From 1217ed2307657888f779e652629080c3f5fc064c Mon Sep 17 00:00:00 2001 From: Will Murphy Date: Wed, 27 Sep 2023 17:24:08 -0400 Subject: [PATCH] WIP: possible improvement to group ID guessing Signed-off-by: Will Murphy --- syft/pkg/cataloger/common/cpe/java.go | 43 +++- syft/pkg/cataloger/java/package_url.go | 8 +- test/integration/java_purl_test.go | 202 +++++++++--------- .../image-test-java-purls/Dockerfile | 1 + 4 files changed, 145 insertions(+), 109 deletions(-) diff --git a/syft/pkg/cataloger/common/cpe/java.go b/syft/pkg/cataloger/common/cpe/java.go index c8bde9f77..a2d0b236c 100644 --- a/syft/pkg/cataloger/common/cpe/java.go +++ b/syft/pkg/cataloger/common/cpe/java.go @@ -255,7 +255,7 @@ func groupIDsFromJavaManifest(pkgName string, manifest *pkg.JavaManifest) []stri } // try the common manifest fields first for a set of candidates - groupIDs := GetManifestFieldGroupIDs(manifest, PrimaryJavaManifestGroupIDFields) + groupIDs := GetManifestFieldGroupIDs(manifest, PrimaryJavaManifestGroupIDFields, pkgName) if len(groupIDs) != 0 { return groupIDs @@ -266,21 +266,53 @@ func groupIDsFromJavaManifest(pkgName string, manifest *pkg.JavaManifest) []stri // for more info see pkg:maven/commons-io/commons-io@2.8.0 within cloudbees/cloudbees-core-mm:2.263.4.2 // at /usr/share/jenkins/jenkins.war:WEB-INF/plugins/analysis-model-api.hpi:WEB-INF/lib/commons-io-2.8.0.jar // as well as the ant package from cloudbees/cloudbees-core-mm:2.277.2.4-ra. - return GetManifestFieldGroupIDs(manifest, SecondaryJavaManifestGroupIDFields) + return GetManifestFieldGroupIDs(manifest, SecondaryJavaManifestGroupIDFields, pkgName) } -func GetManifestFieldGroupIDs(manifest *pkg.JavaManifest, fields []string) (groupIDs []string) { +func GetManifestFieldGroupIDs(manifest *pkg.JavaManifest, fields []string, packageName string) (groupIDs []string) { if manifest == nil { return nil } + var sectionNames []string + for section := range manifest.NamedSections { + sectionNames = append(sectionNames, section) + } + // create prioritized list of section names + // prefer named sections that have the fields we want + sort.Slice(sectionNames, func(i, j int) bool { + iName := sectionNames[i] + jName := sectionNames[j] + if strings.Contains(iName, packageName) && !strings.Contains(jName, packageName) { + return true + } + if strings.Contains(jName, packageName) && !strings.Contains(iName, packageName) { + return false + } + iSec := manifest.NamedSections[sectionNames[i]] + jSec := manifest.NamedSections[sectionNames[j]] + for _, name := range fields { + _, iSectionHasField := iSec[name] + _, jSectionHasField := jSec[name] + if iSectionHasField && !jSectionHasField { + return true + } + if jSectionHasField && !iSectionHasField { + return false + } + } + return sectionNames[i] < sectionNames[j] + }) for _, name := range fields { if value, exists := manifest.Main[name]; exists { if startsWithTopLevelDomain(value) { groupIDs = append(groupIDs, cleanGroupID(value)) + //return []string{value} } } - for _, section := range manifest.NamedSections { + // iterating map is non-deterministic + for _, sName := range sectionNames { + section := manifest.NamedSections[sName] if value, exists := section[name]; exists { if startsWithTopLevelDomain(value) { groupIDs = append(groupIDs, cleanGroupID(value)) @@ -288,7 +320,8 @@ func GetManifestFieldGroupIDs(manifest *pkg.JavaManifest, fields []string) (grou } } } - sort.Strings(groupIDs) + // Workaround to get rid of + //sort.Strings(groupIDs) return groupIDs } diff --git a/syft/pkg/cataloger/java/package_url.go b/syft/pkg/cataloger/java/package_url.go index df1baf791..34ed52c0e 100644 --- a/syft/pkg/cataloger/java/package_url.go +++ b/syft/pkg/cataloger/java/package_url.go @@ -45,7 +45,7 @@ func groupIDFromJavaMetadata(pkgName string, metadata pkg.JavaMetadata) (groupID return groupID } - if groupID = groupIDFromJavaManifest(metadata.Manifest); groupID != "" { + if groupID = groupIDFromJavaManifest(metadata.Manifest, pkgName); groupID != "" { return groupID } @@ -59,18 +59,18 @@ func groupIDFromKnownPackageList(pkgName string) (groupID string) { return groupID } -func groupIDFromJavaManifest(manifest *pkg.JavaManifest) (groupID string) { +func groupIDFromJavaManifest(manifest *pkg.JavaManifest, pkgName string) (groupID string) { if manifest == nil { return groupID } - groupIDS := cpe.GetManifestFieldGroupIDs(manifest, cpe.PrimaryJavaManifestGroupIDFields) + groupIDS := cpe.GetManifestFieldGroupIDs(manifest, cpe.PrimaryJavaManifestGroupIDFields, pkgName) // assumes that primaryJavaManifestNameFields are ordered by priority if len(groupIDS) != 0 { return groupIDS[0] } - groupIDS = cpe.GetManifestFieldGroupIDs(manifest, cpe.SecondaryJavaManifestGroupIDFields) + groupIDS = cpe.GetManifestFieldGroupIDs(manifest, cpe.SecondaryJavaManifestGroupIDFields, pkgName) if len(groupIDS) != 0 { return groupIDS[0] diff --git a/test/integration/java_purl_test.go b/test/integration/java_purl_test.go index 15ed6dd0d..6fbfa7948 100644 --- a/test/integration/java_purl_test.go +++ b/test/integration/java_purl_test.go @@ -94,104 +94,106 @@ var expectedPURLs = map[string]string{ "guava@r06": "pkg:maven/com.google.guava/guava@r06", "httpclient@4.1.1": "pkg:maven/org.apache.httpcomponents/httpclient@4.1.1", "httpcore@4.1": "pkg:maven/org.apache.httpcomponents/httpcore@4.1", - "hudson-cli@": "pkg:maven/hudson-cli/hudson-cli", - "hudson-core@1.390": "pkg:maven/org.jvnet.hudson.main/hudson-core@1.390", - "hudson-war@1.390": "pkg:maven/org.jvnet.hudson.main/hudson-war@1.390", - "j-interop@2.0.5": "pkg:maven/j-interop/j-interop@2.0.5", - "j-interopdeps@2.0.5": "pkg:maven/j-interopdeps/j-interopdeps@2.0.5", - "jaxen@1.1-beta-11": "pkg:maven/org.jaxen/jaxen@1.1-beta-11", - "jcaptcha-all@1.0-RC6": "pkg:maven/jcaptcha-all/jcaptcha-all@1.0-RC6", - "jcifs@1.3.14-kohsuke-1": "pkg:maven/org.samba.jcifs/jcifs@1.3.14-kohsuke-1", - "jcommon@1.0.12": "pkg:maven/jfree/jcommon@1.0.12", - "jfreechart@1.0.9": "pkg:maven/jfreechart/jfreechart@1.0.9", - "jinterop-proxy@1.1": "pkg:maven/org.kohsuke.jinterop/jinterop-proxy@1.1", - "jinterop-wmi@1.0": "pkg:maven/org.jvnet.hudson/jinterop-wmi@1.0", - "jline@0.9.94": "pkg:maven/jline/jline@0.9.94", - "jmdns@3.1.6-hudson-2": "pkg:maven/com.strangeberry.jmdns.tools.Main/jmdns@3.1.6-hudson-2", - "jna-posix@1.0.3": "pkg:maven/org.jruby.ext.posix/jna-posix@1.0.3", - "jna@3.2.4": "pkg:maven/com.sun.jna/jna@3.2.4", - "jsch@0.1.27": "pkg:maven/jsch/jsch@0.1.27", - "json-lib@2.1-rev6": "pkg:maven/json-lib/json-lib@2.1-rev6", - "json@20200518": "pkg:maven/org.json/json@20200518", - "jstl@1.1.0": "pkg:maven/com.sun/jstl@1.1.0", - "jtidy@4aug2000r7-dev-hudson-1": "pkg:maven/jtidy/jtidy@4aug2000r7-dev-hudson-1", - "junit@4.13.1": "pkg:maven/junit/junit@4.13.1", - "kotlin-stdlib-common@1.3.70": "pkg:maven/kotlin-stdlib-common/kotlin-stdlib-common@1.3.70", - "kotlin-stdlib@1.3.70": "pkg:maven/kotlin-stdlib/kotlin-stdlib@1.3.70", - "libpam4j@1.2": "pkg:maven/org.jvnet.libpam4j/libpam4j@1.2", - "libzfs@0.5": "pkg:maven/org.jvnet.libzfs/libzfs@0.5", - "localizer@1.10": "pkg:maven/org.jvnet.localizer/localizer@1.10", - "log4j@1.2.9": "pkg:maven/log4j/log4j@1.2.9", - "logkit@1.0.1": "pkg:maven/logkit/logkit@1.0.1", - "mail@1.4": "pkg:maven/com.sun/mail@1.4", - "maven-agent@1.390": "pkg:maven/org.jvnet.hudson.main/maven-agent@1.390", - "maven-artifact-manager@2.0.9": "pkg:maven/org.apache.maven/maven-artifact-manager@2.0.9", - "maven-artifact@2.0.9": "pkg:maven/org.apache.maven/maven-artifact@2.0.9", - "maven-core@2.0.9": "pkg:maven/org.apache.maven/maven-core@2.0.9", - "maven-embedder@2.0.4": "pkg:maven/org.apache.maven/maven-embedder@2.0.4", - "maven-embedder@2.0.4-hudson-1": "pkg:maven/org.jvnet.hudson/maven-embedder@2.0.4-hudson-1", - "maven-error-diagnostics@2.0.9": "pkg:maven/org.apache.maven/maven-error-diagnostics@2.0.9", - "maven-interceptor@1.390": "pkg:maven/org.jvnet.hudson.main/maven-interceptor@1.390", - "maven-model@2.0.9": "pkg:maven/org.apache.maven/maven-model@2.0.9", - "maven-monitor@2.0.9": "pkg:maven/org.apache.maven/maven-monitor@2.0.9", - "maven-plugin-api@2.0.9": "pkg:maven/org.apache.maven/maven-plugin-api@2.0.9", - "maven-plugin-descriptor@2.0.9": "pkg:maven/org.apache.maven/maven-plugin-descriptor@2.0.9", - "maven-plugin-parameter-documenter@2.0.9": "pkg:maven/org.apache.maven/maven-plugin-parameter-documenter@2.0.9", - "maven-plugin-registry@2.0.9": "pkg:maven/org.apache.maven/maven-plugin-registry@2.0.9", - "maven-plugin@1.390": "pkg:maven/org.jvnet.hudson.main/maven-plugin@1.390", - "maven-profile@2.0.9": "pkg:maven/org.apache.maven/maven-profile@2.0.9", - "maven-project@2.0.9": "pkg:maven/org.apache.maven/maven-project@2.0.9", - "maven-reporting-api@2.0.9": "pkg:maven/org.apache.maven.reporting/maven-reporting-api@2.0.9", - "maven-repository-metadata@2.0.9": "pkg:maven/org.apache.maven/maven-repository-metadata@2.0.9", - "maven-settings@2.0.9": "pkg:maven/org.apache.maven/maven-settings@2.0.9", - "maven2.1-interceptor@1.2": "pkg:maven/org.jvnet.hudson/maven2.1-interceptor@1.2", - "memory-monitor@1.3": "pkg:maven/org.jvnet.hudson/memory-monitor@1.3", - "nomad@0.7.4": "pkg:maven/org.jenkins-ci.plugins/nomad@0.7.4", - "okhttp@4.5.0": "pkg:maven/com.squareup.okhttp3/okhttp@4.5.0", - "okio@2.5.0": "pkg:maven/com.squareup.okio/okio@2.5.0", - "oro@2.0.8": "pkg:maven/org.apache.oro/oro@2.0.8", - "plexus-container-default@1.0-alpha-9-stable-1": "pkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-9-stable-1", - "plexus-interactivity-api@1.0-alpha-4": "pkg:maven/org.codehaus.plexus/plexus-interactivity-api@1.0-alpha-4", - "plexus-utils@1.5.1": "pkg:maven/org.codehaus.plexus/plexus-utils@1.5.1", - "remoting@1.390": "pkg:maven/org.jvnet.hudson.main/remoting@1.390", - "robust-http-client@1.1": "pkg:maven/org.jvnet.robust-http-client/robust-http-client@1.1", - "sdk@3.0": "pkg:maven/sdk/sdk@3.0", - "sezpoz@1.7": "pkg:maven/net.java.sezpoz/sezpoz@1.7", - "slave@": "pkg:maven/slave/slave", - "slide-webdavlib@2.1": "pkg:maven/slide-webdavlib/slide-webdavlib@2.1", - "spring-aop@2.5": "pkg:maven/org.springframework.bundle.spring.aop/spring-aop@2.5", - "spring-beans@2.5": "pkg:maven/org.springframework/spring-beans@2.5", - "spring-context@2.5": "pkg:maven/org.springframework.bundle.spring.context/spring-context@2.5", - "spring-core@2.5": "pkg:maven/org.springframework/spring-core@2.5", - "spring-dao@1.2.9": "pkg:maven/spring-dao/spring-dao@1.2.9", - "spring-jdbc@1.2.9": "pkg:maven/spring-jdbc/spring-jdbc@1.2.9", - "spring-web@2.5": "pkg:maven/org.springframework/spring-web@2.5", - "ssh-slaves@0.14": "pkg:maven/org.jvnet.hudson.plugins/ssh-slaves@0.14", - "stapler-adjunct-timeline@1.2": "pkg:maven/org.kohsuke.stapler/stapler-adjunct-timeline@1.2", - "stapler-jelly@1.155": "pkg:maven/org.kohsuke.stapler/stapler-jelly@1.155", - "stapler@1.155": "pkg:maven/org.kohsuke.stapler/stapler@1.155", - "stax-api@1.0.1": "pkg:maven/stax-api/stax-api@1.0.1", - "subversion@1.20": "pkg:maven/org.jvnet.hudson.plugins/subversion@1.20", - "svnkit@1.3.4-hudson-2": "pkg:maven/svnkit/svnkit@1.3.4-hudson-2", - "task-reactor@1.2": "pkg:maven/org.jvnet.hudson/task-reactor@1.2", - "tiger-types@1.3": "pkg:maven/org.jvnet/tiger-types@1.3", - "trilead-putty-extension@1.0": "pkg:maven/org.kohsuke/trilead-putty-extension@1.0", - "trilead-ssh2@build212-hudson-5": "pkg:maven/org.jvnet.hudson/trilead-ssh2@build212-hudson-5", - "txw2@20070624": "pkg:maven/txw2/txw2@20070624", - "wagon-file@1.0-beta-2": "pkg:maven/org.apache.maven.wagon/wagon-file@1.0-beta-2", - "wagon-http-lightweight@1.0-beta-2": "pkg:maven/org.apache.maven.wagon/wagon-http-lightweight@1.0-beta-2", - "wagon-http-shared@1.0-beta-2": "pkg:maven/org.apache.maven.wagon/wagon-http-shared@1.0-beta-2", - "wagon-provider-api@1.0-beta-2": "pkg:maven/org.apache.maven.wagon/wagon-provider-api@1.0-beta-2", - "wagon-ssh-common@1.0-beta-2": "pkg:maven/org.apache.maven.wagon/wagon-ssh-common@1.0-beta-2", - "wagon-ssh-external@1.0-beta-2": "pkg:maven/org.apache.maven.wagon/wagon-ssh-external@1.0-beta-2", - "wagon-ssh@1.0-beta-2": "pkg:maven/org.apache.maven.wagon/wagon-ssh@1.0-beta-2", - "wagon-webdav@1.0-beta-2-hudson-1": "pkg:maven/org.jvnet.hudson/wagon-webdav@1.0-beta-2-hudson-1", - "windows-remote-command@1.0": "pkg:maven/org.jvnet.hudson/windows-remote-command@1.0", - "winp@1.14": "pkg:maven/org.jvnet.winp/winp@1.14", - "winstone@0.9.10-hudson-24": "pkg:maven/org.jvnet.hudson.winstone/winstone@0.9.10-hudson-24", - "wstx-asl@3.2.7": "pkg:maven/wstx-asl/wstx-asl@3.2.7", - "xml-im-exporter@1.1": "pkg:maven/xml-im-exporter/xml-im-exporter@1.1", - "xpp3@1.1.4c": "pkg:maven/xpp3/xpp3@1.1.4c", - "xpp3_min@1.1.4c": "pkg:maven/xpp3_min/xpp3_min@1.1.4c", - "xstream@1.3.1-hudson-8": "pkg:maven/org.jvnet.hudson/xstream@1.3.1-hudson-8", + // TODO: are there duplicate hudson-cli packages? + "hudson-cli@": "pkg:maven/hudson-cli/hudson-cli", + "hudson-core@1.390": "pkg:maven/org.jvnet.hudson.main/hudson-core@1.390", + "hudson-war@1.390": "pkg:maven/org.jvnet.hudson.main/hudson-war@1.390", + "j-interop@2.0.5": "pkg:maven/j-interop/j-interop@2.0.5", + "j-interopdeps@2.0.5": "pkg:maven/j-interopdeps/j-interopdeps@2.0.5", + "jaxen@1.1-beta-11": "pkg:maven/org.jaxen/jaxen@1.1-beta-11", + "jcaptcha-all@1.0-RC6": "pkg:maven/jcaptcha-all/jcaptcha-all@1.0-RC6", + "jcifs@1.3.14-kohsuke-1": "pkg:maven/org.samba.jcifs/jcifs@1.3.14-kohsuke-1", + "jcommon@1.0.12": "pkg:maven/jfree/jcommon@1.0.12", + "jdom@1.1": "pkg:maven/org.jdom/jdom@1.1", + "jfreechart@1.0.9": "pkg:maven/jfreechart/jfreechart@1.0.9", + "jinterop-proxy@1.1": "pkg:maven/org.kohsuke.jinterop/jinterop-proxy@1.1", + "jinterop-wmi@1.0": "pkg:maven/org.jvnet.hudson/jinterop-wmi@1.0", + "jline@0.9.94": "pkg:maven/jline/jline@0.9.94", + "jmdns@3.1.6-hudson-2": "pkg:maven/com.strangeberry.jmdns.tools.Main/jmdns@3.1.6-hudson-2", + "jna-posix@1.0.3": "pkg:maven/org.jruby.ext.posix/jna-posix@1.0.3", + "jna@3.2.4": "pkg:maven/com.sun.jna/jna@3.2.4", + "jsch@0.1.27": "pkg:maven/jsch/jsch@0.1.27", + "json-lib@2.1-rev6": "pkg:maven/json-lib/json-lib@2.1-rev6", + "json@20200518": "pkg:maven/org.json/json@20200518", + "jstl@1.1.0": "pkg:maven/com.sun/jstl@1.1.0", + "jtidy@4aug2000r7-dev-hudson-1": "pkg:maven/jtidy/jtidy@4aug2000r7-dev-hudson-1", + "junit@4.13.1": "pkg:maven/junit/junit@4.13.1", + "kotlin-stdlib-common@1.3.70": "pkg:maven/kotlin-stdlib-common/kotlin-stdlib-common@1.3.70", + "kotlin-stdlib@1.3.70": "pkg:maven/kotlin-stdlib/kotlin-stdlib@1.3.70", + "libpam4j@1.2": "pkg:maven/org.jvnet.libpam4j/libpam4j@1.2", + "libzfs@0.5": "pkg:maven/org.jvnet.libzfs/libzfs@0.5", + "localizer@1.10": "pkg:maven/org.jvnet.localizer/localizer@1.10", + "log4j@1.2.9": "pkg:maven/log4j/log4j@1.2.9", + "logkit@1.0.1": "pkg:maven/logkit/logkit@1.0.1", + "mail@1.4": "pkg:maven/com.sun/mail@1.4", + "maven-agent@1.390": "pkg:maven/org.jvnet.hudson.main/maven-agent@1.390", + "maven-artifact-manager@2.0.9": "pkg:maven/org.apache.maven/maven-artifact-manager@2.0.9", + "maven-artifact@2.0.9": "pkg:maven/org.apache.maven/maven-artifact@2.0.9", + "maven-core@2.0.9": "pkg:maven/org.apache.maven/maven-core@2.0.9", + "maven-embedder@2.0.4": "pkg:maven/org.apache.maven/maven-embedder@2.0.4", + "maven-embedder@2.0.4-hudson-1": "pkg:maven/org.jvnet.hudson/maven-embedder@2.0.4-hudson-1", + "maven-error-diagnostics@2.0.9": "pkg:maven/org.apache.maven/maven-error-diagnostics@2.0.9", + "maven-interceptor@1.390": "pkg:maven/org.jvnet.hudson.main/maven-interceptor@1.390", + "maven-model@2.0.9": "pkg:maven/org.apache.maven/maven-model@2.0.9", + "maven-monitor@2.0.9": "pkg:maven/org.apache.maven/maven-monitor@2.0.9", + "maven-plugin-api@2.0.9": "pkg:maven/org.apache.maven/maven-plugin-api@2.0.9", + "maven-plugin-descriptor@2.0.9": "pkg:maven/org.apache.maven/maven-plugin-descriptor@2.0.9", + "maven-plugin-parameter-documenter@2.0.9": "pkg:maven/org.apache.maven/maven-plugin-parameter-documenter@2.0.9", + "maven-plugin-registry@2.0.9": "pkg:maven/org.apache.maven/maven-plugin-registry@2.0.9", + "maven-plugin@1.390": "pkg:maven/org.jvnet.hudson.main/maven-plugin@1.390", + "maven-profile@2.0.9": "pkg:maven/org.apache.maven/maven-profile@2.0.9", + "maven-project@2.0.9": "pkg:maven/org.apache.maven/maven-project@2.0.9", + "maven-reporting-api@2.0.9": "pkg:maven/org.apache.maven.reporting/maven-reporting-api@2.0.9", + "maven-repository-metadata@2.0.9": "pkg:maven/org.apache.maven/maven-repository-metadata@2.0.9", + "maven-settings@2.0.9": "pkg:maven/org.apache.maven/maven-settings@2.0.9", + "maven2.1-interceptor@1.2": "pkg:maven/org.jvnet.hudson/maven2.1-interceptor@1.2", + "memory-monitor@1.3": "pkg:maven/org.jvnet.hudson/memory-monitor@1.3", + "nomad@0.7.4": "pkg:maven/org.jenkins-ci.plugins/nomad@0.7.4", + "okhttp@4.5.0": "pkg:maven/com.squareup.okhttp3/okhttp@4.5.0", + "okio@2.5.0": "pkg:maven/com.squareup.okio/okio@2.5.0", + "oro@2.0.8": "pkg:maven/org.apache.oro/oro@2.0.8", + "plexus-container-default@1.0-alpha-9-stable-1": "pkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-9-stable-1", + "plexus-interactivity-api@1.0-alpha-4": "pkg:maven/org.codehaus.plexus/plexus-interactivity-api@1.0-alpha-4", + "plexus-utils@1.5.1": "pkg:maven/org.codehaus.plexus/plexus-utils@1.5.1", + "remoting@1.390": "pkg:maven/org.jvnet.hudson.main/remoting@1.390", + "robust-http-client@1.1": "pkg:maven/org.jvnet.robust-http-client/robust-http-client@1.1", + "sdk@3.0": "pkg:maven/sdk/sdk@3.0", + "sezpoz@1.7": "pkg:maven/net.java.sezpoz/sezpoz@1.7", + "slave@": "pkg:maven/slave/slave", + "slide-webdavlib@2.1": "pkg:maven/slide-webdavlib/slide-webdavlib@2.1", + "spring-aop@2.5": "pkg:maven/org.springframework.bundle.spring.aop/spring-aop@2.5", + "spring-beans@2.5": "pkg:maven/org.springframework/spring-beans@2.5", + "spring-context@2.5": "pkg:maven/org.springframework.bundle.spring.context/spring-context@2.5", + "spring-core@2.5": "pkg:maven/org.springframework/spring-core@2.5", + "spring-dao@1.2.9": "pkg:maven/spring-dao/spring-dao@1.2.9", + "spring-jdbc@1.2.9": "pkg:maven/spring-jdbc/spring-jdbc@1.2.9", + "spring-web@2.5": "pkg:maven/org.springframework/spring-web@2.5", + "ssh-slaves@0.14": "pkg:maven/org.jvnet.hudson.plugins/ssh-slaves@0.14", + "stapler-adjunct-timeline@1.2": "pkg:maven/org.kohsuke.stapler/stapler-adjunct-timeline@1.2", + "stapler-jelly@1.155": "pkg:maven/org.kohsuke.stapler/stapler-jelly@1.155", + "stapler@1.155": "pkg:maven/org.kohsuke.stapler/stapler@1.155", + "stax-api@1.0.1": "pkg:maven/stax-api/stax-api@1.0.1", + "subversion@1.20": "pkg:maven/org.jvnet.hudson.plugins/subversion@1.20", + "svnkit@1.3.4-hudson-2": "pkg:maven/svnkit/svnkit@1.3.4-hudson-2", + "task-reactor@1.2": "pkg:maven/org.jvnet.hudson/task-reactor@1.2", + "tiger-types@1.3": "pkg:maven/org.jvnet/tiger-types@1.3", + "trilead-putty-extension@1.0": "pkg:maven/org.kohsuke/trilead-putty-extension@1.0", + "trilead-ssh2@build212-hudson-5": "pkg:maven/org.jvnet.hudson/trilead-ssh2@build212-hudson-5", + "txw2@20070624": "pkg:maven/txw2/txw2@20070624", + "wagon-file@1.0-beta-2": "pkg:maven/org.apache.maven.wagon/wagon-file@1.0-beta-2", + "wagon-http-lightweight@1.0-beta-2": "pkg:maven/org.apache.maven.wagon/wagon-http-lightweight@1.0-beta-2", + "wagon-http-shared@1.0-beta-2": "pkg:maven/org.apache.maven.wagon/wagon-http-shared@1.0-beta-2", + "wagon-provider-api@1.0-beta-2": "pkg:maven/org.apache.maven.wagon/wagon-provider-api@1.0-beta-2", + "wagon-ssh-common@1.0-beta-2": "pkg:maven/org.apache.maven.wagon/wagon-ssh-common@1.0-beta-2", + "wagon-ssh-external@1.0-beta-2": "pkg:maven/org.apache.maven.wagon/wagon-ssh-external@1.0-beta-2", + "wagon-ssh@1.0-beta-2": "pkg:maven/org.apache.maven.wagon/wagon-ssh@1.0-beta-2", + "wagon-webdav@1.0-beta-2-hudson-1": "pkg:maven/org.jvnet.hudson/wagon-webdav@1.0-beta-2-hudson-1", + "windows-remote-command@1.0": "pkg:maven/org.jvnet.hudson/windows-remote-command@1.0", + "winp@1.14": "pkg:maven/org.jvnet.winp/winp@1.14", + "winstone@0.9.10-hudson-24": "pkg:maven/org.jvnet.hudson.winstone/winstone@0.9.10-hudson-24", + "wstx-asl@3.2.7": "pkg:maven/wstx-asl/wstx-asl@3.2.7", + "xml-im-exporter@1.1": "pkg:maven/xml-im-exporter/xml-im-exporter@1.1", + "xpp3@1.1.4c": "pkg:maven/xpp3/xpp3@1.1.4c", + "xpp3_min@1.1.4c": "pkg:maven/xpp3_min/xpp3_min@1.1.4c", + "xstream@1.3.1-hudson-8": "pkg:maven/org.jvnet.hudson/xstream@1.3.1-hudson-8", } diff --git a/test/integration/test-fixtures/image-test-java-purls/Dockerfile b/test/integration/test-fixtures/image-test-java-purls/Dockerfile index 05545a7ce..bfaa549e2 100644 --- a/test/integration/test-fixtures/image-test-java-purls/Dockerfile +++ b/test/integration/test-fixtures/image-test-java-purls/Dockerfile @@ -1 +1,2 @@ FROM anchore/test_images@sha256:10008791acbc5866de04108746a02a0c4029ce3a4400a9b3dad45d7f2245f9da +RUN wget https://repo1.maven.org/maven2/org/jdom/jdom/1.1/jdom-1.1.jar \ No newline at end of file