mirror of
https://github.com/anchore/syft.git
synced 2025-11-18 00:43:20 +01:00
feat: use java package names to determine known groupids (#2032)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
This commit is contained in:
Keith Zantow
GitHub
parent
d1635971a1
commit
4762ba0943
@ -181,13 +181,13 @@ func GroupIDsFromJavaPackage(p pkg.Package) (groupIDs []string) {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return GroupIDsFromJavaMetadata(metadata)
|
return GroupIDsFromJavaMetadata(p.Name, metadata)
|
||||||
}
|
}
|
||||||
|
|
||||||
func GroupIDsFromJavaMetadata(metadata pkg.JavaMetadata) (groupIDs []string) {
|
func GroupIDsFromJavaMetadata(pkgName string, metadata pkg.JavaMetadata) (groupIDs []string) {
|
||||||
groupIDs = append(groupIDs, groupIDsFromPomProperties(metadata.PomProperties)...)
|
groupIDs = append(groupIDs, groupIDsFromPomProperties(metadata.PomProperties)...)
|
||||||
groupIDs = append(groupIDs, groupIDsFromPomProject(metadata.PomProject)...)
|
groupIDs = append(groupIDs, groupIDsFromPomProject(metadata.PomProject)...)
|
||||||
groupIDs = append(groupIDs, groupIDsFromJavaManifest(metadata.Manifest)...)
|
groupIDs = append(groupIDs, groupIDsFromJavaManifest(pkgName, metadata.Manifest)...)
|
||||||
|
|
||||||
return groupIDs
|
return groupIDs
|
||||||
}
|
}
|
||||||
@ -241,7 +241,11 @@ func addGroupIDsFromGroupIDsAndArtifactID(groupID, artifactID string) (groupIDs
|
|||||||
return groupIDs
|
return groupIDs
|
||||||
}
|
}
|
||||||
|
|
||||||
func groupIDsFromJavaManifest(manifest *pkg.JavaManifest) []string {
|
func groupIDsFromJavaManifest(pkgName string, manifest *pkg.JavaManifest) []string {
|
||||||
|
if groupID, ok := defaultArtifactIDToGroupID[pkgName]; ok {
|
||||||
|
return []string{groupID}
|
||||||
|
}
|
||||||
|
|
||||||
if manifest == nil {
|
if manifest == nil {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|||||||
69
syft/pkg/cataloger/common/cpe/java_groupid_map.go
Normal file
69
syft/pkg/cataloger/common/cpe/java_groupid_map.go
Normal file
@ -0,0 +1,69 @@
|
|||||||
|
package cpe
|
||||||
|
|
||||||
|
var defaultArtifactIDToGroupID = map[string]string{
|
||||||
|
"ant": "org.apache.ant",
|
||||||
|
"ant-antlr": "org.apache.ant",
|
||||||
|
"ant-antunit": "org.apache.ant",
|
||||||
|
"ant-apache-bcel": "org.apache.ant",
|
||||||
|
"ant-apache-bsf": "org.apache.ant",
|
||||||
|
"ant-apache-log4j": "org.apache.ant",
|
||||||
|
"ant-apache-oro": "org.apache.ant",
|
||||||
|
"ant-apache-regexp": "org.apache.ant",
|
||||||
|
"ant-apache-resolver": "org.apache.ant",
|
||||||
|
"ant-apache-xalan2": "org.apache.ant",
|
||||||
|
"ant-commons-logging": "org.apache.ant",
|
||||||
|
"ant-commons-net": "org.apache.ant",
|
||||||
|
"ant-compress": "org.apache.ant",
|
||||||
|
"ant-dotnet": "org.apache.ant",
|
||||||
|
"ant-imageio": "org.apache.ant",
|
||||||
|
"ant-jai": "org.apache.ant",
|
||||||
|
"ant-jakartamail": "org.apache.ant",
|
||||||
|
"ant-javamail": "org.apache.ant",
|
||||||
|
"ant-jdepend": "org.apache.ant",
|
||||||
|
"ant-jmf": "org.apache.ant",
|
||||||
|
"ant-jsch": "org.apache.ant",
|
||||||
|
"ant-junit": "org.apache.ant",
|
||||||
|
"ant-junit4": "org.apache.ant",
|
||||||
|
"ant-junitlauncher": "org.apache.ant",
|
||||||
|
"ant-launcher": "org.apache.ant",
|
||||||
|
"ant-netrexx": "org.apache.ant",
|
||||||
|
"ant-nodeps": "org.apache.ant",
|
||||||
|
"ant-parent": "org.apache.ant",
|
||||||
|
"ant-starteam": "org.apache.ant",
|
||||||
|
"ant-stylebook": "org.apache.ant",
|
||||||
|
"ant-swing": "org.apache.ant",
|
||||||
|
"ant-testutil": "org.apache.ant",
|
||||||
|
"ant-trax": "org.apache.ant",
|
||||||
|
"ant-weblogic": "org.apache.ant",
|
||||||
|
"ant-xz": "org.apache.ant",
|
||||||
|
"spring": "org.springframework",
|
||||||
|
"spring-amqp": "org.springframework.amqp",
|
||||||
|
"spring-batch-core": "org.springframework.batch",
|
||||||
|
"spring-beans": "org.springframework",
|
||||||
|
"spring-boot": "org.springframework.boot",
|
||||||
|
"spring-boot-starter-web": "org.springframework.boot",
|
||||||
|
"spring-boot-starter-webflux": "org.springframework.boot",
|
||||||
|
"spring-cloud-function-context": "org.springframework.cloud",
|
||||||
|
"spring-cloud-function-parent": "org.springframework.cloud",
|
||||||
|
"spring-cloud-gateway": "org.springframework.cloud",
|
||||||
|
"spring-cloud-openfeign-core": "org.springframework.cloud",
|
||||||
|
"spring-cloud-task-dependencies": "org.springframework.cloud",
|
||||||
|
"spring-core": "org.springframework",
|
||||||
|
"spring-data-jpa": "org.springframework.data",
|
||||||
|
"spring-data-mongodb": "org.springframework.data",
|
||||||
|
"spring-data-rest-core": "org.springframework.data",
|
||||||
|
"spring-expression": "org.springframework",
|
||||||
|
"spring-integration-zip": "org.springframework.integration",
|
||||||
|
"spring-oxm": "org.springframework",
|
||||||
|
"spring-security-core": "org.springframework.security",
|
||||||
|
"spring-security-config": "org.springframework.security",
|
||||||
|
"spring-security-oauth": "org.springframework.security.oauth",
|
||||||
|
"spring-security-oauth-parent": "org.springframework.security.oauth",
|
||||||
|
"spring-security-oauth2-client": "org.springframework.security",
|
||||||
|
"spring-session-core": "org.springframework.session",
|
||||||
|
"spring-vault-core": "org.springframework.vault",
|
||||||
|
"spring-web": "org.springframework",
|
||||||
|
"spring-webflow": "org.springframework.webflow",
|
||||||
|
"spring-webflux": "org.springframework",
|
||||||
|
"spring-webmvc": "org.springframework",
|
||||||
|
}
|
||||||
@ -5,6 +5,7 @@ import (
|
|||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
"github.com/anchore/syft/syft/pkg"
|
"github.com/anchore/syft/syft/pkg"
|
||||||
)
|
)
|
||||||
@ -427,3 +428,38 @@ func Test_vendorsFromJavaManifestNames(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func Test_groupIDsFromJavaManifest(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
manifest pkg.JavaManifest
|
||||||
|
expected []string
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
name: "spring-security-core",
|
||||||
|
manifest: pkg.JavaManifest{},
|
||||||
|
expected: []string{"org.springframework.security"},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "spring-web",
|
||||||
|
manifest: pkg.JavaManifest{},
|
||||||
|
expected: []string{"org.springframework"},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "spring-foo",
|
||||||
|
manifest: pkg.JavaManifest{
|
||||||
|
Main: map[string]string{
|
||||||
|
"Implementation-Vendor": "org.foo",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expected: []string{"org.foo"},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, test := range tests {
|
||||||
|
t.Run(test.name, func(t *testing.T) {
|
||||||
|
got := groupIDsFromJavaManifest(test.name, &test.manifest)
|
||||||
|
require.Equal(t, test.expected, got)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@ -9,7 +9,7 @@ import (
|
|||||||
// PackageURL returns the PURL for the specific java package (see https://github.com/package-url/purl-spec)
|
// PackageURL returns the PURL for the specific java package (see https://github.com/package-url/purl-spec)
|
||||||
func packageURL(name, version string, metadata pkg.JavaMetadata) string {
|
func packageURL(name, version string, metadata pkg.JavaMetadata) string {
|
||||||
var groupID = name
|
var groupID = name
|
||||||
groupIDs := cpe.GroupIDsFromJavaMetadata(metadata)
|
groupIDs := cpe.GroupIDsFromJavaMetadata(name, metadata)
|
||||||
if len(groupIDs) > 0 {
|
if len(groupIDs) > 0 {
|
||||||
groupID = groupIDs[0]
|
groupID = groupIDs[0]
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user