oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2026-02-13 19:16:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Preserve syft IDs on SBOM decode (#963)

Browse Source
This commit is contained in:
Alex Goodman 2022-04-18 14:10:55 -04:00 committed by GitHub
parent 248023baaf
commit 172ecc0d77
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
internal/formats/syftjson/to_syft_model.go
View File

@ -177,8 +177,12 @@ func toSyftPackage(p model.Package, idAliases map[string]string) pkg.Package {
Metadata: p.Metadata, Metadata: p.Metadata,
} }
out.SetID() // we don't know if this package ID is truly unique, however, we need to trust the user input in case there are
// external references to it. That is, we can't derive our own ID (using pkg.SetID()) since consumers won't
// be able to historically interact with data that references the IDs from the original SBOM document being decoded now.
out.OverrideID(artifact.ID(p.ID))
// this alias mapping is currently defunct, but could be useful in the future.
id := string(out.ID()) id := string(out.ID())
if id != p.ID { if id != p.ID {
idAliases[p.ID] = id idAliases[p.ID] = id

4
syft/pkg/package.go
View File

@ -28,6 +28,10 @@ type Package struct {
Metadata interface{} // additional data found while parsing the package source Metadata interface{} // additional data found while parsing the package source
} }
func (p *Package) OverrideID(id artifact.ID) {
p.id = id
}
func (p *Package) SetID() { func (p *Package) SetID() {
id, err := artifact.IDByHash(p) id, err := artifact.IDByHash(p)
if err != nil { if err != nil {