}

test/integration/library_test.go

@@ -294,15 +294,9 @@ func checkLangPkgs(detail types.ArtifactDetail, t *testing.T, tc testCase) {
 			sort.Slice(app.Libraries, func(i, j int) bool {
 				return app.Libraries[i].FilePath < app.Libraries[j].FilePath
 			})
-
-			sort.Slice(app.Dependencies, func(i, j int) bool {
-				return strings.Compare(app.Dependencies[i].ID, app.Dependencies[j].ID) < 0
-			})
-
-			for i := range app.Dependencies {
-				sort.Strings(app.Dependencies[i].DependsOn)
+			for i := range app.Libraries {
+				sort.Strings(app.Libraries[i].DependsOn)
 			}
-
 		}
 
 		// Do not compare layers

test/integration/testdata/goldens/vuln-image1.2.3.expectedlibs.golden

@@ -759,7 +759,8 @@
         "ID": "[email protected]",
         "Name": "loose-envify",
         "Version": "1.4.0",
-        "Layer": {}
+        "Layer": {},
+        "DependsOn": ["[email protected]"]
       },
       {
         "ID": "[email protected]",
@@ -771,19 +772,22 @@
         "ID": "[email protected]",
         "Name": "promise",
         "Version": "8.0.3",
-        "Layer": {}
+        "Layer": {},
+        "DependsOn": ["[email protected]"]
       },
       {
         "ID": "[email protected]",
         "Name": "prop-types",
         "Version": "15.7.2",
-        "Layer": {}
+        "Layer": {},
+        "DependsOn": ["[email protected]", "[email protected]", "[email protected]"]
       },
       {
         "ID": "[email protected]",
         "Name": "react",
         "Version": "16.8.6",
-        "Layer": {}
+        "Layer": {},
+        "DependsOn": ["[email protected]", "[email protected]", "[email protected]", "[email protected]"]
       },
       {
         "ID": "[email protected]",
@@ -795,46 +799,22 @@
         "ID": "[email protected]",
         "Name": "redux",
         "Version": "4.0.1",
-        "Layer": {}
+        "Layer": {},
+        "DependsOn": ["[email protected]", "[email protected]"]
       },
       {
         "ID": "[email protected]",
         "Name": "scheduler",
         "Version": "0.13.6",
-        "Layer": {}
+        "Layer": {},
+        "DependsOn": ["[email protected]", "[email protected]"]
       },
       {
         "ID": "[email protected]",
         "Name": "symbol-observable",
         "Version": "1.2.0",
         "Layer": {}
       }
-    ],
-    "Dependencies" : [
-      {
-        "ID": "[email protected]",
-        "DependsOn": ["[email protected]"]
-      },
-      {
-        "ID": "[email protected]",
-        "DependsOn": ["[email protected]"]
-      },
-      {
-        "ID": "[email protected]",
-        "DependsOn": ["[email protected]", "[email protected]", "[email protected]"]
-      },
-      {
-        "ID": "[email protected]",
-        "DependsOn": ["[email protected]", "[email protected]", "[email protected]", "[email protected]"]
-      },
-      {
-        "ID": "[email protected]",
-        "DependsOn": ["[email protected]", "[email protected]"]
-      },
-      {
-        "ID": "[email protected]",
-        "DependsOn": ["[email protected]", "[email protected]"]
-      }
     ]
   },
   {

types/artifact.go

@@ -3,7 +3,6 @@ package types
 import (
 	"time"
 
-	godeptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 )
 
@@ -38,9 +37,11 @@ type Package struct {
 	Modularitylabel string     `json:",omitempty"` // only for Red Hat based distributions
 	BuildInfo       *BuildInfo `json:",omitempty"` // only for Red Hat
 
-	Indirect bool   `json:",omitempty"`
-	License  string `json:",omitempty"`
-	Layer    Layer  `json:",omitempty"`
+	Indirect  bool     `json:",omitempty"` // this package is direct dependency of the project or not
+	DependsOn []string `json:",omitempty"` // dependencies of this package
+
+	License string `json:",omitempty"`
+	Layer   Layer  `json:",omitempty"`
 
 	// Each package metadata have the file path, while the package from lock files does not have.
 	FilePath string `json:",omitempty"`
@@ -77,9 +78,6 @@ type Application struct {
 
 	// Libraries is a list of lang-specific packages
 	Libraries []Package
-
-	// Dependencies represents dependency graph
-	Dependencies []godeptypes.Dependency `json:",omitempty"`
 }
 
 type File struct {