oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2026-02-12 10:36:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: capture dependencies when parsing SPDX SBOMs (#2869)

Browse Source 
Signed-off-by: Russell Haering <russellhaering@gmail.com>
This commit is contained in:
Russell Haering 2024-05-14 06:57:48 -07:00 committed by GitHub
parent 4a18895545
commit e767bcff4b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 67 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
syft/format/common/spdxhelpers/to_syft_model.go
View File

@ -381,6 +381,13 @@ func collectDocRelationships(spdxIDMap map[string]any, doc *spdx.Document) (out
} }
} else { } else {
switch helpers.RelationshipType(r.Relationship) { switch helpers.RelationshipType(r.Relationship) {
case helpers.DependencyOfRelationship:
typ = artifact.DependencyOfRelationship
to = toPackage
case helpers.DependsOnRelationship:
typ = artifact.DependencyOfRelationship
to = from
from = toPackage
case helpers.ContainsRelationship: case helpers.ContainsRelationship:
typ = artifact.ContainsRelationship typ = artifact.ContainsRelationship
to = toPackage to = toPackage

60
syft/format/common/spdxhelpers/to_syft_model_test.go
View File

@ -414,6 +414,66 @@ func Test_toSyftRelationships(t *testing.T) {
}, },
}, },
}, },
{
name: "dependency-of relationship",
args: args{
spdxIDMap: map[string]any{
string(toSPDXID(pkg2)): pkg2,
string(toSPDXID(pkg3)): pkg3,
},
doc: &spdx.Document{
Relationships: []*spdx.Relationship{
{
RefA: common.DocElementID{
ElementRefID: toSPDXID(pkg2),
},
RefB: common.DocElementID{
ElementRefID: toSPDXID(pkg3),
},
Relationship: spdx.RelationshipDependencyOf,
RelationshipComment: "dependency-of: indicates that the package in RefA is a dependency of the package in RefB",
},
},
},
},
want: []artifact.Relationship{
{
From: pkg2,
To: pkg3,
Type: artifact.DependencyOfRelationship,
},
},
},
{
name: "dependends-on relationship",
args: args{
spdxIDMap: map[string]any{
string(toSPDXID(pkg2)): pkg2,
string(toSPDXID(pkg3)): pkg3,
},
doc: &spdx.Document{
Relationships: []*spdx.Relationship{
{
RefA: common.DocElementID{
ElementRefID: toSPDXID(pkg3),
},
RefB: common.DocElementID{
ElementRefID: toSPDXID(pkg2),
},
Relationship: spdx.RelationshipDependsOn,
RelationshipComment: "dependends-on: indicates that the package in RefA depends on the package in RefB",
},
},
},
},
want: []artifact.Relationship{
{
From: pkg2,
To: pkg3,
Type: artifact.DependencyOfRelationship,
},
},
},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {