oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-18 00:43:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: correct apk purls for other distros (#1620)

Browse Source 
The apk purl spec allows for vendor-specific namespace.  I noticed
in the embedded SBOMs from wolfi that the purls are of the form
`pkg:apk/wolfi/curl@7.83.0-r0?arch=x86`, but the current logic in
syft actually prevents purl generation entirely if the distro isn't
alpine, so this corrects that behaviour.

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
This commit is contained in:
Weston Steimel 2023-02-24 20:07:07 +00:00 committed by GitHub
parent 0c5f03235e
commit 3ee1af0dc6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
syft/pkg/cataloger/apkdb/package.go
View File

@ -28,8 +28,7 @@ func newPackage(d pkg.ApkMetadata, release *linux.Release, locations ...source.L
// packageURL returns the PURL for the specific Alpine package (see https://github.com/package-url/purl-spec) // packageURL returns the PURL for the specific Alpine package (see https://github.com/package-url/purl-spec)
func packageURL(m pkg.ApkMetadata, distro *linux.Release) string { func packageURL(m pkg.ApkMetadata, distro *linux.Release) string {
if distro == nil || distro.ID != "alpine" { if distro == nil {
// note: there is no namespace variation (like with debian ID_LIKE for ubuntu ID, for example)
return "" return ""
} }
@ -44,7 +43,7 @@ func packageURL(m pkg.ApkMetadata, distro *linux.Release) string {
return packageurl.NewPackageURL( return packageurl.NewPackageURL(
packageurl.TypeAlpine, packageurl.TypeAlpine,
"alpine", strings.ToLower(distro.ID),
m.Package, m.Package,
m.Version, m.Version,
pkg.PURLQualifiers( pkg.PURLQualifiers(

17
syft/pkg/cataloger/apkdb/package_test.go
View File

@ -20,7 +20,7 @@ func Test_PackageURL(t *testing.T) {
expected string expected string
}{ }{
{ {
name: "bad distro", name: "non-alpine distro",
metadata: pkg.ApkMetadata{ metadata: pkg.ApkMetadata{
Package: "p", Package: "p",
Version: "v", Version: "v",
@ -30,7 +30,7 @@ func Test_PackageURL(t *testing.T) {
ID: "something else", ID: "something else",
VersionID: "3.4.6", VersionID: "3.4.6",
}, },
expected: "", expected: "pkg:apk/something%20else/p@v?arch=a&distro=something%20else-3.4.6",
}, },
{ {
name: "gocase", name: "gocase",
@ -236,6 +236,19 @@ func Test_PackageURL(t *testing.T) {
}, },
expected: "pkg:apk/alpine/abc101-a12345-1045@101.191.23456?arch=a&upstream=abc101-a12345&distro=alpine-3.4.6", expected: "pkg:apk/alpine/abc101-a12345-1045@101.191.23456?arch=a&upstream=abc101-a12345&distro=alpine-3.4.6",
}, },
{
name: "wolfi distro",
metadata: pkg.ApkMetadata{
Package: "p",
Version: "v",
Architecture: "a",
},
distro: linux.Release{
ID: "wolfi",
VersionID: "20221230",
},
expected: "pkg:apk/wolfi/p@v?arch=a&distro=wolfi-20221230",
},
} }
for _, test := range tests { for _, test := range tests {