oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Implement golang Purl subpath (#2547)

Browse Source 
* Added test for golang package that include subpath into the module

Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>

* Implement golang purl subpath

Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>

---------

Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
This commit is contained in:
Laurent Goderre 2024-01-25 17:04:28 -05:00 committed by GitHub
parent 414fb2f8ad
commit d7c51e5c82
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 32 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
syft/pkg/cataloger/golang/package.go
View File

@ -1,7 +1,6 @@
package golang package golang
import ( import (
"regexp"
"runtime/debug" "runtime/debug"
"strings" "strings"
@ -48,22 +47,27 @@ func packageURL(moduleName, moduleVersion string) string {
// source: https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#golang // source: https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#golang
// note: "The version is often empty when a commit is not specified and should be the commit in most cases when available." // note: "The version is often empty when a commit is not specified and should be the commit in most cases when available."
re := regexp.MustCompile(`(/)[^/]*$`) fields := strings.Split(moduleName, "/")
fields := re.Split(moduleName, -1)
if len(fields) == 0 { if len(fields) == 0 {
return "" return ""
} }
namespace := fields[0]
name := strings.TrimPrefix(strings.TrimPrefix(moduleName, namespace), "/")
if name == "" {
// this is a "short" url (with no namespace)
name = namespace
namespace = ""
}
namespace := ""
name := ""
// The subpath is used to point to a subpath inside a package (e.g. pkg:golang/google.golang.org/genproto#googleapis/api/annotations) // The subpath is used to point to a subpath inside a package (e.g. pkg:golang/google.golang.org/genproto#googleapis/api/annotations)
subpath := "" // TODO: not implemented subpath := ""
switch len(fields) {
case 1:
name = fields[0]
case 2:
name = fields[1]
namespace = fields[0]
default:
name = fields[2]
namespace = strings.Join(fields[0:2], "/")
subpath = strings.Join(fields[3:], "/")
}
return packageurl.NewPackageURL( return packageurl.NewPackageURL(
packageurl.TypeGolang, packageurl.TypeGolang,

15
syft/pkg/cataloger/golang/package_test.go
View File

@ -31,6 +31,21 @@ func Test_packageURL(t *testing.T) {
}, },
expected: "pkg:golang/go.opencensus.io@v0.23.0", expected: "pkg:golang/go.opencensus.io@v0.23.0",
}, },
{
name: "golang with subpath",
pkg: pkg.Package{
Name: "github.com/coreos/go-systemd/v22",
Version: "v22.1.0",
},
expected: "pkg:golang/github.com/coreos/go-systemd@v22.1.0#v22",
},
{
name: "golang with subpath deep",
pkg: pkg.Package{
Name: "google.golang.org/genproto/googleapis/api/annotations",
},
expected: "pkg:golang/google.golang.org/genproto/googleapis#api/annotations",
},
} }
for _, test := range tests { for _, test := range tests {

2
syft/pkg/cataloger/golang/parse_go_binary_test.go
View File

@ -260,7 +260,7 @@ func TestBuildGoPkgInfo(t *testing.T) {
{ {
Name: "github.com/a/b/c", Name: "github.com/a/b/c",
Version: "(devel)", Version: "(devel)",
PURL: "pkg:golang/github.com/a/b/c@(devel)", PURL: "pkg:golang/github.com/a/b@(devel)#c",
Language: pkg.Go, Language: pkg.Go,
Type: pkg.GoModulePkg, Type: pkg.GoModulePkg,
Locations: file.NewLocationSet( Locations: file.NewLocationSet(