oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

1111 clean name bug (#1347)

Browse Source
This commit is contained in:
Christopher Angelo Phillips 2022-11-18 09:45:18 -05:00 committed by GitHub
parent 9afc9231c0
commit 67888ee855
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 24 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
syft/formats/common/spdxhelpers/document_name.go
View File

@ -1,34 +1,20 @@
package spdxhelpers package spdxhelpers
import ( import (
"path"
"strings"
"github.com/anchore/syft/syft/source" "github.com/anchore/syft/syft/source"
) )
func DocumentName(srcMetadata source.Metadata) string { func DocumentName(srcMetadata source.Metadata) string {
if srcMetadata.Name != "" { if srcMetadata.Name != "" {
return cleanName(srcMetadata.Name) return srcMetadata.Name
} }
switch srcMetadata.Scheme { switch srcMetadata.Scheme {
case source.ImageScheme: case source.ImageScheme:
return cleanName(srcMetadata.ImageMetadata.UserInput) return srcMetadata.ImageMetadata.UserInput
case source.DirectoryScheme, source.FileScheme: case source.DirectoryScheme, source.FileScheme:
return cleanName(srcMetadata.Path) return srcMetadata.Path
default: default:
return "unknown" return "unknown"
} }
} }
func cleanName(name string) string {
// remove # according to specification
name = strings.ReplaceAll(name, "#", "-")
// remove : for url construction
name = strings.ReplaceAll(name, ":", "-")
// clean relative pathing
return path.Clean(name)
}

2
syft/formats/common/spdxhelpers/document_name_test.go
View File

@ -35,7 +35,7 @@ func Test_DocumentName(t *testing.T) {
ManifestDigest: "digest", ManifestDigest: "digest",
}, },
}, },
expected: "image-repo/name-tag", expected: "image-repo/name:tag",
}, },
{ {
name: "directory", name: "directory",

12
syft/formats/common/spdxhelpers/document_namespace.go
View File

@ -4,6 +4,7 @@ import (
"fmt" "fmt"
"net/url" "net/url"
"path" "path"
"strings"
"github.com/google/uuid" "github.com/google/uuid"
@ -23,6 +24,7 @@ func DocumentNameAndNamespace(srcMetadata source.Metadata) (string, string) {
} }
func DocumentNamespace(name string, srcMetadata source.Metadata) string { func DocumentNamespace(name string, srcMetadata source.Metadata) string {
name = cleanName(name)
input := "unknown-source-type" input := "unknown-source-type"
switch srcMetadata.Scheme { switch srcMetadata.Scheme {
case source.ImageScheme: case source.ImageScheme:
@ -47,3 +49,13 @@ func DocumentNamespace(name string, srcMetadata source.Metadata) string {
return u.String() return u.String()
} }
// see: https://spdx.github.io/spdx-spec/v2.3/document-creation-information/#65-spdx-document-namespace-field
func cleanName(name string) string {
// remove # according to specification
name = strings.ReplaceAll(name, "#", "-")
// remove : for url construction
name = strings.ReplaceAll(name, ":", "-")
// clean relative pathing
return path.Clean(name)
}

1
syft/formats/spdxtagvalue/encoder_test.go
View File

@ -52,6 +52,7 @@ func TestSPDXJSONSPDXIDs(t *testing.T) {
Relationships: nil, Relationships: nil,
Source: source.Metadata{ Source: source.Metadata{
Scheme: source.DirectoryScheme, Scheme: source.DirectoryScheme,
Path: "foobar/baz", // in this case, foobar is used as the spdx docment name
}, },
Descriptor: sbom.Descriptor{ Descriptor: sbom.Descriptor{
Name: "syft", Name: "syft",

6
syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXJSONSPDXIDs.golden
View File

@ -1,12 +1,12 @@
SPDXVersion: SPDX-2.3 SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0 DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT SPDXID: SPDXRef-DOCUMENT
DocumentName: . DocumentName: foobar/baz
DocumentNamespace: https://anchore.com/syft/dir/b51d2446-85b4-4b22-9762-12fc135730a7 DocumentNamespace: https://anchore.com/syft/dir/foobar/baz-3d730196-4510-4ee4-9743-9322dd27cee7
LicenseListVersion: 3.18 LicenseListVersion: 3.18
Creator: Organization: Anchore, Inc Creator: Organization: Anchore, Inc
Creator: Tool: syft-v0.42.0-bogus Creator: Tool: syft-v0.42.0-bogus
Created: 2022-11-11T19:25:16Z Created: 2022-11-18T14:21:45Z
##### Package: @at-sign ##### Package: @at-sign

4
syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueDirectoryEncoder.golden
View File

@ -2,11 +2,11 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0 DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT SPDXID: SPDXRef-DOCUMENT
DocumentName: /some/path DocumentName: /some/path
DocumentNamespace: https://anchore.com/syft/dir/some/path-94301cf0-21fd-481a-b555-ea767674cc93 DocumentNamespace: https://anchore.com/syft/dir/some/path-b6078c95-5b97-462d-acb3-9e74bc9ddb43
LicenseListVersion: 3.18 LicenseListVersion: 3.18
Creator: Organization: Anchore, Inc Creator: Organization: Anchore, Inc
Creator: Tool: syft-v0.42.0-bogus Creator: Tool: syft-v0.42.0-bogus
Created: 2022-11-11T19:25:16Z Created: 2022-11-18T14:21:44Z
##### Package: package-2 ##### Package: package-2

4
syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueImageEncoder.golden
View File

@ -2,11 +2,11 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0 DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT SPDXID: SPDXRef-DOCUMENT
DocumentName: user-image-input DocumentName: user-image-input
DocumentNamespace: https://anchore.com/syft/image/user-image-input-258730be-7925-4ef3-9009-d9dc532d2fec DocumentNamespace: https://anchore.com/syft/image/user-image-input-aa272d1e-8bb4-411f-a554-4c9a16ea66fb
LicenseListVersion: 3.18 LicenseListVersion: 3.18
Creator: Organization: Anchore, Inc Creator: Organization: Anchore, Inc
Creator: Tool: syft-v0.42.0-bogus Creator: Tool: syft-v0.42.0-bogus
Created: 2022-11-11T19:25:16Z Created: 2022-11-18T14:21:45Z
##### Package: package-2 ##### Package: package-2

BIN
syft/formats/spdxtagvalue/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden
View File

Binary file not shown.