diff --git a/go.mod b/go.mod index aa985de46..f71f9c110 100644 --- a/go.mod +++ b/go.mod @@ -56,6 +56,7 @@ require ( require ( github.com/docker/docker v20.10.12+incompatible + github.com/google/go-containerregistry v0.8.1-0.20220209165246-a44adc326839 github.com/in-toto/in-toto-golang v0.3.4-0.20211211042327-af1f9fb822bf github.com/sigstore/cosign v1.7.2 github.com/sigstore/rekor v0.4.1-0.20220114213500-23f583409af3 @@ -80,6 +81,7 @@ require ( github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect + github.com/Microsoft/go-winio v0.5.1 // indirect github.com/PaesslerAG/gval v1.0.0 // indirect github.com/PaesslerAG/jsonpath v0.1.1 // indirect github.com/PuerkitoBio/purell v1.1.1 // indirect @@ -115,17 +117,28 @@ require ( github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4 // indirect github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490 // indirect github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect + github.com/containerd/containerd v1.5.10 // indirect + github.com/containerd/stargz-snapshotter/estargz v0.10.1 // indirect github.com/coreos/go-oidc/v3 v3.1.0 // indirect github.com/coreos/go-semver v0.3.0 // indirect github.com/coreos/go-systemd/v22 v22.3.2 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20210823021906-dc406ceaf94b // indirect + github.com/davecgh/go-spew v1.1.1 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect + github.com/docker/cli v20.10.12+incompatible // indirect + github.com/docker/distribution v2.8.0+incompatible // indirect + github.com/docker/docker-credential-helpers v0.6.4 // indirect + github.com/docker/go-connections v0.4.0 // indirect + github.com/docker/go-units v0.4.0 // indirect + github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect github.com/envoyproxy/go-control-plane v0.10.1 // indirect github.com/envoyproxy/protoc-gen-validate v0.6.2 // indirect github.com/fatih/color v1.13.0 // indirect github.com/form3tech-oss/jwt-go v3.2.5+incompatible // indirect + github.com/fsnotify/fsnotify v1.5.1 // indirect github.com/fullstorydev/grpcurl v1.8.2 // indirect + github.com/gabriel-vasile/mimetype v1.4.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-chi/chi v4.1.2+incompatible // indirect github.com/go-logr/logr v1.2.2 // indirect @@ -143,11 +156,15 @@ require ( github.com/go-playground/locales v0.14.0 // indirect github.com/go-playground/universal-translator v0.18.0 // indirect github.com/go-playground/validator/v10 v10.10.0 // indirect + github.com/go-restruct/restruct v1.2.0-alpha // indirect github.com/go-stack/stack v1.8.1 // indirect + github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.3.0 // indirect github.com/golang/glog v1.0.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/mock v1.6.0 // indirect + github.com/golang/protobuf v1.5.2 // indirect + github.com/golang/snappy v0.0.4 // indirect github.com/google/btree v1.0.1 // indirect github.com/google/certificate-transparency-go v1.1.2 // indirect github.com/google/go-github/v42 v42.0.0 // indirect @@ -161,6 +178,7 @@ require ( github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect + github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-hclog v1.2.0 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect @@ -174,19 +192,29 @@ require ( github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/go-version v1.4.0 // indirect github.com/hashicorp/golang-lru v0.5.4 // indirect + github.com/hashicorp/hcl v1.0.0 // indirect github.com/hashicorp/vault/api v1.5.0 // indirect github.com/hashicorp/vault/sdk v0.4.1 // indirect github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect + github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0 // indirect github.com/imdario/mergo v0.3.12 // indirect + github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/jedisct1/go-minisign v0.0.0-20210703085342-c1f07ee84431 // indirect github.com/jhump/protoreflect v1.9.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/jonboulle/clockwork v0.2.2 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect + github.com/klauspost/compress v1.14.2 // indirect + github.com/klauspost/pgzip v1.2.5 // indirect github.com/leodido/go-urn v1.2.1 // indirect github.com/letsencrypt/boulder v0.0.0-20220331220046-b23ab962616e // indirect + github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381 // indirect + github.com/magiconair/properties v1.8.5 // indirect github.com/mailru/easyjson v0.7.7 // indirect + github.com/mattn/go-colorable v0.1.12 // indirect + github.com/mattn/go-isatty v0.0.14 // indirect + github.com/mattn/go-runewidth v0.0.13 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect github.com/miekg/pkcs11 v1.1.1 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect @@ -194,10 +222,15 @@ require ( github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/nwaples/rardecode v1.1.0 // indirect github.com/oklog/run v1.1.0 // indirect github.com/oklog/ulid v1.3.1 // indirect + github.com/opencontainers/go-digest v1.0.0 // indirect + github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/pierrec/lz4 v2.6.1+incompatible // indirect + github.com/pierrec/lz4/v4 v4.1.2 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect github.com/prometheus/client_golang v1.12.1 // indirect github.com/prometheus/client_model v0.2.0 // indirect github.com/prometheus/common v0.32.1 // indirect @@ -212,15 +245,24 @@ require ( github.com/sigstore/fulcio v0.1.2-0.20220114150912-86a2036f9bc7 // indirect github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect github.com/soheilhy/cmux v0.1.5 // indirect + github.com/spf13/cast v1.4.1 // indirect + github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spiffe/go-spiffe/v2 v2.0.0 // indirect + github.com/stretchr/objx v0.3.0 // indirect + github.com/subosito/gotenv v1.2.0 // indirect github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 // indirect github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613 // indirect github.com/thales-e-security/pool v0.0.2 // indirect github.com/theupdateframework/go-tuf v0.0.0-20220211205608-f0c3294f63b9 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 // indirect + github.com/ulikunitz/xz v0.5.10 // indirect github.com/urfave/cli v1.22.5 // indirect + github.com/vbatts/tar-split v0.11.2 // indirect github.com/xanzy/go-gitlab v0.62.0 // indirect + github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect + github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect + github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect github.com/zeebo/errs v1.2.2 // indirect @@ -251,14 +293,24 @@ require ( go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.7.0 // indirect go.uber.org/zap v1.21.0 // indirect + golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a // indirect + golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect + golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886 // indirect + golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20220224211638-0e9765cccd65 // indirect golang.org/x/tools v0.1.10 // indirect + golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect google.golang.org/api v0.74.0 // indirect + google.golang.org/appengine v1.6.7 // indirect + google.golang.org/genproto v0.0.0-20220405205423-9d709892a2bf // indirect + google.golang.org/grpc v1.45.0 // indirect google.golang.org/protobuf v1.28.0 // indirect gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/ini.v1 v1.66.2 // indirect gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect + gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect k8s.io/api v0.23.5 // indirect k8s.io/apimachinery v0.23.5 // indirect k8s.io/client-go v0.23.5 // indirect @@ -273,61 +325,9 @@ require ( ) require ( - github.com/Microsoft/go-winio v0.5.1 // indirect // we are hinting brotli to latest due to warning when installing archiver v3: // go: warning: github.com/andybalholm/brotli@v1.0.1: retracted by module author: occasional panics and data corruption github.com/andybalholm/brotli v1.0.4 // indirect - github.com/containerd/containerd v1.5.10 // indirect - github.com/containerd/stargz-snapshotter/estargz v0.10.1 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect - github.com/docker/cli v20.10.12+incompatible // indirect - github.com/docker/distribution v2.8.0+incompatible // indirect - github.com/docker/docker-credential-helpers v0.6.4 // indirect - github.com/docker/go-connections v0.4.0 // indirect - github.com/docker/go-units v0.4.0 // indirect - github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect - github.com/fsnotify/fsnotify v1.5.1 // indirect - github.com/gabriel-vasile/mimetype v1.4.0 // indirect - github.com/go-restruct/restruct v1.2.0-alpha // indirect - github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/protobuf v1.5.2 // indirect - github.com/golang/snappy v0.0.4 // indirect - github.com/google/go-containerregistry v0.8.1-0.20220209165246-a44adc326839 - github.com/hashicorp/errwrap v1.1.0 // indirect - github.com/hashicorp/hcl v1.0.0 // indirect - github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0 // indirect - github.com/inconshreveable/mousetrap v1.0.0 // indirect - github.com/klauspost/compress v1.14.2 // indirect - github.com/klauspost/pgzip v1.2.5 // indirect - github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381 // indirect - github.com/magiconair/properties v1.8.5 // indirect - github.com/mattn/go-colorable v0.1.12 // indirect - github.com/mattn/go-isatty v0.0.14 // indirect - github.com/mattn/go-runewidth v0.0.13 // indirect - github.com/nwaples/rardecode v1.1.0 // indirect - github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198 // indirect - github.com/pierrec/lz4/v4 v4.1.2 // indirect github.com/pkg/errors v0.9.1 - github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/spf13/cast v1.4.1 // indirect - github.com/spf13/jwalterweatherman v1.1.0 // indirect - github.com/stretchr/objx v0.3.0 // indirect - github.com/subosito/gotenv v1.2.0 // indirect - github.com/ulikunitz/xz v0.5.10 // indirect - github.com/vbatts/tar-split v0.11.2 // indirect - github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect - github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect - github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f // indirect - golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a // indirect - golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect - golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886 // indirect - golang.org/x/text v0.3.7 // indirect - golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20220405205423-9d709892a2bf // indirect - google.golang.org/grpc v1.45.0 // indirect - gopkg.in/ini.v1 v1.66.2 // indirect - gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect ) diff --git a/internal/spdxlicense/license_list.go b/internal/spdxlicense/license_list.go index 90f53c3fd..fdd30ebdd 100644 --- a/internal/spdxlicense/license_list.go +++ b/internal/spdxlicense/license_list.go @@ -1,9 +1,9 @@ // Code generated by go generate; DO NOT EDIT. -// This file was generated by robots at 2022-02-07 09:34:56.622482 -0500 EST m=+0.351558414 +// This file was generated by robots at 2022-05-09 10:01:37.625063 -0400 EDT m=+0.423632834 // using data from https://spdx.org/licenses/licenses.json package spdxlicense -const Version = "3.16" +const Version = "3.17" var licenseIDs = map[string]string{ "0bsd": "0BSD", @@ -75,6 +75,9 @@ var licenseIDs = map[string]string{ "apsl-2": "APSL-2.0", "apsl-2.0": "APSL-2.0", "apsl-2.0.0": "APSL-2.0", + "arphic-1999": "Arphic-1999", + "arphic-1999.0": "Arphic-1999", + "arphic-1999.0.0": "Arphic-1999", "artistic-1": "Artistic-1.0", "artistic-1-cl8": "Artistic-1.0-cl8", "artistic-1-perl": "Artistic-1.0-Perl", @@ -87,9 +90,11 @@ var licenseIDs = map[string]string{ "artistic-2": "Artistic-2.0", "artistic-2.0": "Artistic-2.0", "artistic-2.0.0": "Artistic-2.0", + "baekmuk": "Baekmuk", "bahyph": "Bahyph", "barr": "Barr", "beerware": "Beerware", + "bitstream-vera": "Bitstream-Vera", "bittorrent-1": "BitTorrent-1.0", "bittorrent-1.0": "BitTorrent-1.0", "bittorrent-1.0.0": "BitTorrent-1.0", @@ -609,6 +614,7 @@ var licenseIDs = map[string]string{ "jasper-2.0.0": "JasPer-2.0", "jpnic": "JPNIC", "json": "JSON", + "kicad-libraries-exception": "KiCad-libraries-exception", "lal-1": "LAL-1.2", "lal-1.2": "LAL-1.2", "lal-1.2.0": "LAL-1.2", @@ -710,6 +716,7 @@ var licenseIDs = map[string]string{ "mpl-2.0-no-copyleft-exception": "MPL-2.0-no-copyleft-exception", "mpl-2.0.0": "MPL-2.0", "mpl-2.0.0-no-copyleft-exception": "MPL-2.0-no-copyleft-exception", + "mplus": "mplus", "ms-pl": "MS-PL", "ms-rl": "MS-RL", "mtll": "MTLL", diff --git a/test/cli/utils_test.go b/test/cli/utils_test.go index 5ecf73198..094fce530 100644 --- a/test/cli/utils_test.go +++ b/test/cli/utils_test.go @@ -2,6 +2,7 @@ package cli import ( "bytes" + "context" "fmt" "math" "os" @@ -13,7 +14,9 @@ import ( "testing" "time" + "github.com/anchore/stereoscope" "github.com/anchore/stereoscope/pkg/imagetest" + "github.com/stretchr/testify/require" ) func setupPKI(t *testing.T, pw string) func() { @@ -51,8 +54,20 @@ func setupPKI(t *testing.T, pw string) func() { func getFixtureImage(t testing.TB, fixtureImageName string) string { t.Logf("obtaining fixture image for %s", fixtureImageName) - imagetest.GetFixtureImage(t, "docker-archive", fixtureImageName) - return imagetest.GetFixtureImageTarPath(t, fixtureImageName) + request := imagetest.PrepareFixtureImage(t, "docker-archive", fixtureImageName) + ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute) + defer cancel() + + i, err := stereoscope.GetImage(ctx, request) + t.Logf("got image %s: %s", fixtureImageName, i.Metadata.ID) + require.NoError(t, err) + t.Cleanup(func() { + require.NoError(t, i.Cleanup()) + }) + + path := imagetest.GetFixtureImageTarPath(t, fixtureImageName) + t.Logf("returning %s: %s", fixtureImageName, path) + return path } func pullDockerImage(t testing.TB, image string) { @@ -85,7 +100,10 @@ func runSyftInDocker(t testing.TB, env map[string]string, image string, args ... } func runSyft(t testing.TB, env map[string]string, args ...string) (*exec.Cmd, string, string) { - cmd := getSyftCommand(t, args...) + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) + defer cancel() + cmd := exec.CommandContext(ctx, getSyftBinaryLocation(t), args...) + if env == nil { env = make(map[string]string) } @@ -135,10 +153,6 @@ func envMapToSlice(env map[string]string) (envList []string) { return } -func getSyftCommand(t testing.TB, args ...string) *exec.Cmd { - return exec.Command(getSyftBinaryLocation(t), args...) -} - func getSyftBinaryLocation(t testing.TB) string { if os.Getenv("SYFT_BINARY_LOCATION") != "" { // SYFT_BINARY_LOCATION is the absolute path to the snapshot binary