Correct CycloneDX distro decoding (#745)

2025-11-17 16:33:21 +01:00 · 2022-03-11 09:27:18 -05:00 · 2022-03-11 09:27:18 -05:00 · 6c8102bf28
commit 6c8102bf28
parent 7789506dc6
2 changed files with 36 additions and 23 deletions
--- a/internal/formats/common/cyclonedxhelpers/decoder.go
+++ b/internal/formats/common/cyclonedxhelpers/decoder.go
@ -5,6 +5,8 @@ import (
 	"io"
 	"github.com/CycloneDX/cyclonedx-go"
 	"github.com/anchore/syft/internal/formats/common"
 	"github.com/anchore/syft/syft/artifact"
 	"github.com/anchore/syft/syft/linux"
 	"github.com/anchore/syft/syft/pkg"
@ -157,6 +159,14 @@ func linuxReleaseFromOSComponent(component *cyclonedx.Component) *linux.Release
 		}
 	}
 	if component.Properties != nil {
 		values := map[string]string{}
 		for _, p := range *component.Properties {
 			values[p.Name] = p.Value
 		}
 		common.DecodeInto(&rel, values, "syft:distro", CycloneDXFields)
 	}
 	return rel
 }
--- a/test/integration/encode_decode_cycle_test.go
+++ b/test/integration/encode_decode_cycle_test.go
@ -54,35 +54,38 @@ func TestEncodeDecodeEncodeCycleComparison(t *testing.T) {
 	for _, test := range tests {
 		t.Run(string(test.formatOption), func(t *testing.T) {
-			originalSBOM, _ := catalogFixtureImage(t, "image-pkg-coverage")
+			// use second image for relationships
 			for _, image := range []string{"image-pkg-coverage", "image-owning-package"} {
 				originalSBOM, _ := catalogFixtureImage(t, image)
-			format := syft.FormatByID(test.formatOption)
+				format := syft.FormatByID(test.formatOption)
-			require.NotNil(t, format)
+				require.NotNil(t, format)
-			by1, err := syft.Encode(originalSBOM, format)
+				by1, err := syft.Encode(originalSBOM, format)
-			assert.NoError(t, err)
+				assert.NoError(t, err)
-			newSBOM, newFormat, err := syft.Decode(bytes.NewReader(by1))
+				newSBOM, newFormat, err := syft.Decode(bytes.NewReader(by1))
-			assert.NoError(t, err)
+				assert.NoError(t, err)
-			assert.Equal(t, format.ID(), newFormat.ID())
+				assert.Equal(t, format.ID(), newFormat.ID())
-			by2, err := syft.Encode(*newSBOM, format)
+				by2, err := syft.Encode(*newSBOM, format)
-			assert.NoError(t, err)
+				assert.NoError(t, err)
-			if test.redactor != nil {
+				if test.redactor != nil {
-				by1 = test.redactor(by1)
+					by1 = test.redactor(by1)
-				by2 = test.redactor(by2)
+					by2 = test.redactor(by2)
-			}
+				}
-			if test.json {
+				if test.json {
-				s1 := string(by1)
+					s1 := string(by1)
-				s2 := string(by2)
+					s2 := string(by2)
-				assert.JSONEq(t, s1, s2)
+					assert.JSONEq(t, s1, s2)
-			} else {
+				} else {
-				if !assert.True(t, bytes.Equal(by1, by2)) {
+					if !assert.True(t, bytes.Equal(by1, by2)) {
-					dmp := diffmatchpatch.New()
+						dmp := diffmatchpatch.New()
-					diffs := dmp.DiffMain(string(by1), string(by2), true)
+						diffs := dmp.DiffMain(string(by1), string(by2), true)
-					t.Errorf("diff: %s", dmp.DiffPrettyText(diffs))
+						t.Errorf("diff: %s", dmp.DiffPrettyText(diffs))
 					}
 				}
 			}
 		})