From 5af2687022638aeda251a11b2280661e3c290b2f Mon Sep 17 00:00:00 2001 From: Alfredo Deza Date: Thu, 15 Apr 2021 15:57:20 -0400 Subject: [PATCH 1/3] support msrc types Signed-off-by: Alfredo Deza --- syft/distro/type.go | 3 +++ syft/pkg/kb_package_metadata.go | 11 +++++++++++ syft/pkg/metadata.go | 1 + syft/pkg/type.go | 2 ++ 4 files changed, 17 insertions(+) create mode 100644 syft/pkg/kb_package_metadata.go diff --git a/syft/distro/type.go b/syft/distro/type.go index 0dec34d35..607995ede 100644 --- a/syft/distro/type.go +++ b/syft/distro/type.go @@ -18,6 +18,7 @@ const ( ArchLinux Type = "archlinux" OpenSuseLeap Type = "opensuseleap" Photon Type = "photon" + Windows Type = "windows" ) // All contains all Linux distribution options @@ -34,6 +35,7 @@ var All = []Type{ ArchLinux, OpenSuseLeap, Photon, + Windows, } // IDMapping connects a distro ID like "ubuntu" to a Distro type @@ -50,6 +52,7 @@ var IDMapping = map[string]Type{ "arch": ArchLinux, "opensuse-leap": OpenSuseLeap, "photon": Photon, + "windows": Windows, } // String returns the string representation of the given Linux distribution. diff --git a/syft/pkg/kb_package_metadata.go b/syft/pkg/kb_package_metadata.go new file mode 100644 index 000000000..e243712a6 --- /dev/null +++ b/syft/pkg/kb_package_metadata.go @@ -0,0 +1,11 @@ +package pkg + +// KbPackageMetadata is slightly odd in how it is expected to map onto data. +// This is critical to grasp because there is no MSRC cataloger. The `ProductID` +// field is expected to be the MSRC Product ID, for example: +// "Windows 10 Version 1703 for 32-bit Systems". +// `Kb` is expected to be the actual KB number, for example "5001028" +type KbPackageMetadata struct { + ProductID string `toml:"product_id" json:"product_id"` + Kb string `toml:"kb" json:"kb"` +} diff --git a/syft/pkg/metadata.go b/syft/pkg/metadata.go index 1c8268907..884cb06ae 100644 --- a/syft/pkg/metadata.go +++ b/syft/pkg/metadata.go @@ -14,4 +14,5 @@ const ( RpmdbMetadataType MetadataType = "RpmdbMetadata" PythonPackageMetadataType MetadataType = "PythonPackageMetadata" RustCargoPackageMetadataType MetadataType = "RustCargoPackageMetadata" + KbPackageMetadataType MetadataType = "KbPackageMetadata" ) diff --git a/syft/pkg/type.go b/syft/pkg/type.go index 8d193b12a..96c364951 100644 --- a/syft/pkg/type.go +++ b/syft/pkg/type.go @@ -18,6 +18,7 @@ const ( JenkinsPluginPkg Type = "jenkins-plugin" GoModulePkg Type = "go-module" RustPkg Type = "rust-crate" + KbPkg Type = "msrc-kb" ) // AllPkgs represents all supported package types @@ -32,6 +33,7 @@ var AllPkgs = []Type{ JenkinsPluginPkg, GoModulePkg, RustPkg, + KbPkg, } // PackageURLType returns the PURL package type for the current package. From 26007db650c97926e7e9381fe246c9efab3e18b1 Mon Sep 17 00:00:00 2001 From: Alfredo Deza Date: Thu, 15 Apr 2021 16:20:40 -0400 Subject: [PATCH 2/3] manually add msrc as an observed distro Signed-off-by: Alfredo Deza --- syft/distro/identify_test.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/syft/distro/identify_test.go b/syft/distro/identify_test.go index d0d4470ee..f11d74693 100644 --- a/syft/distro/identify_test.go +++ b/syft/distro/identify_test.go @@ -7,6 +7,7 @@ import ( "testing" "github.com/anchore/syft/internal" + "github.com/stretchr/testify/assert" "github.com/anchore/syft/syft/source" ) @@ -88,10 +89,15 @@ func TestIdentifyDistro(t *testing.T) { observedDistros := internal.NewStringSet() definedDistros := internal.NewStringSet() + for _, distroType := range All { definedDistros.Add(string(distroType)) } + // Somewhat cheating with Windows. There is no support for detecting/parsing a Windows OS, so it is not + // possible to comply with this test unless it is added manually to the "observed distros" + definedDistros.Remove(string(Windows)) + for _, test := range tests { t.Run(test.fixture, func(t *testing.T) { s, err := source.NewFromDirectory(test.fixture) @@ -129,9 +135,7 @@ func TestIdentifyDistro(t *testing.T) { return } - if d.Version.String() != test.Version { - t.Errorf("expected distro version doesn't match: %v != %v", d.Version.String(), test.Version) - } + assert.Equal(t, d.Version.String(), test.Version) }) } @@ -145,7 +149,6 @@ func TestIdentifyDistro(t *testing.T) { } t.Errorf("distro coverage incomplete (defined=%d, coverage=%d)", len(definedDistros), len(observedDistros)) } - } func TestParseOsRelease(t *testing.T) { From 4cce32f5c9789a7d11de24b2205b352115d839e3 Mon Sep 17 00:00:00 2001 From: Alfredo Deza Date: Fri, 16 Apr 2021 15:54:28 -0400 Subject: [PATCH 3/3] tests: remove KbPkg from defined pkgs since it isn't parsed Signed-off-by: Alfredo Deza --- test/integration/catalog_packages_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/integration/catalog_packages_test.go b/test/integration/catalog_packages_test.go index 53d6022ea..118c4ad6f 100644 --- a/test/integration/catalog_packages_test.go +++ b/test/integration/catalog_packages_test.go @@ -63,6 +63,7 @@ func TestPkgCoverageImage(t *testing.T) { for _, p := range pkg.AllPkgs { definedPkgs.Add(string(p)) } + definedPkgs.Remove(string(pkg.KbPkg)) var cases []testCase cases = append(cases, commonTestCases...) @@ -189,6 +190,7 @@ func TestPkgCoverageDirectory(t *testing.T) { definedLanguages.Remove(pkg.UnknownLanguage.String()) observedPkgs.Remove(string(pkg.UnknownPkg)) definedPkgs.Remove(string(pkg.UnknownPkg)) + definedPkgs.Remove(string(pkg.KbPkg)) // ensure that integration test commonTestCases stay in sync with the available catalogers if len(observedLanguages) < len(definedLanguages) {