From 46dcc84f1a8fecf24bfbef69cc47e8bc53732f14 Mon Sep 17 00:00:00 2001
From: Weston Steimel <weston.steimel@gmail.com>
Date: Tue, 18 Jan 2022 14:22:02 +0000
Subject: [PATCH] support .sar for java ecosystem (#748)

Signed-off-by: Weston Steimel <weston.steimel@gmail.com>
---
 README.md                                        | 2 +-
 syft/pkg/cataloger/java/archive_filename.go      | 2 +-
 syft/pkg/cataloger/java/archive_filename_test.go | 7 +++++++
 syft/pkg/cataloger/java/archive_parser.go        | 1 +
 syft/pkg/cataloger/java/cataloger.go             | 2 +-
 5 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index bdc24f580..c6722f57a 100644
--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@ A CLI tool and Go library for generating a Software Bill of Materials (SBOM) fro
 
 ## Features
 - Catalog container images and filesystems to discover packages and libraries.
-- Supports packages and libraries from various ecosystems (APK, DEB, RPM, Ruby Bundles, Python Wheel/Egg/requirements.txt, JavaScript NPM/Yarn, Java JAR/EAR/WAR, Jenkins plugins JPI/HPI, Go modules)
+- Supports packages and libraries from various ecosystems (APK, DEB, RPM, Ruby Bundles, Python Wheel/Egg/requirements.txt, JavaScript NPM/Yarn, Java JAR/EAR/WAR/PAR/SAR, Jenkins plugins JPI/HPI, Go modules)
 - Linux distribution identification (supports Alpine, BusyBox, CentOS/RedHat, Debian/Ubuntu flavored distributions)
 - Supports Docker and OCI image formats
 - Direct support for [Grype](https://github.com/anchore/grype), a fast and powerful vulnerability matcher.
diff --git a/syft/pkg/cataloger/java/archive_filename.go b/syft/pkg/cataloger/java/archive_filename.go
index f03df298c..625f5bf73 100644
--- a/syft/pkg/cataloger/java/archive_filename.go
+++ b/syft/pkg/cataloger/java/archive_filename.go
@@ -113,7 +113,7 @@ func (a archiveFilename) extension() string {
 
 func (a archiveFilename) pkgType() pkg.Type {
 	switch strings.ToLower(a.extension()) {
-	case "jar", "war", "ear", "lpkg", "par":
+	case "jar", "war", "ear", "lpkg", "par", "sar":
 		return pkg.JavaPkg
 	case "jpi", "hpi":
 		return pkg.JenkinsPluginPkg
diff --git a/syft/pkg/cataloger/java/archive_filename_test.go b/syft/pkg/cataloger/java/archive_filename_test.go
index 03426f8ac..2d6d9784d 100644
--- a/syft/pkg/cataloger/java/archive_filename_test.go
+++ b/syft/pkg/cataloger/java/archive_filename_test.go
@@ -57,6 +57,13 @@ func TestExtractInfoFromJavaArchiveFilename(t *testing.T) {
 			name:      "pkg-extra-field-maven",
 			ty:        pkg.JavaPkg,
 		},
+		{
+			filename:  "pkg-extra-field-maven-4.3.2-rc1.sar",
+			version:   "4.3.2-rc1",
+			extension: "sar",
+			name:      "pkg-extra-field-maven",
+			ty:        pkg.JavaPkg,
+		},
 		{
 			filename:  "/some/path/pkg-extra-field-maven-4.3.2-rc1.jpi",
 			version:   "4.3.2-rc1",
diff --git a/syft/pkg/cataloger/java/archive_parser.go b/syft/pkg/cataloger/java/archive_parser.go
index e2f859b17..75dd33683 100644
--- a/syft/pkg/cataloger/java/archive_parser.go
+++ b/syft/pkg/cataloger/java/archive_parser.go
@@ -21,6 +21,7 @@ var archiveFormatGlobs = []string{
 	"**/*.war",
 	"**/*.ear",
 	"**/*.par",
+	"**/*.sar",
 	"**/*.jpi",
 	"**/*.hpi",
 	"**/*.lpkg", // Zip-compressed package used to deploy applications
diff --git a/syft/pkg/cataloger/java/cataloger.go b/syft/pkg/cataloger/java/cataloger.go
index 3befe88b5..5adefd492 100644
--- a/syft/pkg/cataloger/java/cataloger.go
+++ b/syft/pkg/cataloger/java/cataloger.go
@@ -1,5 +1,5 @@
 /*
-Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, par, jpi, hpi formats).
+Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, par, sar, jpi, hpi formats).
 */
 package java