From 22f3a29fd779d2f7a7c7f8a2f6ecce67e1416eee Mon Sep 17 00:00:00 2001 From: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com> Date: Fri, 19 Jan 2024 14:12:29 -0500 Subject: [PATCH] fix: remove second call to finalize as the task handles it (#2516) * fix: remove second call to finalize as the task handles it Signed-off-by: Christopher Phillips * test: add test to protect against dupe relationships in final SBOM Signed-off-by: Christopher Phillips --------- Signed-off-by: Christopher Phillips --- syft/create_sbom.go | 3 --- ...ssion_sbom_duplicate_relationships_test.go | 26 +++++++++++++++++++ 2 files changed, 26 insertions(+), 3 deletions(-) create mode 100644 test/integration/regression_sbom_duplicate_relationships_test.go diff --git a/syft/create_sbom.go b/syft/create_sbom.go index 5acf9e501..91eaf8d03 100644 --- a/syft/create_sbom.go +++ b/syft/create_sbom.go @@ -11,7 +11,6 @@ import ( "github.com/wagoodman/go-progress" "github.com/anchore/syft/internal/bus" - "github.com/anchore/syft/internal/relationship" "github.com/anchore/syft/internal/sbomsync" "github.com/anchore/syft/internal/task" "github.com/anchore/syft/syft/artifact" @@ -78,8 +77,6 @@ func CreateSBOM(ctx context.Context, src source.Source, cfg *CreateSBOMConfig) ( packageCatalogingProgress.SetCompleted() catalogingProgress.SetCompleted() - relationship.Finalize(builder, cfg.Relationships, src) - return &s, nil } diff --git a/test/integration/regression_sbom_duplicate_relationships_test.go b/test/integration/regression_sbom_duplicate_relationships_test.go new file mode 100644 index 000000000..1a093cea7 --- /dev/null +++ b/test/integration/regression_sbom_duplicate_relationships_test.go @@ -0,0 +1,26 @@ +package integration + +import ( + "fmt" + "testing" + + "github.com/scylladb/go-set/strset" + + "github.com/anchore/syft/syft/source" +) + +func TestRelationshipsUnique(t *testing.T) { + // This test is to ensure that the relationships are deduplicated in the final SBOM. + // It is not a test of the relationships themselves. + // This test is a regression test for #syft/2509 + sbom, _ := catalogFixtureImage(t, "image-pkg-coverage", source.SquashedScope) + observedRelationships := strset.New() + + for _, rel := range sbom.Relationships { + unique := fmt.Sprintf("%s:%s:%s", rel.From.ID(), rel.To.ID(), rel.Type) + if observedRelationships.Has(unique) { + t.Errorf("duplicate relationship found: %s", unique) + } + observedRelationships.Add(unique) + } +}