From 2f8a568d4f6138dbab88ab2f788ffe0b6ca3860d Mon Sep 17 00:00:00 2001 From: Alex Goodman Date: Sat, 20 Mar 2021 08:00:08 -0400 Subject: [PATCH 1/2] check for multiple delimiters when parsing pom properties Signed-off-by: Alex Goodman --- syft/cataloger/common/generic_cataloger.go | 2 +- syft/cataloger/java/pom_properties.go | 2 +- syft/cataloger/java/pom_properties_test.go | 34 ++++++++++++++++--- ...colon-delimited-with-equals.pom.properties | 5 +++ .../pom/colon-delimited.pom.properties | 5 +++ ...quals-delimited-with-colons.pom.properties | 5 +++ .../test-fixtures/pom/small.pom.properties | 4 +-- syft/source/location.go | 20 +++++++++++ 8 files changed, 68 insertions(+), 9 deletions(-) create mode 100644 syft/cataloger/java/test-fixtures/pom/colon-delimited-with-equals.pom.properties create mode 100644 syft/cataloger/java/test-fixtures/pom/colon-delimited.pom.properties create mode 100644 syft/cataloger/java/test-fixtures/pom/equals-delimited-with-colons.pom.properties diff --git a/syft/cataloger/common/generic_cataloger.go b/syft/cataloger/common/generic_cataloger.go index 7fed2888d..c4783b176 100644 --- a/syft/cataloger/common/generic_cataloger.go +++ b/syft/cataloger/common/generic_cataloger.go @@ -104,7 +104,7 @@ func (c *GenericCataloger) catalog(contents map[source.Location]io.ReadCloser) ( entries, err := parser(location.RealPath, content) if err != nil { // TODO: should we fail? or only log? - log.Warnf("cataloger '%s' failed to parse entries (location=%+v): %+v", c.upstreamCataloger, location, err) + log.Warnf("cataloger '%s' failed to parse entries (%+v): %+v", c.upstreamCataloger, location, err) continue } diff --git a/syft/cataloger/java/pom_properties.go b/syft/cataloger/java/pom_properties.go index 2880f59f6..93ccec636 100644 --- a/syft/cataloger/java/pom_properties.go +++ b/syft/cataloger/java/pom_properties.go @@ -24,7 +24,7 @@ func parsePomProperties(path string, reader io.Reader) (*pkg.PomProperties, erro continue } - idx := strings.Index(line, "=") + idx := strings.IndexAny(line, "=:") if idx == -1 { return nil, fmt.Errorf("unable to split pom.properties key-value pairs: %q", line) } diff --git a/syft/cataloger/java/pom_properties_test.go b/syft/cataloger/java/pom_properties_test.go index 794264164..59d433bb4 100644 --- a/syft/cataloger/java/pom_properties_test.go +++ b/syft/cataloger/java/pom_properties_test.go @@ -11,11 +11,9 @@ import ( func TestParseJavaPomProperties(t *testing.T) { tests := []struct { - fixture string expected pkg.PomProperties }{ { - fixture: "test-fixtures/pom/small.pom.properties", expected: pkg.PomProperties{ Path: "test-fixtures/pom/small.pom.properties", GroupID: "org.anchore", @@ -25,7 +23,6 @@ func TestParseJavaPomProperties(t *testing.T) { }, }, { - fixture: "test-fixtures/pom/extra.pom.properties", expected: pkg.PomProperties{ Path: "test-fixtures/pom/extra.pom.properties", GroupID: "org.anchore", @@ -38,11 +35,38 @@ func TestParseJavaPomProperties(t *testing.T) { }, }, }, + { + expected: pkg.PomProperties{ + Path: "test-fixtures/pom/colon-delimited.pom.properties", + GroupID: "org.anchore", + ArtifactID: "example-java-app-maven", + Version: "0.1.0", + Extra: map[string]string{}, + }, + }, + { + expected: pkg.PomProperties{ + Path: "test-fixtures/pom/equals-delimited-with-colons.pom.properties", + GroupID: "org.anchore", + ArtifactID: "example-java:app-maven", + Version: "0.1.0:something", + Extra: map[string]string{}, + }, + }, + { + expected: pkg.PomProperties{ + Path: "test-fixtures/pom/colon-delimited-with-equals.pom.properties", + GroupID: "org.anchore", + ArtifactID: "example-java=app-maven", + Version: "0.1.0=something", + Extra: map[string]string{}, + }, + }, } for _, test := range tests { - t.Run(test.fixture, func(t *testing.T) { - fixture, err := os.Open(test.fixture) + t.Run(test.expected.Path, func(t *testing.T) { + fixture, err := os.Open(test.expected.Path) if err != nil { t.Fatalf("could not open fixture: %+v", err) } diff --git a/syft/cataloger/java/test-fixtures/pom/colon-delimited-with-equals.pom.properties b/syft/cataloger/java/test-fixtures/pom/colon-delimited-with-equals.pom.properties new file mode 100644 index 000000000..a189c75a6 --- /dev/null +++ b/syft/cataloger/java/test-fixtures/pom/colon-delimited-with-equals.pom.properties @@ -0,0 +1,5 @@ +#Generated by Maven +#Tue Jul 07 18:59:56 GMT 2020 +groupId:org.anchore +artifactId: example-java=app-maven +version: 0.1.0=something diff --git a/syft/cataloger/java/test-fixtures/pom/colon-delimited.pom.properties b/syft/cataloger/java/test-fixtures/pom/colon-delimited.pom.properties new file mode 100644 index 000000000..4069b275c --- /dev/null +++ b/syft/cataloger/java/test-fixtures/pom/colon-delimited.pom.properties @@ -0,0 +1,5 @@ +#Generated by Maven +#Tue Jul 07 18:59:56 GMT 2020 +groupId:org.anchore +artifactId: example-java-app-maven +version: 0.1.0 diff --git a/syft/cataloger/java/test-fixtures/pom/equals-delimited-with-colons.pom.properties b/syft/cataloger/java/test-fixtures/pom/equals-delimited-with-colons.pom.properties new file mode 100644 index 000000000..7cea7ae6a --- /dev/null +++ b/syft/cataloger/java/test-fixtures/pom/equals-delimited-with-colons.pom.properties @@ -0,0 +1,5 @@ +#Generated by Maven +#Tue Jul 07 18:59:56 GMT 2020 +groupId=org.anchore +artifactId= example-java:app-maven +version= 0.1.0:something diff --git a/syft/cataloger/java/test-fixtures/pom/small.pom.properties b/syft/cataloger/java/test-fixtures/pom/small.pom.properties index 2bd19ec8f..93ccac17f 100644 --- a/syft/cataloger/java/test-fixtures/pom/small.pom.properties +++ b/syft/cataloger/java/test-fixtures/pom/small.pom.properties @@ -1,5 +1,5 @@ #Generated by Maven #Tue Jul 07 18:59:56 GMT 2020 groupId=org.anchore -artifactId=example-java-app-maven -version=0.1.0 +artifactId= example-java-app-maven +version= 0.1.0 diff --git a/syft/source/location.go b/syft/source/location.go index cec2a80d7..50083166a 100644 --- a/syft/source/location.go +++ b/syft/source/location.go @@ -1,6 +1,8 @@ package source import ( + "fmt" + "github.com/anchore/syft/internal/log" "github.com/anchore/stereoscope/pkg/file" @@ -42,3 +44,21 @@ func NewLocationFromImage(virtualPath string, ref file.Reference, img *image.Ima ref: ref, } } + +func (l Location) String() string { + str := "" + if l.ref.ID() != 0 { + str += fmt.Sprintf("id=%d ", l.ref.ID()) + } + + str += fmt.Sprintf("RealPath=%q", l.RealPath) + + if l.VirtualPath != "" { + str += fmt.Sprintf(" VirtualPath=%q", l.VirtualPath) + } + + if l.FileSystemID != "" { + str += fmt.Sprintf(" Layer=%q", l.FileSystemID) + } + return fmt.Sprintf("Location<%s>", str) +} From e9e9fe6d9c73e46200ad47aba09bba4a9bb22f76 Mon Sep 17 00:00:00 2001 From: Alex Goodman Date: Sat, 20 Mar 2021 08:08:46 -0400 Subject: [PATCH 2/2] prefer warnings over errors when parsing java manifests and pom properties Signed-off-by: Alex Goodman --- syft/cataloger/java/archive_parser.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/syft/cataloger/java/archive_parser.go b/syft/cataloger/java/archive_parser.go index 7b103e9b8..05446ae08 100644 --- a/syft/cataloger/java/archive_parser.go +++ b/syft/cataloger/java/archive_parser.go @@ -142,7 +142,8 @@ func (j *archiveParser) discoverMainPackage() (*pkg.Package, error) { manifestContents := contents[manifestMatches[0]] manifest, err := parseJavaManifest(j.archivePath, strings.NewReader(manifestContents)) if err != nil { - return nil, fmt.Errorf("failed to parse java manifest (%s): %w", j.virtualPath, err) + log.Warnf("failed to parse java manifest (%s): %+v", j.virtualPath, err) + return nil, nil } return &pkg.Package{ @@ -175,7 +176,8 @@ func (j *archiveParser) discoverPkgsFromPomProperties(parentPkg *pkg.Package) ([ for propsPath, propsContents := range contents { propsObj, err := parsePomProperties(propsPath, strings.NewReader(propsContents)) if err != nil { - return nil, fmt.Errorf("failed to parse pom.properties (%s): %w", j.virtualPath, err) + log.Warnf("failed to parse pom.properties (%s): %+v", j.virtualPath, err) + continue } if propsObj == nil {