oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update the CPE generation for spring-security-core (#1789)

Browse Source 
* Update the CPE generation for spring-security-core
* Add vendor test for spring-security

Signed-off-by: Josh Bressers <josh@bress.net>

---------

Signed-off-by: Josh Bressers <josh@bress.net>
This commit is contained in:
Josh Bressers 2023-05-05 10:41:41 -05:00 committed by GitHub
parent ddb338d834
commit 0f1aed4477
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
View File

@ -32,6 +32,12 @@ var defaultCandidateAdditions = buildCandidateLookup(
candidateKey{PkgName: "spring-core"}, candidateKey{PkgName: "spring-core"},
candidateAddition{AdditionalProducts: []string{"spring_framework", "springsource_spring_framework"}, AdditionalVendors: []string{"pivotal_software", "springsource", "vmware"}}, candidateAddition{AdditionalProducts: []string{"spring_framework", "springsource_spring_framework"}, AdditionalVendors: []string{"pivotal_software", "springsource", "vmware"}},
}, },
{
// example image: docker.io/jenkins/jenkins:latest
pkg.JavaPkg,
candidateKey{PkgName: "spring-security-core"},
candidateAddition{AdditionalProducts: []string{"spring_security"}, AdditionalVendors: []string{"vmware"}},
},
{ {
// example image: docker.io/nuxeo:latest // example image: docker.io/nuxeo:latest
pkg.JavaPkg, pkg.JavaPkg,

16
syft/pkg/cataloger/common/cpe/generate_test.go
View File

@ -768,6 +768,14 @@ func TestCandidateProducts(t *testing.T) {
}, },
expected: []string{"spring_framework", "springsource_spring_framework" /* <-- known good names | default guess --> */, "springframework"}, expected: []string{"spring_framework", "springsource_spring_framework" /* <-- known good names | default guess --> */, "springframework"},
}, },
{
name: "spring-security-core",
p: pkg.Package{
Name: "spring-security-core",
Type: pkg.JavaPkg,
},
expected: []string{"spring-security-core", "spring_security", "spring_security_core"},
},
{ {
name: "java", name: "java",
p: pkg.Package{ p: pkg.Package{
@ -857,6 +865,14 @@ func TestCandidateVendor(t *testing.T) {
}, },
expected: []string{"elastic" /* <-- known good names | default guess --> */, "elasticsearch"}, expected: []string{"elastic" /* <-- known good names | default guess --> */, "elasticsearch"},
}, },
{
name: "spring-security",
p: pkg.Package{
Name: "spring-security-core",
Type: pkg.JavaPkg,
},
expected: []string{"vmware" /* <-- known good names | default guess --> */, "spring", "spring-security", "spring-security-core", "spring_security_core", "spring_security"},
},
{ {
name: "log4j", name: "log4j",
p: pkg.Package{ p: pkg.Package{