oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: update 'guessMainPackageNameAndVersionFromPomInfo' and 'artifactIDMatchesFilename' (#3054)

Browse Source 
- Correct retrieval of package name when main POM file exists
- Address issue where wrong package name was retrieved for certain jars
- Example case: 'jansi' jar containing multiple jars like 'jansi-win32'
- Ensure true is returned when filename matches the artifact ID, prevent random retrieval by checking prefix and suffix
- Use fallback check with suffix and prefix if no POM properties file matches the exact artifact name

Signed-off-by: dor-hayun <dor.hayun@mend.io>
Co-authored-by: dor-hayun <dor.hayun@mend.io>
This commit is contained in:
Dor Hayun 2024-08-01 20:47:15 +03:00 committed by GitHub
parent c84cb2cf84
commit 48f1e975f0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
syft/pkg/cataloger/java/archive_parser.go
View File

@ -301,11 +301,17 @@ func (j *archiveParser) guessMainPackageNameAndVersionFromPomInfo(ctx context.Co
properties, _ := pomPropertiesByParentPath(j.archivePath, j.location, pomPropertyMatches)
projects, _ := pomProjectByParentPath(j.archivePath, j.location, pomMatches)
// map of all the artifacts in the pom properties, in order to chek exact match with the filename
artifactsMap := make(map[string]bool)
for _, propertiesObj := range properties {
artifactsMap[propertiesObj.ArtifactID] = true
}
parentPaths := maps.Keys(properties)
slices.Sort(parentPaths)
for _, parentPath := range parentPaths {
propertiesObj := properties[parentPath]
if artifactIDMatchesFilename(propertiesObj.ArtifactID, j.fileInfo.name) {
if artifactIDMatchesFilename(propertiesObj.ArtifactID, j.fileInfo.name, artifactsMap) {
pomPropertiesObject = propertiesObj
if proj, exists := projects[parentPath]; exists {
pomProjectObject = proj
@ -343,10 +349,15 @@ func (j *archiveParser) guessMainPackageNameAndVersionFromPomInfo(ctx context.Co
return name, version, licenses
}
func artifactIDMatchesFilename(artifactID, fileName string) bool {
func artifactIDMatchesFilename(artifactID, fileName string, artifactsMap map[string]bool) bool {
if artifactID == "" || fileName == "" {
return false
}
// Ensure true is returned when filename matches the artifact ID, prevent random retrieval by checking prefix and suffix
if _, exists := artifactsMap[fileName]; exists {
return artifactID == fileName
}
// Use fallback check with suffix and prefix if no POM properties file matches the exact artifact name
return strings.HasPrefix(artifactID, fileName) || strings.HasSuffix(fileName, artifactID)
}

2
syft/pkg/cataloger/java/archive_parser_test.go
View File

@ -1156,7 +1156,7 @@ func Test_artifactIDMatchesFilename(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
assert.Equal(t, tt.want, artifactIDMatchesFilename(tt.artifactID, tt.fileName))
assert.Equal(t, tt.want, artifactIDMatchesFilename(tt.artifactID, tt.fileName, nil))
})
}
}