diff --git a/go.mod b/go.mod index 9f501954a..1f156f568 100644 --- a/go.mod +++ b/go.mod @@ -45,3 +45,5 @@ require ( golang.org/x/mod v0.3.0 gopkg.in/yaml.v2 v2.3.0 ) + +replace github.com/package-url/packageurl-go v0.1.0 => github.com/anchore/packageurl-go v0.1.0-fixed diff --git a/go.sum b/go.sum index b2128c86d..c1e50da0a 100644 --- a/go.sum +++ b/go.sum @@ -115,6 +115,8 @@ github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 h1:VzprUTpc0v github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04/go.mod h1:6dK64g27Qi1qGQZ67gFmBFvEHScy0/C8qhQhNe5B5pQ= github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b h1:e1bmaoJfZVsCYMrIZBpFxwV26CbsuoEh5muXD5I1Ods= github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E= +github.com/anchore/packageurl-go v0.1.0-fixed h1:2QJUTALDF7m2WHPOS1NyHguSX4ciG0xD3idaBQwHJS8= +github.com/anchore/packageurl-go v0.1.0-fixed/go.mod h1:C/ApiuWpmbpni4DIOECf6WCjFUZV7O1Fx7VAzrZHgBw= github.com/anchore/stereoscope v0.0.0-20210524175238-3b7662f3a66f h1:bFadyOLOkzME3BrZFZ5m8cf/b2hsn3aMSS9s+SKubRk= github.com/anchore/stereoscope v0.0.0-20210524175238-3b7662f3a66f/go.mod h1:vhh1M99rfWx5ejMvz1lkQiFZUrC5wu32V12R4JXH+ZI= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= @@ -589,8 +591,6 @@ github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5X github.com/opencontainers/runc v0.1.1 h1:GlxAyO6x8rfZYN9Tt0Kti5a/cP41iuiO2yYT0IJGY8Y= github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/package-url/packageurl-go v0.1.0 h1:efWBc98O/dBZRg1pw2xiDzovnlMjCa9NPnfaiBduh8I= -github.com/package-url/packageurl-go v0.1.0/go.mod h1:C/ApiuWpmbpni4DIOECf6WCjFUZV7O1Fx7VAzrZHgBw= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= diff --git a/syft/pkg/apk_metadata_test.go b/syft/pkg/apk_metadata_test.go index 1ff43a12b..ef58401a7 100644 --- a/syft/pkg/apk_metadata_test.go +++ b/syft/pkg/apk_metadata_test.go @@ -5,6 +5,7 @@ import ( "testing" "github.com/go-test/deep" + "github.com/package-url/packageurl-go" "github.com/sergi/go-diff/diffmatchpatch" ) @@ -21,6 +22,23 @@ func TestApkMetadata_pURL(t *testing.T) { }, expected: "pkg:alpine/p@v?arch=a", }, + // verify #351 + { + metadata: ApkMetadata{ + Package: "g++", + Version: "v84", + Architecture: "am86", + }, + expected: "pkg:alpine/g++@v84?arch=am86", + }, + { + metadata: ApkMetadata{ + Package: "g plus plus", + Version: "v84", + Architecture: "am86", + }, + expected: "pkg:alpine/g%20plus%20plus@v84?arch=am86", + }, } for _, test := range tests { @@ -31,6 +49,26 @@ func TestApkMetadata_pURL(t *testing.T) { diffs := dmp.DiffMain(test.expected, actual, true) t.Errorf("diff: %s", dmp.DiffPrettyText(diffs)) } + // verify packageurl can parse + purl, err := packageurl.FromString(actual) + if err != nil { + t.Errorf("cannot re-parse purl: %s", actual) + } + if purl.Name != test.metadata.Package { + dmp := diffmatchpatch.New() + diffs := dmp.DiffMain(test.metadata.Package, purl.Name, true) + t.Errorf("invalid purl name: %s", dmp.DiffPrettyText(diffs)) + } + if purl.Version != test.metadata.Version { + dmp := diffmatchpatch.New() + diffs := dmp.DiffMain(test.metadata.Version, purl.Version, true) + t.Errorf("invalid purl version: %s", dmp.DiffPrettyText(diffs)) + } + if purl.Qualifiers.Map()["arch"] != test.metadata.Architecture { + dmp := diffmatchpatch.New() + diffs := dmp.DiffMain(test.metadata.Architecture, purl.Qualifiers.Map()["arch"], true) + t.Errorf("invalid purl architecture: %s", dmp.DiffPrettyText(diffs)) + } }) } }