oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #245 from anchore/update-java-cataloger-for-engine

Browse Source 
Java cataloger miscellaneous fixes
This commit is contained in:
Alex Goodman 2020-10-28 17:36:44 -04:00 committed by GitHub
commit 452426d1d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 153 additions and 317 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

376
schema/json/schema.json
View File

@ -125,116 +125,109 @@
"type": "string" "type": "string"
}, },
"manifest": { "manifest": {
"anyOf": [ "properties": {
{ "extraFields": {
"type": "null"
},
{
"properties": { "properties": {
"extraFields": { "Archiver-Version": {
"properties": {
"Archiver-Version": {
"type": "string"
},
"Build-Jdk": {
"type": "string"
},
"Built-By": {
"type": "string"
},
"Created-By": {
"type": "string"
},
"Extension-Name": {
"type": "string"
},
"Group-Id": {
"type": "string"
},
"Hudson-Version": {
"type": "string"
},
"Jenkins-Version": {
"type": "string"
},
"Long-Name": {
"type": "string"
},
"Main-Class": {
"type": "string"
},
"Minimum-Java-Version": {
"type": "string"
},
"Plugin-Dependencies": {
"type": "string"
},
"Plugin-Developers": {
"type": "string"
},
"Plugin-License-Name": {
"type": "string"
},
"Plugin-License-Url": {
"type": "string"
},
"Plugin-ScmUrl": {
"type": "string"
},
"Plugin-Version": {
"type": "string"
},
"Short-Name": {
"type": "string"
}
},
"required": [
"Archiver-Version",
"Build-Jdk",
"Built-By",
"Created-By"
],
"type": "object"
},
"implementationTitle": {
"type": "string" "type": "string"
}, },
"implementationVendor": { "Build-Jdk": {
"type": "string" "type": "string"
}, },
"implementationVersion": { "Built-By": {
"type": "string" "type": "string"
}, },
"manifestVersion": { "Created-By": {
"type": "string" "type": "string"
}, },
"name": { "Extension-Name": {
"type": "string" "type": "string"
}, },
"specificationTitle": { "Group-Id": {
"type": "string" "type": "string"
}, },
"specificationVendor": { "Hudson-Version": {
"type": "string" "type": "string"
}, },
"specificationVersion": { "Jenkins-Version": {
"type": "string"
},
"Long-Name": {
"type": "string"
},
"Main-Class": {
"type": "string"
},
"Minimum-Java-Version": {
"type": "string"
},
"Plugin-Dependencies": {
"type": "string"
},
"Plugin-Developers": {
"type": "string"
},
"Plugin-License-Name": {
"type": "string"
},
"Plugin-License-Url": {
"type": "string"
},
"Plugin-ScmUrl": {
"type": "string"
},
"Plugin-Version": {
"type": "string"
},
"Short-Name": {
"type": "string" "type": "string"
} }
}, },
"required": [ "required": [
"extraFields", "Archiver-Version",
"implementationTitle", "Build-Jdk",
"implementationVendor", "Built-By",
"implementationVersion", "Created-By"
"manifestVersion",
"name",
"specificationTitle",
"specificationVendor",
"specificationVersion"
], ],
"type": "object" "type": "object"
},
"implementationTitle": {
"type": "string"
},
"implementationVendor": {
"type": "string"
},
"implementationVersion": {
"type": "string"
},
"manifestVersion": {
"type": "string"
},
"name": {
"type": "string"
},
"specificationTitle": {
"type": "string"
},
"specificationVendor": {
"type": "string"
},
"specificationVersion": {
"type": "string"
} }
] },
"required": [
"extraFields",
"implementationTitle",
"implementationVendor",
"implementationVersion",
"manifestVersion",
"name",
"specificationTitle",
"specificationVendor",
"specificationVersion"
],
"type": "object"
}, },
"name": { "name": {
"type": "string" "type": "string"
@ -245,210 +238,11 @@
"package": { "package": {
"type": "string" "type": "string"
}, },
"parentPackage": {
"anyOf": [
{
"type": "null"
},
{
"properties": {
"foundBy": {
"type": "string"
},
"language": {
"type": "integer"
},
"licenses": {
"type": "null"
},
"manifest": {
"type": "string"
},
"metadata": {
"properties": {
"manifest": {
"properties": {
"extraFields": {
"properties": {
"Archiver-Version": {
"type": "string"
},
"Build-Jdk": {
"type": "string"
},
"Built-By": {
"type": "string"
},
"Created-By": {
"type": "string"
},
"Extension-Name": {
"type": "string"
},
"Group-Id": {
"type": "string"
},
"Hudson-Version": {
"type": "string"
},
"Jenkins-Version": {
"type": "string"
},
"Long-Name": {
"type": "string"
},
"Main-Class": {
"type": "string"
},
"Minimum-Java-Version": {
"type": "string"
},
"Plugin-Dependencies": {
"type": "string"
},
"Plugin-Developers": {
"type": "string"
},
"Plugin-License-Name": {
"type": "string"
},
"Plugin-License-Url": {
"type": "string"
},
"Plugin-ScmUrl": {
"type": "string"
},
"Plugin-Version": {
"type": "string"
},
"Short-Name": {
"type": "string"
}
},
"required": [
"Archiver-Version",
"Build-Jdk",
"Built-By",
"Created-By"
],
"type": "object"
},
"implementationTitle": {
"type": "string"
},
"implementationVendor": {
"type": "string"
},
"implementationVersion": {
"type": "string"
},
"manifestVersion": {
"type": "string"
},
"name": {
"type": "string"
},
"specificationTitle": {
"type": "string"
},
"specificationVendor": {
"type": "string"
},
"specificationVersion": {
"type": "string"
}
},
"required": [
"extraFields",
"implementationTitle",
"implementationVendor",
"implementationVersion",
"manifestVersion",
"name",
"specificationTitle",
"specificationVendor",
"specificationVersion"
],
"type": "object"
},
"parentPackage": {
"type": "null"
},
"pomProperties": {
"properties": {
"Path": {
"type": "string"
},
"artifactId": {
"type": "string"
},
"extraFields": {
"type": "null"
},
"groupId": {
"type": "string"
},
"name": {
"type": "string"
},
"version": {
"type": "string"
}
},
"required": [
"Path",
"artifactId",
"extraFields",
"groupId",
"name",
"version"
],
"type": "object"
}
},
"required": [
"manifest",
"parentPackage",
"pomProperties"
],
"type": "object"
},
"metadataType": {
"type": "string"
},
"sources": {
"type": "null"
},
"type": {
"type": "string"
},
"version": {
"type": "string"
}
},
"required": [
"foundBy",
"language",
"licenses",
"manifest",
"metadata",
"metadataType",
"sources",
"type",
"version"
],
"type": "object"
}
]
},
"platform": { "platform": {
"type": "string" "type": "string"
}, },
"pomProperties": { "pomProperties": {
"properties": { "properties": {
"Path": {
"type": "string"
},
"artifactId": { "artifactId": {
"type": "string" "type": "string"
}, },
@ -461,16 +255,19 @@
"name": { "name": {
"type": "string" "type": "string"
}, },
"path": {
"type": "string"
},
"version": { "version": {
"type": "string" "type": "string"
} }
}, },
"required": [ "required": [
"Path",
"artifactId", "artifactId",
"extraFields", "extraFields",
"groupId", "groupId",
"name", "name",
"path",
"version" "version"
], ],
"type": "object" "type": "object"
@ -510,6 +307,9 @@
}, },
"version": { "version": {
"type": "string" "type": "string"
},
"virtualPath": {
"type": "string"
} }
}, },
"type": "object" "type": "object"

12
syft/cataloger/java/archive_filename.go
View File

@ -70,10 +70,14 @@ func (a archiveFilename) version() string {
} }
func (a archiveFilename) name() string { func (a archiveFilename) name() string {
// there should be only one name, if there is more or less then something is wrong for _, fieldSet := range a.fields {
if len(a.fields) != 1 { if name, ok := fieldSet["name"]; ok {
return "" // return the first name
return name
}
} }
return a.fields[0]["name"] // derive the name from the archive name (no path or extension)
basename := filepath.Base(a.raw)
return strings.TrimSuffix(basename, filepath.Ext(basename))
} }

4
syft/cataloger/java/archive_parser.go
View File

@ -148,7 +148,8 @@ func (j *archiveParser) discoverMainPackage() (*pkg.Package, error) {
Type: pkg.JavaPkg, Type: pkg.JavaPkg,
MetadataType: pkg.JavaMetadataType, MetadataType: pkg.JavaMetadataType,
Metadata: pkg.JavaMetadata{ Metadata: pkg.JavaMetadata{
Manifest: manifest, VirtualPath: j.virtualPath,
Manifest: manifest,
}, },
}, nil }, nil
} }
@ -184,6 +185,7 @@ func (j *archiveParser) discoverPkgsFromPomProperties(parentPkg *pkg.Package) ([
Type: pkg.JavaPkg, Type: pkg.JavaPkg,
MetadataType: pkg.JavaMetadataType, MetadataType: pkg.JavaMetadataType,
Metadata: pkg.JavaMetadata{ Metadata: pkg.JavaMetadata{
VirtualPath: j.virtualPath,
PomProperties: propsObj, PomProperties: propsObj,
Parent: parentPkg, Parent: parentPkg,
}, },

4
syft/cataloger/java/archive_parser_test.go
View File

@ -143,6 +143,7 @@ func TestParseJar(t *testing.T) {
Type: pkg.JenkinsPluginPkg, Type: pkg.JenkinsPluginPkg,
MetadataType: pkg.JavaMetadataType, MetadataType: pkg.JavaMetadataType,
Metadata: pkg.JavaMetadata{ Metadata: pkg.JavaMetadata{
VirtualPath: "test-fixtures/java-builds/packages/example-jenkins-plugin.hpi",
Manifest: &pkg.JavaManifest{ Manifest: &pkg.JavaManifest{
ManifestVersion: "1.0", ManifestVersion: "1.0",
SpecTitle: "The Jenkins Plugins Parent POM Project", SpecTitle: "The Jenkins Plugins Parent POM Project",
@ -188,6 +189,7 @@ func TestParseJar(t *testing.T) {
Type: pkg.JavaPkg, Type: pkg.JavaPkg,
MetadataType: pkg.JavaMetadataType, MetadataType: pkg.JavaMetadataType,
Metadata: pkg.JavaMetadata{ Metadata: pkg.JavaMetadata{
VirtualPath: "test-fixtures/java-builds/packages/example-java-app-gradle-0.1.0.jar",
Manifest: &pkg.JavaManifest{ Manifest: &pkg.JavaManifest{
ManifestVersion: "1.0", ManifestVersion: "1.0",
}, },
@ -208,6 +210,7 @@ func TestParseJar(t *testing.T) {
Type: pkg.JavaPkg, Type: pkg.JavaPkg,
MetadataType: pkg.JavaMetadataType, MetadataType: pkg.JavaMetadataType,
Metadata: pkg.JavaMetadata{ Metadata: pkg.JavaMetadata{
VirtualPath: "test-fixtures/java-builds/packages/example-java-app-maven-0.1.0.jar",
Manifest: &pkg.JavaManifest{ Manifest: &pkg.JavaManifest{
ManifestVersion: "1.0", ManifestVersion: "1.0",
Extra: map[string]string{ Extra: map[string]string{
@ -233,6 +236,7 @@ func TestParseJar(t *testing.T) {
Type: pkg.JavaPkg, Type: pkg.JavaPkg,
MetadataType: pkg.JavaMetadataType, MetadataType: pkg.JavaMetadataType,
Metadata: pkg.JavaMetadata{ Metadata: pkg.JavaMetadata{
VirtualPath: "test-fixtures/java-builds/packages/example-java-app-maven-0.1.0.jar",
PomProperties: &pkg.PomProperties{ PomProperties: &pkg.PomProperties{
Path: "META-INF/maven/joda-time/joda-time/pom.properties", Path: "META-INF/maven/joda-time/joda-time/pom.properties",
GroupID: "joda-time", GroupID: "joda-time",

29
syft/cataloger/java/java_manifest.go
View File

@ -12,17 +12,29 @@ import (
const manifestGlob = "/META-INF/MANIFEST.MF" const manifestGlob = "/META-INF/MANIFEST.MF"
// nolint:funlen
func parseJavaManifest(reader io.Reader) (*pkg.JavaManifest, error) { func parseJavaManifest(reader io.Reader) (*pkg.JavaManifest, error) {
var manifest pkg.JavaManifest var manifest pkg.JavaManifest
manifestMap := make(map[string]string) sections := []map[string]string{
make(map[string]string),
}
currentSection := 0
scanner := bufio.NewScanner(reader) scanner := bufio.NewScanner(reader)
var lastKey string var lastKey string
for scanner.Scan() { for scanner.Scan() {
line := scanner.Text() line := scanner.Text()
// ignore empty lines // empty lines denote section separators
if strings.TrimSpace(line) == "" { if strings.TrimSpace(line) == "" {
currentSection++
// we don't want to allocate a new section map that wont necessarily be used, do that once there is
// a non-empty line to process
// do not process line continuations after this
lastKey = ""
continue continue
} else if currentSection >= len(sections) {
sections = append(sections, make(map[string]string))
} }
if line[0] == ' ' { if line[0] == ' ' {
@ -30,7 +42,7 @@ func parseJavaManifest(reader io.Reader) (*pkg.JavaManifest, error) {
if lastKey == "" { if lastKey == "" {
return nil, fmt.Errorf("found continuation with no previous key (%s)", line) return nil, fmt.Errorf("found continuation with no previous key (%s)", line)
} }
manifestMap[lastKey] += strings.TrimSpace(line) sections[currentSection][lastKey] += strings.TrimSpace(line)
} else { } else {
// this is a new key-value pair // this is a new key-value pair
idx := strings.Index(line, ":") idx := strings.Index(line, ":")
@ -40,9 +52,9 @@ func parseJavaManifest(reader io.Reader) (*pkg.JavaManifest, error) {
key := strings.TrimSpace(line[0:idx]) key := strings.TrimSpace(line[0:idx])
value := strings.TrimSpace(line[idx+1:]) value := strings.TrimSpace(line[idx+1:])
manifestMap[key] = value sections[currentSection][key] = value
// keep track of key for future continuations // keep track of key for potential future continuations
lastKey = key lastKey = key
} }
} }
@ -51,10 +63,15 @@ func parseJavaManifest(reader io.Reader) (*pkg.JavaManifest, error) {
return nil, fmt.Errorf("unable to read java manifest: %w", err) return nil, fmt.Errorf("unable to read java manifest: %w", err)
} }
if err := mapstructure.Decode(manifestMap, &manifest); err != nil { if err := mapstructure.Decode(sections[0], &manifest); err != nil {
return nil, fmt.Errorf("unable to parse java manifest: %w", err) return nil, fmt.Errorf("unable to parse java manifest: %w", err)
} }
// append on extra sections
if len(sections) > 1 {
manifest.Sections = sections[1:]
}
// clean select fields // clean select fields
if strings.Trim(manifest.ImplVersion, " ") != "" { if strings.Trim(manifest.ImplVersion, " ") != "" {
// transform versions with dates attached to just versions (e.g. "1.3 2244 October 5 2008" --> "1.3") // transform versions with dates attached to just versions (e.g. "1.3 2244 October 5 2008" --> "1.3")

17
syft/cataloger/java/java_manifest_test.go
View File

@ -2,10 +2,11 @@ package java
import ( import (
"encoding/json" "encoding/json"
"github.com/anchore/syft/syft/pkg"
"github.com/go-test/deep"
"os" "os"
"testing" "testing"
"github.com/anchore/syft/syft/pkg"
"github.com/go-test/deep"
) )
func TestParseJavaManifest(t *testing.T) { func TestParseJavaManifest(t *testing.T) {
@ -38,10 +39,16 @@ func TestParseJavaManifest(t *testing.T) {
ManifestVersion: "1.0", ManifestVersion: "1.0",
Extra: map[string]string{ Extra: map[string]string{
"Archiver-Version": "Plexus Archiver", "Archiver-Version": "Plexus Archiver",
"Build-Jdk": "14.0.1",
"Built-By": "?",
"Created-By": "Apache Maven 3.6.3", "Created-By": "Apache Maven 3.6.3",
"Main-Class": "hello.HelloWorld", },
Sections: []map[string]string{
{
"Built-By": "?",
},
{
"Build-Jdk": "14.0.1",
"Main-Class": "hello.HelloWorld",
},
}, },
}, },
}, },

28
syft/pkg/java_metadata.go
View File

@ -4,14 +4,15 @@ import "github.com/package-url/packageurl-go"
// JavaMetadata encapsulates all Java ecosystem metadata for a package as well as an (optional) parent relationship. // JavaMetadata encapsulates all Java ecosystem metadata for a package as well as an (optional) parent relationship.
type JavaMetadata struct { type JavaMetadata struct {
Manifest *JavaManifest `mapstructure:"Manifest" json:"manifest"` VirtualPath string `json:"virtualPath"`
PomProperties *PomProperties `mapstructure:"PomProperties" json:"pomProperties"` Manifest *JavaManifest `mapstructure:"Manifest" json:"manifest,omitempty"`
Parent *Package `json:"parentPackage"` // TODO: should this be included in the json output? PomProperties *PomProperties `mapstructure:"PomProperties" json:"pomProperties,omitempty"`
Parent *Package `json:"-"`
} }
// PomProperties represents the fields of interest extracted from a Java archive's pom.xml file. // PomProperties represents the fields of interest extracted from a Java archive's pom.xml file.
type PomProperties struct { type PomProperties struct {
Path string Path string `mapstructure:"path" json:"path"`
Name string `mapstructure:"name" json:"name"` Name string `mapstructure:"name" json:"name"`
GroupID string `mapstructure:"groupId" json:"groupId"` GroupID string `mapstructure:"groupId" json:"groupId"`
ArtifactID string `mapstructure:"artifactId" json:"artifactId"` ArtifactID string `mapstructure:"artifactId" json:"artifactId"`
@ -21,15 +22,16 @@ type PomProperties struct {
// JavaManifest represents the fields of interest extracted from a Java archive's META-INF/MANIFEST.MF file. // JavaManifest represents the fields of interest extracted from a Java archive's META-INF/MANIFEST.MF file.
type JavaManifest struct { type JavaManifest struct {
Name string `mapstructure:"Name" json:"name"` Name string `mapstructure:"Name" json:"name"`
ManifestVersion string `mapstructure:"Manifest-Version" json:"manifestVersion"` ManifestVersion string `mapstructure:"Manifest-Version" json:"manifestVersion"`
SpecTitle string `mapstructure:"Specification-Title" json:"specificationTitle"` SpecTitle string `mapstructure:"Specification-Title" json:"specificationTitle"`
SpecVersion string `mapstructure:"Specification-Version" json:"specificationVersion"` SpecVersion string `mapstructure:"Specification-Version" json:"specificationVersion"`
SpecVendor string `mapstructure:"Specification-Vendor" json:"specificationVendor"` SpecVendor string `mapstructure:"Specification-Vendor" json:"specificationVendor"`
ImplTitle string `mapstructure:"Implementation-Title" json:"implementationTitle"` ImplTitle string `mapstructure:"Implementation-Title" json:"implementationTitle"`
ImplVersion string `mapstructure:"Implementation-Version" json:"implementationVersion"` ImplVersion string `mapstructure:"Implementation-Version" json:"implementationVersion"`
ImplVendor string `mapstructure:"Implementation-Vendor" json:"implementationVendor"` ImplVendor string `mapstructure:"Implementation-Vendor" json:"implementationVendor"`
Extra map[string]string `mapstructure:",remain" json:"extraFields"` Extra map[string]string `mapstructure:",remain" json:"extraFields"`
Sections []map[string]string `json:"sections,omitempty"`
} }
func (m JavaMetadata) PackageURL() string { func (m JavaMetadata) PackageURL() string {