From 48f1e975f05183390d7c01718865f5f66e3f9012 Mon Sep 17 00:00:00 2001 From: Dor Hayun <94103962+dor-hayun@users.noreply.github.com> Date: Thu, 1 Aug 2024 20:47:15 +0300 Subject: [PATCH] fix: update 'guessMainPackageNameAndVersionFromPomInfo' and 'artifactIDMatchesFilename' (#3054) - Correct retrieval of package name when main POM file exists - Address issue where wrong package name was retrieved for certain jars - Example case: 'jansi' jar containing multiple jars like 'jansi-win32' - Ensure true is returned when filename matches the artifact ID, prevent random retrieval by checking prefix and suffix - Use fallback check with suffix and prefix if no POM properties file matches the exact artifact name Signed-off-by: dor-hayun Co-authored-by: dor-hayun --- syft/pkg/cataloger/java/archive_parser.go | 15 +++++++++++++-- syft/pkg/cataloger/java/archive_parser_test.go | 2 +- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/syft/pkg/cataloger/java/archive_parser.go b/syft/pkg/cataloger/java/archive_parser.go index 2262d79fb..789b3b9d3 100644 --- a/syft/pkg/cataloger/java/archive_parser.go +++ b/syft/pkg/cataloger/java/archive_parser.go @@ -301,11 +301,17 @@ func (j *archiveParser) guessMainPackageNameAndVersionFromPomInfo(ctx context.Co properties, _ := pomPropertiesByParentPath(j.archivePath, j.location, pomPropertyMatches) projects, _ := pomProjectByParentPath(j.archivePath, j.location, pomMatches) + // map of all the artifacts in the pom properties, in order to chek exact match with the filename + artifactsMap := make(map[string]bool) + for _, propertiesObj := range properties { + artifactsMap[propertiesObj.ArtifactID] = true + } + parentPaths := maps.Keys(properties) slices.Sort(parentPaths) for _, parentPath := range parentPaths { propertiesObj := properties[parentPath] - if artifactIDMatchesFilename(propertiesObj.ArtifactID, j.fileInfo.name) { + if artifactIDMatchesFilename(propertiesObj.ArtifactID, j.fileInfo.name, artifactsMap) { pomPropertiesObject = propertiesObj if proj, exists := projects[parentPath]; exists { pomProjectObject = proj @@ -343,10 +349,15 @@ func (j *archiveParser) guessMainPackageNameAndVersionFromPomInfo(ctx context.Co return name, version, licenses } -func artifactIDMatchesFilename(artifactID, fileName string) bool { +func artifactIDMatchesFilename(artifactID, fileName string, artifactsMap map[string]bool) bool { if artifactID == "" || fileName == "" { return false } + // Ensure true is returned when filename matches the artifact ID, prevent random retrieval by checking prefix and suffix + if _, exists := artifactsMap[fileName]; exists { + return artifactID == fileName + } + // Use fallback check with suffix and prefix if no POM properties file matches the exact artifact name return strings.HasPrefix(artifactID, fileName) || strings.HasSuffix(fileName, artifactID) } diff --git a/syft/pkg/cataloger/java/archive_parser_test.go b/syft/pkg/cataloger/java/archive_parser_test.go index 968be8578..74a2195e3 100644 --- a/syft/pkg/cataloger/java/archive_parser_test.go +++ b/syft/pkg/cataloger/java/archive_parser_test.go @@ -1156,7 +1156,7 @@ func Test_artifactIDMatchesFilename(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - assert.Equal(t, tt.want, artifactIDMatchesFilename(tt.artifactID, tt.fileName)) + assert.Equal(t, tt.want, artifactIDMatchesFilename(tt.artifactID, tt.fileName, nil)) }) } }