mirror of
https://github.com/anchore/syft.git
synced 2026-02-12 10:36:45 +01:00
fix: stabilize cpe sorting during collection sort (#3009)
This commit is contained in:
Christopher Angelo Phillips
GitHub
parent
b101f44aba
commit
f7ffcc534f
@ -64,6 +64,28 @@ func TestBySourceThenSpecificity(t *testing.T) {
|
|||||||
Must("cpe:2.3:a:some:package:*:*:*:*:*:*:*:*", "some-unknown-source"),
|
Must("cpe:2.3:a:some:package:*:*:*:*:*:*:*:*", "some-unknown-source"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "lexical sorting on equal sources puts escaped characters later",
|
||||||
|
input: []CPE{
|
||||||
|
Must("cpe:2.3:a:jenkins:pipeline\\\\:_supporting_apis:865.v43e78cc44e0d:*:*:*:*:jenkins:*:*", "nvd-cpe-dictionary"),
|
||||||
|
Must("cpe:2.3:a:jenkins:pipeline_supporting_apis:865.v43e78cc44e0d:*:*:*:*:jenkins:*:*", "nvd-cpe-dictionary"),
|
||||||
|
},
|
||||||
|
want: []CPE{
|
||||||
|
Must("cpe:2.3:a:jenkins:pipeline_supporting_apis:865.v43e78cc44e0d:*:*:*:*:jenkins:*:*", "nvd-cpe-dictionary"),
|
||||||
|
Must("cpe:2.3:a:jenkins:pipeline\\\\:_supporting_apis:865.v43e78cc44e0d:*:*:*:*:jenkins:*:*", "nvd-cpe-dictionary"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "lexical sorting on equal sources puts more specific attributes earlier",
|
||||||
|
input: []CPE{
|
||||||
|
Must("cpe:2.3:a:jenkins:mailer:472.vf7c289a_4b_420:*:*:*:*:*:*:*", "nvd-cpe-dictionary"),
|
||||||
|
Must("cpe:2.3:a:jenkins:mailer:472.vf7c289a_4b_420:*:*:*:*:jenkins:*:*", "nvd-cpe-dictionary"),
|
||||||
|
},
|
||||||
|
want: []CPE{
|
||||||
|
Must("cpe:2.3:a:jenkins:mailer:472.vf7c289a_4b_420:*:*:*:*:jenkins:*:*", "nvd-cpe-dictionary"),
|
||||||
|
Must("cpe:2.3:a:jenkins:mailer:472.vf7c289a_4b_420:*:*:*:*:*:*:*", "nvd-cpe-dictionary"),
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
|||||||
@ -127,6 +127,7 @@ func FromDictionaryFind(p pkg.Package) ([]cpe.CPE, bool) {
|
|||||||
return []cpe.CPE{}, false
|
return []cpe.CPE{}, false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sort.Sort(cpe.BySourceThenSpecificity(parsedCPEs))
|
||||||
return parsedCPEs, true
|
return parsedCPEs, true
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -163,12 +164,12 @@ func FromPackageAttributes(p pkg.Package) []cpe.CPE {
|
|||||||
// filter out any known combinations that don't accurately represent this package
|
// filter out any known combinations that don't accurately represent this package
|
||||||
cpes = filter(cpes, p, cpeFilters...)
|
cpes = filter(cpes, p, cpeFilters...)
|
||||||
|
|
||||||
sort.Sort(cpe.BySpecificity(cpes))
|
|
||||||
var result []cpe.CPE
|
var result []cpe.CPE
|
||||||
for _, c := range cpes {
|
for _, c := range cpes {
|
||||||
result = append(result, cpe.CPE{Attributes: c, Source: cpe.GeneratedSource})
|
result = append(result, cpe.CPE{Attributes: c, Source: cpe.GeneratedSource})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sort.Sort(cpe.BySourceThenSpecificity(result))
|
||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user