test: remove dll files and updates tests to use versionResources (#2276)

* test: remove dll files and updates tests to use versionResources

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* test: update integration tests with dot net coverage

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* chore: move test cases to appropriate blocks

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* fix: chmod only the dll

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* fix: add primary annotation key to packages

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* chore: bump number of packages with new dotnet package

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

syft/pkg/cataloger/dotnet/parse_dotnet_portable_executable.go

@@ -42,16 +42,26 @@ func parseDotnetPortableExecutable(_ file.Resolver, _ *generic.Environment, f fi
 		return nil, nil, nil
 	}
 
+	dotNetPkg, err := buildDotNetPackage(versionResources, f)
+	if err != nil {
+		// this is not a fatal error, just log and continue
+		// TODO: consider this case for "known unknowns" (same goes for cases below)
+		log.Tracef("unable to build dotnet package: %w", err)
+		return nil, nil, nil
+	}
+
+	return []pkg.Package{dotNetPkg}, nil, nil
+}
+
+func buildDotNetPackage(versionResources map[string]string, f file.LocationReadCloser) (dnpkg pkg.Package, err error) {
 	name := findName(versionResources)
 	if name == "" {
-		log.Tracef("unable to find FileDescription, or ProductName in PE file: %s", f.RealPath)
-		return nil, nil, nil
+		return dnpkg, fmt.Errorf("unable to find FileDescription, or ProductName in PE file: %s", f.RealPath)
 	}
 
 	version := findVersion(versionResources)
 	if strings.TrimSpace(version) == "" {
-		log.Tracef("unable to find FileVersion in PE file: %s", f.RealPath)
-		return nil, nil, nil
+		return dnpkg, fmt.Errorf("unable to find FileVersion in PE file: %s", f.RealPath)
 	}
 
 	purl := packageurl.NewPackageURL(
@@ -73,18 +83,19 @@ func parseDotnetPortableExecutable(_ file.Resolver, _ *generic.Environment, f fi
 		ProductVersion:  versionResources["ProductVersion"],
 	}
 
-	p := pkg.Package{
+	dnpkg = pkg.Package{
 		Name:      name,
 		Version:   version,
-		Locations: file.NewLocationSet(f.Location),
+		Locations: file.NewLocationSet(f.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)),
 		Type:      pkg.DotnetPkg,
+		Language:  pkg.Dotnet,
 		PURL:      purl,
 		Metadata:  metadata,
 	}
 
-	p.SetID()
+	dnpkg.SetID()
 
-	return []pkg.Package{p}, nil, nil
+	return dnpkg, nil
 }
 
 func findVersion(versionResources map[string]string) string {

syft/pkg/cataloger/dotnet/parse_dotnet_portable_executable_test.go

@@ -3,7 +3,8 @@ package dotnet
 import (
 	"testing"
 
-	"github.com/anchore/syft/syft/artifact"
+	"github.com/stretchr/testify/assert"
+
 	"github.com/anchore/syft/syft/file"
 	"github.com/anchore/syft/syft/pkg"
 	"github.com/anchore/syft/syft/pkg/cataloger/internal/pkgtest"
@@ -11,73 +12,81 @@ import (
 
 func TestParseDotnetPortableExecutable(t *testing.T) {
 	tests := []struct {
-		fixture  string
-		expected []pkg.Package
+		name             string
+		versionResources map[string]string
+		expectedPackage  pkg.Package
 	}{
 		{
-			fixture: "test-fixtures/System.Buffers.dll",
-			expected: []pkg.Package{
-				{
-					Name:    "System.Buffers",
-					Version: "7.0.923.36201",
-					Type:    pkg.DotnetPkg,
-					PURL:    "pkg:nuget/System.Buffers@7.0.923.36201",
-					Metadata: pkg.DotnetPortableExecutableEntry{
-						AssemblyVersion: "7.0.0.0",
-						LegalCopyright:  "© Microsoft Corporation. All rights reserved.",
-						Comments:        "System.Buffers",
-						InternalName:    "System.Buffers.dll",
-						CompanyName:     "Microsoft Corporation",
-						ProductName:     "Microsoft® .NET",
-						ProductVersion:  "7.0.9+8e9a17b2216f51a5788f8b1c467a4cf3b769e7d7",
-					},
+			name: "dotnet package with extra version info",
+			versionResources: map[string]string{
+				"InternalName":     "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll",
+				"FileVersion":      "3.14.40721.0918    xxxfffdddjjjj",
+				"FileDescription":  "Active Directory Authentication Library",
+				"ProductName":      "Active Directory Authentication Library",
+				"Comments":         "",
+				"CompanyName":      "Microsoft Corporation",
+				"LegalTrademarks":  "",
+				"LegalCopyright":   "Copyright (c) Microsoft Corporation. All rights reserved.",
+				"OriginalFilename": "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll",
+				"ProductVersion":   "c61f043686a544863efc014114c42e844f905336",
+				"Assembly Version": "3.14.2.11",
+			},
+			expectedPackage: pkg.Package{
+				Name:      "ActiveDirectoryAuthenticationLibrary",
+				Version:   "3.14.40721.0918",
+				Locations: file.NewLocationSet(file.NewLocation("").WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)),
+				Type:      pkg.DotnetPkg,
+				Language:  pkg.Dotnet,
+				PURL:      "pkg:nuget/ActiveDirectoryAuthenticationLibrary@3.14.40721.0918",
+				Metadata: pkg.DotnetPortableExecutableEntry{
+					AssemblyVersion: "3.14.2.11",
+					LegalCopyright:  "Copyright (c) Microsoft Corporation. All rights reserved.",
+					InternalName:    "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll",
+					CompanyName:     "Microsoft Corporation",
+					ProductName:     "Active Directory Authentication Library",
+					ProductVersion:  "c61f043686a544863efc014114c42e844f905336",
 				},
 			},
 		},
 		{
-			fixture: "test-fixtures/Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll",
-			expected: []pkg.Package{
-				{
-					Name:    "ActiveDirectoryAuthenticationLibrary",
-					Version: "3.14.40721.0918",
-					Type:    pkg.DotnetPkg,
-					PURL:    "pkg:nuget/ActiveDirectoryAuthenticationLibrary@3.14.40721.0918",
-					Metadata: pkg.DotnetPortableExecutableEntry{
-						AssemblyVersion: "3.14.2.11",
-						LegalCopyright:  "Copyright (c) Microsoft Corporation. All rights reserved.",
-						InternalName:    "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll",
-						CompanyName:     "Microsoft Corporation",
-						ProductName:     "Active Directory Authentication Library",
-						ProductVersion:  "c61f043686a544863efc014114c42e844f905336",
-					},
-				},
+			name: "dotnet package with malformed field and extended version",
+			versionResources: map[string]string{
+				"CompanyName":      "Microsoft Corporation",
+				"FileDescription":  "äb
FileVersion",
+				"FileVersion":      "4.6.25512.01 built by: dlab-DDVSOWINAGE016. Commit Hash: d0d5c7b49271cadb6d97de26d8e623e98abdc8db",
+				"InternalName":     "äb
FileVersion",
+				"LegalCopyright":   "© Microsoft Corporation.  All rights reserved.",
+				"OriginalFilename": "T
ProductName",
+				"ProductName":      "Microsoft® .NET Framework",
+				"ProductVersion":   "4.6.25512.01 built by: dlab-DDVSOWINAGE016. Commit Hash: d0d5c7b49271cadb6d97de26d8e623e98abdc8db",
 			},
-		},
-		{
-			fixture: "test-fixtures/sni.dll",
-			expected: []pkg.Package{
-				{
-					Name:    "bFileVersion",
-					Version: "4.6.25512.01",
-					Type:    pkg.DotnetPkg,
-					PURL:    "pkg:nuget/bFileVersion@4.6.25512.01",
-					Metadata: pkg.DotnetPortableExecutableEntry{
-						LegalCopyright: "© Microsoft Corporation.  All rights reserved.",
-						CompanyName:    "Microsoft Corporation",
-						ProductName:    "Microsoft® .NET Framework",
-						ProductVersion: "4.6.25512.01 built by: dlab-DDVSOWINAGE016. Commit Hash: d0d5c7b49271cadb6d97de26d8e623e98abdc8db",
-					},
+			expectedPackage: pkg.Package{
+				Name:    "bFileVersion",
+				Version: "4.6.25512.01",
+				Locations: file.NewLocationSet(
+					file.NewLocation("").WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)),
+				Type:     pkg.DotnetPkg,
+				Language: pkg.Dotnet,
+				PURL:     "pkg:nuget/bFileVersion@4.6.25512.01",
+				Metadata: pkg.DotnetPortableExecutableEntry{
+					LegalCopyright: "© Microsoft Corporation.  All rights reserved.",
+					InternalName:   "äb\x01FileVersion",
+					CompanyName:    "Microsoft Corporation",
+					ProductName:    "Microsoft® .NET Framework",
+					ProductVersion: "4.6.25512.01 built by: dlab-DDVSOWINAGE016. Commit Hash: d0d5c7b49271cadb6d97de26d8e623e98abdc8db",
 				},
 			},
 		},
 	}
 
 	for _, tc := range tests {
-		t.Run(tc.fixture, func(t *testing.T) {
-			fixtureLocationSet := file.NewLocationSet(file.NewLocation(tc.fixture))
-			tc.expected[0].Locations = fixtureLocationSet
-			var expectedRelationships []artifact.Relationship
-			pkgtest.TestFileParser(t, tc.fixture, parseDotnetPortableExecutable, tc.expected, expectedRelationships)
+		t.Run(tc.name, func(t *testing.T) {
+			f := file.LocationReadCloser{
+				Location: file.NewLocation(""),
+			}
+			got, err := buildDotNetPackage(tc.versionResources, f)
+			assert.NoErrorf(t, err, "failed to build package from version resources: %+v", tc.versionResources)
+			pkgtest.AssertPackagesEqual(t, tc.expectedPackage, got)
 		})
 	}
 }

test/cli/packages_cmd_test.go

@@ -9,7 +9,7 @@ import (
 const (
 	// this is the number of packages that should be found in the image-pkg-coverage fixture image
 	// when analyzed with the squashed scope.
-	coverageImageSquashedPackageCount = 24
+	coverageImageSquashedPackageCount = 25
 )
 
 func TestPackagesCmdFlags(t *testing.T) {

test/integration/catalog_packages_cases_test.go

@@ -77,6 +77,14 @@ var imageOnlyTestCases = []testCase{
 			"base": "4.3.0",
 		},
 	},
+	{
+		name:        "find dot net executable",
+		pkgType:     pkg.DotnetPkg,
+		pkgLanguage: pkg.Dotnet,
+		pkgInfo: map[string]string{
+			"DocuSign.eSign": "6.8.0.0",
+		},
+	},
 }
 
 var dirOnlyTestCases = []testCase{

test/integration/catalog_packages_test.go

@@ -67,7 +67,6 @@ func TestPkgCoverageImage(t *testing.T) {
 	definedLanguages.Remove(pkg.Go.String())
 	definedLanguages.Remove(pkg.Rust.String())
 	definedLanguages.Remove(pkg.Dart.String())
-	definedLanguages.Remove(pkg.Dotnet.String())
 	definedLanguages.Remove(pkg.Swift.String())
 	definedLanguages.Remove(pkg.CPP.String())
 	definedLanguages.Remove(pkg.Haskell.String())
@@ -85,7 +84,6 @@ func TestPkgCoverageImage(t *testing.T) {
 	definedPkgs.Remove(string(pkg.GoModulePkg))
 	definedPkgs.Remove(string(pkg.RustPkg))
 	definedPkgs.Remove(string(pkg.DartPubPkg))
-	definedPkgs.Remove(string(pkg.DotnetPkg))
 	definedPkgs.Remove(string(pkg.CocoapodsPkg))
 	definedPkgs.Remove(string(pkg.ConanPkg))
 	definedPkgs.Remove(string(pkg.HackagePkg))

test/integration/test-fixtures/image-pkg-coverage/Dockerfile

@@ -1,6 +1,6 @@
 FROM fedora:37@sha256:3f987b7657e944cf87a129cc262982d4f80e38bd98f7db313ccaf90ca7069dd2
 
-RUN dnf install 'dnf-command(download)' cpio xz -y
+RUN dnf install 'dnf-command(download)' cpio unzip xz -y
 # https://dl.fedoraproject.org/pub/fedora/linux/releases/37/Everything/x86_64/os/Packages/k/kernel-6.0.7-301.fc37.x86_64.rpm
 # https://dl.fedoraproject.org/pub/fedora/linux/releases/37/Everything/x86_64/os/Packages/k/kernel-modules-6.0.7-301.fc37.x86_64.rpm
 RUN dnf download kernel-core-6.0.7-301.fc37 kernel-modules-6.0.7-301.fc37 -y
@@ -13,11 +13,21 @@ RUN rpm2cpio kernel-modules-*.rpm | cpio -t && \
 
 RUN unxz /lib/modules/6.0.7-301.fc37.x86_64/kernel/drivers/tty/ttynull.ko.xz
 
+# dotnet pkg coverage
+# https://nuget.info/packages/DocuSign.eSign.dll/6.8.0
+# https://github.com/docusign/docusign-esign-csharp-client/blob/master/LICENSE
+RUN curl -LO https://www.nuget.org/api/v2/package/DocuSign.eSign.dll/6.8.0
+RUN unzip 6.8.0
+RUN chmod 600 lib/net462/DocuSign.eSign.dll
+RUN rm 6.8.0
+
 FROM scratch
 
+COPY --from=0 lib/net462/DocuSign.eSign.dll .
 COPY --from=0 /lib/modules/6.0.7-301.fc37.x86_64/vmlinuz /lib/modules/6.0.7-301.fc37.x86_64/vmlinuz
 COPY --from=0 /lib/modules/6.0.7-301.fc37.x86_64/kernel/drivers/tty/ttynull.ko /lib/modules/6.0.7-301.fc37.x86_64/kernel/drivers/tty/ttynull.ko
 
+
 COPY pkgs/ .
 # we duplicate to show a package count difference between all-layers and squashed scopes
 COPY lib lib