oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-19 09:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: don't validate pom declared group (#2054)

Browse Source 
Signed-off-by: Will Murphy <will.murphy@anchore.com>
This commit is contained in:
William Murphy 2023-08-24 13:28:40 -04:00 committed by GitHub
parent 9a2a988e7f
commit faa902209e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 89 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
syft/pkg/cataloger/java/package_url.go
View File

@ -84,7 +84,7 @@ func groupIDFromPomProperties(properties *pkg.PomProperties) (groupID string) {
return groupID return groupID
} }
if looksLikeGroupID(properties.GroupID) { if properties.GroupID != "" {
return cleanGroupID(properties.GroupID) return cleanGroupID(properties.GroupID)
} }
@ -103,7 +103,7 @@ func groupIDFromPomProject(project *pkg.PomProject) (groupID string) {
} }
// check the project details // check the project details
if looksLikeGroupID(project.GroupID) { if project.GroupID != "" {
return cleanGroupID(project.GroupID) return cleanGroupID(project.GroupID)
} }
@ -116,7 +116,7 @@ func groupIDFromPomProject(project *pkg.PomProject) (groupID string) {
// let's check the parent details // let's check the parent details
// if the current project does not have a group ID, but the parent does, we'll use the parent's group ID // if the current project does not have a group ID, but the parent does, we'll use the parent's group ID
if project.Parent != nil { if project.Parent != nil {
if looksLikeGroupID(project.Parent.GroupID) { if project.Parent.GroupID != "" {
return cleanGroupID(project.Parent.GroupID) return cleanGroupID(project.Parent.GroupID)
} }

86
syft/pkg/cataloger/java/package_url_test.go
View File

@ -10,10 +10,12 @@ import (
func Test_packageURL(t *testing.T) { func Test_packageURL(t *testing.T) {
tests := []struct { tests := []struct {
name string
pkg pkg.Package pkg pkg.Package
expect string expect string
}{ }{
{ {
name: "maven",
pkg: pkg.Package{ pkg: pkg.Package{
Name: "example-java-app-maven", Name: "example-java-app-maven",
Version: "0.1.0", Version: "0.1.0",
@ -38,6 +40,90 @@ func Test_packageURL(t *testing.T) {
}, },
expect: "pkg:maven/org.anchore/example-java-app-maven@0.1.0", expect: "pkg:maven/org.anchore/example-java-app-maven@0.1.0",
}, },
{
name: "POM properties have explicit group ID without . in it",
pkg: pkg.Package{
Name: "example-java-app-maven",
Version: "0.1.0",
Language: pkg.Java,
Type: pkg.JavaPkg,
MetadataType: pkg.JavaMetadataType,
Metadata: pkg.JavaMetadata{
VirtualPath: "test-fixtures/java-builds/packages/example-java-app-maven-0.1.0.jar",
Manifest: &pkg.JavaManifest{
Main: map[string]string{
"Manifest-Version": "1.0",
},
},
PomProperties: &pkg.PomProperties{
Path: "META-INF/maven/org.anchore/example-java-app-maven/pom.properties",
GroupID: "commons",
ArtifactID: "example-java-app-maven",
Version: "0.1.0",
Extra: make(map[string]string),
},
},
},
expect: "pkg:maven/commons/example-java-app-maven@0.1.0",
},
{
name: "POM project has explicit group ID without . in it",
pkg: pkg.Package{
Name: "example-java-app-maven",
Version: "0.1.0",
Language: pkg.Java,
Type: pkg.JavaPkg,
MetadataType: pkg.JavaMetadataType,
Metadata: pkg.JavaMetadata{
VirtualPath: "test-fixtures/java-builds/packages/example-java-app-maven-0.1.0.jar",
Manifest: &pkg.JavaManifest{
Main: map[string]string{
"Manifest-Version": "1.0",
},
},
PomProperties: &pkg.PomProperties{
Path: "META-INF/maven/org.anchore/example-java-app-maven/pom.properties",
ArtifactID: "example-java-app-maven",
Version: "0.1.0",
Extra: make(map[string]string),
},
PomProject: &pkg.PomProject{
GroupID: "commons",
},
},
},
expect: "pkg:maven/commons/example-java-app-maven@0.1.0",
},
{
name: "POM project has explicit group ID without . in it",
pkg: pkg.Package{
Name: "example-java-app-maven",
Version: "0.1.0",
Language: pkg.Java,
Type: pkg.JavaPkg,
MetadataType: pkg.JavaMetadataType,
Metadata: pkg.JavaMetadata{
VirtualPath: "test-fixtures/java-builds/packages/example-java-app-maven-0.1.0.jar",
Manifest: &pkg.JavaManifest{
Main: map[string]string{
"Manifest-Version": "1.0",
},
},
PomProperties: &pkg.PomProperties{
Path: "META-INF/maven/org.anchore/example-java-app-maven/pom.properties",
ArtifactID: "example-java-app-maven",
Version: "0.1.0",
Extra: make(map[string]string),
},
PomProject: &pkg.PomProject{
Parent: &pkg.PomParent{
GroupID: "parent",
},
},
},
},
expect: "pkg:maven/parent/example-java-app-maven@0.1.0",
},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.expect, func(t *testing.T) { t.Run(tt.expect, func(t *testing.T) {