From 11039f4b4e9d633feae14246833e0579e8f5490b Mon Sep 17 00:00:00 2001 From: Weston Steimel Date: Fri, 1 Dec 2023 14:22:33 +0000 Subject: [PATCH] fix(java): improve identification for org.elasticsearch artifacts (#2383) Signed-off-by: Weston Steimel --- syft/pkg/cataloger/common/cpe/java.go | 2 +- .../cataloger/common/cpe/java_groupid_map.go | 778 ++++++++++-------- syft/pkg/cataloger/common/cpe/java_test.go | 11 + 3 files changed, 437 insertions(+), 354 deletions(-) diff --git a/syft/pkg/cataloger/common/cpe/java.go b/syft/pkg/cataloger/common/cpe/java.go index 7920e38b8..feb3960a0 100644 --- a/syft/pkg/cataloger/common/cpe/java.go +++ b/syft/pkg/cataloger/common/cpe/java.go @@ -294,7 +294,7 @@ func GetManifestFieldGroupIDs(manifest *pkg.JavaManifest, fields []string) (grou } func cleanGroupID(groupID string) string { - return strings.TrimSpace(removeOSCIDirectives(groupID)) + return strings.TrimSpace(strings.Split(removeOSCIDirectives(groupID), "#")[0]) } func removeOSCIDirectives(groupID string) string { diff --git a/syft/pkg/cataloger/common/cpe/java_groupid_map.go b/syft/pkg/cataloger/common/cpe/java_groupid_map.go index 702b8657d..2e18c253a 100644 --- a/syft/pkg/cataloger/common/cpe/java_groupid_map.go +++ b/syft/pkg/cataloger/common/cpe/java_groupid_map.go @@ -1,359 +1,431 @@ package cpe var DefaultArtifactIDToGroupID = map[string]string{ - "ant": "org.apache.ant", - "ant-antlr": "org.apache.ant", - "ant-antunit": "org.apache.ant", - "ant-apache-bcel": "org.apache.ant", - "ant-apache-bsf": "org.apache.ant", - "ant-apache-log4j": "org.apache.ant", - "ant-apache-oro": "org.apache.ant", - "ant-apache-regexp": "org.apache.ant", - "ant-apache-resolver": "org.apache.ant", - "ant-apache-xalan2": "org.apache.ant", - "ant-commons-logging": "org.apache.ant", - "ant-commons-net": "org.apache.ant", - "ant-compress": "org.apache.ant", - "ant-dotnet": "org.apache.ant", - "ant-imageio": "org.apache.ant", - "ant-jai": "org.apache.ant", - "ant-jakartamail": "org.apache.ant", - "ant-javamail": "org.apache.ant", - "ant-jdepend": "org.apache.ant", - "ant-jmf": "org.apache.ant", - "ant-jsch": "org.apache.ant", - "ant-junit": "org.apache.ant", - "ant-junit4": "org.apache.ant", - "ant-junitlauncher": "org.apache.ant", - "ant-launcher": "org.apache.ant", - "ant-netrexx": "org.apache.ant", - "ant-nodeps": "org.apache.ant", - "ant-parent": "org.apache.ant", - "ant-starteam": "org.apache.ant", - "ant-stylebook": "org.apache.ant", - "ant-swing": "org.apache.ant", - "ant-testutil": "org.apache.ant", - "ant-trax": "org.apache.ant", - "ant-weblogic": "org.apache.ant", - "ant-xz": "org.apache.ant", - "commons-codec": "commons-codec", - "commons-logging": "commons-logging", // see e.g. https://mvnrepository.com/artifact/commons-logging/commons-logging/1.1.1 - "okhttp": "com.squareup.okhttp3", - "okio": "com.squareup.okio", - "apache-geode": "org.apache.geode", - "geode-all-bom": "org.apache.geode", - "geode-apis-compatible-with-redis": "org.apache.geode", - "geode-client-bom": "org.apache.geode", - "geode-client-protocol": "org.apache.geode", - "geode-common": "org.apache.geode", - "geode-concurrency-test": "org.apache.geode", - "geode-connectors": "org.apache.geode", - "geode-core": "org.apache.geode", - "geode-cq": "org.apache.geode", - "geode-deployment-legacy": "org.apache.geode", - "geode-dunit": "org.apache.geode", - "geode-experimental-driver": "org.apache.geode", - "geode-gfsh": "org.apache.geode", - "geode-http-service": "org.apache.geode", - "geode-jmh": "org.apache.geode", - "geode-joptsimple": "org.apache.geode", - "geode-json": "org.apache.geode", - "geode-junit": "org.apache.geode", - "geode-log4j": "org.apache.geode", - "geode-logging": "org.apache.geode", - "geode-lucene": "org.apache.geode", - "geode-management": "org.apache.geode", - "geode-membership": "org.apache.geode", - "geode-memcached": "org.apache.geode", - "geode-modules": "org.apache.geode", - "geode-modules-hibernate": "org.apache.geode", - "geode-modules-session": "org.apache.geode", - "geode-modules-session-internal": "org.apache.geode", - "geode-modules-tomcat7": "org.apache.geode", - "geode-modules-tomcat8": "org.apache.geode", - "geode-modules-tomcat9": "org.apache.geode", - "geode-old-client-support": "org.apache.geode", - "geode-protobuf": "org.apache.geode", - "geode-protobuf-messages": "org.apache.geode", - "geode-pulse": "org.apache.geode", - "geode-rebalancer": "org.apache.geode", - "geode-redis": "org.apache.geode", - "geode-serialization": "org.apache.geode", - "geode-server-all": "org.apache.geode", - "geode-tcp-server": "org.apache.geode", - "geode-unsafe": "org.apache.geode", - "geode-wan": "org.apache.geode", - "geode-web": "org.apache.geode", - "geode-web-api": "org.apache.geode", - "geode-web-management": "org.apache.geode", - "spring-velocity-support": "org.apache.velocity", - "velocity": "org.apache.velocity", - "velocity-engine-core": "org.apache.velocity", - "velocity-engine-parent": "org.apache.velocity", - "velocity-engine-scripting": "org.apache.velocity", - "velocity-tools": "org.apache.velocity", - "tomcat": "org.apache.tomcat", - "tomcat-annotations-api": "org.apache.tomcat", - "tomcat-api": "org.apache.tomcat", - "tomcat-catalina": "org.apache.tomcat", - "tomcat-catalina-ant": "org.apache.tomcat", - "tomcat-catalina-ha": "org.apache.tomcat", - "tomcat-catalina-jmx-remote": "org.apache.tomcat", - "tomcat-catalina-ws": "org.apache.tomcat", - "tomcat-coyote": "org.apache.tomcat", - "tomcat-dbcp": "org.apache.tomcat", - "tomcat-el-api": "org.apache.tomcat", - "tomcat-i18n-cs": "org.apache.tomcat", - "tomcat-i18n-de": "org.apache.tomcat", - "tomcat-i18n-es": "org.apache.tomcat", - "tomcat-i18n-fr": "org.apache.tomcat", - "tomcat-i18n-ja": "org.apache.tomcat", - "tomcat-i18n-ko": "org.apache.tomcat", - "tomcat-i18n-pt-BR": "org.apache.tomcat", - "tomcat-i18n-ru": "org.apache.tomcat", - "tomcat-i18n-zh-CN": "org.apache.tomcat", - "tomcat-jasper": "org.apache.tomcat", - "tomcat-jasper-el": "org.apache.tomcat", - "tomcat-jaspic-api": "org.apache.tomcat", - "tomcat-jdbc": "org.apache.tomcat", - "tomcat-jni": "org.apache.tomcat", - "tomcat-jsp-api": "org.apache.tomcat", - "tomcat-juli": "org.apache.tomcat", - "tomcat-servlet-api": "org.apache.tomcat", - "tomcat-spdy": "org.apache.tomcat", - "tomcat-ssi": "org.apache.tomcat", - "tomcat-storeconfig": "org.apache.tomcat", - "tomcat-tribes": "org.apache.tomcat", - "tomcat-util": "org.apache.tomcat", - "tomcat-util-scan": "org.apache.tomcat", - "tomcat-websocket": "org.apache.tomcat", - "tomcat-websocket-api": "org.apache.tomcat", - "tomcat-websocket-client-api": "org.apache.tomcat", - "tomcat7-websocket": "org.apache.tomcat", - "tomcat-embed-core": "org.apache.tomcat.embed", - "tomcat-embed-el": "org.apache.tomcat.embed", - "tomcat-embed-jasper": "org.apache.tomcat.embed", - "tomcat-embed-logging-juli": "org.apache.tomcat.embed", - "tomcat-embed-logging-log4j": "org.apache.tomcat.embed", - "tomcat-embed-websocket": "org.apache.tomcat.embed", - "bc-fips": "org.bouncycastle", - "bc-fips-debug": "org.bouncycastle", - "bcjmail-debug-jdk15to18": "org.bouncycastle", - "bcjmail-debug-jdk18on": "org.bouncycastle", - "bcjmail-jdk15on": "org.bouncycastle", - "bcjmail-jdk15to18": "org.bouncycastle", - "bcjmail-jdk18on": "org.bouncycastle", - "bcjmail-lts8on": "org.bouncycastle", - "bcmail-debug-jdk15to18": "org.bouncycastle", - "bcmail-debug-jdk18on": "org.bouncycastle", - "bcmail-fips": "org.bouncycastle", - "bcmail-jdk14": "org.bouncycastle", - "bcmail-jdk15": "org.bouncycastle", - "bcmail-jdk15+": "org.bouncycastle", - "bcmail-jdk15on": "org.bouncycastle", - "bcmail-jdk15to18": "org.bouncycastle", - "bcmail-jdk16": "org.bouncycastle", - "bcmail-jdk18on": "org.bouncycastle", - "bcmail-lts8on": "org.bouncycastle", - "bcpg-debug-jdk15to18": "org.bouncycastle", - "bcpg-debug-jdk18on": "org.bouncycastle", - "bcpg-fips": "org.bouncycastle", - "bcpg-jdk12": "org.bouncycastle", - "bcpg-jdk14": "org.bouncycastle", - "bcpg-jdk15": "org.bouncycastle", - "bcpg-jdk15+": "org.bouncycastle", - "bcpg-jdk15on": "org.bouncycastle", - "bcpg-jdk15to18": "org.bouncycastle", - "bcpg-jdk16": "org.bouncycastle", - "bcpg-jdk18on": "org.bouncycastle", - "bcpg-lts8on": "org.bouncycastle", - "bcpkix-debug-jdk15to18": "org.bouncycastle", - "bcpkix-debug-jdk18on": "org.bouncycastle", - "bcpkix-fips": "org.bouncycastle", - "bcpkix-jdk14": "org.bouncycastle", - "bcpkix-jdk15on": "org.bouncycastle", - "bcpkix-jdk15to18": "org.bouncycastle", - "bcpkix-jdk18on": "org.bouncycastle", - "bcpkix-lts8on": "org.bouncycastle", - "bcpqc-addon-fips": "org.bouncycastle", - "bcprov-debug-jdk14": "org.bouncycastle", - "bcprov-debug-jdk15on": "org.bouncycastle", - "bcprov-debug-jdk15to18": "org.bouncycastle", - "bcprov-debug-jdk18on": "org.bouncycastle", - "bcprov-ext-debug-jdk14": "org.bouncycastle", - "bcprov-ext-debug-jdk15on": "org.bouncycastle", - "bcprov-ext-debug-jdk15to18": "org.bouncycastle", - "bcprov-ext-debug-jdk18on": "org.bouncycastle", - "bcprov-ext-jdk14": "org.bouncycastle", - "bcprov-ext-jdk15": "org.bouncycastle", - "bcprov-ext-jdk15on": "org.bouncycastle", - "bcprov-ext-jdk15to18": "org.bouncycastle", - "bcprov-ext-jdk16": "org.bouncycastle", - "bcprov-ext-jdk18on": "org.bouncycastle", - "bcprov-jdk12": "org.bouncycastle", - "bcprov-jdk14": "org.bouncycastle", - "bcprov-jdk15": "org.bouncycastle", - "bcprov-jdk15+": "org.bouncycastle", - "bcprov-jdk15on": "org.bouncycastle", - "bcprov-jdk15to18": "org.bouncycastle", - "bcprov-jdk16": "org.bouncycastle", - "bcprov-jdk18on": "org.bouncycastle", - "bcprov-lts8on": "org.bouncycastle", - "bctls-debug-jdk15to18": "org.bouncycastle", - "bctls-debug-jdk18on": "org.bouncycastle", - "bctls-fips": "org.bouncycastle", - "bctls-jdk14": "org.bouncycastle", - "bctls-jdk15on": "org.bouncycastle", - "bctls-jdk15to18": "org.bouncycastle", - "bctls-jdk18on": "org.bouncycastle", - "bctls-lts8on": "org.bouncycastle", - "bctsp-jdk14": "org.bouncycastle", - "bctsp-jdk15": "org.bouncycastle", - "bctsp-jdk15+": "org.bouncycastle", - "bctsp-jdk15on": "org.bouncycastle", - "bctsp-jdk16": "org.bouncycastle", - "bcutil-debug-jdk15to18": "org.bouncycastle", - "bcutil-debug-jdk18on": "org.bouncycastle", - "bcutil-jdk14": "org.bouncycastle", - "bcutil-jdk15on": "org.bouncycastle", - "bcutil-jdk15to18": "org.bouncycastle", - "bcutil-jdk18on": "org.bouncycastle", - "bcutil-lts8on": "org.bouncycastle", - "spring": "org.springframework", - "spring-agent": "org.springframework", - "spring-aop": "org.springframework", - "spring-asm": "org.springframework", - "spring-aspects": "org.springframework", - "spring-beandoc": "org.springframework", - "spring-beans": "org.springframework", - "spring-context": "org.springframework", - "spring-context-indexer": "org.springframework", - "spring-context-support": "org.springframework", - "spring-core": "org.springframework", - "spring-core-test": "org.springframework", - "spring-dao": "org.springframework", - "spring-expression": "org.springframework", - "spring-framework-bom": "org.springframework", - "spring-full": "org.springframework", - "spring-hibernate": "org.springframework", - "spring-hibernate2": "org.springframework", - "spring-hibernate3": "org.springframework", - "spring-ibatis": "org.springframework", - "spring-instrument": "org.springframework", - "spring-instrument-tomcat": "org.springframework", - "spring-jca": "org.springframework", - "spring-jcl": "org.springframework", - "spring-jdbc": "org.springframework", - "spring-jdo": "org.springframework", - "spring-jms": "org.springframework", - "spring-jmx": "org.springframework", - "spring-jpa": "org.springframework", - "spring-ldap": "org.springframework", - "spring-messaging": "org.springframework", - "spring-mock": "org.springframework", - "spring-ojb": "org.springframework", - "spring-orm": "org.springframework", - "spring-oxm": "org.springframework", - "spring-parent": "org.springframework", - "spring-portlet": "org.springframework", - "spring-r2dbc": "org.springframework", - "spring-remoting": "org.springframework", - "spring-struts": "org.springframework", - "spring-support": "org.springframework", - "spring-test": "org.springframework", - "spring-tomcat-weaver": "org.springframework", - "spring-toplink": "org.springframework", - "spring-tuple": "org.springframework", - "spring-tuple-parent": "org.springframework", - "spring-tx": "org.springframework", - "spring-web": "org.springframework", - "spring-webflux": "org.springframework", - "spring-webmvc": "org.springframework", - "spring-webmvc-portlet": "org.springframework", - "spring-webmvc-struts": "org.springframework", - "spring-websocket": "org.springframework", - "spring-amqp": "org.springframework.amqp", - "spring-amqp-bom": "org.springframework.amqp", - "spring-amqp-dist": "org.springframework.amqp", - "spring-amqp-parent": "org.springframework.amqp", - "spring-erlang": "org.springframework.amqp", - "spring-rabbit": "org.springframework.amqp", - "spring-rabbit-junit": "org.springframework.amqp", - "spring-rabbit-stream": "org.springframework.amqp", - "spring-rabbit-test": "org.springframework.amqp", - "spring-analytics": "org.springframework.analytics", - "spring-batch": "org.springframework.batch", - "spring-batch-admin-manager": "org.springframework.batch", - "spring-batch-admin-parent": "org.springframework.batch", - "spring-batch-admin-resources": "org.springframework.batch", - "spring-batch-archetypes": "org.springframework.batch", - "spring-batch-bom": "org.springframework.batch", - "spring-batch-core": "org.springframework.batch", - "spring-batch-docs": "org.springframework.batch", - "spring-batch-infrastructure": "org.springframework.batch", - "spring-batch-infrastructure-tests": "org.springframework.batch", - "spring-batch-integration": "org.springframework.batch", - "spring-batch-parent": "org.springframework.batch", - "spring-batch-samples": "org.springframework.batch", - "spring-batch-test": "org.springframework.batch", - "spring-batch-tuple": "org.springframework.batch", - "spring-boot": "org.springframework.boot", - "spring-boot-actuator": "org.springframework.boot", - "spring-boot-actuator-autoconfigure": "org.springframework.boot", - "spring-boot-actuator-docs": "org.springframework.boot", - "spring-boot-antlib": "org.springframework.boot", - "spring-boot-archetypes": "org.springframework.boot", - "spring-boot-autoconfigure": "org.springframework.boot", - "spring-boot-autoconfigure-processor": "org.springframework.boot", - "spring-boot-build": "org.springframework.boot", - "spring-boot-buildpack-platform": "org.springframework.boot", - "spring-boot-cli": "org.springframework.boot", - "spring-boot-configuration-metadata": "org.springframework.boot", - "spring-boot-configuration-processor": "org.springframework.boot", - "spring-boot-dependencies": "org.springframework.boot", - "spring-boot-dependency-tools": "org.springframework.boot", - "spring-boot-deployment-test-glassfish": "org.springframework.boot", - "spring-boot-deployment-test-tomcat": "org.springframework.boot", - "spring-boot-deployment-test-tomee": "org.springframework.boot", - "spring-boot-deployment-test-wildfly": "org.springframework.boot", - "spring-boot-deployment-test-wlp": "org.springframework.boot", - "spring-boot-deployment-tests": "org.springframework.boot", - "spring-boot-devtools": "org.springframework.boot", - "spring-boot-devtools-tests": "org.springframework.boot", - "spring-boot-docker-compose": "org.springframework.boot", - "spring-boot-docs": "org.springframework.boot", - "spring-boot-full-build": "org.springframework.boot", - "spring-boot-gradle-plugin": "org.springframework.boot", - "spring-boot-gradle-tests": "org.springframework.boot", - "spring-boot-jarmode-layertools": "org.springframework.boot", - "spring-boot-launch-script-tests": "org.springframework.boot", - "spring-boot-legacy": "org.springframework.boot", - "spring-boot-loader": "org.springframework.boot", - "spring-boot-loader-tools": "org.springframework.boot", - "spring-boot-maven-plugin": "org.springframework.boot", - "spring-boot-parent": "org.springframework.boot", - "spring-boot-project": "org.springframework.boot", - "spring-boot-properties-migrator": "org.springframework.boot", - "spring-boot-sample-actuator-archetype": "org.springframework.boot", - "spring-boot-sample-actuator-log4j-archetype": "org.springframework.boot", - "spring-boot-sample-actuator-noweb-archetype": "org.springframework.boot", - "spring-boot-sample-actuator-ui-archetype": "org.springframework.boot", - "spring-boot-sample-amqp-archetype": "org.springframework.boot", - "spring-boot-sample-aop-archetype": "org.springframework.boot", - "spring-boot-sample-batch-archetype": "org.springframework.boot", - "spring-boot-sample-data-jpa-archetype": "org.springframework.boot", - "spring-boot-sample-data-mongodb-archetype": "org.springframework.boot", - "spring-boot-sample-data-redis-archetype": "org.springframework.boot", - "spring-boot-sample-data-rest-archetype": "org.springframework.boot", - "spring-boot-sample-integration-archetype": "org.springframework.boot", - "spring-boot-sample-jetty-archetype": "org.springframework.boot", - "spring-boot-sample-profile-archetype": "org.springframework.boot", - "spring-boot-sample-secure-archetype": "org.springframework.boot", - "spring-boot-sample-servlet-archetype": "org.springframework.boot", - "spring-boot-sample-simple-archetype": "org.springframework.boot", - "spring-boot-sample-tomcat-archetype": "org.springframework.boot", - "spring-boot-sample-traditional-archetype": "org.springframework.boot", - "spring-boot-sample-web-jsp-archetype": "org.springframework.boot", + "ant": "org.apache.ant", + "ant-antlr": "org.apache.ant", + "ant-antunit": "org.apache.ant", + "ant-apache-bcel": "org.apache.ant", + "ant-apache-bsf": "org.apache.ant", + "ant-apache-log4j": "org.apache.ant", + "ant-apache-oro": "org.apache.ant", + "ant-apache-regexp": "org.apache.ant", + "ant-apache-resolver": "org.apache.ant", + "ant-apache-xalan2": "org.apache.ant", + "ant-commons-logging": "org.apache.ant", + "ant-commons-net": "org.apache.ant", + "ant-compress": "org.apache.ant", + "ant-dotnet": "org.apache.ant", + "ant-imageio": "org.apache.ant", + "ant-jai": "org.apache.ant", + "ant-jakartamail": "org.apache.ant", + "ant-javamail": "org.apache.ant", + "ant-jdepend": "org.apache.ant", + "ant-jmf": "org.apache.ant", + "ant-jsch": "org.apache.ant", + "ant-junit": "org.apache.ant", + "ant-junit4": "org.apache.ant", + "ant-junitlauncher": "org.apache.ant", + "ant-launcher": "org.apache.ant", + "ant-netrexx": "org.apache.ant", + "ant-nodeps": "org.apache.ant", + "ant-parent": "org.apache.ant", + "ant-starteam": "org.apache.ant", + "ant-stylebook": "org.apache.ant", + "ant-swing": "org.apache.ant", + "ant-testutil": "org.apache.ant", + "ant-trax": "org.apache.ant", + "ant-weblogic": "org.apache.ant", + "ant-xz": "org.apache.ant", + "commons-codec": "commons-codec", + "commons-logging": "commons-logging", // see e.g. https://mvnrepository.com/artifact/commons-logging/commons-logging/1.1.1 + "okhttp": "com.squareup.okhttp3", + "okio": "com.squareup.okio", + "apache-geode": "org.apache.geode", + "geode-all-bom": "org.apache.geode", + "geode-apis-compatible-with-redis": "org.apache.geode", + "geode-client-bom": "org.apache.geode", + "geode-client-protocol": "org.apache.geode", + "geode-common": "org.apache.geode", + "geode-concurrency-test": "org.apache.geode", + "geode-connectors": "org.apache.geode", + "geode-core": "org.apache.geode", + "geode-cq": "org.apache.geode", + "geode-deployment-legacy": "org.apache.geode", + "geode-dunit": "org.apache.geode", + "geode-experimental-driver": "org.apache.geode", + "geode-gfsh": "org.apache.geode", + "geode-http-service": "org.apache.geode", + "geode-jmh": "org.apache.geode", + "geode-joptsimple": "org.apache.geode", + "geode-json": "org.apache.geode", + "geode-junit": "org.apache.geode", + "geode-log4j": "org.apache.geode", + "geode-logging": "org.apache.geode", + "geode-lucene": "org.apache.geode", + "geode-management": "org.apache.geode", + "geode-membership": "org.apache.geode", + "geode-memcached": "org.apache.geode", + "geode-modules": "org.apache.geode", + "geode-modules-hibernate": "org.apache.geode", + "geode-modules-session": "org.apache.geode", + "geode-modules-session-internal": "org.apache.geode", + "geode-modules-tomcat7": "org.apache.geode", + "geode-modules-tomcat8": "org.apache.geode", + "geode-modules-tomcat9": "org.apache.geode", + "geode-old-client-support": "org.apache.geode", + "geode-protobuf": "org.apache.geode", + "geode-protobuf-messages": "org.apache.geode", + "geode-pulse": "org.apache.geode", + "geode-rebalancer": "org.apache.geode", + "geode-redis": "org.apache.geode", + "geode-serialization": "org.apache.geode", + "geode-server-all": "org.apache.geode", + "geode-tcp-server": "org.apache.geode", + "geode-unsafe": "org.apache.geode", + "geode-wan": "org.apache.geode", + "geode-web": "org.apache.geode", + "geode-web-api": "org.apache.geode", + "geode-web-management": "org.apache.geode", + "spring-velocity-support": "org.apache.velocity", + "velocity": "org.apache.velocity", + "velocity-engine-core": "org.apache.velocity", + "velocity-engine-parent": "org.apache.velocity", + "velocity-engine-scripting": "org.apache.velocity", + "velocity-tools": "org.apache.velocity", + "tomcat": "org.apache.tomcat", + "tomcat-annotations-api": "org.apache.tomcat", + "tomcat-api": "org.apache.tomcat", + "tomcat-catalina": "org.apache.tomcat", + "tomcat-catalina-ant": "org.apache.tomcat", + "tomcat-catalina-ha": "org.apache.tomcat", + "tomcat-catalina-jmx-remote": "org.apache.tomcat", + "tomcat-catalina-ws": "org.apache.tomcat", + "tomcat-coyote": "org.apache.tomcat", + "tomcat-dbcp": "org.apache.tomcat", + "tomcat-el-api": "org.apache.tomcat", + "tomcat-i18n-cs": "org.apache.tomcat", + "tomcat-i18n-de": "org.apache.tomcat", + "tomcat-i18n-es": "org.apache.tomcat", + "tomcat-i18n-fr": "org.apache.tomcat", + "tomcat-i18n-ja": "org.apache.tomcat", + "tomcat-i18n-ko": "org.apache.tomcat", + "tomcat-i18n-pt-BR": "org.apache.tomcat", + "tomcat-i18n-ru": "org.apache.tomcat", + "tomcat-i18n-zh-CN": "org.apache.tomcat", + "tomcat-jasper": "org.apache.tomcat", + "tomcat-jasper-el": "org.apache.tomcat", + "tomcat-jaspic-api": "org.apache.tomcat", + "tomcat-jdbc": "org.apache.tomcat", + "tomcat-jni": "org.apache.tomcat", + "tomcat-jsp-api": "org.apache.tomcat", + "tomcat-juli": "org.apache.tomcat", + "tomcat-servlet-api": "org.apache.tomcat", + "tomcat-spdy": "org.apache.tomcat", + "tomcat-ssi": "org.apache.tomcat", + "tomcat-storeconfig": "org.apache.tomcat", + "tomcat-tribes": "org.apache.tomcat", + "tomcat-util": "org.apache.tomcat", + "tomcat-util-scan": "org.apache.tomcat", + "tomcat-websocket": "org.apache.tomcat", + "tomcat-websocket-api": "org.apache.tomcat", + "tomcat-websocket-client-api": "org.apache.tomcat", + "tomcat7-websocket": "org.apache.tomcat", + "tomcat-embed-core": "org.apache.tomcat.embed", + "tomcat-embed-el": "org.apache.tomcat.embed", + "tomcat-embed-jasper": "org.apache.tomcat.embed", + "tomcat-embed-logging-juli": "org.apache.tomcat.embed", + "tomcat-embed-logging-log4j": "org.apache.tomcat.embed", + "tomcat-embed-websocket": "org.apache.tomcat.embed", + "bc-fips": "org.bouncycastle", + "bc-fips-debug": "org.bouncycastle", + "bcjmail-debug-jdk15to18": "org.bouncycastle", + "bcjmail-debug-jdk18on": "org.bouncycastle", + "bcjmail-jdk15on": "org.bouncycastle", + "bcjmail-jdk15to18": "org.bouncycastle", + "bcjmail-jdk18on": "org.bouncycastle", + "bcjmail-lts8on": "org.bouncycastle", + "bcmail-debug-jdk15to18": "org.bouncycastle", + "bcmail-debug-jdk18on": "org.bouncycastle", + "bcmail-fips": "org.bouncycastle", + "bcmail-jdk14": "org.bouncycastle", + "bcmail-jdk15": "org.bouncycastle", + "bcmail-jdk15+": "org.bouncycastle", + "bcmail-jdk15on": "org.bouncycastle", + "bcmail-jdk15to18": "org.bouncycastle", + "bcmail-jdk16": "org.bouncycastle", + "bcmail-jdk18on": "org.bouncycastle", + "bcmail-lts8on": "org.bouncycastle", + "bcpg-debug-jdk15to18": "org.bouncycastle", + "bcpg-debug-jdk18on": "org.bouncycastle", + "bcpg-fips": "org.bouncycastle", + "bcpg-jdk12": "org.bouncycastle", + "bcpg-jdk14": "org.bouncycastle", + "bcpg-jdk15": "org.bouncycastle", + "bcpg-jdk15+": "org.bouncycastle", + "bcpg-jdk15on": "org.bouncycastle", + "bcpg-jdk15to18": "org.bouncycastle", + "bcpg-jdk16": "org.bouncycastle", + "bcpg-jdk18on": "org.bouncycastle", + "bcpg-lts8on": "org.bouncycastle", + "bcpkix-debug-jdk15to18": "org.bouncycastle", + "bcpkix-debug-jdk18on": "org.bouncycastle", + "bcpkix-fips": "org.bouncycastle", + "bcpkix-jdk14": "org.bouncycastle", + "bcpkix-jdk15on": "org.bouncycastle", + "bcpkix-jdk15to18": "org.bouncycastle", + "bcpkix-jdk18on": "org.bouncycastle", + "bcpkix-lts8on": "org.bouncycastle", + "bcpqc-addon-fips": "org.bouncycastle", + "bcprov-debug-jdk14": "org.bouncycastle", + "bcprov-debug-jdk15on": "org.bouncycastle", + "bcprov-debug-jdk15to18": "org.bouncycastle", + "bcprov-debug-jdk18on": "org.bouncycastle", + "bcprov-ext-debug-jdk14": "org.bouncycastle", + "bcprov-ext-debug-jdk15on": "org.bouncycastle", + "bcprov-ext-debug-jdk15to18": "org.bouncycastle", + "bcprov-ext-debug-jdk18on": "org.bouncycastle", + "bcprov-ext-jdk14": "org.bouncycastle", + "bcprov-ext-jdk15": "org.bouncycastle", + "bcprov-ext-jdk15on": "org.bouncycastle", + "bcprov-ext-jdk15to18": "org.bouncycastle", + "bcprov-ext-jdk16": "org.bouncycastle", + "bcprov-ext-jdk18on": "org.bouncycastle", + "bcprov-jdk12": "org.bouncycastle", + "bcprov-jdk14": "org.bouncycastle", + "bcprov-jdk15": "org.bouncycastle", + "bcprov-jdk15+": "org.bouncycastle", + "bcprov-jdk15on": "org.bouncycastle", + "bcprov-jdk15to18": "org.bouncycastle", + "bcprov-jdk16": "org.bouncycastle", + "bcprov-jdk18on": "org.bouncycastle", + "bcprov-lts8on": "org.bouncycastle", + "bctls-debug-jdk15to18": "org.bouncycastle", + "bctls-debug-jdk18on": "org.bouncycastle", + "bctls-fips": "org.bouncycastle", + "bctls-jdk14": "org.bouncycastle", + "bctls-jdk15on": "org.bouncycastle", + "bctls-jdk15to18": "org.bouncycastle", + "bctls-jdk18on": "org.bouncycastle", + "bctls-lts8on": "org.bouncycastle", + "bctsp-jdk14": "org.bouncycastle", + "bctsp-jdk15": "org.bouncycastle", + "bctsp-jdk15+": "org.bouncycastle", + "bctsp-jdk15on": "org.bouncycastle", + "bctsp-jdk16": "org.bouncycastle", + "bcutil-debug-jdk15to18": "org.bouncycastle", + "bcutil-debug-jdk18on": "org.bouncycastle", + "bcutil-jdk14": "org.bouncycastle", + "bcutil-jdk15on": "org.bouncycastle", + "bcutil-jdk15to18": "org.bouncycastle", + "bcutil-jdk18on": "org.bouncycastle", + "bcutil-lts8on": "org.bouncycastle", + "elasticsearch": "org.elasticsearch", + "elasticsearch-analysis-icu": "org.elasticsearch", + "elasticsearch-analysis-ik": "org.elasticsearch", + "elasticsearch-analysis-kuromoji": "org.elasticsearch", + "elasticsearch-analysis-mmseg": "org.elasticsearch", + "elasticsearch-analysis-phonetic": "org.elasticsearch", + "elasticsearch-analysis-pinyin": "org.elasticsearch", + "elasticsearch-analysis-smartcn": "org.elasticsearch", + "elasticsearch-analysis-stconvert": "org.elasticsearch", + "elasticsearch-analysis-stempel": "org.elasticsearch", + "elasticsearch-attachments": "org.elasticsearch", + "elasticsearch-benchmarks": "org.elasticsearch", + "elasticsearch-cli": "org.elasticsearch", + "elasticsearch-client-groovy": "org.elasticsearch", + "elasticsearch-cloud": "org.elasticsearch", + "elasticsearch-cloud-aws": "org.elasticsearch", + "elasticsearch-cloud-azure": "org.elasticsearch", + "elasticsearch-cloud-gce": "org.elasticsearch", + "elasticsearch-core": "org.elasticsearch", + "elasticsearch-discovery-jgroups": "org.elasticsearch", + "elasticsearch-geo": "org.elasticsearch", + "elasticsearch-grok": "org.elasticsearch", + "elasticsearch-groovy": "org.elasticsearch", + "elasticsearch-h3": "org.elasticsearch", + "elasticsearch-hadoop": "org.elasticsearch", + "elasticsearch-hadoop-cascading": "org.elasticsearch", + "elasticsearch-hadoop-hive": "org.elasticsearch", + "elasticsearch-hadoop-mr": "org.elasticsearch", + "elasticsearch-hadoop-pig": "org.elasticsearch", + "elasticsearch-lang-groovy": "org.elasticsearch", + "elasticsearch-lang-javascript": "org.elasticsearch", + "elasticsearch-lang-mvel": "org.elasticsearch", + "elasticsearch-lang-python": "org.elasticsearch", + "elasticsearch-logging": "org.elasticsearch", + "elasticsearch-lz4": "org.elasticsearch", + "elasticsearch-mapper-attachments": "org.elasticsearch", + "elasticsearch-nio": "org.elasticsearch", + "elasticsearch-parent": "org.elasticsearch", + "elasticsearch-plugin-analysis-api": "org.elasticsearch", + "elasticsearch-plugin-api": "org.elasticsearch", + "elasticsearch-plugin-classloader": "org.elasticsearch", + "elasticsearch-plugin-scanner": "org.elasticsearch", + "elasticsearch-preallocate": "org.elasticsearch", + "elasticsearch-repository-hdfs": "org.elasticsearch", + "elasticsearch-river-couchdb": "org.elasticsearch", + "elasticsearch-river-rabbitmq": "org.elasticsearch", + "elasticsearch-river-twitter": "org.elasticsearch", + "elasticsearch-river-wikipedia": "org.elasticsearch", + "elasticsearch-secure-sm": "org.elasticsearch", + "elasticsearch-spark-1.2": "org.elasticsearch", + "elasticsearch-spark-1.2_2.10": "org.elasticsearch", + "elasticsearch-spark-1.2_2.11": "org.elasticsearch", + "elasticsearch-spark-13_2.10": "org.elasticsearch", + "elasticsearch-spark-13_2.11": "org.elasticsearch", + "elasticsearch-spark-20_2.10": "org.elasticsearch", + "elasticsearch-spark-20_2.11": "org.elasticsearch", + "elasticsearch-spark-20_2.12": "org.elasticsearch", + "elasticsearch-spark-30_2.12": "org.elasticsearch", + "elasticsearch-spark-30_2.13": "org.elasticsearch", + "elasticsearch-spark_2.10": "org.elasticsearch", + "elasticsearch-spark_2.11": "org.elasticsearch", + "elasticsearch-ssl-config": "org.elasticsearch", + "elasticsearch-storm": "org.elasticsearch", + "elasticsearch-tdigest": "org.elasticsearch", + "elasticsearch-transport-memcached": "org.elasticsearch", + "elasticsearch-transport-thrift": "org.elasticsearch", + "elasticsearch-transport-wares": "org.elasticsearch", + "elasticsearch-x-content": "org.elasticsearch", + "elasticsearch-yarn": "org.elasticsearch", + "elasticsearch-rest-client": "org.elasticsearch.client", + "elasticsearch-rest-client-sniffer": "org.elasticsearch.client", + "elasticsearch-rest-high-level-client": "org.elasticsearch.client", + "spring": "org.springframework", + "spring-agent": "org.springframework", + "spring-aop": "org.springframework", + "spring-asm": "org.springframework", + "spring-aspects": "org.springframework", + "spring-beandoc": "org.springframework", + "spring-beans": "org.springframework", + "spring-context": "org.springframework", + "spring-context-indexer": "org.springframework", + "spring-context-support": "org.springframework", + "spring-core": "org.springframework", + "spring-core-test": "org.springframework", + "spring-dao": "org.springframework", + "spring-expression": "org.springframework", + "spring-framework-bom": "org.springframework", + "spring-full": "org.springframework", + "spring-hibernate": "org.springframework", + "spring-hibernate2": "org.springframework", + "spring-hibernate3": "org.springframework", + "spring-ibatis": "org.springframework", + "spring-instrument": "org.springframework", + "spring-instrument-tomcat": "org.springframework", + "spring-jca": "org.springframework", + "spring-jcl": "org.springframework", + "spring-jdbc": "org.springframework", + "spring-jdo": "org.springframework", + "spring-jms": "org.springframework", + "spring-jmx": "org.springframework", + "spring-jpa": "org.springframework", + "spring-ldap": "org.springframework", + "spring-messaging": "org.springframework", + "spring-mock": "org.springframework", + "spring-ojb": "org.springframework", + "spring-orm": "org.springframework", + "spring-oxm": "org.springframework", + "spring-parent": "org.springframework", + "spring-portlet": "org.springframework", + "spring-r2dbc": "org.springframework", + "spring-remoting": "org.springframework", + "spring-struts": "org.springframework", + "spring-support": "org.springframework", + "spring-test": "org.springframework", + "spring-tomcat-weaver": "org.springframework", + "spring-toplink": "org.springframework", + "spring-tuple": "org.springframework", + "spring-tuple-parent": "org.springframework", + "spring-tx": "org.springframework", + "spring-web": "org.springframework", + "spring-webflux": "org.springframework", + "spring-webmvc": "org.springframework", + "spring-webmvc-portlet": "org.springframework", + "spring-webmvc-struts": "org.springframework", + "spring-websocket": "org.springframework", + "spring-amqp": "org.springframework.amqp", + "spring-amqp-bom": "org.springframework.amqp", + "spring-amqp-dist": "org.springframework.amqp", + "spring-amqp-parent": "org.springframework.amqp", + "spring-erlang": "org.springframework.amqp", + "spring-rabbit": "org.springframework.amqp", + "spring-rabbit-junit": "org.springframework.amqp", + "spring-rabbit-stream": "org.springframework.amqp", + "spring-rabbit-test": "org.springframework.amqp", + "spring-analytics": "org.springframework.analytics", + "spring-batch": "org.springframework.batch", + "spring-batch-admin-manager": "org.springframework.batch", + "spring-batch-admin-parent": "org.springframework.batch", + "spring-batch-admin-resources": "org.springframework.batch", + "spring-batch-archetypes": "org.springframework.batch", + "spring-batch-bom": "org.springframework.batch", + "spring-batch-core": "org.springframework.batch", + "spring-batch-docs": "org.springframework.batch", + "spring-batch-infrastructure": "org.springframework.batch", + "spring-batch-infrastructure-tests": "org.springframework.batch", + "spring-batch-integration": "org.springframework.batch", + "spring-batch-parent": "org.springframework.batch", + "spring-batch-samples": "org.springframework.batch", + "spring-batch-test": "org.springframework.batch", + "spring-batch-tuple": "org.springframework.batch", + "spring-boot": "org.springframework.boot", + "spring-boot-actuator": "org.springframework.boot", + "spring-boot-actuator-autoconfigure": "org.springframework.boot", + "spring-boot-actuator-docs": "org.springframework.boot", + "spring-boot-antlib": "org.springframework.boot", + "spring-boot-archetypes": "org.springframework.boot", + "spring-boot-autoconfigure": "org.springframework.boot", + "spring-boot-autoconfigure-processor": "org.springframework.boot", + "spring-boot-build": "org.springframework.boot", + "spring-boot-buildpack-platform": "org.springframework.boot", + "spring-boot-cli": "org.springframework.boot", + "spring-boot-configuration-metadata": "org.springframework.boot", + "spring-boot-configuration-processor": "org.springframework.boot", + "spring-boot-dependencies": "org.springframework.boot", + "spring-boot-dependency-tools": "org.springframework.boot", + "spring-boot-deployment-test-glassfish": "org.springframework.boot", + "spring-boot-deployment-test-tomcat": "org.springframework.boot", + "spring-boot-deployment-test-tomee": "org.springframework.boot", + "spring-boot-deployment-test-wildfly": "org.springframework.boot", + "spring-boot-deployment-test-wlp": "org.springframework.boot", + "spring-boot-deployment-tests": "org.springframework.boot", + "spring-boot-devtools": "org.springframework.boot", + "spring-boot-devtools-tests": "org.springframework.boot", + "spring-boot-docker-compose": "org.springframework.boot", + "spring-boot-docs": "org.springframework.boot", + "spring-boot-full-build": "org.springframework.boot", + "spring-boot-gradle-plugin": "org.springframework.boot", + "spring-boot-gradle-tests": "org.springframework.boot", + "spring-boot-jarmode-layertools": "org.springframework.boot", + "spring-boot-launch-script-tests": "org.springframework.boot", + "spring-boot-legacy": "org.springframework.boot", + "spring-boot-loader": "org.springframework.boot", + "spring-boot-loader-tools": "org.springframework.boot", + "spring-boot-maven-plugin": "org.springframework.boot", + "spring-boot-parent": "org.springframework.boot", + "spring-boot-project": "org.springframework.boot", + "spring-boot-properties-migrator": "org.springframework.boot", + "spring-boot-sample-actuator-archetype": "org.springframework.boot", + "spring-boot-sample-actuator-log4j-archetype": "org.springframework.boot", + "spring-boot-sample-actuator-noweb-archetype": "org.springframework.boot", + "spring-boot-sample-actuator-ui-archetype": "org.springframework.boot", + "spring-boot-sample-amqp-archetype": "org.springframework.boot", + "spring-boot-sample-aop-archetype": "org.springframework.boot", + "spring-boot-sample-batch-archetype": "org.springframework.boot", + "spring-boot-sample-data-jpa-archetype": "org.springframework.boot", + "spring-boot-sample-data-mongodb-archetype": "org.springframework.boot", + "spring-boot-sample-data-redis-archetype": "org.springframework.boot", + "spring-boot-sample-data-rest-archetype": "org.springframework.boot", + "spring-boot-sample-integration-archetype": "org.springframework.boot", + "spring-boot-sample-jetty-archetype": "org.springframework.boot", + "spring-boot-sample-profile-archetype": "org.springframework.boot", + "spring-boot-sample-secure-archetype": "org.springframework.boot", + "spring-boot-sample-servlet-archetype": "org.springframework.boot", + "spring-boot-sample-simple-archetype": "org.springframework.boot", + "spring-boot-sample-tomcat-archetype": "org.springframework.boot", + "spring-boot-sample-traditional-archetype": "org.springframework.boot", + "spring-boot-sample-web-jsp-archetype": "org.springframework.boot", "spring-boot-sample-web-method-security-archetype": "org.springframework.boot", "spring-boot-sample-web-secure-archetype": "org.springframework.boot", "spring-boot-sample-web-static-archetype": "org.springframework.boot", diff --git a/syft/pkg/cataloger/common/cpe/java_test.go b/syft/pkg/cataloger/common/cpe/java_test.go index 7410fae8a..5609823db 100644 --- a/syft/pkg/cataloger/common/cpe/java_test.go +++ b/syft/pkg/cataloger/common/cpe/java_test.go @@ -161,6 +161,17 @@ func Test_groupIDsFromJavaPackage(t *testing.T) { }, expects: []string{"io.jenkins-ci.plugin.thing"}, }, + { + name: "clean # suffixes", + pkg: pkg.Package{ + Metadata: pkg.JavaArchive{ + PomProperties: &pkg.JavaPomProperties{ + GroupID: "org.elasticsearch.plugin#parent-join;6.8.15", + }, + }, + }, + expects: []string{"org.elasticsearch.plugin"}, + }, { name: "from artifactID", pkg: pkg.Package{