From 95a04cadea725be77c221d9bba340de82fad99a7 Mon Sep 17 00:00:00 2001
From: Filip Pytloun <filip@pytloun.cz>
Date: Tue, 2 May 2023 22:43:52 +0200
Subject: [PATCH] Search /usr/share for rpmdb to fix scan on ostree-managed
 images (#1756)

Fixes: https://github.com/anchore/syft/issues/1755

Signed-off-by: Filip Pytloun <filip@pytloun.cz>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
---
 syft/pkg/cataloger/rpm/cataloger_test.go                      | 3 +++
 .../rpm/test-fixtures/glob-paths/usr/share/rpm/Packages       | 1 +
 .../rpm/test-fixtures/glob-paths/usr/share/rpm/Packages.db    | 1 +
 .../rpm/test-fixtures/glob-paths/usr/share/rpm/rpmdb.sqlite   | 1 +
 syft/pkg/rpm_metadata.go                                      | 4 +++-
 5 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 syft/pkg/cataloger/rpm/test-fixtures/glob-paths/usr/share/rpm/Packages
 create mode 100644 syft/pkg/cataloger/rpm/test-fixtures/glob-paths/usr/share/rpm/Packages.db
 create mode 100644 syft/pkg/cataloger/rpm/test-fixtures/glob-paths/usr/share/rpm/rpmdb.sqlite

diff --git a/syft/pkg/cataloger/rpm/cataloger_test.go b/syft/pkg/cataloger/rpm/cataloger_test.go
index ca8907e21..92b920532 100644
--- a/syft/pkg/cataloger/rpm/cataloger_test.go
+++ b/syft/pkg/cataloger/rpm/cataloger_test.go
@@ -16,6 +16,9 @@ func Test_DBCataloger_Globs(t *testing.T) {
 			name:    "obtain DB files",
 			fixture: "test-fixtures/glob-paths",
 			expected: []string{
+				"usr/share/rpm/Packages",
+				"usr/share/rpm/Packages.db",
+				"usr/share/rpm/rpmdb.sqlite",
 				"var/lib/rpm/Packages",
 				"var/lib/rpm/Packages.db",
 				"var/lib/rpm/rpmdb.sqlite",
diff --git a/syft/pkg/cataloger/rpm/test-fixtures/glob-paths/usr/share/rpm/Packages b/syft/pkg/cataloger/rpm/test-fixtures/glob-paths/usr/share/rpm/Packages
new file mode 100644
index 000000000..882b6040c
--- /dev/null
+++ b/syft/pkg/cataloger/rpm/test-fixtures/glob-paths/usr/share/rpm/Packages
@@ -0,0 +1 @@
+bogus
\ No newline at end of file
diff --git a/syft/pkg/cataloger/rpm/test-fixtures/glob-paths/usr/share/rpm/Packages.db b/syft/pkg/cataloger/rpm/test-fixtures/glob-paths/usr/share/rpm/Packages.db
new file mode 100644
index 000000000..882b6040c
--- /dev/null
+++ b/syft/pkg/cataloger/rpm/test-fixtures/glob-paths/usr/share/rpm/Packages.db
@@ -0,0 +1 @@
+bogus
\ No newline at end of file
diff --git a/syft/pkg/cataloger/rpm/test-fixtures/glob-paths/usr/share/rpm/rpmdb.sqlite b/syft/pkg/cataloger/rpm/test-fixtures/glob-paths/usr/share/rpm/rpmdb.sqlite
new file mode 100644
index 000000000..882b6040c
--- /dev/null
+++ b/syft/pkg/cataloger/rpm/test-fixtures/glob-paths/usr/share/rpm/rpmdb.sqlite
@@ -0,0 +1 @@
+bogus
\ No newline at end of file
diff --git a/syft/pkg/rpm_metadata.go b/syft/pkg/rpm_metadata.go
index 1491b4900..899147d17 100644
--- a/syft/pkg/rpm_metadata.go
+++ b/syft/pkg/rpm_metadata.go
@@ -8,10 +8,12 @@ import (
 	"github.com/anchore/syft/syft/file"
 )
 
+// /var/lib/rpm/... is the typical path for most distributions
+// /usr/share/rpm/... is common for rpm-ostree distributions (coreos-like)
 // Packages is the legacy Berkely db based format
 // Packages.db is the "ndb" format used in SUSE
 // rpmdb.sqlite is the sqlite format used in fedora + derivates
-const RpmDBGlob = "**/var/lib/rpm/{Packages,Packages.db,rpmdb.sqlite}"
+const RpmDBGlob = "**/{var/lib,usr/share}/rpm/{Packages,Packages.db,rpmdb.sqlite}"
 
 // Used in CBL-Mariner distroless images
 const RpmManifestGlob = "**/var/lib/rpmmanifest/container-manifest-2"