Correct CycloneDX distro decoding (#745)

2025-11-17 16:33:21 +01:00 · 2022-03-11 09:27:18 -05:00 · 2022-03-11 09:27:18 -05:00 · 6c8102bf28
commit 6c8102bf28
parent 7789506dc6
2 changed files with 36 additions and 23 deletions
--- a/internal/formats/common/cyclonedxhelpers/decoder.go
+++ b/internal/formats/common/cyclonedxhelpers/decoder.go
@ -5,6 +5,8 @@ import (
 	"io"

 	"github.com/CycloneDX/cyclonedx-go"
+
+	"github.com/anchore/syft/internal/formats/common"
 	"github.com/anchore/syft/syft/artifact"
 	"github.com/anchore/syft/syft/linux"
 	"github.com/anchore/syft/syft/pkg"
@ -157,6 +159,14 @@ func linuxReleaseFromOSComponent(component *cyclonedx.Component) *linux.Release
 		}
 	}

+	if component.Properties != nil {
+		values := map[string]string{}
+		for _, p := range *component.Properties {
+			values[p.Name] = p.Value
+		}
+		common.DecodeInto(&rel, values, "syft:distro", CycloneDXFields)
+	}
+
 	return rel
 }

--- a/test/integration/encode_decode_cycle_test.go
+++ b/test/integration/encode_decode_cycle_test.go
@ -54,7 +54,9 @@ func TestEncodeDecodeEncodeCycleComparison(t *testing.T) {
 	for _, test := range tests {
 		t.Run(string(test.formatOption), func(t *testing.T) {

-			originalSBOM, _ := catalogFixtureImage(t, "image-pkg-coverage")
+			// use second image for relationships
+			for _, image := range []string{"image-pkg-coverage", "image-owning-package"} {
+				originalSBOM, _ := catalogFixtureImage(t, image)

 				format := syft.FormatByID(test.formatOption)
 				require.NotNil(t, format)
@ -85,6 +87,7 @@ func TestEncodeDecodeEncodeCycleComparison(t *testing.T) {
 						t.Errorf("diff: %s", dmp.DiffPrettyText(diffs))
 					}
 				}
+			}
 		})
 	}
 }