oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Sort generated CPEs by specificity (#289)

Browse Source 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
This commit is contained in:
Dan Luhring 2020-12-11 12:08:39 -05:00 committed by GitHub
parent 52bac6e2fd
commit 737a81c38c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 47 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
syft/cataloger/cpe.go
View File

@ -2,6 +2,7 @@ package cataloger
import ( import (
"fmt" "fmt"
"sort"
"strings" "strings"
"github.com/anchore/syft/internal" "github.com/anchore/syft/internal"
@ -12,6 +13,17 @@ import (
// this is functionally equivalent to "*" and consistent with no input given (thus easier to test) // this is functionally equivalent to "*" and consistent with no input given (thus easier to test)
const any = "" const any = ""
func newCPE(product, vendor, version, targetSW string) wfn.Attributes {
cpe := *(wfn.NewAttributesWithAny())
cpe.Part = "a"
cpe.Product = product
cpe.Vendor = vendor
cpe.Version = version
cpe.TargetSW = targetSW
return cpe
}
// generatePackageCPEs Create a list of CPEs, trying to guess the vendor, product tuple and setting TargetSoftware if possible // generatePackageCPEs Create a list of CPEs, trying to guess the vendor, product tuple and setting TargetSoftware if possible
func generatePackageCPEs(p pkg.Package) []pkg.CPE { func generatePackageCPEs(p pkg.Package) []pkg.CPE {
targetSws := candidateTargetSoftwareAttrs(p) targetSws := candidateTargetSoftwareAttrs(p)
@ -31,17 +43,13 @@ func generatePackageCPEs(p pkg.Package) []pkg.CPE {
keys.Add(key) keys.Add(key)
// add a new entry... // add a new entry...
candidateCpe := wfn.NewAttributesWithAny() c := newCPE(product, vendor, p.Version, targetSw)
candidateCpe.Part = "a" cpes = append(cpes, c)
candidateCpe.Product = product }
candidateCpe.Vendor = vendor }
candidateCpe.Version = p.Version }
candidateCpe.TargetSW = targetSw
cpes = append(cpes, *candidateCpe) sort.Sort(ByCPESpecificity(cpes))
}
}
}
return cpes return cpes
} }

31
syft/cataloger/cpe_specificity.go Normal file
View File

@ -0,0 +1,31 @@
package cataloger
import "github.com/facebookincubator/nvdtools/wfn"
type ByCPESpecificity []wfn.Attributes
// Implementing sort.Interface
func (c ByCPESpecificity) Len() int { return len(c) }
func (c ByCPESpecificity) Swap(i, j int) { c[i], c[j] = c[j], c[i] }
func (c ByCPESpecificity) Less(i, j int) bool {
return countSpecifiedFields(c[i]) > countSpecifiedFields(c[j])
}
func countSpecifiedFields(cpe wfn.Attributes) int {
checksForSpecifiedField := []func(cpe wfn.Attributes) bool{
func(cpe wfn.Attributes) bool { return cpe.Part != "" },
func(cpe wfn.Attributes) bool { return cpe.Product != "" },
func(cpe wfn.Attributes) bool { return cpe.Vendor != "" },
func(cpe wfn.Attributes) bool { return cpe.Version != "" },
func(cpe wfn.Attributes) bool { return cpe.TargetSW != "" },
}
count := 0
for _, fieldIsSpecified := range checksForSpecifiedField {
if fieldIsSpecified(cpe) {
count++
}
}
return count
}