diff --git a/syft/pkg/cataloger/binary/elf_package.go b/syft/pkg/cataloger/binary/elf_package.go index 47fa8d472..58122d103 100644 --- a/syft/pkg/cataloger/binary/elf_package.go +++ b/syft/pkg/cataloger/binary/elf_package.go @@ -18,7 +18,7 @@ func newELFPackage(metadata elfBinaryPackageNotes, locations file.LocationSet) p Locations: locations, // though we can look for shared libs, we cannot see static dependencies nor dynamic dependencies using dlopen. // this means that, even in cases where the dep info is actually complete, we can't programmatically determine that. - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: metadata.ELFBinaryPackageNoteJSONPayload, } diff --git a/syft/pkg/cataloger/binary/elf_package_cataloger_test.go b/syft/pkg/cataloger/binary/elf_package_cataloger_test.go index 221b386dd..4e2e90c32 100644 --- a/syft/pkg/cataloger/binary/elf_package_cataloger_test.go +++ b/syft/pkg/cataloger/binary/elf_package_cataloger_test.go @@ -36,7 +36,7 @@ func Test_ELF_Package_Cataloger(t *testing.T) { ), Type: pkg.BinaryPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ELFBinaryPackageNoteJSONPayload{ Type: "testfixture", Vendor: "syft", @@ -58,7 +58,7 @@ func Test_ELF_Package_Cataloger(t *testing.T) { pkg.License{Value: "MIT", SPDXExpression: "MIT", Type: "declared"}, ), Type: pkg.BinaryPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ELFBinaryPackageNoteJSONPayload{ Type: "testfixture", Vendor: "syft", @@ -84,7 +84,7 @@ func Test_ELF_Package_Cataloger(t *testing.T) { ), Licenses: pkg.NewLicenseSet(), Type: pkg.RpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ELFBinaryPackageNoteJSONPayload{ Type: "rpm", Architecture: "x86_64", @@ -107,7 +107,7 @@ func Test_ELF_Package_Cataloger(t *testing.T) { ), Licenses: pkg.NewLicenseSet(), Type: pkg.RpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ELFBinaryPackageNoteJSONPayload{ Type: "rpm", Architecture: "arm", diff --git a/syft/pkg/cataloger/binary/elf_package_test.go b/syft/pkg/cataloger/binary/elf_package_test.go index f57ab8118..c4b585543 100644 --- a/syft/pkg/cataloger/binary/elf_package_test.go +++ b/syft/pkg/cataloger/binary/elf_package_test.go @@ -158,7 +158,7 @@ func Test_newELFPackage(t *testing.T) { Version: "0.01", Type: "binary", PURL: "pkg:generic/syftsys/syfttestfixture@0.01", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ELFBinaryPackageNoteJSONPayload{ Type: "binary", System: "syftsys", diff --git a/syft/pkg/cataloger/cpp/package.go b/syft/pkg/cataloger/cpp/package.go index 0e7c06d5f..ff9e4b7f2 100644 --- a/syft/pkg/cataloger/cpp/package.go +++ b/syft/pkg/cataloger/cpp/package.go @@ -67,8 +67,8 @@ func splitConanRef(ref string) *conanRef { } func newConanfilePackage(m pkg.ConanfileEntry, locations ...file.Location) *pkg.Package { - // though a conanfile is a listing of direct dependencies, we are not capturing these today, so are forced to answer incomplete - return newConanPackage(m.Ref, m, pkg.IncompleteDependencies, locations...) + // though a conanfile is a listing of direct dependencies, we are not capturing these today, so are forced to answer unknown + return newConanPackage(m.Ref, m, pkg.UnknownDependencyCompleteness, locations...) } func newConanlockV1Package(m pkg.ConanV1LockEntry, locations ...file.Location) *pkg.Package { diff --git a/syft/pkg/cataloger/cpp/parse_conanfile_test.go b/syft/pkg/cataloger/cpp/parse_conanfile_test.go index 03fd5c367..9267dcccc 100644 --- a/syft/pkg/cataloger/cpp/parse_conanfile_test.go +++ b/syft/pkg/cataloger/cpp/parse_conanfile_test.go @@ -20,7 +20,7 @@ func TestParseConanfile(t *testing.T) { Locations: fixtureLocationSet, Language: pkg.CPP, Type: pkg.ConanPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ConanfileEntry{ Ref: "catch2/2.13.8", }, @@ -32,7 +32,7 @@ func TestParseConanfile(t *testing.T) { Locations: fixtureLocationSet, Language: pkg.CPP, Type: pkg.ConanPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ConanfileEntry{ Ref: "docopt.cpp/0.6.3", }, @@ -44,7 +44,7 @@ func TestParseConanfile(t *testing.T) { Locations: fixtureLocationSet, Language: pkg.CPP, Type: pkg.ConanPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ConanfileEntry{ Ref: "fmt/8.1.1", }, @@ -56,7 +56,7 @@ func TestParseConanfile(t *testing.T) { Locations: fixtureLocationSet, Language: pkg.CPP, Type: pkg.ConanPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ConanfileEntry{ Ref: "spdlog/1.9.2@my_user/my_channel#1234567%%987654", }, @@ -68,7 +68,7 @@ func TestParseConanfile(t *testing.T) { Locations: fixtureLocationSet, Language: pkg.CPP, Type: pkg.ConanPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ConanfileEntry{ Ref: "sdl/2.0.20#1234567%%987654", }, @@ -80,7 +80,7 @@ func TestParseConanfile(t *testing.T) { Locations: fixtureLocationSet, Language: pkg.CPP, Type: pkg.ConanPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ConanfileEntry{ Ref: "fltk/1.3.8@my_user/my_channel", }, diff --git a/syft/pkg/cataloger/dart/package.go b/syft/pkg/cataloger/dart/package.go index 54fab06e2..de0e6807d 100644 --- a/syft/pkg/cataloger/dart/package.go +++ b/syft/pkg/cataloger/dart/package.go @@ -21,8 +21,8 @@ func newPubspecLockPackage(name string, raw pubspecLockPackage, locations ...fil PURL: packageURL(metadata), Language: pkg.Dart, Type: pkg.DartPubPkg, - // since we capture no dependencies today we know that the dep info is incomplete - Dependencies: pkg.IncompleteDependencies, + // since we capture no dependencies today we know that the dep info is unknown + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: metadata, } diff --git a/syft/pkg/cataloger/dart/parse_pubspec_lock_test.go b/syft/pkg/cataloger/dart/parse_pubspec_lock_test.go index 79e3d794e..65697ba2d 100644 --- a/syft/pkg/cataloger/dart/parse_pubspec_lock_test.go +++ b/syft/pkg/cataloger/dart/parse_pubspec_lock_test.go @@ -20,7 +20,7 @@ func TestParsePubspecLock(t *testing.T) { Locations: fixtureLocationSet, Language: pkg.Dart, Type: pkg.DartPubPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.DartPubspecLockEntry{ Name: "ale", Version: "3.3.0", @@ -34,7 +34,7 @@ func TestParsePubspecLock(t *testing.T) { Locations: fixtureLocationSet, Language: pkg.Dart, Type: pkg.DartPubPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.DartPubspecLockEntry{ Name: "analyzer", Version: "0.40.7", @@ -47,7 +47,7 @@ func TestParsePubspecLock(t *testing.T) { Locations: fixtureLocationSet, Language: pkg.Dart, Type: pkg.DartPubPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.DartPubspecLockEntry{ Name: "ansicolor", Version: "1.1.1", @@ -60,7 +60,7 @@ func TestParsePubspecLock(t *testing.T) { Locations: fixtureLocationSet, Language: pkg.Dart, Type: pkg.DartPubPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.DartPubspecLockEntry{ Name: "archive", Version: "2.0.13", @@ -73,7 +73,7 @@ func TestParsePubspecLock(t *testing.T) { Locations: fixtureLocationSet, Language: pkg.Dart, Type: pkg.DartPubPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.DartPubspecLockEntry{ Name: "args", Version: "1.6.0", @@ -86,7 +86,7 @@ func TestParsePubspecLock(t *testing.T) { Locations: fixtureLocationSet, Language: pkg.Dart, Type: pkg.DartPubPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.DartPubspecLockEntry{ Name: "flutter", Version: "0.0.0", @@ -99,7 +99,7 @@ func TestParsePubspecLock(t *testing.T) { Locations: fixtureLocationSet, Language: pkg.Dart, Type: pkg.DartPubPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.DartPubspecLockEntry{ Name: "key_binder", Version: "1.11.20", diff --git a/syft/pkg/cataloger/dotnet/parse_dotnet_portable_executable.go b/syft/pkg/cataloger/dotnet/parse_dotnet_portable_executable.go index 6e3fac79b..40fa6c68c 100644 --- a/syft/pkg/cataloger/dotnet/parse_dotnet_portable_executable.go +++ b/syft/pkg/cataloger/dotnet/parse_dotnet_portable_executable.go @@ -81,8 +81,8 @@ func buildDotNetPEPackage(versionResources map[string]string, f file.LocationRea Type: pkg.DotnetPkg, Language: pkg.Dotnet, PURL: portableExecutablePackageURL(name, ver), - // by nature PE metadata does not have any dependency information, thus we are forced to claim incomplete - Dependencies: pkg.IncompleteDependencies, + // by nature PE file metadata does not have any dependency information, thus we are forced to claim unknown completeness + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: metadata, } diff --git a/syft/pkg/cataloger/dotnet/parse_dotnet_portable_executable_test.go b/syft/pkg/cataloger/dotnet/parse_dotnet_portable_executable_test.go index 9c73c11f4..08f499e2d 100644 --- a/syft/pkg/cataloger/dotnet/parse_dotnet_portable_executable_test.go +++ b/syft/pkg/cataloger/dotnet/parse_dotnet_portable_executable_test.go @@ -34,7 +34,7 @@ func TestParseDotnetPortableExecutable(t *testing.T) { expectedPackage: pkg.Package{ Name: "Active Directory Authentication Library", Version: "3.14.40721.0918", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.DotnetPortableExecutableEntry{ AssemblyVersion: "3.14.2.11", LegalCopyright: "Copyright (c) Microsoft Corporation. All rights reserved.", @@ -61,7 +61,7 @@ func TestParseDotnetPortableExecutable(t *testing.T) { Name: "äbFileVersi on", Version: "4.6.25512.01", PURL: "pkg:nuget/%C3%A4bFileVersi%20on@4.6.25512.01", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.DotnetPortableExecutableEntry{ LegalCopyright: "© Microsoft Corporation. All rights reserved.", InternalName: "äb\x01FileVersion", @@ -86,7 +86,7 @@ func TestParseDotnetPortableExecutable(t *testing.T) { expectedPackage: pkg.Package{ Name: "System.Data.Linq.dll", Version: "4.7.3190.0", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, }, { @@ -104,7 +104,7 @@ func TestParseDotnetPortableExecutable(t *testing.T) { expectedPackage: pkg.Package{ Name: "The curl executable", Version: "8.4.0", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, }, { @@ -122,7 +122,7 @@ func TestParseDotnetPortableExecutable(t *testing.T) { expectedPackage: pkg.Package{ Name: "Prometheus.AspNetCore.dll", Version: "8.0.1", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, }, { @@ -139,7 +139,7 @@ func TestParseDotnetPortableExecutable(t *testing.T) { expectedPackage: pkg.Package{ Name: "Hidden Input", Version: "1, 0, 0, 0", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, }, { @@ -156,7 +156,7 @@ func TestParseDotnetPortableExecutable(t *testing.T) { expectedPackage: pkg.Package{ Name: "SQLite", Version: "3.23.2", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, }, { @@ -174,7 +174,7 @@ func TestParseDotnetPortableExecutable(t *testing.T) { expectedPackage: pkg.Package{ Name: "Brave Browser", Version: "80.1.7.92", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, }, { @@ -187,7 +187,7 @@ func TestParseDotnetPortableExecutable(t *testing.T) { expectedPackage: pkg.Package{ Name: "Better version", Version: "80.1.7.92", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, }, { @@ -200,7 +200,7 @@ func TestParseDotnetPortableExecutable(t *testing.T) { expectedPackage: pkg.Package{ Name: "Better version", Version: "80.1.7.92", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, }, { @@ -213,7 +213,7 @@ func TestParseDotnetPortableExecutable(t *testing.T) { expectedPackage: pkg.Package{ Name: "Higher semantic version Product Version", Version: "3.0.1+b86b61bf676163639795b163d8d753b20aad6207", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, }, { @@ -226,7 +226,7 @@ func TestParseDotnetPortableExecutable(t *testing.T) { expectedPackage: pkg.Package{ Name: "Higher semantic version File Version", Version: "3.0.1+b86b61bf676163639795b163d8d753b20aad6207", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, }, { @@ -239,7 +239,7 @@ func TestParseDotnetPortableExecutable(t *testing.T) { expectedPackage: pkg.Package{ Name: "Invalid semantic version File Version", Version: "3.0.1+b86b61bf676163639795b163d8d753b20aad6207", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, }, { @@ -252,7 +252,7 @@ func TestParseDotnetPortableExecutable(t *testing.T) { expectedPackage: pkg.Package{ Name: "Invalid semantic version File Version", Version: "3.0.1+b86b61bf676163639795b163d8d753b20aad6207", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, }, { @@ -265,7 +265,7 @@ func TestParseDotnetPortableExecutable(t *testing.T) { expectedPackage: pkg.Package{ Name: "Invalid semantic version Product Version", Version: "3.0.1+b86b61bf676163639795b163d8d753b20aad6207", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, }, { @@ -278,7 +278,7 @@ func TestParseDotnetPortableExecutable(t *testing.T) { expectedPackage: pkg.Package{ Name: "Semantically equal falls through, chooses File Version with more components", Version: "3.0.0.0", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, }, } diff --git a/syft/pkg/cataloger/elixir/package.go b/syft/pkg/cataloger/elixir/package.go index e87b42337..6eb48efa3 100644 --- a/syft/pkg/cataloger/elixir/package.go +++ b/syft/pkg/cataloger/elixir/package.go @@ -15,7 +15,7 @@ func newPackage(d pkg.ElixirMixLockEntry, locations ...file.Location) pkg.Packag PURL: packageURL(d), Type: pkg.HexPkg, // we do not attempt to parse dependencies from the mix.lock file - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: d, } diff --git a/syft/pkg/cataloger/elixir/parse_mix_lock_test.go b/syft/pkg/cataloger/elixir/parse_mix_lock_test.go index 8302b4d8b..e933b09e5 100644 --- a/syft/pkg/cataloger/elixir/parse_mix_lock_test.go +++ b/syft/pkg/cataloger/elixir/parse_mix_lock_test.go @@ -19,7 +19,7 @@ func TestParseMixLock(t *testing.T) { Type: pkg.HexPkg, Locations: locations, PURL: "pkg:hex/castore@0.1.17", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ElixirMixLockEntry{ Name: "castore", Version: "0.1.17", @@ -34,7 +34,7 @@ func TestParseMixLock(t *testing.T) { Type: pkg.HexPkg, Locations: locations, PURL: "pkg:hex/connection@1.1.0", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ElixirMixLockEntry{ Name: "connection", Version: "1.1.0", @@ -49,7 +49,7 @@ func TestParseMixLock(t *testing.T) { Type: pkg.HexPkg, Locations: locations, PURL: "pkg:hex/cowboy@2.9.0", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ElixirMixLockEntry{ Name: "cowboy", Version: "2.9.0", @@ -64,7 +64,7 @@ func TestParseMixLock(t *testing.T) { Type: pkg.HexPkg, Locations: locations, PURL: "pkg:hex/cowboy_telemetry@0.4.0", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ElixirMixLockEntry{ Name: "cowboy_telemetry", Version: "0.4.0", @@ -79,7 +79,7 @@ func TestParseMixLock(t *testing.T) { Type: pkg.HexPkg, Locations: locations, PURL: "pkg:hex/cowlib@2.11.0", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ElixirMixLockEntry{ Name: "cowlib", Version: "2.11.0", @@ -94,7 +94,7 @@ func TestParseMixLock(t *testing.T) { Type: pkg.HexPkg, Locations: locations, PURL: "pkg:hex/db_connection@2.4.2", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ElixirMixLockEntry{ Name: "db_connection", Version: "2.4.2", @@ -109,7 +109,7 @@ func TestParseMixLock(t *testing.T) { Type: pkg.HexPkg, Locations: locations, PURL: "pkg:hex/decimal@2.0.0", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ElixirMixLockEntry{ Name: "decimal", Version: "2.0.0", @@ -124,7 +124,7 @@ func TestParseMixLock(t *testing.T) { Type: pkg.HexPkg, Locations: locations, PURL: "pkg:hex/earmark_parser@1.4.25", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ElixirMixLockEntry{ Name: "earmark_parser", Version: "1.4.25", @@ -139,7 +139,7 @@ func TestParseMixLock(t *testing.T) { Type: pkg.HexPkg, Locations: locations, PURL: "pkg:hex/ecto@3.8.1", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ElixirMixLockEntry{ Name: "ecto", Version: "3.8.1", @@ -154,7 +154,7 @@ func TestParseMixLock(t *testing.T) { Type: pkg.HexPkg, Locations: locations, PURL: "pkg:hex/ecto_sql@3.8.1", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ElixirMixLockEntry{ Name: "ecto_sql", Version: "3.8.1", @@ -169,7 +169,7 @@ func TestParseMixLock(t *testing.T) { Type: pkg.HexPkg, Locations: locations, PURL: "pkg:hex/esbuild@0.5.0", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ElixirMixLockEntry{ Name: "esbuild", Version: "0.5.0", @@ -184,7 +184,7 @@ func TestParseMixLock(t *testing.T) { Type: pkg.HexPkg, Locations: locations, PURL: "pkg:hex/ex_doc@0.28.4", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ElixirMixLockEntry{ Name: "ex_doc", Version: "0.28.4", @@ -199,7 +199,7 @@ func TestParseMixLock(t *testing.T) { Type: pkg.HexPkg, Locations: locations, PURL: "pkg:hex/gettext@0.19.1", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ElixirMixLockEntry{ Name: "gettext", Version: "0.19.1", @@ -214,7 +214,7 @@ func TestParseMixLock(t *testing.T) { Type: pkg.HexPkg, Locations: locations, PURL: "pkg:hex/hpax@0.1.1", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ElixirMixLockEntry{ Name: "hpax", Version: "0.1.1", @@ -229,7 +229,7 @@ func TestParseMixLock(t *testing.T) { Type: pkg.HexPkg, Locations: locations, PURL: "pkg:hex/jason@1.3.0", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ElixirMixLockEntry{ Name: "jason", Version: "1.3.0", diff --git a/syft/pkg/cataloger/erlang/package.go b/syft/pkg/cataloger/erlang/package.go index 7723d6ebb..f6d9ef320 100644 --- a/syft/pkg/cataloger/erlang/package.go +++ b/syft/pkg/cataloger/erlang/package.go @@ -15,7 +15,7 @@ func newPackageFromRebar(d pkg.ErlangRebarLockEntry, locations ...file.Location) PURL: packageURLFromRebar(d), Type: pkg.HexPkg, // we do not attempt to parse dependencies from the rebar.lock file - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: d, } @@ -45,7 +45,7 @@ func newPackageFromOTP(name, version string, locations ...file.Location) pkg.Pac Locations: file.NewLocationSet(locations...), PURL: packageURLFromOTP(name, version), // we do not attempt to parse dependencies from app files - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Type: pkg.ErlangOTPPkg, } diff --git a/syft/pkg/cataloger/erlang/parse_otp_app_test.go b/syft/pkg/cataloger/erlang/parse_otp_app_test.go index 0f911cb48..2886dd554 100644 --- a/syft/pkg/cataloger/erlang/parse_otp_app_test.go +++ b/syft/pkg/cataloger/erlang/parse_otp_app_test.go @@ -23,7 +23,7 @@ func TestParseOTPApplication(t *testing.T) { Language: pkg.Erlang, Type: pkg.ErlangOTPPkg, PURL: "pkg:otp/rabbit@3.12.10", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, }, }, diff --git a/syft/pkg/cataloger/erlang/parse_rebar_lock_test.go b/syft/pkg/cataloger/erlang/parse_rebar_lock_test.go index 9a02bd4b4..aa7234986 100644 --- a/syft/pkg/cataloger/erlang/parse_rebar_lock_test.go +++ b/syft/pkg/cataloger/erlang/parse_rebar_lock_test.go @@ -23,7 +23,7 @@ func TestParseRebarLock(t *testing.T) { Language: pkg.Erlang, Type: pkg.HexPkg, PURL: "pkg:hex/certifi@2.9.0", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ErlangRebarLockEntry{ Name: "certifi", Version: "2.9.0", @@ -37,7 +37,7 @@ func TestParseRebarLock(t *testing.T) { Language: pkg.Erlang, Type: pkg.HexPkg, PURL: "pkg:hex/idna@6.1.1", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ErlangRebarLockEntry{ Name: "idna", Version: "6.1.1", @@ -51,7 +51,7 @@ func TestParseRebarLock(t *testing.T) { Language: pkg.Erlang, Type: pkg.HexPkg, PURL: "pkg:hex/metrics@1.0.1", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ErlangRebarLockEntry{ Name: "metrics", Version: "1.0.1", @@ -65,7 +65,7 @@ func TestParseRebarLock(t *testing.T) { Language: pkg.Erlang, Type: pkg.HexPkg, PURL: "pkg:hex/mimerl@1.2.0", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ErlangRebarLockEntry{ Name: "mimerl", Version: "1.2.0", @@ -79,7 +79,7 @@ func TestParseRebarLock(t *testing.T) { Language: pkg.Erlang, Type: pkg.HexPkg, PURL: "pkg:hex/parse_trans@3.3.1", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ErlangRebarLockEntry{ Name: "parse_trans", Version: "3.3.1", @@ -93,7 +93,7 @@ func TestParseRebarLock(t *testing.T) { Language: pkg.Erlang, Type: pkg.HexPkg, PURL: "pkg:hex/ssl_verify_fun@1.1.6", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ErlangRebarLockEntry{ Name: "ssl_verify_fun", Version: "1.1.6", @@ -107,7 +107,7 @@ func TestParseRebarLock(t *testing.T) { Language: pkg.Erlang, Type: pkg.HexPkg, PURL: "pkg:hex/unicode_util_compat@0.7.0", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ErlangRebarLockEntry{ Name: "unicode_util_compat", Version: "0.7.0", @@ -129,7 +129,7 @@ func TestParseRebarLock(t *testing.T) { Language: pkg.Erlang, Type: pkg.HexPkg, PURL: "pkg:hex/bcrypt@1.1.5", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ErlangRebarLockEntry{ Name: "bcrypt", Version: "1.1.5", @@ -147,7 +147,7 @@ func TestParseRebarLock(t *testing.T) { Language: pkg.Erlang, Type: pkg.HexPkg, PURL: "pkg:hex/bson@14308ab927cfa69324742c3de720578094e0bb19", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ErlangRebarLockEntry{ Name: "bson", Version: "14308ab927cfa69324742c3de720578094e0bb19", @@ -162,7 +162,7 @@ func TestParseRebarLock(t *testing.T) { Language: pkg.Erlang, Type: pkg.HexPkg, PURL: "pkg:hex/certifi@2.9.0", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ErlangRebarLockEntry{ Name: "certifi", Version: "2.9.0", @@ -179,7 +179,7 @@ func TestParseRebarLock(t *testing.T) { Language: pkg.Erlang, Type: pkg.HexPkg, PURL: "pkg:hex/stdout_formatter@0.2.3", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ErlangRebarLockEntry{ Name: "stdout_formatter", Version: "0.2.3", @@ -197,7 +197,7 @@ func TestParseRebarLock(t *testing.T) { Language: pkg.Erlang, Type: pkg.HexPkg, PURL: "pkg:hex/swc@4835239dca5a5f4ac7202dd94d7effcaa617d575", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ErlangRebarLockEntry{ Name: "swc", Version: "4835239dca5a5f4ac7202dd94d7effcaa617d575", @@ -212,7 +212,7 @@ func TestParseRebarLock(t *testing.T) { Language: pkg.Erlang, Type: pkg.HexPkg, PURL: "pkg:hex/syslog@1.1.0", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ErlangRebarLockEntry{ Name: "syslog", Version: "1.1.0", @@ -229,7 +229,7 @@ func TestParseRebarLock(t *testing.T) { Language: pkg.Erlang, Type: pkg.HexPkg, PURL: "pkg:hex/unicode_util_compat@0.7.0", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ErlangRebarLockEntry{ Name: "unicode_util_compat", Version: "0.7.0", @@ -247,7 +247,7 @@ func TestParseRebarLock(t *testing.T) { Language: pkg.Erlang, Type: pkg.HexPkg, PURL: "pkg:hex/vernemq_dev@6d622aa8c901ae7777433aef2bd049e380c474a6", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.ErlangRebarLockEntry{ Name: "vernemq_dev", Version: "6d622aa8c901ae7777433aef2bd049e380c474a6", diff --git a/syft/pkg/cataloger/gentoo/cataloger_test.go b/syft/pkg/cataloger/gentoo/cataloger_test.go index 235bf0286..772069c20 100644 --- a/syft/pkg/cataloger/gentoo/cataloger_test.go +++ b/syft/pkg/cataloger/gentoo/cataloger_test.go @@ -24,7 +24,7 @@ func TestPortageCataloger(t *testing.T) { ), Licenses: pkg.NewLicenseSet(pkg.NewLicensesFromLocation(expectedLicenseLocation, "Apache-2.0", "BSD", "BSD-2", "CC-BY-SA-4.0", "ISC", "MIT")...), Type: pkg.PortagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PortageEntry{ InstalledSize: 27937835, Files: []pkg.PortageFileRecord{ diff --git a/syft/pkg/cataloger/gentoo/parse_portage_contents.go b/syft/pkg/cataloger/gentoo/parse_portage_contents.go index 5c8cbdee1..47447c91a 100644 --- a/syft/pkg/cataloger/gentoo/parse_portage_contents.go +++ b/syft/pkg/cataloger/gentoo/parse_portage_contents.go @@ -45,7 +45,7 @@ func parsePortageContents(_ context.Context, resolver file.Resolver, _ *generic. Locations: file.NewLocationSet( reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Type: pkg.PortagePkg, Metadata: pkg.PortageEntry{ // ensure the default value for a collection is never nil since this may be shown as JSON diff --git a/syft/pkg/cataloger/githubactions/package.go b/syft/pkg/cataloger/githubactions/package.go index 9700571c0..1bc1b9a08 100644 --- a/syft/pkg/cataloger/githubactions/package.go +++ b/syft/pkg/cataloger/githubactions/package.go @@ -48,7 +48,7 @@ func newGithubActionPackageUsage(name, version string, workflowLocation file.Loc Locations: file.NewLocationSet(workflowLocation.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), PURL: packageURL(name, version), // we cannot see what the dependencies are for a github action are locally from workflow yaml files - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Type: pkg.GithubActionPkg, } diff --git a/syft/pkg/cataloger/githubactions/parse_composite_action_test.go b/syft/pkg/cataloger/githubactions/parse_composite_action_test.go index 18622d4c8..a73ecd267 100644 --- a/syft/pkg/cataloger/githubactions/parse_composite_action_test.go +++ b/syft/pkg/cataloger/githubactions/parse_composite_action_test.go @@ -20,7 +20,7 @@ func Test_parseCompositeActionForActionUsage(t *testing.T) { Type: pkg.GithubActionPkg, Locations: fixtureLocationSet, PURL: "pkg:github/actions/setup-go@v4", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "actions/cache", @@ -28,7 +28,7 @@ func Test_parseCompositeActionForActionUsage(t *testing.T) { Type: pkg.GithubActionPkg, Locations: fixtureLocationSet, PURL: "pkg:github/actions/cache@v3", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, } diff --git a/syft/pkg/cataloger/githubactions/parse_workflow_test.go b/syft/pkg/cataloger/githubactions/parse_workflow_test.go index e8eeecf54..38c918901 100644 --- a/syft/pkg/cataloger/githubactions/parse_workflow_test.go +++ b/syft/pkg/cataloger/githubactions/parse_workflow_test.go @@ -20,7 +20,7 @@ func Test_parseWorkflowForActionUsage(t *testing.T) { Type: pkg.GithubActionPkg, Locations: fixtureLocationSet, PURL: "", // don't have enough context without parsing the git origin, which still may not be accurate - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "actions/cache", @@ -28,7 +28,7 @@ func Test_parseWorkflowForActionUsage(t *testing.T) { Type: pkg.GithubActionPkg, Locations: fixtureLocationSet, PURL: "pkg:github/actions/cache@v3", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "actions/cache/restore", @@ -36,7 +36,7 @@ func Test_parseWorkflowForActionUsage(t *testing.T) { Type: pkg.GithubActionPkg, Locations: fixtureLocationSet, PURL: "pkg:github/actions/cache@v3#restore", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "actions/cache/save", @@ -44,7 +44,7 @@ func Test_parseWorkflowForActionUsage(t *testing.T) { Type: pkg.GithubActionPkg, Locations: fixtureLocationSet, PURL: "pkg:github/actions/cache@v3#save", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "actions/checkout", @@ -52,7 +52,7 @@ func Test_parseWorkflowForActionUsage(t *testing.T) { Type: pkg.GithubActionPkg, Locations: fixtureLocationSet, PURL: "pkg:github/actions/checkout@v4", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, } diff --git a/syft/pkg/cataloger/golang/package.go b/syft/pkg/cataloger/golang/package.go index f05ee0850..0c6faacb0 100644 --- a/syft/pkg/cataloger/golang/package.go +++ b/syft/pkg/cataloger/golang/package.go @@ -15,15 +15,13 @@ func (c *goBinaryCataloger) newGoBinaryPackage(dep *debug.Module, mainModule, go } p := pkg.Package{ - Name: dep.Path, - Version: dep.Version, - Licenses: pkg.NewLicenseSet(licenses...), - PURL: packageURL(dep.Path, dep.Version), - Language: pkg.Go, - Type: pkg.GoModulePkg, - Locations: file.NewLocationSet(locations...), - // we don't have a way to express on a package or relationship the nature of "//indirect" markings on dependencies - // so though the dependencies are complete and separable with the raw data, the data in the SBOM is not separable. + Name: dep.Path, + Version: dep.Version, + Licenses: pkg.NewLicenseSet(licenses...), + PURL: packageURL(dep.Path, dep.Version), + Language: pkg.Go, + Type: pkg.GoModulePkg, + Locations: file.NewLocationSet(locations...), Dependencies: dependencies, Metadata: pkg.GolangBinaryBuildinfoEntry{ GoCompiledVersion: goVersion, diff --git a/syft/pkg/cataloger/golang/parse_go_binary.go b/syft/pkg/cataloger/golang/parse_go_binary.go index f8ff66662..c78ea66c6 100644 --- a/syft/pkg/cataloger/golang/parse_go_binary.go +++ b/syft/pkg/cataloger/golang/parse_go_binary.go @@ -136,8 +136,8 @@ func (c *goBinaryCataloger) buildGoPkgInfo(ctx context.Context, licenseScanner l lics, // the buildinfo section is a flat list of dependencies missing all edge information. So all direct and indirect // dependencies are related directly to the main module. This means that we don't have any way to discover - // the completeness of the dependency's dependencies, thus they are incomplete. - pkg.IncompleteDependencies, + // the completeness of the dependency's dependencies, thus they are unknown. + pkg.UnknownDependencyCompleteness, location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ) if pkg.IsValid(&p) { @@ -183,7 +183,9 @@ func (c *goBinaryCataloger) makeGoMainPackage(ctx context.Context, licenseScanne experiments, lics, // the buildinfo section is a flat list of dependencies missing all edge information. So all direct and indirect - // dependencies are related directly to the main module. + // dependencies are related directly to the main module. Also, we don't have a way to express on a package or + // relationship the nature of "//indirect" markings on dependencies so though the dependencies are complete + // and separable with the raw data, the data in the SBOM is not separable. pkg.CompleteWithIndirectDependencies, location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ) diff --git a/syft/pkg/cataloger/golang/parse_go_binary_test.go b/syft/pkg/cataloger/golang/parse_go_binary_test.go index 37def9285..3b5dec5f1 100644 --- a/syft/pkg/cataloger/golang/parse_go_binary_test.go +++ b/syft/pkg/cataloger/golang/parse_go_binary_test.go @@ -209,7 +209,7 @@ func TestBuildGoPkgInfo(t *testing.T) { }, ).WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangBinaryBuildinfoEntry{}, }, }, @@ -255,7 +255,7 @@ func TestBuildGoPkgInfo(t *testing.T) { }, ).WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangBinaryBuildinfoEntry{ GoCompiledVersion: goCompiledVersion, Architecture: archDetails, @@ -751,7 +751,7 @@ func TestBuildGoPkgInfo(t *testing.T) { }, ).WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangBinaryBuildinfoEntry{ GoCompiledVersion: goCompiledVersion, Architecture: archDetails, @@ -773,7 +773,7 @@ func TestBuildGoPkgInfo(t *testing.T) { }, ).WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangBinaryBuildinfoEntry{ GoCompiledVersion: goCompiledVersion, Architecture: archDetails, @@ -831,7 +831,7 @@ func TestBuildGoPkgInfo(t *testing.T) { }, ).WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangBinaryBuildinfoEntry{ GoCompiledVersion: goCompiledVersion, Architecture: archDetails, @@ -853,7 +853,7 @@ func TestBuildGoPkgInfo(t *testing.T) { }, ).WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangBinaryBuildinfoEntry{ GoCompiledVersion: goCompiledVersion, Architecture: archDetails, @@ -1010,7 +1010,7 @@ func TestBuildGoPkgInfo(t *testing.T) { }, ).WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangBinaryBuildinfoEntry{ GoCompiledVersion: "go1.22.2", Architecture: archDetails, diff --git a/syft/pkg/cataloger/golang/parse_go_mod.go b/syft/pkg/cataloger/golang/parse_go_mod.go index eb3e2844e..c68bf269a 100644 --- a/syft/pkg/cataloger/golang/parse_go_mod.go +++ b/syft/pkg/cataloger/golang/parse_go_mod.go @@ -59,14 +59,16 @@ func (c *goModCataloger) parseGoModFile(ctx context.Context, resolver file.Resol } packages[m.Mod.Path] = pkg.Package{ - Name: m.Mod.Path, - Version: m.Mod.Version, - Licenses: pkg.NewLicenseSet(lics...), - Locations: file.NewLocationSet(reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), - PURL: packageURL(m.Mod.Path, m.Mod.Version), - Language: pkg.Go, - Type: pkg.GoModulePkg, - Dependencies: pkg.IncompleteDependencies, + Name: m.Mod.Path, + Version: m.Mod.Version, + Licenses: pkg.NewLicenseSet(lics...), + Locations: file.NewLocationSet(reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), + PURL: packageURL(m.Mod.Path, m.Mod.Version), + Language: pkg.Go, + Type: pkg.GoModulePkg, + // we don't have a way to express on a package or relationship the nature of "//indirect" markings on dependencies + // so though the dependencies are complete and separable with the raw data, the data in the SBOM is not separable. + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangModuleEntry{ H1Digest: digests[fmt.Sprintf("%s %s", m.Mod.Path, m.Mod.Version)], }, @@ -85,14 +87,16 @@ func (c *goModCataloger) parseGoModFile(ctx context.Context, resolver file.Resol delete(packages, m.Old.Path) packages[m.New.Path] = pkg.Package{ - Name: m.New.Path, - Version: m.New.Version, - Licenses: pkg.NewLicenseSet(lics...), - Locations: file.NewLocationSet(reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), - PURL: packageURL(m.New.Path, m.New.Version), - Language: pkg.Go, - Type: pkg.GoModulePkg, - Dependencies: pkg.IncompleteDependencies, + Name: m.New.Path, + Version: m.New.Version, + Licenses: pkg.NewLicenseSet(lics...), + Locations: file.NewLocationSet(reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), + PURL: packageURL(m.New.Path, m.New.Version), + Language: pkg.Go, + Type: pkg.GoModulePkg, + // we don't have a way to express on a package or relationship the nature of "//indirect" markings on dependencies + // so though the dependencies are complete and separable with the raw data, the data in the SBOM is not separable. + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangModuleEntry{ H1Digest: digests[fmt.Sprintf("%s %s", m.New.Path, m.New.Version)], }, diff --git a/syft/pkg/cataloger/golang/parse_go_mod_test.go b/syft/pkg/cataloger/golang/parse_go_mod_test.go index 8e2243d89..9b4f319e7 100644 --- a/syft/pkg/cataloger/golang/parse_go_mod_test.go +++ b/syft/pkg/cataloger/golang/parse_go_mod_test.go @@ -24,7 +24,7 @@ func TestParseGoMod(t *testing.T) { Locations: file.NewLocationSet(file.NewLocation("test-fixtures/one-package")), Language: pkg.Go, Type: pkg.GoModulePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangModuleEntry{}, }, }, @@ -40,7 +40,7 @@ func TestParseGoMod(t *testing.T) { Locations: file.NewLocationSet(file.NewLocation("test-fixtures/many-packages")), Language: pkg.Go, Type: pkg.GoModulePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangModuleEntry{}, }, { @@ -50,7 +50,7 @@ func TestParseGoMod(t *testing.T) { Locations: file.NewLocationSet(file.NewLocation("test-fixtures/many-packages")), Language: pkg.Go, Type: pkg.GoModulePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangModuleEntry{}, }, { @@ -60,7 +60,7 @@ func TestParseGoMod(t *testing.T) { Locations: file.NewLocationSet(file.NewLocation("test-fixtures/many-packages")), Language: pkg.Go, Type: pkg.GoModulePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangModuleEntry{}, }, { @@ -70,7 +70,7 @@ func TestParseGoMod(t *testing.T) { Locations: file.NewLocationSet(file.NewLocation("test-fixtures/many-packages")), Language: pkg.Go, Type: pkg.GoModulePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangModuleEntry{}, }, { @@ -80,7 +80,7 @@ func TestParseGoMod(t *testing.T) { Locations: file.NewLocationSet(file.NewLocation("test-fixtures/many-packages")), Language: pkg.Go, Type: pkg.GoModulePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangModuleEntry{}, }, { @@ -90,7 +90,7 @@ func TestParseGoMod(t *testing.T) { Locations: file.NewLocationSet(file.NewLocation("test-fixtures/many-packages")), Language: pkg.Go, Type: pkg.GoModulePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangModuleEntry{}, }, }, @@ -125,7 +125,7 @@ func Test_GoSumHashes(t *testing.T) { FoundBy: "go-module-file-cataloger", Language: pkg.Go, Type: pkg.GoModulePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangModuleEntry{}, }, { @@ -136,7 +136,7 @@ func Test_GoSumHashes(t *testing.T) { FoundBy: "go-module-file-cataloger", Language: pkg.Go, Type: pkg.GoModulePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangModuleEntry{ H1Digest: "h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=", }, @@ -149,7 +149,7 @@ func Test_GoSumHashes(t *testing.T) { FoundBy: "go-module-file-cataloger", Language: pkg.Go, Type: pkg.GoModulePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.GolangModuleEntry{ H1Digest: "h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=", }, diff --git a/syft/pkg/cataloger/haskell/package.go b/syft/pkg/cataloger/haskell/package.go index ec0dfb0eb..425f75e4f 100644 --- a/syft/pkg/cataloger/haskell/package.go +++ b/syft/pkg/cataloger/haskell/package.go @@ -15,7 +15,7 @@ func newPackage(name, version string, m any, location file.Location) pkg.Package Language: pkg.Haskell, Type: pkg.HackagePkg, // in all cases (cabal, stack, etc.) we do not attempt to glean dependency information - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: m, } diff --git a/syft/pkg/cataloger/haskell/parse_cabal_freeze_test.go b/syft/pkg/cataloger/haskell/parse_cabal_freeze_test.go index 57ac1a480..cd3e70814 100644 --- a/syft/pkg/cataloger/haskell/parse_cabal_freeze_test.go +++ b/syft/pkg/cataloger/haskell/parse_cabal_freeze_test.go @@ -21,7 +21,7 @@ func TestParseCabalFreeze(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "Diff", @@ -30,7 +30,7 @@ func TestParseCabalFreeze(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "HTTP", @@ -39,7 +39,7 @@ func TestParseCabalFreeze(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "HUnit", @@ -48,7 +48,7 @@ func TestParseCabalFreeze(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "OneTuple", @@ -57,7 +57,7 @@ func TestParseCabalFreeze(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "Only", @@ -66,7 +66,7 @@ func TestParseCabalFreeze(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "PyF", @@ -75,7 +75,7 @@ func TestParseCabalFreeze(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "QuickCheck", @@ -84,7 +84,7 @@ func TestParseCabalFreeze(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "RSA", @@ -93,7 +93,7 @@ func TestParseCabalFreeze(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "SHA", @@ -102,7 +102,7 @@ func TestParseCabalFreeze(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "Spock", @@ -111,7 +111,7 @@ func TestParseCabalFreeze(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, } diff --git a/syft/pkg/cataloger/haskell/parse_stack_lock_test.go b/syft/pkg/cataloger/haskell/parse_stack_lock_test.go index b465553b9..f431f31f8 100644 --- a/syft/pkg/cataloger/haskell/parse_stack_lock_test.go +++ b/syft/pkg/cataloger/haskell/parse_stack_lock_test.go @@ -22,7 +22,7 @@ func TestParseStackLock(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.HackageStackYamlLockEntry{ PkgHash: "6042643c15a0b43e522a6693f1e322f05000d519543a84149cb80aeffee34f71", SnapshotURL: url, @@ -35,7 +35,7 @@ func TestParseStackLock(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.HackageStackYamlLockEntry{ PkgHash: "cd9b06a458428e493a4d6def725af7ab1ab0fef678fbd871f9586fc7f9aa70be", SnapshotURL: url, @@ -48,7 +48,7 @@ func TestParseStackLock(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.HackageStackYamlLockEntry{ PkgHash: "2cfe6e75990e690f595a87cbe553f2e90fcd738610f6c66749c81cc4396b2cc4", SnapshotURL: url, @@ -61,7 +61,7 @@ func TestParseStackLock(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.HackageStackYamlLockEntry{ PkgHash: "0848d3cbc9d94e1e539948fa0be4d0326b26335034161bf8076785293444ca6f", SnapshotURL: url, @@ -74,7 +74,7 @@ func TestParseStackLock(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.HackageStackYamlLockEntry{ PkgHash: "b56d4dea112d97a2ef4b2749508c0ca646828cb2d77b827e8dc433d249bb2062", SnapshotURL: url, @@ -87,7 +87,7 @@ func TestParseStackLock(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.HackageStackYamlLockEntry{ PkgHash: "52c8eaecd2d1c2a969c0762277c4a8ee72c339a686727d5785932e72ef9c3050", SnapshotURL: url, @@ -100,7 +100,7 @@ func TestParseStackLock(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.HackageStackYamlLockEntry{ PkgHash: "418c22ed6a19124d457d96bc66bd22c93ac22fad0c7100fe4972bbb4ac989731", SnapshotURL: url, @@ -113,7 +113,7 @@ func TestParseStackLock(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.HackageStackYamlLockEntry{ PkgHash: "2a38b3dad40d238ab644e234b692c8911423f9d3ed0e36b62287c4a698d92cd1", SnapshotURL: url, @@ -126,7 +126,7 @@ func TestParseStackLock(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.HackageStackYamlLockEntry{ PkgHash: "708ebb95117f2872d2c5a554eb6804cf1126e86abe793b2673f913f14e5eb1ac", SnapshotURL: url, diff --git a/syft/pkg/cataloger/haskell/parse_stack_yaml_test.go b/syft/pkg/cataloger/haskell/parse_stack_yaml_test.go index 04040bd83..7572316cc 100644 --- a/syft/pkg/cataloger/haskell/parse_stack_yaml_test.go +++ b/syft/pkg/cataloger/haskell/parse_stack_yaml_test.go @@ -21,7 +21,7 @@ func TestParseStackYaml(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.HackageStackYamlEntry{ PkgHash: "353c9322847b661e4c6f7c83c2acf8e5c08b682fbe516c7d46c29605937543df", }, @@ -33,7 +33,7 @@ func TestParseStackYaml(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.HackageStackYamlEntry{ PkgHash: "98353ee0e2f5d97d2148513f084c1cd37dfda03e48aa9dd7a017c9d9c0ba710e", }, @@ -45,7 +45,7 @@ func TestParseStackYaml(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.HackageStackYamlEntry{ PkgHash: "3406ff0c1d592490f53ead8cf2cd22bdf3d79fd125ccaf3add683f6d71c24d55", }, @@ -57,7 +57,7 @@ func TestParseStackYaml(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.HackageStackYamlEntry{ PkgHash: "7dfac9b454ff2da0abb7560f0ffbe00ae442dd5cb76e8be469f77e6988a70fed", }, @@ -69,7 +69,7 @@ func TestParseStackYaml(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.HackageStackYamlEntry{ PkgHash: "658a6a74d5a70c040edd6df2a12228c6d9e63082adaad1ed4d0438ad082a0ef3", }, @@ -81,7 +81,7 @@ func TestParseStackYaml(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.HackageStackYamlEntry{ PkgHash: "a126e9087409fef8dcafcd2f8656456527ac7bb163ed4d9cb3a57589042a5fe8", }, @@ -93,7 +93,7 @@ func TestParseStackYaml(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.HackageStackYamlEntry{ PkgHash: "fbcf49ecfc3d4da53e797fd0275264cba776ffa324ee223e2a3f4ec2d2c9c4a6", }, @@ -105,7 +105,7 @@ func TestParseStackYaml(t *testing.T) { Locations: locationSet, Language: pkg.Haskell, Type: pkg.HackagePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.HackageStackYamlEntry{ PkgHash: "e4dc6473faaa75fbd7eccab4e3ee1d651d75bb0e49946ef0b8b751ccde771a55", }, diff --git a/syft/pkg/cataloger/java/cataloger_test.go b/syft/pkg/cataloger/java/cataloger_test.go index fe227dae0..438aa5249 100644 --- a/syft/pkg/cataloger/java/cataloger_test.go +++ b/syft/pkg/cataloger/java/cataloger_test.go @@ -134,7 +134,7 @@ func TestJvmDistributionCataloger(t *testing.T) { cpe.Must("cpe:2.3:a:oracle:jdk:1.8.0:update411:*:*:*:*:*:*", cpe.DeclaredSource), }, PURL: "pkg:generic/oracle/jdk@1.8.0_411-b25", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaVMInstallation{ Release: pkg.JavaVMRelease{ JavaRuntimeVersion: "1.8.0_411-b25", @@ -164,7 +164,7 @@ func TestJvmDistributionCataloger(t *testing.T) { Type: pkg.BinaryPkg, CPEs: []cpe.CPE{cpe.Must("cpe:2.3:a:oracle:openjdk:21.0.4:*:*:*:*:*:*:*", cpe.DeclaredSource)}, PURL: "pkg:generic/oracle/openjdk@21.0.4%2B7-LTS?repository_url=https://github.com/adoptium/jdk21u.git", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaVMInstallation{ Release: pkg.JavaVMRelease{ Implementor: "Eclipse Adoptium", diff --git a/syft/pkg/cataloger/java/parse_gradle_lockfile.go b/syft/pkg/cataloger/java/parse_gradle_lockfile.go index d354b094b..3de6d20ca 100644 --- a/syft/pkg/cataloger/java/parse_gradle_lockfile.go +++ b/syft/pkg/cataloger/java/parse_gradle_lockfile.go @@ -68,8 +68,8 @@ func parseGradleLockfile(_ context.Context, _ file.Resolver, _ *generic.Environm Language: pkg.Java, Type: pkg.JavaPkg, PURL: packageURL(dep.Name, dep.Version, archive), - // though we do have dependencies listed, we do not have them related to one another, thus we must answer incomplete - Dependencies: pkg.IncompleteDependencies, + // though we do have dependencies listed, we do not have them related to one another, thus we must answer unknown + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: archive, } mappedPkg.SetID() diff --git a/syft/pkg/cataloger/java/parse_gradle_lockfile_test.go b/syft/pkg/cataloger/java/parse_gradle_lockfile_test.go index 878df65c3..31c1a646a 100644 --- a/syft/pkg/cataloger/java/parse_gradle_lockfile_test.go +++ b/syft/pkg/cataloger/java/parse_gradle_lockfile_test.go @@ -22,7 +22,7 @@ func Test_parserGradleLockfile(t *testing.T) { Language: pkg.Java, Type: pkg.JavaPkg, PURL: "pkg:maven/org.apache.commons/commons-text@1.8", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProject: &pkg.JavaPomProject{GroupID: "org.apache.commons", ArtifactID: "commons-text", Version: "1.8", Name: "commons-text"}, }, @@ -33,7 +33,7 @@ func Test_parserGradleLockfile(t *testing.T) { Language: pkg.Java, Type: pkg.JavaPkg, PURL: "pkg:maven/org.hamcrest/hamcrest-core@1.3", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProject: &pkg.JavaPomProject{GroupID: "org.hamcrest", ArtifactID: "hamcrest-core", Version: "1.3", Name: "hamcrest-core"}, }, @@ -44,7 +44,7 @@ func Test_parserGradleLockfile(t *testing.T) { Language: pkg.Java, Type: pkg.JavaPkg, PURL: "pkg:maven/joda-time/joda-time@2.2", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProject: &pkg.JavaPomProject{GroupID: "joda-time", ArtifactID: "joda-time", Version: "2.2", Name: "joda-time"}, }, @@ -55,7 +55,7 @@ func Test_parserGradleLockfile(t *testing.T) { Language: pkg.Java, Type: pkg.JavaPkg, PURL: "pkg:maven/junit/junit@4.12", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProject: &pkg.JavaPomProject{GroupID: "junit", ArtifactID: "junit", Version: "4.12", Name: "junit"}, }, diff --git a/syft/pkg/cataloger/java/parse_jvm_release.go b/syft/pkg/cataloger/java/parse_jvm_release.go index cc43e02c4..ae475c9c3 100644 --- a/syft/pkg/cataloger/java/parse_jvm_release.go +++ b/syft/pkg/cataloger/java/parse_jvm_release.go @@ -99,7 +99,7 @@ func parseJVMRelease(_ context.Context, resolver file.Resolver, _ *generic.Envir Licenses: licenses, Type: pkg.BinaryPkg, // we don't have any dependency information about the JVM package itself - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaVMInstallation{ Release: *ri, Files: files, diff --git a/syft/pkg/cataloger/java/parse_pom_xml.go b/syft/pkg/cataloger/java/parse_pom_xml.go index f49c97eb3..a16adfcaf 100644 --- a/syft/pkg/cataloger/java/parse_pom_xml.go +++ b/syft/pkg/cataloger/java/parse_pom_xml.go @@ -164,7 +164,7 @@ func newPackageFromMavenPom(ctx context.Context, r *maven.Resolver, pom *maven.P PURL: packageURL(id.ArtifactID, id.Version, m), // later in processing we may resolve the dependencies for this package (e.g. online enrichment) // but at this point there is not enough information to claim we have complete dependency information - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: m, } @@ -304,7 +304,7 @@ func newPackageFromDependency(ctx context.Context, r *maven.Resolver, pom *maven FoundBy: pomCatalogerName, // later in processing we may resolve the dependencies for this package (e.g. online enrichment) but // by default we cannot claim we have complete dependency information - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: m, } diff --git a/syft/pkg/cataloger/java/parse_pom_xml_test.go b/syft/pkg/cataloger/java/parse_pom_xml_test.go index 67bf40677..03e200d57 100644 --- a/syft/pkg/cataloger/java/parse_pom_xml_test.go +++ b/syft/pkg/cataloger/java/parse_pom_xml_test.go @@ -50,7 +50,7 @@ func Test_parsePomXML(t *testing.T) { Type: pkg.JavaPkg, FoundBy: pomCatalogerName, Locations: pomLocation, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProperties: &pkg.JavaPomProperties{ GroupID: "com.joda", @@ -68,7 +68,7 @@ func Test_parsePomXML(t *testing.T) { Type: pkg.JavaPkg, FoundBy: pomCatalogerName, Locations: pomLocation, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProperties: &pkg.JavaPomProperties{ GroupID: "junit", @@ -506,7 +506,7 @@ func getCommonsTextExpectedPackages(resolved bool) expected { Language: pkg.Java, Type: pkg.JavaPkg, FoundBy: pomCatalogerName, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProperties: &pkg.JavaPomProperties{ GroupID: "org.apache.commons", @@ -522,7 +522,7 @@ func getCommonsTextExpectedPackages(resolved bool) expected { Language: pkg.Java, Type: pkg.JavaPkg, FoundBy: pomCatalogerName, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProperties: &pkg.JavaPomProperties{ GroupID: "org.junit.jupiter", @@ -539,7 +539,7 @@ func getCommonsTextExpectedPackages(resolved bool) expected { Language: pkg.Java, Type: pkg.JavaPkg, FoundBy: pomCatalogerName, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProperties: &pkg.JavaPomProperties{ GroupID: "org.assertj", @@ -556,7 +556,7 @@ func getCommonsTextExpectedPackages(resolved bool) expected { Language: pkg.Java, Type: pkg.JavaPkg, FoundBy: pomCatalogerName, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProperties: &pkg.JavaPomProperties{ GroupID: "commons-io", @@ -573,7 +573,7 @@ func getCommonsTextExpectedPackages(resolved bool) expected { Language: pkg.Java, Type: pkg.JavaPkg, FoundBy: pomCatalogerName, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProperties: &pkg.JavaPomProperties{ GroupID: "org.mockito", @@ -590,7 +590,7 @@ func getCommonsTextExpectedPackages(resolved bool) expected { Language: pkg.Java, Type: pkg.JavaPkg, FoundBy: pomCatalogerName, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProperties: &pkg.JavaPomProperties{ GroupID: "org.graalvm.js", @@ -607,7 +607,7 @@ func getCommonsTextExpectedPackages(resolved bool) expected { Language: pkg.Java, Type: pkg.JavaPkg, FoundBy: pomCatalogerName, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProperties: &pkg.JavaPomProperties{ GroupID: "org.graalvm.js", @@ -624,7 +624,7 @@ func getCommonsTextExpectedPackages(resolved bool) expected { Language: pkg.Java, Type: pkg.JavaPkg, FoundBy: pomCatalogerName, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProperties: &pkg.JavaPomProperties{ GroupID: "org.apache.commons", @@ -641,7 +641,7 @@ func getCommonsTextExpectedPackages(resolved bool) expected { Language: pkg.Java, Type: pkg.JavaPkg, FoundBy: pomCatalogerName, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProperties: &pkg.JavaPomProperties{ GroupID: "org.openjdk.jmh", @@ -658,7 +658,7 @@ func getCommonsTextExpectedPackages(resolved bool) expected { Language: pkg.Java, Type: pkg.JavaPkg, FoundBy: pomCatalogerName, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProperties: &pkg.JavaPomProperties{ GroupID: "org.openjdk.jmh", @@ -772,7 +772,7 @@ func expectedTransientPackageData() expected { Name: "commons-lang3", Version: "3.113.7.8.0", // missing pom in test fixtures, this is a search miss - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProperties: &pkg.JavaPomProperties{ GroupID: "org.apache.commons", @@ -784,7 +784,7 @@ func expectedTransientPackageData() expected { Name: "commons-lang3", Version: "3.12.0", // missing pom in test fixtures, this is a search miss - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProperties: &pkg.JavaPomProperties{ GroupID: "org.apache.commons", @@ -796,7 +796,7 @@ func expectedTransientPackageData() expected { Name: "commons-math3.11.0", Version: "3.5", // missing pom in test fixtures, this is a search miss - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProperties: &pkg.JavaPomProperties{ GroupID: "org.apache.commons", @@ -808,7 +808,7 @@ func expectedTransientPackageData() expected { Name: "commons-exec", Version: "1.3", // missing pom in test fixtures, this is a search miss - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.JavaArchive{ PomProperties: &pkg.JavaPomProperties{ GroupID: "org.apache.commons", diff --git a/syft/pkg/cataloger/javascript/cataloger_test.go b/syft/pkg/cataloger/javascript/cataloger_test.go index 73487782d..33d0896a4 100644 --- a/syft/pkg/cataloger/javascript/cataloger_test.go +++ b/syft/pkg/cataloger/javascript/cataloger_test.go @@ -19,7 +19,7 @@ func Test_JavascriptCataloger(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Licenses: pkg.NewLicenseSet( pkg.NewLicenseFromLocations("MIT", file.NewLocation("package-lock.json")), ), @@ -33,7 +33,7 @@ func Test_JavascriptCataloger(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz", Integrity: "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg="}, }, { @@ -44,7 +44,7 @@ func Test_JavascriptCataloger(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Licenses: pkg.NewLicenseSet( pkg.NewLicenseFromLocations("MIT", file.NewLocation("package-lock.json")), ), @@ -58,7 +58,7 @@ func Test_JavascriptCataloger(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/get-stdin/-/get-stdin-5.0.1.tgz", Integrity: "sha1-Ei4WFZHiH/TFJTAwVpPyDmOTo5g="}, }, { @@ -69,7 +69,7 @@ func Test_JavascriptCataloger(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz", Integrity: "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8="}, }, { @@ -80,7 +80,7 @@ func Test_JavascriptCataloger(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz", Integrity: "sha1-3j+YVD2/lggr5IrRoMfNqDYwHc8="}, }, { @@ -91,7 +91,7 @@ func Test_JavascriptCataloger(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/optimist/-/optimist-0.6.1.tgz", Integrity: "sha1-2j6nRob6IaGaERwybpDrFaAZZoY="}, }, { @@ -102,7 +102,7 @@ func Test_JavascriptCataloger(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz", Integrity: "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw=="}, }, { @@ -113,7 +113,7 @@ func Test_JavascriptCataloger(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz", Integrity: "sha1-qEeQIusaw2iocTibY1JixQXuNo8="}, }, { @@ -124,7 +124,7 @@ func Test_JavascriptCataloger(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/strip-eof/-/strip-eof-1.0.0.tgz", Integrity: "sha1-u0P/VZim6wXYm1n80SnJgzE2Br8="}, }, { @@ -135,7 +135,7 @@ func Test_JavascriptCataloger(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/wordwrap/-/wordwrap-0.0.3.tgz", Integrity: "sha1-o9XabNXAvAAI03I0u68b7WMFkQc="}, }, } diff --git a/syft/pkg/cataloger/javascript/package.go b/syft/pkg/cataloger/javascript/package.go index a9841b09e..522b095c8 100644 --- a/syft/pkg/cataloger/javascript/package.go +++ b/syft/pkg/cataloger/javascript/package.go @@ -33,8 +33,8 @@ func newPackageJSONPackage(u packageJSON, indexLocation file.Location) pkg.Packa Licenses: pkg.NewLicenseSet(license...), Type: pkg.NpmPkg, // though we could glean dependency information from the package.json and surrounding packages found in a node_modules directory, - // we do not do so today, so we mark knowledge of dependencies as incomplete. - Dependencies: pkg.IncompleteDependencies, + // we do not do so today, so we record "unknown" for this package's dependency completeness field. + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackage{ Name: u.Name, Version: u.Version, @@ -92,8 +92,8 @@ func newPackageLockV1Package(cfg CatalogerConfig, resolver file.Resolver, locati Language: pkg.JavaScript, Type: pkg.NpmPkg, // though we could glean dependency information from the package-lock.json, - // we do not do so today, so we mark knowledge of dependencies as incomplete. - Dependencies: pkg.IncompleteDependencies, + // we do not do so today, so we record "unknown" for this package's dependency completeness field. + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: u.Resolved, Integrity: u.Integrity}, }, ) @@ -127,8 +127,8 @@ func newPackageLockV2Package(cfg CatalogerConfig, resolver file.Resolver, locati Language: pkg.JavaScript, Type: pkg.NpmPkg, // though we could glean dependency information from the package-lock.json, - // we do not do so today, so we mark knowledge of dependencies as incomplete. - Dependencies: pkg.IncompleteDependencies, + // we do not do so today, so we record "unknown" for this package's dependency completeness field. + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: u.Resolved, Integrity: u.Integrity}, }, ) @@ -146,8 +146,8 @@ func newPnpmPackage(resolver file.Resolver, location file.Location, name, versio Language: pkg.JavaScript, Type: pkg.NpmPkg, // though we could glean dependency information from the pnpm files, - // we do not do so today, so we mark knowledge of dependencies as incomplete. - Dependencies: pkg.IncompleteDependencies, + // we do not do so today, so we record "unknown" for this package's dependency completeness field. + Dependencies: pkg.UnknownDependencyCompleteness, }, ) } @@ -177,8 +177,8 @@ func newYarnLockPackage(cfg CatalogerConfig, resolver file.Resolver, location fi Language: pkg.JavaScript, Type: pkg.NpmPkg, // though we could glean dependency information from the yarn.lock, - // we do not do so today, so we mark knowledge of dependencies as incomplete. - Dependencies: pkg.IncompleteDependencies, + // we do not do so today, so we record "unknown" for this package's dependency completeness field. + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{Resolved: resolved, Integrity: integrity}, }, ) diff --git a/syft/pkg/cataloger/javascript/parse_package_json_test.go b/syft/pkg/cataloger/javascript/parse_package_json_test.go index fb7d0c4f2..9e84a1a9f 100644 --- a/syft/pkg/cataloger/javascript/parse_package_json_test.go +++ b/syft/pkg/cataloger/javascript/parse_package_json_test.go @@ -26,7 +26,7 @@ func TestParsePackageJSON(t *testing.T) { Licenses: pkg.NewLicenseSet( pkg.NewLicenseFromLocations("Artistic-2.0", file.NewLocation("test-fixtures/pkg-json/package.json")), ), - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackage{ Name: "npm", Version: "6.14.6", @@ -48,7 +48,7 @@ func TestParsePackageJSON(t *testing.T) { Licenses: pkg.NewLicenseSet( pkg.NewLicenseFromLocations("ISC", file.NewLocation("test-fixtures/pkg-json/package-license-object.json")), ), - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackage{ Name: "npm", Version: "6.14.6", @@ -71,7 +71,7 @@ func TestParsePackageJSON(t *testing.T) { pkg.NewLicenseFromLocations("Apache-2.0", file.NewLocation("test-fixtures/pkg-json/package-license-objects.json")), ), Language: pkg.JavaScript, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackage{ Name: "npm", Version: "6.14.6", @@ -90,7 +90,7 @@ func TestParsePackageJSON(t *testing.T) { PURL: "pkg:npm/npm@6.14.6", Type: pkg.NpmPkg, Language: pkg.JavaScript, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackage{ Name: "npm", Version: "6.14.6", @@ -109,7 +109,7 @@ func TestParsePackageJSON(t *testing.T) { PURL: "pkg:npm/npm@6.14.6", Type: pkg.NpmPkg, Language: pkg.JavaScript, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackage{ Name: "npm", Version: "6.14.6", @@ -131,7 +131,7 @@ func TestParsePackageJSON(t *testing.T) { pkg.NewLicenseFromLocations("Artistic-2.0", file.NewLocation("test-fixtures/pkg-json/package-nested-author.json")), ), Language: pkg.JavaScript, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackage{ Name: "npm", Version: "6.14.6", @@ -153,7 +153,7 @@ func TestParsePackageJSON(t *testing.T) { pkg.NewLicenseFromLocations("MIT", file.NewLocation("test-fixtures/pkg-json/package-repo-string.json")), ), Language: pkg.JavaScript, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackage{ Name: "function-bind", Version: "1.1.1", @@ -175,7 +175,7 @@ func TestParsePackageJSON(t *testing.T) { pkg.NewLicenseFromLocations("Artistic-2.0", file.NewLocation("test-fixtures/pkg-json/package-private.json")), ), Language: pkg.JavaScript, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackage{ Name: "npm", Version: "6.14.6", @@ -198,7 +198,7 @@ func TestParsePackageJSON(t *testing.T) { pkg.NewLicenseFromLocations("Artistic-2.0", file.NewLocation("test-fixtures/pkg-json/package-author-non-standard.json")), ), Language: pkg.JavaScript, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackage{ Name: "npm", Version: "6.14.6", @@ -237,7 +237,7 @@ func TestParsePackageJSON_Partial(t *testing.T) { // see https://github.com/anch Type: pkg.NpmPkg, PURL: packageURL("", ""), Locations: file.NewLocationSet(file.NewLocation(fixtureFile)), - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackage{}, }, } diff --git a/syft/pkg/cataloger/javascript/parse_package_lock_test.go b/syft/pkg/cataloger/javascript/parse_package_lock_test.go index 4ca50bbd5..ee7712b43 100644 --- a/syft/pkg/cataloger/javascript/parse_package_lock_test.go +++ b/syft/pkg/cataloger/javascript/parse_package_lock_test.go @@ -18,7 +18,7 @@ func TestParsePackageLock(t *testing.T) { PURL: "pkg:npm/%40actions/core@1.6.0", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/@actions/core/-/core-1.6.0.tgz", Integrity: "sha512-NB1UAZomZlCV/LmJqkLhNTqtKfFXJZAUPcfl/zqG7EfsQdeUJtaWO98SGbuQ3pydJ3fHl2CvI/51OKYlCYYcaw=="}, }, { @@ -27,7 +27,7 @@ func TestParsePackageLock(t *testing.T) { PURL: "pkg:npm/ansi-regex@3.0.0", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz", Integrity: "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg="}, }, { @@ -36,7 +36,7 @@ func TestParsePackageLock(t *testing.T) { PURL: "pkg:npm/cowsay@1.4.0", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/cowsay/-/cowsay-1.4.0.tgz", Integrity: "sha512-rdg5k5PsHFVJheO/pmE3aDg2rUDDTfPJau6yYkZYlHFktUz+UxbE+IgnUAEyyCyv4noL5ltxXD0gZzmHPCy/9g=="}, }, { @@ -45,7 +45,7 @@ func TestParsePackageLock(t *testing.T) { PURL: "pkg:npm/get-stdin@5.0.1", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/get-stdin/-/get-stdin-5.0.1.tgz", Integrity: "sha1-Ei4WFZHiH/TFJTAwVpPyDmOTo5g="}, }, { @@ -54,7 +54,7 @@ func TestParsePackageLock(t *testing.T) { PURL: "pkg:npm/is-fullwidth-code-point@2.0.0", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz", Integrity: "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8="}, }, { @@ -63,7 +63,7 @@ func TestParsePackageLock(t *testing.T) { PURL: "pkg:npm/minimist@0.0.10", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz", Integrity: "sha1-3j+YVD2/lggr5IrRoMfNqDYwHc8="}, }, { @@ -72,7 +72,7 @@ func TestParsePackageLock(t *testing.T) { PURL: "pkg:npm/optimist@0.6.1", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/optimist/-/optimist-0.6.1.tgz", Integrity: "sha1-2j6nRob6IaGaERwybpDrFaAZZoY="}, }, { @@ -81,7 +81,7 @@ func TestParsePackageLock(t *testing.T) { PURL: "pkg:npm/string-width@2.1.1", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz", Integrity: "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw=="}, }, { @@ -90,7 +90,7 @@ func TestParsePackageLock(t *testing.T) { PURL: "pkg:npm/strip-ansi@4.0.0", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz", Integrity: "sha1-qEeQIusaw2iocTibY1JixQXuNo8="}, }, { @@ -99,7 +99,7 @@ func TestParsePackageLock(t *testing.T) { PURL: "pkg:npm/strip-eof@1.0.0", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/strip-eof/-/strip-eof-1.0.0.tgz", Integrity: "sha1-u0P/VZim6wXYm1n80SnJgzE2Br8="}, }, { @@ -108,7 +108,7 @@ func TestParsePackageLock(t *testing.T) { PURL: "pkg:npm/wordwrap@0.0.3", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/wordwrap/-/wordwrap-0.0.3.tgz", Integrity: "sha1-o9XabNXAvAAI03I0u68b7WMFkQc="}, }, } @@ -130,7 +130,7 @@ func TestParsePackageLockV2(t *testing.T) { Version: "6.14.6", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, PURL: "pkg:npm/npm@6.14.6", Metadata: pkg.NpmPackageLockEntry{}, }, @@ -140,7 +140,7 @@ func TestParsePackageLockV2(t *testing.T) { PURL: "pkg:npm/%40types/prop-types@15.7.5", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Licenses: pkg.NewLicenseSet( pkg.NewLicenseFromLocations("MIT", file.NewLocation(fixture)), ), @@ -152,7 +152,7 @@ func TestParsePackageLockV2(t *testing.T) { PURL: "pkg:npm/%40types/react@18.0.17", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Licenses: pkg.NewLicenseSet( pkg.NewLicenseFromLocations("MIT", file.NewLocation(fixture)), ), @@ -164,7 +164,7 @@ func TestParsePackageLockV2(t *testing.T) { PURL: "pkg:npm/%40types/scheduler@0.16.2", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Licenses: pkg.NewLicenseSet( pkg.NewLicenseFromLocations("MIT", file.NewLocation(fixture)), ), @@ -176,7 +176,7 @@ func TestParsePackageLockV2(t *testing.T) { PURL: "pkg:npm/csstype@3.1.0", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Licenses: pkg.NewLicenseSet( pkg.NewLicenseFromLocations("MIT", file.NewLocation(fixture)), ), @@ -199,7 +199,7 @@ func TestParsePackageLockV3(t *testing.T) { Version: "1.0.0", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, PURL: "pkg:npm/lock-v3-fixture@1.0.0", Metadata: pkg.NpmPackageLockEntry{}, }, @@ -208,7 +208,7 @@ func TestParsePackageLockV3(t *testing.T) { Version: "15.7.5", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, PURL: "pkg:npm/%40types/prop-types@15.7.5", Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.5.tgz", Integrity: "sha512-JCB8C6SnDoQf0cNycqd/35A7MjcnK+ZTqE7judS6o7utxUCg6imJg3QK2qzHKszlTjcj2cn+NwMB2i96ubpj7w=="}, }, @@ -217,7 +217,7 @@ func TestParsePackageLockV3(t *testing.T) { Version: "18.0.20", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, PURL: "pkg:npm/%40types/react@18.0.20", Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/@types/react/-/react-18.0.20.tgz", Integrity: "sha512-MWul1teSPxujEHVwZl4a5HxQ9vVNsjTchVA+xRqv/VYGCuKGAU6UhfrTdF5aBefwD1BHUD8i/zq+O/vyCm/FrA=="}, }, @@ -226,7 +226,7 @@ func TestParsePackageLockV3(t *testing.T) { Version: "0.16.2", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, PURL: "pkg:npm/%40types/scheduler@0.16.2", Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.2.tgz", Integrity: "sha512-hppQEBDmlwhFAXKJX2KnWLYu5yMfi91yazPb2l+lbJiwW+wdo1gNeRA+3RgNSO39WYX2euey41KEwnqesU2Jew=="}, }, @@ -236,7 +236,7 @@ func TestParsePackageLockV3(t *testing.T) { Language: pkg.JavaScript, Type: pkg.NpmPkg, PURL: "pkg:npm/csstype@3.1.1", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/csstype/-/csstype-3.1.1.tgz", Integrity: "sha512-DJR/VvkAvSZW9bTouZue2sSxDwdTN92uHjqeKVm+0dAqdfNykRzQ95tay8aXMBAAPpUiq4Qcug2L7neoRh2Egw=="}, }, } @@ -256,7 +256,7 @@ func TestParsePackageLockAlias(t *testing.T) { PURL: "pkg:npm/case@1.6.2", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/case/-/case-1.6.2.tgz", Integrity: "sha512-ll380ZRoraT7mUK2G92UbH+FJVD5AwdVIAYk9xhV1tauh0carDgYByUD1HhjCWsWgxrfQvCeHvtfj7IYR6TKeg=="}, }, { @@ -265,7 +265,7 @@ func TestParsePackageLockAlias(t *testing.T) { PURL: "pkg:npm/case@1.6.3", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/case/-/case-1.6.3.tgz", Integrity: "sha512-mzDSXIPaFwVDvZAHqZ9VlbyF4yyXRuX6IvB06WvPYkqJVO24kX1PPhv9bfpKNFZyxYFmmgo03HUiD8iklmJYRQ=="}, }, { @@ -274,7 +274,7 @@ func TestParsePackageLockAlias(t *testing.T) { PURL: "pkg:npm/%40bundled-es-modules/chai@4.2.2", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{Resolved: "https://registry.npmjs.org/@bundled-es-modules/chai/-/chai-4.2.2.tgz", Integrity: "sha512-iGmVYw2/zJCoqyKTtWEYCtFmMyi8WmACQKtky0lpNyEKWX0YIOpKWGD7saMXL+tPpllss0otilxV0SLwyi3Ytg=="}, }, } @@ -292,7 +292,7 @@ func TestParsePackageLockAlias(t *testing.T) { Licenses: pkg.NewLicenseSet( pkg.NewLicenseFromLocations("ISC", file.NewLocation(packageLockV2)), ), - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NpmPackageLockEntry{}, } @@ -321,7 +321,7 @@ func TestParsePackageLockLicenseWithArray(t *testing.T) { Version: "1.0.0", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Licenses: pkg.NewLicenseSet( pkg.NewLicenseFromLocations("ISC", file.NewLocation(fixture)), ), @@ -333,7 +333,7 @@ func TestParsePackageLockLicenseWithArray(t *testing.T) { Version: "0.0.11", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Licenses: pkg.NewLicenseSet( pkg.NewLicenseFromLocations("MIT", file.NewLocation(fixture)), pkg.NewLicenseFromLocations("Apache2", file.NewLocation(fixture)), @@ -346,7 +346,7 @@ func TestParsePackageLockLicenseWithArray(t *testing.T) { Version: "2.3.8", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Licenses: pkg.NewLicenseSet( pkg.NewLicenseFromLocations("MIT", file.NewLocation(fixture)), ), diff --git a/syft/pkg/cataloger/javascript/parse_pnpm_lock_test.go b/syft/pkg/cataloger/javascript/parse_pnpm_lock_test.go index f0bc65055..c8b30aa72 100644 --- a/syft/pkg/cataloger/javascript/parse_pnpm_lock_test.go +++ b/syft/pkg/cataloger/javascript/parse_pnpm_lock_test.go @@ -23,7 +23,7 @@ func TestParsePnpmLock(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "picocolors", @@ -32,7 +32,7 @@ func TestParsePnpmLock(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "source-map-js", @@ -41,7 +41,7 @@ func TestParsePnpmLock(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "@bcoe/v8-coverage", @@ -50,7 +50,7 @@ func TestParsePnpmLock(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, } @@ -71,7 +71,7 @@ func TestParsePnpmV6Lock(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "@testing-library/react", @@ -80,7 +80,7 @@ func TestParsePnpmV6Lock(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "@testing-library/user-event", @@ -89,7 +89,7 @@ func TestParsePnpmV6Lock(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "react", @@ -98,7 +98,7 @@ func TestParsePnpmV6Lock(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "react-dom", @@ -107,7 +107,7 @@ func TestParsePnpmV6Lock(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "web-vitals", @@ -116,7 +116,7 @@ func TestParsePnpmV6Lock(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "@babel/core", @@ -125,7 +125,7 @@ func TestParsePnpmV6Lock(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "@types/eslint", @@ -134,7 +134,7 @@ func TestParsePnpmV6Lock(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "read-cache", @@ -143,7 +143,7 @@ func TestParsePnpmV6Lock(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "schema-utils", @@ -152,7 +152,7 @@ func TestParsePnpmV6Lock(t *testing.T) { Locations: locationSet, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, } diff --git a/syft/pkg/cataloger/javascript/parse_yarn_lock_test.go b/syft/pkg/cataloger/javascript/parse_yarn_lock_test.go index 866a1ed4e..93dbbb6c1 100644 --- a/syft/pkg/cataloger/javascript/parse_yarn_lock_test.go +++ b/syft/pkg/cataloger/javascript/parse_yarn_lock_test.go @@ -28,7 +28,7 @@ func TestParseYarnBerry(t *testing.T) { PURL: "pkg:npm/%40babel/code-frame@7.10.4", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{}, }, { @@ -38,7 +38,7 @@ func TestParseYarnBerry(t *testing.T) { PURL: "pkg:npm/%40types/minimatch@3.0.3", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{}, }, { @@ -48,7 +48,7 @@ func TestParseYarnBerry(t *testing.T) { PURL: "pkg:npm/%40types/qs@6.9.4", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{}, }, { @@ -58,7 +58,7 @@ func TestParseYarnBerry(t *testing.T) { PURL: "pkg:npm/ajv@6.12.3", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{}, }, { @@ -68,7 +68,7 @@ func TestParseYarnBerry(t *testing.T) { PURL: "pkg:npm/asn1.js@4.10.1", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{}, }, { @@ -78,7 +78,7 @@ func TestParseYarnBerry(t *testing.T) { PURL: "pkg:npm/atob@2.1.2", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{}, }, { @@ -88,7 +88,7 @@ func TestParseYarnBerry(t *testing.T) { Locations: locations, Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{}, }, { @@ -98,7 +98,7 @@ func TestParseYarnBerry(t *testing.T) { PURL: "pkg:npm/c0n-fab_u.laTION@7.7.7", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{}, }, { @@ -108,7 +108,7 @@ func TestParseYarnBerry(t *testing.T) { PURL: "pkg:npm/jhipster-core@7.3.4", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{}, }, } @@ -130,7 +130,7 @@ func TestParseYarnLock(t *testing.T) { PURL: "pkg:npm/%40babel/code-frame@7.10.4", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{ Resolved: "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.10.4.tgz#168da1a36e90da68ae8d49c0f1b48c7c6249213a", Integrity: "sha512-vG6SvB6oYEhvgisZNFRmRCUkLz11c7rp+tbNTynGqc6mS1d5ATd/sGyV6W0KZZnXRKMTzZDRgQT3Ou9jhpAfUg==", @@ -143,7 +143,7 @@ func TestParseYarnLock(t *testing.T) { PURL: "pkg:npm/%40types/minimatch@3.0.3", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{ Resolved: "https://registry.yarnpkg.com/@types/minimatch/-/minimatch-3.0.3.tgz#3dca0e3f33b200fc7d1139c0cd96c1268cadfd9d", Integrity: "sha512-tHq6qdbT9U1IRSGf14CL0pUlULksvY9OZ+5eEgl1N7t+OA3tGvNpxJCzuKQlsNgCVwbAs670L1vcVQi8j9HjnA==", @@ -156,7 +156,7 @@ func TestParseYarnLock(t *testing.T) { PURL: "pkg:npm/%40types/qs@6.9.4", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{ Resolved: "https://registry.yarnpkg.com/@types/qs/-/qs-6.9.4.tgz#a59e851c1ba16c0513ea123830dd639a0a15cb6a", Integrity: "sha512-+wYo+L6ZF6BMoEjtf8zB2esQsqdV6WsjRK/GP9WOgLPrq87PbNWgIxS76dS5uvl/QXtHGakZmwTznIfcPXcKlQ==", @@ -169,7 +169,7 @@ func TestParseYarnLock(t *testing.T) { PURL: "pkg:npm/ajv@6.12.3", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{ Resolved: "https://registry.yarnpkg.com/ajv/-/ajv-6.12.3.tgz#18c5af38a111ddeb4f2697bd78d68abc1cabd706", Integrity: "sha512-4K0cK3L1hsqk9xIb2z9vs/XU+PGJZ9PNpJRDS9YLzmNdX6jmVPfamLvTJr0aDAusnHyCHO6MjzlkAsgtqp9teA==", @@ -182,7 +182,7 @@ func TestParseYarnLock(t *testing.T) { PURL: "pkg:npm/asn1.js@4.10.1", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{ Resolved: "https://registry.yarnpkg.com/asn1.js/-/asn1.js-4.10.1.tgz#b9c2bf5805f1e64aadeed6df3a2bfafb5a73f5a0", Integrity: "sha512-p32cOF5q0Zqs9uBiONKYLm6BClCoBCM5O9JfeUSlnQLBTxYdTK+pW+nXflm8UkKd2UYlEbYz5qEi0JuZR9ckSw==", @@ -196,7 +196,7 @@ func TestParseYarnLock(t *testing.T) { PURL: "pkg:npm/atob@2.1.2", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{ Resolved: "https://registry.yarnpkg.com/atob/-/atob-2.1.2.tgz#6d9517eb9e030d2436666651e86bd9f6f13533c9", Integrity: "sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg==", @@ -209,7 +209,7 @@ func TestParseYarnLock(t *testing.T) { PURL: "pkg:npm/aws-sdk@2.706.0", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{ Resolved: "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.706.0.tgz#09f65e9a91ecac5a635daf934082abae30eca953", Integrity: "sha512-7GT+yrB5Wb/zOReRdv/Pzkb2Qt+hz6B/8FGMVaoysX3NryHvQUdz7EQWi5yhg9CxOjKxdw5lFwYSs69YlSp1KA==", @@ -222,7 +222,7 @@ func TestParseYarnLock(t *testing.T) { PURL: "pkg:npm/jhipster-core@7.3.4", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{ Resolved: "https://registry.yarnpkg.com/jhipster-core/-/jhipster-core-7.3.4.tgz#c34b8c97c7f4e8b7518dae015517e2112c73cc80", Integrity: "sha512-AUhT69kNkqppaJZVfan/xnKG4Gs9Ggj7YLtTZFVe+xg+THrbMb5Ng7PL07PDlDw4KAEA33GMCwuAf65E8EpC4g==", @@ -235,7 +235,7 @@ func TestParseYarnLock(t *testing.T) { PURL: "pkg:npm/something-i-made-up@7.7.7", Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{ Resolved: "https://registry.yarnpkg.com/something-i-made-up/-/c0n-fab_u.laTION-7.7.7.tgz#b9c2bf5805f1e64aadeed6df3a2bfafb5a73f5a0", Integrity: "sha512-p32cOF5q0Zqs9uBiONKYLm6BClCoBCM5O9JfeUSlnQLBTxYdTK+pW+nXflm8UkKd2UYlEbYz5qEi0JuZR9ckSw==", @@ -283,7 +283,7 @@ func TestSearchYarnForLicenses(t *testing.T) { Licenses: pkg.NewLicenseSet(pkg.NewLicense("MIT")), Language: pkg.JavaScript, Type: pkg.NpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.YarnLockEntry{ Resolved: "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.10.4.tgz#168da1a36e90da68ae8d49c0f1b48c7c6249213a", Integrity: "sha512-vG6SvB6oYEhvgisZNFRmRCUkLz11c7rp+tbNTynGqc6mS1d5ATd/sGyV6W0KZZnXRKMTzZDRgQT3Ou9jhpAfUg==", diff --git a/syft/pkg/cataloger/kernel/cataloger_test.go b/syft/pkg/cataloger/kernel/cataloger_test.go index 028e888c1..a62f7132a 100644 --- a/syft/pkg/cataloger/kernel/cataloger_test.go +++ b/syft/pkg/cataloger/kernel/cataloger_test.go @@ -24,7 +24,7 @@ func Test_KernelCataloger(t *testing.T) { Type: pkg.LinuxKernelPkg, PURL: "pkg:generic/linux-kernel@6.0.7-301.fc37.x86_64", CPEs: []cpe.CPE{cpe.Must("cpe:2.3:o:linux:linux_kernel:6.0.7-301.fc37.x86_64:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource)}, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.LinuxKernel{ Name: "", Architecture: "x86", @@ -59,7 +59,7 @@ func Test_KernelCataloger(t *testing.T) { ), Type: pkg.LinuxKernelModulePkg, PURL: "pkg:generic/ttynull", - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.LinuxKernelModule{ Name: "ttynull", Version: "", diff --git a/syft/pkg/cataloger/kernel/package.go b/syft/pkg/cataloger/kernel/package.go index f54a03d28..97e250f7e 100644 --- a/syft/pkg/cataloger/kernel/package.go +++ b/syft/pkg/cataloger/kernel/package.go @@ -32,7 +32,7 @@ func newLinuxKernelPackage(metadata pkg.LinuxKernel, archiveLocation file.Locati PURL: packageURL(linuxKernelPackageName, metadata.Version), Type: pkg.LinuxKernelPkg, Metadata: metadata, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, CPEs: createLinuxKernelCPEs(metadata.Version), } @@ -49,7 +49,7 @@ func newLinuxKernelModulePackage(metadata pkg.LinuxKernelModule, kmLocation file Licenses: pkg.NewLicenseSet(pkg.NewLicensesFromLocation(kmLocation, metadata.License)...), PURL: packageURL(metadata.Name, metadata.Version), Type: pkg.LinuxKernelModulePkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: metadata, } diff --git a/syft/pkg/cataloger/lua/package.go b/syft/pkg/cataloger/lua/package.go index 74abb8982..485367d49 100644 --- a/syft/pkg/cataloger/lua/package.go +++ b/syft/pkg/cataloger/lua/package.go @@ -17,7 +17,7 @@ func newLuaRocksPackage(u luaRocksPackage, indexLocation file.Location) pkg.Pack Licenses: pkg.NewLicenseSet(license...), Type: pkg.LuaRocksPkg, // no attempt is made by the parser function to raise up dependency relationships - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.LuaRocksPackage{ Name: u.Name, Version: u.Version, diff --git a/syft/pkg/cataloger/lua/parse_rockspec_test.go b/syft/pkg/cataloger/lua/parse_rockspec_test.go index d5a19eabe..bc0b5578c 100644 --- a/syft/pkg/cataloger/lua/parse_rockspec_test.go +++ b/syft/pkg/cataloger/lua/parse_rockspec_test.go @@ -24,7 +24,7 @@ func TestParseRockspec(t *testing.T) { Licenses: pkg.NewLicenseSet( pkg.NewLicenseFromLocations("Apache-2.0", file.NewLocation("test-fixtures/rockspec/kong-3.7.0-0.rockspec")), ), - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.LuaRocksPackage{ Name: "kong", Version: "3.7.0-0", @@ -46,7 +46,7 @@ func TestParseRockspec(t *testing.T) { Licenses: pkg.NewLicenseSet( pkg.NewLicenseFromLocations("MIT/X11", file.NewLocation("test-fixtures/rockspec/lpeg-1.0.2-1.rockspec")), ), - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.LuaRocksPackage{ Name: "LPeg", Version: "1.0.2-1", @@ -68,7 +68,7 @@ func TestParseRockspec(t *testing.T) { Licenses: pkg.NewLicenseSet( pkg.NewLicenseFromLocations("MIT", file.NewLocation("test-fixtures/rockspec/kong-pgmoon-1.16.2-1.rockspec")), ), - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.LuaRocksPackage{ Name: "kong-pgmoon", Version: "1.16.2-1", @@ -90,7 +90,7 @@ func TestParseRockspec(t *testing.T) { Licenses: pkg.NewLicenseSet( pkg.NewLicenseFromLocations("MIT/X11", file.NewLocation("test-fixtures/rockspec/luasyslog-2.0.1-1.rockspec")), ), - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.LuaRocksPackage{ Name: "luasyslog", Version: "2.0.1-1", diff --git a/syft/pkg/cataloger/nix/cataloger_test.go b/syft/pkg/cataloger/nix/cataloger_test.go index 8a68db0ba..a287930c1 100644 --- a/syft/pkg/cataloger/nix/cataloger_test.go +++ b/syft/pkg/cataloger/nix/cataloger_test.go @@ -26,7 +26,7 @@ func TestCataloger_Catalog(t *testing.T) { Locations: file.NewLocationSet(file.NewLocation("nix/store/h0cnbmfcn93xm5dg2x27ixhag1cwndga-glibc-2.34-210-bin")), FoundBy: catalogerName, Type: pkg.NixPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NixStoreEntry{ OutputHash: "h0cnbmfcn93xm5dg2x27ixhag1cwndga", Output: "bin", diff --git a/syft/pkg/cataloger/nix/package.go b/syft/pkg/cataloger/nix/package.go index bad6eb59b..dbf2315c6 100644 --- a/syft/pkg/cataloger/nix/package.go +++ b/syft/pkg/cataloger/nix/package.go @@ -15,7 +15,7 @@ func newNixStorePackage(storePath nixStorePath, locations ...file.Location) pkg. Type: pkg.NixPkg, PURL: packageURL(storePath), // no attempt is made by the parser function to raise up dependency relationships - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.NixStoreEntry{ OutputHash: storePath.outputHash, Output: storePath.output, diff --git a/syft/pkg/cataloger/ocaml/package.go b/syft/pkg/cataloger/ocaml/package.go index 3e95f20fd..b4818ba5d 100644 --- a/syft/pkg/cataloger/ocaml/package.go +++ b/syft/pkg/cataloger/ocaml/package.go @@ -16,7 +16,7 @@ func newOpamPackage(m pkg.OpamPackage, fileLocation file.Location) pkg.Package { Type: pkg.OpamPkg, Language: pkg.OCaml, // no attempt is made by the parser function to raise up dependency relationships - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: m, } diff --git a/syft/pkg/cataloger/ocaml/parse_opam_test.go b/syft/pkg/cataloger/ocaml/parse_opam_test.go index ac50ba00c..7faf12951 100644 --- a/syft/pkg/cataloger/ocaml/parse_opam_test.go +++ b/syft/pkg/cataloger/ocaml/parse_opam_test.go @@ -38,7 +38,7 @@ func TestParseOpamPackage(t *testing.T) { ), Language: pkg.OCaml, Type: pkg.OpamPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.OpamPackage{ Name: "ocaml-base-compiler", Version: "4.14.0", @@ -68,7 +68,7 @@ func TestParseOpamPackage(t *testing.T) { ), Language: pkg.OCaml, Type: pkg.OpamPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.OpamPackage{ Name: "alcotest", Version: "1.5.0", diff --git a/syft/pkg/cataloger/php/package.go b/syft/pkg/cataloger/php/package.go index bf5d93d29..ff8a67a7a 100644 --- a/syft/pkg/cataloger/php/package.go +++ b/syft/pkg/cataloger/php/package.go @@ -18,7 +18,7 @@ func newComposerLockPackage(pd parsedLockData, indexLocation file.Location) pkg. Language: pkg.PHP, Type: pkg.PhpComposerPkg, // no attempt is made by the parser function to raise up dependency relationships - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pd.PhpComposerLockEntry, } @@ -36,7 +36,7 @@ func newComposerInstalledPackage(pd parsedInstalledData, indexLocation file.Loca Language: pkg.PHP, Type: pkg.PhpComposerPkg, // no attempt is made by the parser function to raise up dependency relationships - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pd.PhpComposerInstalledEntry, } @@ -54,7 +54,7 @@ func newPeclPackage(pd pkg.PhpPeclEntry, indexLocation file.Location) pkg.Packag Language: pkg.PHP, Type: pkg.PhpPeclPkg, // no attempt is made by the parser function to raise up dependency relationships - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pd, } diff --git a/syft/pkg/cataloger/php/parse_composer_lock_test.go b/syft/pkg/cataloger/php/parse_composer_lock_test.go index 2985f8e9f..b85fdb83a 100644 --- a/syft/pkg/cataloger/php/parse_composer_lock_test.go +++ b/syft/pkg/cataloger/php/parse_composer_lock_test.go @@ -24,7 +24,7 @@ func TestParseComposerFileLock(t *testing.T) { ), Language: pkg.PHP, Type: pkg.PhpComposerPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PhpComposerLockEntry{ Name: "adoy/fastcgi-client", Version: "1.0.2", @@ -64,7 +64,7 @@ func TestParseComposerFileLock(t *testing.T) { pkg.NewLicenseFromLocations("MIT", file.NewLocation(fixture)), ), Type: pkg.PhpComposerPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PhpComposerLockEntry{ Name: "alcaeus/mongo-php-adapter", Version: "1.1.11", diff --git a/syft/pkg/cataloger/php/parse_installed_json_test.go b/syft/pkg/cataloger/php/parse_installed_json_test.go index 97aed15d9..40bdb9007 100644 --- a/syft/pkg/cataloger/php/parse_installed_json_test.go +++ b/syft/pkg/cataloger/php/parse_installed_json_test.go @@ -26,7 +26,7 @@ func TestParseInstalledJsonComposerV1(t *testing.T) { Licenses: pkg.NewLicenseSet( pkg.NewLicense("MIT"), ), - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PhpComposerInstalledEntry{ Name: "asm89/stack-cors", Version: "1.3.0", @@ -76,7 +76,7 @@ func TestParseInstalledJsonComposerV1(t *testing.T) { Licenses: pkg.NewLicenseSet( pkg.NewLicense("MIT"), ), - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PhpComposerInstalledEntry{ Name: "behat/mink", Version: "v1.8.1", diff --git a/syft/pkg/cataloger/php/parse_pecl_serialized_test.go b/syft/pkg/cataloger/php/parse_pecl_serialized_test.go index 40d73174d..cba1dfc96 100644 --- a/syft/pkg/cataloger/php/parse_pecl_serialized_test.go +++ b/syft/pkg/cataloger/php/parse_pecl_serialized_test.go @@ -24,7 +24,7 @@ func TestParsePeclSerialized(t *testing.T) { ), Language: pkg.PHP, Type: pkg.PhpPeclPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PhpPeclEntry{ Name: "memcached", Version: "3.2.0", diff --git a/syft/pkg/cataloger/python/parse_pipfile_lock.go b/syft/pkg/cataloger/python/parse_pipfile_lock.go index f6398a8c4..8d940aa0e 100644 --- a/syft/pkg/cataloger/python/parse_pipfile_lock.go +++ b/syft/pkg/cataloger/python/parse_pipfile_lock.go @@ -70,7 +70,7 @@ func parsePipfileLock(_ context.Context, _ file.Resolver, _ *generic.Environment name, version, pkg.PythonPipfileLockEntry{Index: index, Hashes: pkgMeta.Hashes}, - pkg.IncompleteDependencies, // no attempt is made to resolve dependencies from the lock file + pkg.UnknownDependencyCompleteness, // no attempt is made to resolve dependencies from the lock file reader.Location, )) } diff --git a/syft/pkg/cataloger/python/parse_pipfile_lock_test.go b/syft/pkg/cataloger/python/parse_pipfile_lock_test.go index c682ef253..1facaf8bf 100644 --- a/syft/pkg/cataloger/python/parse_pipfile_lock_test.go +++ b/syft/pkg/cataloger/python/parse_pipfile_lock_test.go @@ -21,7 +21,7 @@ func TestParsePipFileLock(t *testing.T) { Locations: locations, Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PythonPipfileLockEntry{ Index: "https://pypi.org/simple", Hashes: []string{ @@ -36,7 +36,7 @@ func TestParsePipFileLock(t *testing.T) { Locations: locations, Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PythonPipfileLockEntry{ Index: "https://test.pypi.org/simple", Hashes: []string{ @@ -52,7 +52,7 @@ func TestParsePipFileLock(t *testing.T) { Locations: locations, Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PythonPipfileLockEntry{ Index: "https://pypi.org/simple", Hashes: []string{ @@ -68,7 +68,7 @@ func TestParsePipFileLock(t *testing.T) { Locations: locations, Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PythonPipfileLockEntry{ Index: "https://pypi.org/simple", Hashes: []string{ diff --git a/syft/pkg/cataloger/python/parse_requirements.go b/syft/pkg/cataloger/python/parse_requirements.go index 90a2e86d1..bb3566141 100644 --- a/syft/pkg/cataloger/python/parse_requirements.go +++ b/syft/pkg/cataloger/python/parse_requirements.go @@ -153,7 +153,7 @@ func (rp requirementsParser) parseRequirementsTxt(_ context.Context, _ file.Reso URL: parseURL(req.URL), Markers: req.Markers, }, - pkg.IncompleteDependencies, // not attempt is made by the parser function to resolve dependencies + pkg.UnknownDependencyCompleteness, // not attempt is made by the parser function to resolve dependencies reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), ) diff --git a/syft/pkg/cataloger/python/parse_requirements_test.go b/syft/pkg/cataloger/python/parse_requirements_test.go index f34e85876..6e918bab9 100644 --- a/syft/pkg/cataloger/python/parse_requirements_test.go +++ b/syft/pkg/cataloger/python/parse_requirements_test.go @@ -23,7 +23,7 @@ func TestParseRequirementsTxt(t *testing.T) { Locations: locations, Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PythonRequirementsEntry{ Name: "flask", VersionConstraint: "== 4.0.0", @@ -36,7 +36,7 @@ func TestParseRequirementsTxt(t *testing.T) { Locations: locations, Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PythonRequirementsEntry{ Name: "foo", VersionConstraint: "== 1.0.0", @@ -49,7 +49,7 @@ func TestParseRequirementsTxt(t *testing.T) { Locations: locations, Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PythonRequirementsEntry{ Name: "SomeProject", VersionConstraint: "==5.4", @@ -63,7 +63,7 @@ func TestParseRequirementsTxt(t *testing.T) { Locations: locations, Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PythonRequirementsEntry{ Name: "dots-._allowed", VersionConstraint: "== 1.0.0", @@ -76,7 +76,7 @@ func TestParseRequirementsTxt(t *testing.T) { Locations: locations, Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PythonRequirementsEntry{ Name: "argh", VersionConstraint: "==0.26.2", @@ -89,7 +89,7 @@ func TestParseRequirementsTxt(t *testing.T) { Locations: locations, Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PythonRequirementsEntry{ Name: "argh", VersionConstraint: "==0.26.3", @@ -102,7 +102,7 @@ func TestParseRequirementsTxt(t *testing.T) { Locations: locations, Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PythonRequirementsEntry{ Name: "celery", Extras: []string{"redis", "pytest"}, @@ -116,7 +116,7 @@ func TestParseRequirementsTxt(t *testing.T) { Locations: locations, Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PythonRequirementsEntry{ Name: "GithubSampleProject", VersionConstraint: "== 3.7.1", @@ -130,7 +130,7 @@ func TestParseRequirementsTxt(t *testing.T) { Locations: locations, Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PythonRequirementsEntry{ Name: "FrIeNdLy-_-bArD", VersionConstraint: "== 1.0.0", @@ -167,7 +167,7 @@ func TestParseRequirementsTxt(t *testing.T) { Locations: locations, Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PythonRequirementsEntry{ Name: "Mopidy-Dirble", VersionConstraint: "~= 1.1", @@ -180,7 +180,7 @@ func TestParseRequirementsTxt(t *testing.T) { Locations: locations, Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PythonRequirementsEntry{ Name: "sqlalchemy", VersionConstraint: ">= 1.0.0, <= 2.0.0, != 3.0.0, <= 3.0.0", @@ -193,7 +193,7 @@ func TestParseRequirementsTxt(t *testing.T) { Locations: locations, Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PythonRequirementsEntry{ Name: "bar", VersionConstraint: ">= 1.0.0, <= 2.0.0, != 3.0.0, <= 3.0.0", @@ -206,7 +206,7 @@ func TestParseRequirementsTxt(t *testing.T) { Locations: locations, Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PythonRequirementsEntry{ Name: "numpy", VersionConstraint: ">= 3.4.1", @@ -220,7 +220,7 @@ func TestParseRequirementsTxt(t *testing.T) { Locations: locations, Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.PythonRequirementsEntry{ Name: "requests", Extras: []string{"security"}, diff --git a/syft/pkg/cataloger/python/parse_setup.go b/syft/pkg/cataloger/python/parse_setup.go index 21577b9e8..718139460 100644 --- a/syft/pkg/cataloger/python/parse_setup.go +++ b/syft/pkg/cataloger/python/parse_setup.go @@ -59,7 +59,7 @@ func parseSetup(_ context.Context, _ file.Resolver, _ *generic.Environment, read newPackageForIndex( name, version, - pkg.IncompleteDependencies, // no attempt is made by the parser function to resolve dependencies + pkg.UnknownDependencyCompleteness, // no attempt is made by the parser function to resolve dependencies reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), ), ) diff --git a/syft/pkg/cataloger/python/parse_setup_test.go b/syft/pkg/cataloger/python/parse_setup_test.go index 4130616b4..e35759de8 100644 --- a/syft/pkg/cataloger/python/parse_setup_test.go +++ b/syft/pkg/cataloger/python/parse_setup_test.go @@ -25,7 +25,7 @@ func TestParseSetup(t *testing.T) { PURL: "pkg:pypi/pathlib3@2.2.0", Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "mypy", @@ -33,7 +33,7 @@ func TestParseSetup(t *testing.T) { PURL: "pkg:pypi/mypy@v0.770", Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "mypy1", @@ -41,7 +41,7 @@ func TestParseSetup(t *testing.T) { PURL: "pkg:pypi/mypy1@v0.770", Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "mypy2", @@ -49,7 +49,7 @@ func TestParseSetup(t *testing.T) { PURL: "pkg:pypi/mypy2@v0.770", Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, { Name: "mypy3", @@ -57,7 +57,7 @@ func TestParseSetup(t *testing.T) { PURL: "pkg:pypi/mypy3@v0.770", Language: pkg.Python, Type: pkg.PythonPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, }, }, }, diff --git a/syft/pkg/cataloger/r/cataloger_test.go b/syft/pkg/cataloger/r/cataloger_test.go index 4aacdd26d..cf3e6ae52 100644 --- a/syft/pkg/cataloger/r/cataloger_test.go +++ b/syft/pkg/cataloger/r/cataloger_test.go @@ -19,7 +19,7 @@ func TestRPackageCataloger(t *testing.T) { Licenses: pkg.NewLicenseSet([]pkg.License{pkg.NewLicense("Part of R 4.3.0")}...), Language: pkg.R, Type: pkg.Rpkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, PURL: "pkg:cran/base@4.3.0", Metadata: pkg.RDescription{ Title: "The R Base Package", @@ -38,7 +38,7 @@ func TestRPackageCataloger(t *testing.T) { Licenses: pkg.NewLicenseSet([]pkg.License{pkg.NewLicense("MIT")}...), Language: pkg.R, Type: pkg.Rpkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, PURL: "pkg:cran/stringr@1.5.0.9000", Metadata: pkg.RDescription{ Title: "Simple, Consistent Wrappers for Common String Operations", diff --git a/syft/pkg/cataloger/r/package.go b/syft/pkg/cataloger/r/package.go index 0c603e3ae..683a1bece 100644 --- a/syft/pkg/cataloger/r/package.go +++ b/syft/pkg/cataloger/r/package.go @@ -25,7 +25,7 @@ func newPackage(pd parseData, locations ...file.Location) pkg.Package { Type: pkg.Rpkg, PURL: packageURL(pd), // no attempt is made by the parser function to resolve dependencies - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pd.RDescription, } diff --git a/syft/pkg/cataloger/redhat/parse_rpm_manifest.go b/syft/pkg/cataloger/redhat/parse_rpm_manifest.go index dc7a9f868..e763f0da8 100644 --- a/syft/pkg/cataloger/redhat/parse_rpm_manifest.go +++ b/syft/pkg/cataloger/redhat/parse_rpm_manifest.go @@ -47,7 +47,7 @@ func parseRpmManifest(_ context.Context, _ file.Resolver, _ *generic.Environment // Create a new package representing the RPM manifest entry // note: we don't know the quality of the manifest dependency information, so even though there are multiple // packages, we can't discern the connectivity of completeness of the data. - p := newDBPackage(reader.Location, *metadata, nil, nil, pkg.IncompleteDependencies) + p := newDBPackage(reader.Location, *metadata, nil, nil, pkg.UnknownDependencyCompleteness) if !pkg.IsValid(&p) { continue diff --git a/syft/pkg/cataloger/redhat/parse_rpm_manifest_test.go b/syft/pkg/cataloger/redhat/parse_rpm_manifest_test.go index e7bce0c07..f50f0629c 100644 --- a/syft/pkg/cataloger/redhat/parse_rpm_manifest_test.go +++ b/syft/pkg/cataloger/redhat/parse_rpm_manifest_test.go @@ -18,7 +18,7 @@ func TestParseRpmManifest(t *testing.T) { PURL: "pkg:rpm/mariner-release@2.0-12.cm2?arch=noarch&upstream=mariner-release-2.0-12.cm2.src.rpm", Locations: file.NewLocationSet(location), Type: pkg.RpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.RpmDBEntry{ Name: "mariner-release", Epoch: nil, @@ -36,7 +36,7 @@ func TestParseRpmManifest(t *testing.T) { PURL: "pkg:rpm/filesystem@1.1-9.cm2?arch=x86_64&upstream=filesystem-1.1-9.cm2.src.rpm", Locations: file.NewLocationSet(location), Type: pkg.RpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.RpmDBEntry{ Name: "filesystem", Epoch: nil, @@ -54,7 +54,7 @@ func TestParseRpmManifest(t *testing.T) { PURL: "pkg:rpm/glibc@2.35-2.cm2?arch=x86_64&upstream=glibc-2.35-2.cm2.src.rpm", Locations: file.NewLocationSet(location), Type: pkg.RpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.RpmDBEntry{ Name: "glibc", Epoch: nil, @@ -72,7 +72,7 @@ func TestParseRpmManifest(t *testing.T) { PURL: "pkg:rpm/openssl-libs@1.1.1k-15.cm2?arch=x86_64&upstream=openssl-1.1.1k-15.cm2.src.rpm", Locations: file.NewLocationSet(location), Type: pkg.RpmPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.RpmDBEntry{ Name: "openssl-libs", Epoch: nil, diff --git a/syft/pkg/cataloger/ruby/package.go b/syft/pkg/cataloger/ruby/package.go index a00d2d7b4..9b87af972 100644 --- a/syft/pkg/cataloger/ruby/package.go +++ b/syft/pkg/cataloger/ruby/package.go @@ -15,7 +15,7 @@ func newGemfileLockPackage(name, version string, locations ...file.Location) pkg Language: pkg.Ruby, Type: pkg.GemPkg, // no attempt is made by the parser function to resolve dependencies - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, } p.SetID() @@ -33,7 +33,7 @@ func newGemspecPackage(m gemData, gemSpecLocation file.Location) pkg.Package { Language: pkg.Ruby, Type: pkg.GemPkg, // no attempt is made by the parser function to resolve dependencies - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: m.RubyGemspec, } diff --git a/syft/pkg/cataloger/ruby/parse_gemfile_lock_test.go b/syft/pkg/cataloger/ruby/parse_gemfile_lock_test.go index c5fb7c5c8..4cd48e3ed 100644 --- a/syft/pkg/cataloger/ruby/parse_gemfile_lock_test.go +++ b/syft/pkg/cataloger/ruby/parse_gemfile_lock_test.go @@ -12,58 +12,58 @@ func TestParseGemfileLockEntries(t *testing.T) { fixture := "test-fixtures/Gemfile.lock" locations := file.NewLocationSet(file.NewLocation(fixture)) var expectedPkgs = []pkg.Package{ - {Name: "actionmailer", Version: "4.1.1", PURL: "pkg:gem/actionmailer@4.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "actionpack", Version: "4.1.1", PURL: "pkg:gem/actionpack@4.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "actionview", Version: "4.1.1", PURL: "pkg:gem/actionview@4.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "activemodel", Version: "4.1.1", PURL: "pkg:gem/activemodel@4.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "activerecord", Version: "4.1.1", PURL: "pkg:gem/activerecord@4.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "activesupport", Version: "4.1.1", PURL: "pkg:gem/activesupport@4.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "arel", Version: "5.0.1.20140414130214", PURL: "pkg:gem/arel@5.0.1.20140414130214", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "bootstrap-sass", Version: "3.1.1.1", PURL: "pkg:gem/bootstrap-sass@3.1.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "builder", Version: "3.2.2", PURL: "pkg:gem/builder@3.2.2", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "coffee-rails", Version: "4.0.1", PURL: "pkg:gem/coffee-rails@4.0.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "coffee-script", Version: "2.2.0", PURL: "pkg:gem/coffee-script@2.2.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "coffee-script-source", Version: "1.7.0", PURL: "pkg:gem/coffee-script-source@1.7.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "erubis", Version: "2.7.0", PURL: "pkg:gem/erubis@2.7.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "execjs", Version: "2.0.2", PURL: "pkg:gem/execjs@2.0.2", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "google-cloud-errors", Version: "1.3.0", PURL: "pkg:gem/google-cloud-errors@1.3.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "hike", Version: "1.2.3", PURL: "pkg:gem/hike@1.2.3", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "i18n", Version: "0.6.9", PURL: "pkg:gem/i18n@0.6.9", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "jbuilder", Version: "2.0.7", PURL: "pkg:gem/jbuilder@2.0.7", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "jquery-rails", Version: "3.1.0", PURL: "pkg:gem/jquery-rails@3.1.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "json", Version: "1.8.1", PURL: "pkg:gem/json@1.8.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "kgio", Version: "2.9.2", PURL: "pkg:gem/kgio@2.9.2", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "libv8", Version: "3.16.14.3", PURL: "pkg:gem/libv8@3.16.14.3", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "mail", Version: "2.5.4", PURL: "pkg:gem/mail@2.5.4", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "mime-types", Version: "1.25.1", PURL: "pkg:gem/mime-types@1.25.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "minitest", Version: "5.3.4", PURL: "pkg:gem/minitest@5.3.4", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "multi_json", Version: "1.10.1", PURL: "pkg:gem/multi_json@1.10.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "mysql2", Version: "0.3.16", PURL: "pkg:gem/mysql2@0.3.16", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "polyglot", Version: "0.3.4", PURL: "pkg:gem/polyglot@0.3.4", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "rack", Version: "1.5.2", PURL: "pkg:gem/rack@1.5.2", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "rack-test", Version: "0.6.2", PURL: "pkg:gem/rack-test@0.6.2", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "rails", Version: "4.1.1", PURL: "pkg:gem/rails@4.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "railties", Version: "4.1.1", PURL: "pkg:gem/railties@4.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "raindrops", Version: "0.13.0", PURL: "pkg:gem/raindrops@0.13.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "rake", Version: "10.3.2", PURL: "pkg:gem/rake@10.3.2", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "rdoc", Version: "4.1.1", PURL: "pkg:gem/rdoc@4.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "ref", Version: "1.0.5", PURL: "pkg:gem/ref@1.0.5", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "sass", Version: "3.2.19", PURL: "pkg:gem/sass@3.2.19", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "sass-rails", Version: "4.0.3", PURL: "pkg:gem/sass-rails@4.0.3", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "sdoc", Version: "0.4.0", PURL: "pkg:gem/sdoc@0.4.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "spring", Version: "1.1.3", PURL: "pkg:gem/spring@1.1.3", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "sprockets", Version: "2.11.0", PURL: "pkg:gem/sprockets@2.11.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "sprockets-rails", Version: "2.1.3", PURL: "pkg:gem/sprockets-rails@2.1.3", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "sqlite3", Version: "1.3.9", PURL: "pkg:gem/sqlite3@1.3.9", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "therubyracer", Version: "0.12.1", PURL: "pkg:gem/therubyracer@0.12.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "thor", Version: "0.19.1", PURL: "pkg:gem/thor@0.19.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "thread_safe", Version: "0.3.3", PURL: "pkg:gem/thread_safe@0.3.3", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "tilt", Version: "1.4.1", PURL: "pkg:gem/tilt@1.4.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "treetop", Version: "1.4.15", PURL: "pkg:gem/treetop@1.4.15", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "turbolinks", Version: "3.0.0", PURL: "pkg:gem/turbolinks@3.0.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "tzinfo", Version: "1.2.0", PURL: "pkg:gem/tzinfo@1.2.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "uglifier", Version: "2.5.0", PURL: "pkg:gem/uglifier@2.5.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, - {Name: "unicorn", Version: "4.8.3", PURL: "pkg:gem/unicorn@4.8.3", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.IncompleteDependencies}, + {Name: "actionmailer", Version: "4.1.1", PURL: "pkg:gem/actionmailer@4.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "actionpack", Version: "4.1.1", PURL: "pkg:gem/actionpack@4.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "actionview", Version: "4.1.1", PURL: "pkg:gem/actionview@4.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "activemodel", Version: "4.1.1", PURL: "pkg:gem/activemodel@4.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "activerecord", Version: "4.1.1", PURL: "pkg:gem/activerecord@4.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "activesupport", Version: "4.1.1", PURL: "pkg:gem/activesupport@4.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "arel", Version: "5.0.1.20140414130214", PURL: "pkg:gem/arel@5.0.1.20140414130214", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "bootstrap-sass", Version: "3.1.1.1", PURL: "pkg:gem/bootstrap-sass@3.1.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "builder", Version: "3.2.2", PURL: "pkg:gem/builder@3.2.2", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "coffee-rails", Version: "4.0.1", PURL: "pkg:gem/coffee-rails@4.0.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "coffee-script", Version: "2.2.0", PURL: "pkg:gem/coffee-script@2.2.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "coffee-script-source", Version: "1.7.0", PURL: "pkg:gem/coffee-script-source@1.7.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "erubis", Version: "2.7.0", PURL: "pkg:gem/erubis@2.7.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "execjs", Version: "2.0.2", PURL: "pkg:gem/execjs@2.0.2", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "google-cloud-errors", Version: "1.3.0", PURL: "pkg:gem/google-cloud-errors@1.3.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "hike", Version: "1.2.3", PURL: "pkg:gem/hike@1.2.3", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "i18n", Version: "0.6.9", PURL: "pkg:gem/i18n@0.6.9", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "jbuilder", Version: "2.0.7", PURL: "pkg:gem/jbuilder@2.0.7", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "jquery-rails", Version: "3.1.0", PURL: "pkg:gem/jquery-rails@3.1.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "json", Version: "1.8.1", PURL: "pkg:gem/json@1.8.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "kgio", Version: "2.9.2", PURL: "pkg:gem/kgio@2.9.2", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "libv8", Version: "3.16.14.3", PURL: "pkg:gem/libv8@3.16.14.3", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "mail", Version: "2.5.4", PURL: "pkg:gem/mail@2.5.4", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "mime-types", Version: "1.25.1", PURL: "pkg:gem/mime-types@1.25.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "minitest", Version: "5.3.4", PURL: "pkg:gem/minitest@5.3.4", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "multi_json", Version: "1.10.1", PURL: "pkg:gem/multi_json@1.10.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "mysql2", Version: "0.3.16", PURL: "pkg:gem/mysql2@0.3.16", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "polyglot", Version: "0.3.4", PURL: "pkg:gem/polyglot@0.3.4", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "rack", Version: "1.5.2", PURL: "pkg:gem/rack@1.5.2", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "rack-test", Version: "0.6.2", PURL: "pkg:gem/rack-test@0.6.2", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "rails", Version: "4.1.1", PURL: "pkg:gem/rails@4.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "railties", Version: "4.1.1", PURL: "pkg:gem/railties@4.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "raindrops", Version: "0.13.0", PURL: "pkg:gem/raindrops@0.13.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "rake", Version: "10.3.2", PURL: "pkg:gem/rake@10.3.2", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "rdoc", Version: "4.1.1", PURL: "pkg:gem/rdoc@4.1.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "ref", Version: "1.0.5", PURL: "pkg:gem/ref@1.0.5", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "sass", Version: "3.2.19", PURL: "pkg:gem/sass@3.2.19", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "sass-rails", Version: "4.0.3", PURL: "pkg:gem/sass-rails@4.0.3", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "sdoc", Version: "0.4.0", PURL: "pkg:gem/sdoc@0.4.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "spring", Version: "1.1.3", PURL: "pkg:gem/spring@1.1.3", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "sprockets", Version: "2.11.0", PURL: "pkg:gem/sprockets@2.11.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "sprockets-rails", Version: "2.1.3", PURL: "pkg:gem/sprockets-rails@2.1.3", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "sqlite3", Version: "1.3.9", PURL: "pkg:gem/sqlite3@1.3.9", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "therubyracer", Version: "0.12.1", PURL: "pkg:gem/therubyracer@0.12.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "thor", Version: "0.19.1", PURL: "pkg:gem/thor@0.19.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "thread_safe", Version: "0.3.3", PURL: "pkg:gem/thread_safe@0.3.3", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "tilt", Version: "1.4.1", PURL: "pkg:gem/tilt@1.4.1", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "treetop", Version: "1.4.15", PURL: "pkg:gem/treetop@1.4.15", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "turbolinks", Version: "3.0.0", PURL: "pkg:gem/turbolinks@3.0.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "tzinfo", Version: "1.2.0", PURL: "pkg:gem/tzinfo@1.2.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "uglifier", Version: "2.5.0", PURL: "pkg:gem/uglifier@2.5.0", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, + {Name: "unicorn", Version: "4.8.3", PURL: "pkg:gem/unicorn@4.8.3", Locations: locations, Language: pkg.Ruby, Type: pkg.GemPkg, Dependencies: pkg.UnknownDependencyCompleteness}, } pkgtest.TestFileParser(t, fixture, parseGemFileLockEntries, expectedPkgs, nil) diff --git a/syft/pkg/cataloger/ruby/parse_gemspec_test.go b/syft/pkg/cataloger/ruby/parse_gemspec_test.go index 2e063f1da..1c74e39ad 100644 --- a/syft/pkg/cataloger/ruby/parse_gemspec_test.go +++ b/syft/pkg/cataloger/ruby/parse_gemspec_test.go @@ -23,7 +23,7 @@ func TestParseGemspec(t *testing.T) { pkg.NewLicenseFromLocations("MIT", file.NewLocation(fixture)), ), Language: pkg.Ruby, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.RubyGemspec{ Name: "bundler", Version: "2.1.4", diff --git a/syft/pkg/cataloger/rust/cataloger_test.go b/syft/pkg/cataloger/rust/cataloger_test.go index 550f18943..8cded3b9f 100644 --- a/syft/pkg/cataloger/rust/cataloger_test.go +++ b/syft/pkg/cataloger/rust/cataloger_test.go @@ -19,7 +19,7 @@ func TestNewAuditBinaryCataloger(t *testing.T) { Locations: file.NewLocationSet(file.NewVirtualLocation("/hello-auditable", "/hello-auditable")), Language: pkg.Rust, Type: pkg.RustPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.RustBinaryAuditEntry{ Name: "auditable", Version: "0.1.0", @@ -34,7 +34,7 @@ func TestNewAuditBinaryCataloger(t *testing.T) { Locations: file.NewLocationSet(file.NewVirtualLocation("/hello-auditable", "/hello-auditable")), Language: pkg.Rust, Type: pkg.RustPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.RustBinaryAuditEntry{ Name: "hello-auditable", Version: "0.1.0", diff --git a/syft/pkg/cataloger/rust/package.go b/syft/pkg/cataloger/rust/package.go index 3444a0edd..de65dd744 100644 --- a/syft/pkg/cataloger/rust/package.go +++ b/syft/pkg/cataloger/rust/package.go @@ -48,7 +48,7 @@ func newPackageFromAudit(dep *rustaudit.Package, locations ...file.Location) pkg Type: pkg.RustPkg, Locations: file.NewLocationSet(locations...), // no attempt is made by the parser function to resolve dependencies - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.RustBinaryAuditEntry{ Name: dep.Name, Version: dep.Version, diff --git a/syft/pkg/cataloger/swift/package.go b/syft/pkg/cataloger/swift/package.go index 051255583..587958d5c 100644 --- a/syft/pkg/cataloger/swift/package.go +++ b/syft/pkg/cataloger/swift/package.go @@ -17,7 +17,7 @@ func newSwiftPackageManagerPackage(name, version, sourceURL, revision string, lo Type: pkg.SwiftPkg, Language: pkg.Swift, // no attempt is made by the parser function to resolve dependencies - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.SwiftPackageManagerResolvedEntry{ Revision: revision, }, @@ -37,7 +37,7 @@ func newCocoaPodsPackage(name, version, hash string, locations ...file.Location) Type: pkg.CocoapodsPkg, Language: pkg.Swift, // no attempt is made by the parser function to resolve dependencies - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: hash, }, diff --git a/syft/pkg/cataloger/swift/parse_package_resolved_test.go b/syft/pkg/cataloger/swift/parse_package_resolved_test.go index 1f03a3ec7..f6badb3d3 100644 --- a/syft/pkg/cataloger/swift/parse_package_resolved_test.go +++ b/syft/pkg/cataloger/swift/parse_package_resolved_test.go @@ -26,7 +26,7 @@ func TestParsePackageResolved(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.SwiftPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.SwiftPackageManagerResolvedEntry{ Revision: "b14b7f4c528c942f121c8b860b9410b2bf57825e", }, @@ -38,7 +38,7 @@ func TestParsePackageResolved(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.SwiftPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.SwiftPackageManagerResolvedEntry{ Revision: "9cfed92b026c524674ed869a4ff2dcfdeedf8a2a", }, @@ -50,7 +50,7 @@ func TestParsePackageResolved(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.SwiftPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.SwiftPackageManagerResolvedEntry{ Revision: "6c89474e62719ddcc1e9614989fff2f68208fe10", }, @@ -62,7 +62,7 @@ func TestParsePackageResolved(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.SwiftPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.SwiftPackageManagerResolvedEntry{ Revision: "937e904258d22af6e447a0b72c0bc67583ef64a2", }, @@ -74,7 +74,7 @@ func TestParsePackageResolved(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.SwiftPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.SwiftPackageManagerResolvedEntry{ Revision: "0a5bc04095a675662cf24757cc0640aa2204253b", }, @@ -98,7 +98,7 @@ func TestParsePackageResolvedV3(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.SwiftPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.SwiftPackageManagerResolvedEntry{ Revision: "80c109b87511041338a4d8d88064088c8dfc079b", }, @@ -110,7 +110,7 @@ func TestParsePackageResolvedV3(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.SwiftPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.SwiftPackageManagerResolvedEntry{ Revision: "64889f0c732f210a935a0ad7cda38f77f876262d", }, diff --git a/syft/pkg/cataloger/swift/parse_podfile_lock_test.go b/syft/pkg/cataloger/swift/parse_podfile_lock_test.go index e6a4ce15b..9beb9ad52 100644 --- a/syft/pkg/cataloger/swift/parse_podfile_lock_test.go +++ b/syft/pkg/cataloger/swift/parse_podfile_lock_test.go @@ -20,7 +20,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "4ea1197a744f2fb5fb875fe31caf17ded4762e8f", }, @@ -32,7 +32,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "7a8fc1a691173d21dbddbf86cd515de6efa55086", }, @@ -44,7 +44,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "7a8fc1a691173d21dbddbf86cd515de6efa55086", }, @@ -56,7 +56,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "7a8fc1a691173d21dbddbf86cd515de6efa55086", }, @@ -68,7 +68,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "00c935935f1e8cf0d1e2d6b542e75b88fc3e5e20", }, @@ -80,7 +80,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "f1295b29f8c5e640e25335a1b2bd9d805171bd01", }, @@ -92,7 +92,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "f1295b29f8c5e640e25335a1b2bd9d805171bd01", }, @@ -104,7 +104,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "f1295b29f8c5e640e25335a1b2bd9d805171bd01", }, @@ -116,7 +116,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "effba1c940b8337195563c425a6b5862ec875caa", }, @@ -128,7 +128,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "a6d22010845f08fe18fbdf3a07a8e380fd22e0ea", }, @@ -140,7 +140,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "2e8ab2519452515f7f5a520f5a8f7e0a413abfa3", }, @@ -152,7 +152,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "2e8ab2519452515f7f5a520f5a8f7e0a413abfa3", }, @@ -164,7 +164,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "2e8ab2519452515f7f5a520f5a8f7e0a413abfa3", }, @@ -176,7 +176,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "2e8ab2519452515f7f5a520f5a8f7e0a413abfa3", }, @@ -188,7 +188,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "2e8ab2519452515f7f5a520f5a8f7e0a413abfa3", }, @@ -200,7 +200,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "2e8ab2519452515f7f5a520f5a8f7e0a413abfa3", }, @@ -212,7 +212,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "2e8ab2519452515f7f5a520f5a8f7e0a413abfa3", }, @@ -224,7 +224,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "c515c7927fab92d0d9485f49b885b8c5de34fbfb", }, @@ -236,7 +236,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "c515c7927fab92d0d9485f49b885b8c5de34fbfb", }, @@ -248,7 +248,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "c515c7927fab92d0d9485f49b885b8c5de34fbfb", }, @@ -260,7 +260,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "c515c7927fab92d0d9485f49b885b8c5de34fbfb", }, @@ -272,7 +272,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "c515c7927fab92d0d9485f49b885b8c5de34fbfb", }, @@ -284,7 +284,7 @@ func TestParsePodfileLock(t *testing.T) { Locations: locations, Language: pkg.Swift, Type: pkg.CocoapodsPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.CocoaPodfileLockEntry{ Checksum: "7b7ccc0c485bb3bb47082138ff28bc33cd49897f", }, diff --git a/syft/pkg/cataloger/swipl/package.go b/syft/pkg/cataloger/swipl/package.go index 4202861d7..770bb1719 100644 --- a/syft/pkg/cataloger/swipl/package.go +++ b/syft/pkg/cataloger/swipl/package.go @@ -15,7 +15,7 @@ func newSwiplPackPackage(m pkg.SwiplPackEntry, locations ...file.Location) pkg.P Type: pkg.SwiplPackPkg, Language: pkg.Swipl, // no attempt is made by the parser function to resolve dependencies - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: m, } diff --git a/syft/pkg/cataloger/swipl/parse_pack_test.go b/syft/pkg/cataloger/swipl/parse_pack_test.go index c35c77ecf..02b4fdc7f 100644 --- a/syft/pkg/cataloger/swipl/parse_pack_test.go +++ b/syft/pkg/cataloger/swipl/parse_pack_test.go @@ -20,7 +20,7 @@ func xTestParsePackPackage(t *testing.T) { Locations: locations, Language: pkg.Swipl, Type: pkg.SwiplPackPkg, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.SwiplPackEntry{ Name: "hdt", Version: "0.5.2", diff --git a/syft/pkg/cataloger/wordpress/package.go b/syft/pkg/cataloger/wordpress/package.go index 55e5482d6..6df1c0ada 100644 --- a/syft/pkg/cataloger/wordpress/package.go +++ b/syft/pkg/cataloger/wordpress/package.go @@ -19,7 +19,7 @@ func newWordpressPluginPackage(name, version string, m pluginData, location file Language: pkg.PHP, Type: pkg.WordpressPluginPkg, // no attempt is made by the parser function to resolve dependencies - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: meta, } diff --git a/syft/pkg/cataloger/wordpress/parse_plugin_test.go b/syft/pkg/cataloger/wordpress/parse_plugin_test.go index c6e1f64c5..904685398 100644 --- a/syft/pkg/cataloger/wordpress/parse_plugin_test.go +++ b/syft/pkg/cataloger/wordpress/parse_plugin_test.go @@ -23,7 +23,7 @@ func TestParseWordpressPluginFiles(t *testing.T) { pkg.NewLicenseFromLocations("GPLv2"), ), Language: pkg.PHP, - Dependencies: pkg.IncompleteDependencies, + Dependencies: pkg.UnknownDependencyCompleteness, Metadata: pkg.WordpressPluginEntry{ PluginInstallDirectory: "akismet", Author: "Automattic - Anti-spam Team", diff --git a/syft/pkg/dependencies.go b/syft/pkg/dependencies.go index 95a4a3fcd..66b598e5b 100644 --- a/syft/pkg/dependencies.go +++ b/syft/pkg/dependencies.go @@ -13,8 +13,10 @@ import "strings" type DependencyCompleteness string const ( - // UnknownDependencyCompleteness indicates that the completeness of the dependencies is unknown. This should be used - // when the dependency resolution mechanism is not well understood. + // UnknownDependencyCompleteness indicates that the completeness of the dependencies cannot be considered + // positively complete or incomplete. This should be used when the dependency resolution mechanism is not + // well understood, the set of dependencies is unknowable, or no attempt has been made to resolve + // dependencies (no assertion). UnknownDependencyCompleteness DependencyCompleteness = "unknown" // CompleteDependencies indicates that the package has all of its direct dependencies resolved and related to @@ -27,9 +29,9 @@ const ( // a direct and indirect dependency from the perspective of this package). CompleteWithIndirectDependencies DependencyCompleteness = "complete-with-indirect" - // IncompleteDependencies indicates that the package does not have all of its direct dependencies resolved. - // This is useful in times when there is more than one mechanism at play for resolving dependencies and the - // cataloger only implements a subset of them, or in cases where the mechanism for resolving dependencies is limited. + // IncompleteDependencies indicates that the package is known to not have all of its direct dependencies listed. + // This is reserved for cases where we know there are a non-zero number of dependencies for a package, but we + // are not listing them intentionally or because we are unable to resolve them. IncompleteDependencies DependencyCompleteness = "incomplete" )