mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
Add hyphen replacement logic for CPE generation (#397)
* add hyphen replacement logic for CPE generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * migrate "python-" vendor prefix to product candidate processing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump linter timeout for CI Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update cpe candidate product tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
This commit is contained in:
Alex Goodman
GitHub
parent
6d2f139397
commit
0c29090b42
2
Makefile
2
Makefile
@ -3,7 +3,7 @@ TEMPDIR = ./.tmp
|
|||||||
RESULTSDIR = test/results
|
RESULTSDIR = test/results
|
||||||
COVER_REPORT = $(RESULTSDIR)/unit-coverage-details.txt
|
COVER_REPORT = $(RESULTSDIR)/unit-coverage-details.txt
|
||||||
COVER_TOTAL = $(RESULTSDIR)/unit-coverage-summary.txt
|
COVER_TOTAL = $(RESULTSDIR)/unit-coverage-summary.txt
|
||||||
LINTCMD = $(TEMPDIR)/golangci-lint run --tests=false --config .golangci.yaml
|
LINTCMD = $(TEMPDIR)/golangci-lint run --tests=false --timeout=2m --config .golangci.yaml
|
||||||
ACC_TEST_IMAGE = centos:8.2.2004
|
ACC_TEST_IMAGE = centos:8.2.2004
|
||||||
ACC_DIR = ./test/acceptance
|
ACC_DIR = ./test/acceptance
|
||||||
BOLD := $(shell tput -T linux bold)
|
BOLD := $(shell tput -T linux bold)
|
||||||
|
|||||||
@ -125,10 +125,7 @@ func candidateVendors(p pkg.Package) []string {
|
|||||||
// TODO: Confirm whether using products as vendors is helpful to the matching process
|
// TODO: Confirm whether using products as vendors is helpful to the matching process
|
||||||
vendors := candidateProducts(p)
|
vendors := candidateProducts(p)
|
||||||
|
|
||||||
switch p.Language {
|
if p.Language == pkg.Java {
|
||||||
case pkg.Python:
|
|
||||||
vendors = append(vendors, fmt.Sprintf("python-%s", p.Name))
|
|
||||||
case pkg.Java:
|
|
||||||
if p.MetadataType == pkg.JavaMetadataType {
|
if p.MetadataType == pkg.JavaMetadataType {
|
||||||
vendors = append(vendors, candidateVendorsForJava(p)...)
|
vendors = append(vendors, candidateVendorsForJava(p)...)
|
||||||
}
|
}
|
||||||
@ -139,10 +136,21 @@ func candidateVendors(p pkg.Package) []string {
|
|||||||
func candidateProducts(p pkg.Package) []string {
|
func candidateProducts(p pkg.Package) []string {
|
||||||
products := []string{p.Name}
|
products := []string{p.Name}
|
||||||
|
|
||||||
if p.Language == pkg.Java {
|
switch p.Language {
|
||||||
|
case pkg.Python:
|
||||||
|
if !strings.HasPrefix(p.Name, "python") {
|
||||||
|
products = append(products, "python-"+p.Name)
|
||||||
|
}
|
||||||
|
case pkg.Java:
|
||||||
products = append(products, candidateProductsForJava(p)...)
|
products = append(products, candidateProductsForJava(p)...)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for _, prod := range products {
|
||||||
|
if strings.Contains(prod, "-") {
|
||||||
|
products = append(products, strings.ReplaceAll(prod, "-", "_"))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// return any known product name swaps prepended to the results
|
// return any known product name swaps prepended to the results
|
||||||
return append(productCandidatesByPkgType.getCandidates(p.Type, p.Name), products...)
|
return append(productCandidatesByPkgType.getCandidates(p.Type, p.Name), products...)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -17,6 +17,58 @@ func TestGeneratePackageCPEs(t *testing.T) {
|
|||||||
p pkg.Package
|
p pkg.Package
|
||||||
expected []string
|
expected []string
|
||||||
}{
|
}{
|
||||||
|
{
|
||||||
|
name: "hyphen replacement",
|
||||||
|
p: pkg.Package{
|
||||||
|
Name: "name-part",
|
||||||
|
Version: "3.2",
|
||||||
|
FoundBy: "some-analyzer",
|
||||||
|
Language: pkg.Python,
|
||||||
|
Type: pkg.DebPkg,
|
||||||
|
},
|
||||||
|
expected: []string{
|
||||||
|
"cpe:2.3:a:*:name-part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:*:name-part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:name-part:name-part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:name-part:name-part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:python-name-part:name-part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:python-name-part:name-part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:*:name_part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:*:name_part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:name_part:name_part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:name_part:name_part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:python_name_part:name_part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:python_name_part:name_part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:name-part:name_part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:name-part:name_part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:name_part:name-part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:name_part:name-part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:python-name-part:name_part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:python-name-part:name_part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:python_name_part:name-part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:python_name_part:name-part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:*:python-name-part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:*:python-name-part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:*:python_name_part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:*:python_name_part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:name-part:python-name-part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:name-part:python-name-part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:name-part:python_name_part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:name-part:python_name_part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:name_part:python-name-part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:name_part:python-name-part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:name_part:python_name_part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:name_part:python_name_part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:python-name-part:python-name-part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:python-name-part:python-name-part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:python-name-part:python_name_part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:python-name-part:python_name_part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:python_name_part:python-name-part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:python_name_part:python-name-part:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:python_name_part:python_name_part:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:python_name_part:python_name_part:3.2:*:*:*:*:python:*:*",
|
||||||
|
},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "python language",
|
name: "python language",
|
||||||
p: pkg.Package{
|
p: pkg.Package{
|
||||||
@ -33,6 +85,24 @@ func TestGeneratePackageCPEs(t *testing.T) {
|
|||||||
"cpe:2.3:a:name:name:3.2:*:*:*:*:python:*:*",
|
"cpe:2.3:a:name:name:3.2:*:*:*:*:python:*:*",
|
||||||
"cpe:2.3:a:python-name:name:3.2:*:*:*:*:*:*:*",
|
"cpe:2.3:a:python-name:name:3.2:*:*:*:*:*:*:*",
|
||||||
"cpe:2.3:a:python-name:name:3.2:*:*:*:*:python:*:*",
|
"cpe:2.3:a:python-name:name:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:python_name:name:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:python_name:name:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:*:python-name:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:*:python-name:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:*:python_name:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:*:python_name:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:name:python-name:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:name:python-name:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:name:python_name:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:name:python_name:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:python-name:python-name:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:python-name:python-name:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:python-name:python_name:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:python-name:python_name:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:python_name:python-name:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:python_name:python-name:3.2:*:*:*:*:python:*:*",
|
||||||
|
"cpe:2.3:a:python_name:python_name:3.2:*:*:*:*:*:*:*",
|
||||||
|
"cpe:2.3:a:python_name:python_name:3.2:*:*:*:*:python:*:*",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -222,7 +292,7 @@ func TestCandidateProducts(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
expected: []string{"itunes", "some-java-package-with-group-id"},
|
expected: []string{"itunes", "some-java-package-with-group-id", "some_java_package_with_group_id"},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
p: pkg.Package{
|
p: pkg.Package{
|
||||||
@ -235,7 +305,7 @@ func TestCandidateProducts(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
expected: []string{"some-jenkins-plugin"},
|
expected: []string{"some-jenkins-plugin", "some_jenkins_plugin"},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
p: pkg.Package{
|
p: pkg.Package{
|
||||||
@ -256,7 +326,7 @@ func TestCandidateProducts(t *testing.T) {
|
|||||||
Name: "python-rrdtool",
|
Name: "python-rrdtool",
|
||||||
Type: pkg.PythonPkg,
|
Type: pkg.PythonPkg,
|
||||||
},
|
},
|
||||||
expected: []string{"rrdtool" /* <-- known good names | default guess --> */, "python-rrdtool"},
|
expected: []string{"rrdtool" /* <-- known good names | default guess --> */, "python-rrdtool", "python_rrdtool"},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user