oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: update 'guessMainPackageNameAndVersionFromPomInfo' and 'artifactIDMatchesFilename' (#3054)

Browse Source 
- Correct retrieval of package name when main POM file exists
- Address issue where wrong package name was retrieved for certain jars
- Example case: 'jansi' jar containing multiple jars like 'jansi-win32'
- Ensure true is returned when filename matches the artifact ID, prevent random retrieval by checking prefix and suffix
- Use fallback check with suffix and prefix if no POM properties file matches the exact artifact name

Signed-off-by: dor-hayun <dor.hayun@mend.io>
Co-authored-by: dor-hayun <dor.hayun@mend.io>
This commit is contained in:
Dor Hayun 2024-08-01 20:47:15 +03:00 committed by GitHub
parent c84cb2cf84
commit 48f1e975f0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
syft/pkg/cataloger/java/archive_parser.go
View File

@ -301,11 +301,17 @@ func (j *archiveParser) guessMainPackageNameAndVersionFromPomInfo(ctx context.Co
properties, _ := pomPropertiesByParentPath(j.archivePath, j.location, pomPropertyMatches) properties, _ := pomPropertiesByParentPath(j.archivePath, j.location, pomPropertyMatches)
projects, _ := pomProjectByParentPath(j.archivePath, j.location, pomMatches) projects, _ := pomProjectByParentPath(j.archivePath, j.location, pomMatches)
// map of all the artifacts in the pom properties, in order to chek exact match with the filename
artifactsMap := make(map[string]bool)
for _, propertiesObj := range properties {
artifactsMap[propertiesObj.ArtifactID] = true
}
parentPaths := maps.Keys(properties) parentPaths := maps.Keys(properties)
slices.Sort(parentPaths) slices.Sort(parentPaths)
for _, parentPath := range parentPaths { for _, parentPath := range parentPaths {
propertiesObj := properties[parentPath] propertiesObj := properties[parentPath]
if artifactIDMatchesFilename(propertiesObj.ArtifactID, j.fileInfo.name) { if artifactIDMatchesFilename(propertiesObj.ArtifactID, j.fileInfo.name, artifactsMap) {
pomPropertiesObject = propertiesObj pomPropertiesObject = propertiesObj
if proj, exists := projects[parentPath]; exists { if proj, exists := projects[parentPath]; exists {
pomProjectObject = proj pomProjectObject = proj
@ -343,10 +349,15 @@ func (j *archiveParser) guessMainPackageNameAndVersionFromPomInfo(ctx context.Co
return name, version, licenses return name, version, licenses
} }
func artifactIDMatchesFilename(artifactID, fileName string) bool { func artifactIDMatchesFilename(artifactID, fileName string, artifactsMap map[string]bool) bool {
if artifactID == "" || fileName == "" { if artifactID == "" || fileName == "" {
return false return false
} }
// Ensure true is returned when filename matches the artifact ID, prevent random retrieval by checking prefix and suffix
if _, exists := artifactsMap[fileName]; exists {
return artifactID == fileName
}
// Use fallback check with suffix and prefix if no POM properties file matches the exact artifact name
return strings.HasPrefix(artifactID, fileName) || strings.HasSuffix(fileName, artifactID) return strings.HasPrefix(artifactID, fileName) || strings.HasSuffix(fileName, artifactID)
} }

2
syft/pkg/cataloger/java/archive_parser_test.go
View File

@ -1156,7 +1156,7 @@ func Test_artifactIDMatchesFilename(t *testing.T) {
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
assert.Equal(t, tt.want, artifactIDMatchesFilename(tt.artifactID, tt.fileName)) assert.Equal(t, tt.want, artifactIDMatchesFilename(tt.artifactID, tt.fileName, nil))
}) })
} }
} }