PR review changes

pkg/models/models.go

@@ -29,7 +29,7 @@ const (
 	EcosystemCyDxSBOM      = "CycloneDxSbom"
 	EcosystemSpdxSBOM      = "SpdxSbom"
 	EcosystemGitHubActions = "GitHubActions"
-	EcoSystemTerraform     = "terraform"
+	EcosystemTerraform     = "terraform"
 )
 
 type ManifestSourceType string
@@ -92,7 +92,7 @@ type PackageManifest struct {
 	// List of packages obtained by parsing the manifest
 	Packages []*Package `json:"packages"`
 
-	// The package depeneny graph representation
+	// The package dependency graph representation
 	DependencyGraph *DependencyGraph[*Package] `json:"dependency_graph"`
 
 	// Lock to serialize updating packages

pkg/parser/parser.go

@@ -3,7 +3,6 @@ package parser
 import (
 	"errors"
 	"fmt"
-	"github.com/safedep/vet/pkg/parser/custom/terraform"
 	"path/filepath"
 	"regexp"
 
@@ -51,15 +50,14 @@ var supportedEcosystems map[string]bool = map[string]bool{
 	models.EcosystemCyDxSBOM:      true,
 	models.EcosystemSpdxSBOM:      true,
 	models.EcosystemGitHubActions: true,
-	models.EcoSystemTerraform:     true,
+	models.EcosystemTerraform:     true,
 }
 
 // TODO: Migrate these to graph parser
 var customExperimentalParsers map[string]lockfile.PackageDetailsParser = map[string]lockfile.PackageDetailsParser{
 	customParserTypePyWheel: parsePythonWheelDist,
 	customParserSpdxSBOM:    spdx.Parse,
 	customParserTypeSetupPy: py.ParseSetuppy,
-	customParserTerraform:   terraform.ParseTerraformLockfile,
 }
 
 type Parser interface {
@@ -87,6 +85,7 @@ type dependencyGraphParser func(lockfilePath string, config *ParserConfig) (*mod
 
 // Maintain a map of lockfileAs to dependencyGraphParser
 var dependencyGraphParsers map[string]dependencyGraphParser = map[string]dependencyGraphParser{
+	".terraform.lock.hcl":             parseTerraformLockfile,
 	"package-lock.json":               parseNpmPackageLockAsGraph,
 	customParserCycloneDXSBOM:         parseSbomCycloneDxAsGraph,
 	customParserTypeJavaArchive:       parseJavaArchiveAsGraph,
@@ -245,8 +244,8 @@ func (pw *parserWrapper) Ecosystem() string {
 		return models.EcosystemMaven
 	case customParserGitHubActions:
 		return models.EcosystemGitHubActions
-	case customParserTerraform:
-		return models.EcoSystemTerraform
+	case ".terraform.lock.hcl":
+		return models.EcosystemTerraform
 	default:
 		logger.Debugf("Unsupported lockfile-as %s", pw.parseAs)
 		return ""

pkg/parser/terraform.go

@@ -0,0 +1,55 @@
+package parser
+
+import (
+	"fmt"
+	"github.com/hashicorp/hcl/v2/hclsyntax"
+	"github.com/safedep/vet/pkg/models"
+	"os"
+
+	"github.com/hashicorp/hcl/v2/hclparse"
+)
+
+func parseTerraformLockfile(path string, config *ParserConfig) (*models.PackageManifest, error) {
+	// Open the lockfile
+	file, err := os.Open(path)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open file: %s", err)
+	}
+	defer file.Close()
+
+	// Parse the file using the HCL parser
+	parser := hclparse.NewParser()
+	hclFile, diags := parser.ParseHCLFile(path)
+	if diags.HasErrors() {
+		return nil, fmt.Errorf("failed to parse lockfile: %v", diags)
+	}
+
+	body, ok := hclFile.Body.(*hclsyntax.Body)
+	if !ok {
+		return nil, fmt.Errorf("failed to assert body as hclsyntax.Body")
+	}
+	manifest := models.NewPackageManifestFromLocal(path, models.EcosystemTerraform)
+
+	for _, block := range body.Blocks {
+		if block.Type != "provider" {
+			continue
+		}
+		providerName := block.Labels[0] // The provider name is the first label
+		providerVersion := "0.0.0"
+		if versionAttr, exists := block.Body.Attributes["version"]; exists {
+			versionVal, diags := versionAttr.Expr.Value(nil)
+			if diags.HasErrors() {
+				return nil, fmt.Errorf("failed to extract version: %v", diags)
+			}
+			providerVersion = versionVal.AsString()
+		}
+		pkgdetails := models.NewPackageDetail(models.EcosystemTerraform, providerName, providerVersion)
+		packageModel := models.Package{
+			PackageDetails: pkgdetails,
+			Depth:          0,
+		}
+		manifest.AddPackage(&packageModel)
+	}
+
+	return manifest, nil
+}