From ab45be98b839d569513205530f7e792f1913a8cd Mon Sep 17 00:00:00 2001 From: Alex Goodman Date: Thu, 29 Oct 2020 13:52:34 -0400 Subject: [PATCH] append java nested package names to the virtual path Signed-off-by: Alex Goodman --- schema/json/schema.json | 21 +-------------------- syft/cataloger/java/archive_parser.go | 8 +++++++- syft/cataloger/java/archive_parser_test.go | 4 +++- syft/cataloger/java/java_manifest.go | 6 ------ syft/cataloger/java/java_manifest_test.go | 3 ++- 5 files changed, 13 insertions(+), 29 deletions(-) diff --git a/schema/json/schema.json b/schema/json/schema.json index b38874381..370f9c27d 100644 --- a/schema/json/schema.json +++ b/schema/json/schema.json @@ -194,38 +194,19 @@ "implementationTitle": { "type": "string" }, - "implementationVendor": { - "type": "string" - }, "implementationVersion": { "type": "string" }, "manifestVersion": { "type": "string" }, - "name": { - "type": "string" - }, "specificationTitle": { "type": "string" - }, - "specificationVendor": { - "type": "string" - }, - "specificationVersion": { - "type": "string" } }, "required": [ "extraFields", - "implementationTitle", - "implementationVendor", - "implementationVersion", - "manifestVersion", - "name", - "specificationTitle", - "specificationVendor", - "specificationVersion" + "manifestVersion" ], "type": "object" }, diff --git a/syft/cataloger/java/archive_parser.go b/syft/cataloger/java/archive_parser.go index 691bb5564..ca0f13dc2 100644 --- a/syft/cataloger/java/archive_parser.go +++ b/syft/cataloger/java/archive_parser.go @@ -177,6 +177,12 @@ func (j *archiveParser) discoverPkgsFromPomProperties(parentPkg *pkg.Package) ([ if propsObj.Version != "" && propsObj.ArtifactID != "" { // TODO: if there is no parentPkg (no java manifest) one of these poms could be the parent. We should discover the right parent and attach the correct info accordingly to each discovered package + // keep the artifact name within the virtual path if this package does not match the parent package + vPathSuffix := "" + if !strings.HasPrefix(propsObj.ArtifactID, parentPkg.Name) { + vPathSuffix += ":" + propsObj.ArtifactID + } + // discovered props = new package p := pkg.Package{ Name: propsObj.ArtifactID, @@ -185,7 +191,7 @@ func (j *archiveParser) discoverPkgsFromPomProperties(parentPkg *pkg.Package) ([ Type: pkg.JavaPkg, MetadataType: pkg.JavaMetadataType, Metadata: pkg.JavaMetadata{ - VirtualPath: j.virtualPath, + VirtualPath: j.virtualPath + vPathSuffix, PomProperties: propsObj, Parent: parentPkg, }, diff --git a/syft/cataloger/java/archive_parser_test.go b/syft/cataloger/java/archive_parser_test.go index c5f526bd7..e93374cfc 100644 --- a/syft/cataloger/java/archive_parser_test.go +++ b/syft/cataloger/java/archive_parser_test.go @@ -236,7 +236,9 @@ func TestParseJar(t *testing.T) { Type: pkg.JavaPkg, MetadataType: pkg.JavaMetadataType, Metadata: pkg.JavaMetadata{ - VirtualPath: "test-fixtures/java-builds/packages/example-java-app-maven-0.1.0.jar", + // ensure that nested packages with different names than that of the parent are appended as + // a suffix on the virtual path + VirtualPath: "test-fixtures/java-builds/packages/example-java-app-maven-0.1.0.jar:joda-time", PomProperties: &pkg.PomProperties{ Path: "META-INF/maven/joda-time/joda-time/pom.properties", GroupID: "joda-time", diff --git a/syft/cataloger/java/java_manifest.go b/syft/cataloger/java/java_manifest.go index 02c0f6031..bb08062fe 100644 --- a/syft/cataloger/java/java_manifest.go +++ b/syft/cataloger/java/java_manifest.go @@ -72,12 +72,6 @@ func parseJavaManifest(reader io.Reader) (*pkg.JavaManifest, error) { manifest.Sections = sections[1:] } - // clean select fields - if strings.Trim(manifest.ImplVersion, " ") != "" { - // transform versions with dates attached to just versions (e.g. "1.3 2244 October 5 2008" --> "1.3") - manifest.ImplVersion = strings.Split(manifest.ImplVersion, " ")[0] - } - return &manifest, nil } diff --git a/syft/cataloger/java/java_manifest_test.go b/syft/cataloger/java/java_manifest_test.go index ad80b4871..00e2560bf 100644 --- a/syft/cataloger/java/java_manifest_test.go +++ b/syft/cataloger/java/java_manifest_test.go @@ -62,10 +62,11 @@ func TestParseJavaManifest(t *testing.T) { }, }, { + // regression test, we should always keep the full version fixture: "test-fixtures/manifest/version-with-date", expected: pkg.JavaManifest{ ManifestVersion: "1.0", - ImplVersion: "1.3", // ensure the date is stripped off during processing + ImplVersion: "1.3 2244 October 5 2005", }, }, }