oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: use java package names to determine known groupids (#2032)

Browse Source 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
This commit is contained in:
Keith Zantow 2023-08-17 12:55:25 -04:00 committed by GitHub
parent d1635971a1
commit 4762ba0943
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 114 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
syft/pkg/cataloger/common/cpe/java.go
View File

@ -181,13 +181,13 @@ func GroupIDsFromJavaPackage(p pkg.Package) (groupIDs []string) {
return nil
}
return GroupIDsFromJavaMetadata(metadata)
return GroupIDsFromJavaMetadata(p.Name, metadata)
}
func GroupIDsFromJavaMetadata(metadata pkg.JavaMetadata) (groupIDs []string) {
func GroupIDsFromJavaMetadata(pkgName string, metadata pkg.JavaMetadata) (groupIDs []string) {
groupIDs = append(groupIDs, groupIDsFromPomProperties(metadata.PomProperties)...)
groupIDs = append(groupIDs, groupIDsFromPomProject(metadata.PomProject)...)
groupIDs = append(groupIDs, groupIDsFromJavaManifest(metadata.Manifest)...)
groupIDs = append(groupIDs, groupIDsFromJavaManifest(pkgName, metadata.Manifest)...)
return groupIDs
}
@ -241,7 +241,11 @@ func addGroupIDsFromGroupIDsAndArtifactID(groupID, artifactID string) (groupIDs
return groupIDs
}
func groupIDsFromJavaManifest(manifest *pkg.JavaManifest) []string {
func groupIDsFromJavaManifest(pkgName string, manifest *pkg.JavaManifest) []string {
if groupID, ok := defaultArtifactIDToGroupID[pkgName]; ok {
return []string{groupID}
}
if manifest == nil {
return nil
}

69
syft/pkg/cataloger/common/cpe/java_groupid_map.go Normal file
View File

@ -0,0 +1,69 @@
package cpe
var defaultArtifactIDToGroupID = map[string]string{
"ant": "org.apache.ant",
"ant-antlr": "org.apache.ant",
"ant-antunit": "org.apache.ant",
"ant-apache-bcel": "org.apache.ant",
"ant-apache-bsf": "org.apache.ant",
"ant-apache-log4j": "org.apache.ant",
"ant-apache-oro": "org.apache.ant",
"ant-apache-regexp": "org.apache.ant",
"ant-apache-resolver": "org.apache.ant",
"ant-apache-xalan2": "org.apache.ant",
"ant-commons-logging": "org.apache.ant",
"ant-commons-net": "org.apache.ant",
"ant-compress": "org.apache.ant",
"ant-dotnet": "org.apache.ant",
"ant-imageio": "org.apache.ant",
"ant-jai": "org.apache.ant",
"ant-jakartamail": "org.apache.ant",
"ant-javamail": "org.apache.ant",
"ant-jdepend": "org.apache.ant",
"ant-jmf": "org.apache.ant",
"ant-jsch": "org.apache.ant",
"ant-junit": "org.apache.ant",
"ant-junit4": "org.apache.ant",
"ant-junitlauncher": "org.apache.ant",
"ant-launcher": "org.apache.ant",
"ant-netrexx": "org.apache.ant",
"ant-nodeps": "org.apache.ant",
"ant-parent": "org.apache.ant",
"ant-starteam": "org.apache.ant",
"ant-stylebook": "org.apache.ant",
"ant-swing": "org.apache.ant",
"ant-testutil": "org.apache.ant",
"ant-trax": "org.apache.ant",
"ant-weblogic": "org.apache.ant",
"ant-xz": "org.apache.ant",
"spring": "org.springframework",
"spring-amqp": "org.springframework.amqp",
"spring-batch-core": "org.springframework.batch",
"spring-beans": "org.springframework",
"spring-boot": "org.springframework.boot",
"spring-boot-starter-web": "org.springframework.boot",
"spring-boot-starter-webflux": "org.springframework.boot",
"spring-cloud-function-context": "org.springframework.cloud",
"spring-cloud-function-parent": "org.springframework.cloud",
"spring-cloud-gateway": "org.springframework.cloud",
"spring-cloud-openfeign-core": "org.springframework.cloud",
"spring-cloud-task-dependencies": "org.springframework.cloud",
"spring-core": "org.springframework",
"spring-data-jpa": "org.springframework.data",
"spring-data-mongodb": "org.springframework.data",
"spring-data-rest-core": "org.springframework.data",
"spring-expression": "org.springframework",
"spring-integration-zip": "org.springframework.integration",
"spring-oxm": "org.springframework",
"spring-security-core": "org.springframework.security",
"spring-security-config": "org.springframework.security",
"spring-security-oauth": "org.springframework.security.oauth",
"spring-security-oauth-parent": "org.springframework.security.oauth",
"spring-security-oauth2-client": "org.springframework.security",
"spring-session-core": "org.springframework.session",
"spring-vault-core": "org.springframework.vault",
"spring-web": "org.springframework",
"spring-webflow": "org.springframework.webflow",
"spring-webflux": "org.springframework",
"spring-webmvc": "org.springframework",
}

36
syft/pkg/cataloger/common/cpe/java_test.go
View File

@ -5,6 +5,7 @@ import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/anchore/syft/syft/pkg"
)
@ -427,3 +428,38 @@ func Test_vendorsFromJavaManifestNames(t *testing.T) {
})
}
}
func Test_groupIDsFromJavaManifest(t *testing.T) {
tests := []struct {
name string
manifest pkg.JavaManifest
expected []string
}{
{
name: "spring-security-core",
manifest: pkg.JavaManifest{},
expected: []string{"org.springframework.security"},
},
{
name: "spring-web",
manifest: pkg.JavaManifest{},
expected: []string{"org.springframework"},
},
{
name: "spring-foo",
manifest: pkg.JavaManifest{
Main: map[string]string{
"Implementation-Vendor": "org.foo",
},
},
expected: []string{"org.foo"},
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
got := groupIDsFromJavaManifest(test.name, &test.manifest)
require.Equal(t, test.expected, got)
})
}
}

2
syft/pkg/cataloger/java/package_url.go
View File

@ -9,7 +9,7 @@ import (
// PackageURL returns the PURL for the specific java package (see https://github.com/package-url/purl-spec)
func packageURL(name, version string, metadata pkg.JavaMetadata) string {
var groupID = name
groupIDs := cpe.GroupIDsFromJavaMetadata(metadata)
groupIDs := cpe.GroupIDsFromJavaMetadata(name, metadata)
if len(groupIDs) > 0 {
groupID = groupIDs[0]
}