oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: use official CPE for linux kernel (#3343)

Browse Source 
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
This commit is contained in:
Weston Steimel 2024-10-17 12:01:40 +00:00 committed by GitHub
parent 80c8bc1afb
commit 5b9601d9c6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
syft/pkg/cataloger/kernel/cataloger_test.go
View File

@ -4,6 +4,7 @@ import (
"testing" "testing"
"github.com/anchore/syft/syft/artifact" "github.com/anchore/syft/syft/artifact"
"github.com/anchore/syft/syft/cpe"
"github.com/anchore/syft/syft/file" "github.com/anchore/syft/syft/file"
"github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/pkg"
"github.com/anchore/syft/syft/pkg/cataloger/internal/pkgtest" "github.com/anchore/syft/syft/pkg/cataloger/internal/pkgtest"
@ -22,6 +23,7 @@ func Test_KernelCataloger(t *testing.T) {
), ),
Type: pkg.LinuxKernelPkg, Type: pkg.LinuxKernelPkg,
PURL: "pkg:generic/linux-kernel@6.0.7-301.fc37.x86_64", PURL: "pkg:generic/linux-kernel@6.0.7-301.fc37.x86_64",
CPEs: []cpe.CPE{cpe.Must("cpe:2.3:o:linux:linux_kernel:6.0.7-301.fc37.x86_64:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource)},
Metadata: pkg.LinuxKernel{ Metadata: pkg.LinuxKernel{
Name: "", Name: "",
Architecture: "x86", Architecture: "x86",

15
syft/pkg/cataloger/kernel/package.go
View File

@ -4,12 +4,26 @@ import (
"strings" "strings"
"github.com/anchore/packageurl-go" "github.com/anchore/packageurl-go"
"github.com/anchore/syft/syft/cpe"
"github.com/anchore/syft/syft/file" "github.com/anchore/syft/syft/file"
"github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/pkg"
) )
const linuxKernelPackageName = "linux-kernel" const linuxKernelPackageName = "linux-kernel"
func createLinuxKernelCPEs(version string) []cpe.CPE {
c := cpe.NewWithAny()
c.Part = "o"
c.Product = "linux_kernel"
c.Vendor = "linux"
c.Version = version
if cpe.ValidateString(c.String()) != nil {
return nil
}
return []cpe.CPE{{Attributes: c, Source: cpe.NVDDictionaryLookupSource}}
}
func newLinuxKernelPackage(metadata pkg.LinuxKernel, archiveLocation file.Location) pkg.Package { func newLinuxKernelPackage(metadata pkg.LinuxKernel, archiveLocation file.Location) pkg.Package {
p := pkg.Package{ p := pkg.Package{
Name: linuxKernelPackageName, Name: linuxKernelPackageName,
@ -18,6 +32,7 @@ func newLinuxKernelPackage(metadata pkg.LinuxKernel, archiveLocation file.Locati
PURL: packageURL(linuxKernelPackageName, metadata.Version), PURL: packageURL(linuxKernelPackageName, metadata.Version),
Type: pkg.LinuxKernelPkg, Type: pkg.LinuxKernelPkg,
Metadata: metadata, Metadata: metadata,
CPEs: createLinuxKernelCPEs(metadata.Version),
} }
p.SetID() p.SetID()