oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2025-11-20 01:43:17 +01:00

Author	SHA1	Message	Date
Alex Goodman	f24bbc1838	Deduplicate packages across multiple container image layers (#930 )	2022-03-31 15:45:51 -04:00
Eric Larssen	cb3e73e308	Add dart support (#919 ) Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-03-31 15:44:55 -04:00
Dan Luhring	028cd9e27e	Fix nil pointer dereference in directory resolver's `indexPath` method (#924 ) * Add failing test for dir resolver panic Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Fix panic Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-03-28 13:15:09 -04:00
Dan Luhring	a7db43f5ec	Fix panic on empty sbom (#917 ) * Implement fmt.Stringer with format.ID Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Add failing test for formats processing empty SBOMs Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Account for nil SPDX document during Syft model conversion Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-03-24 10:11:51 -04:00
Jonas Xavier	c0b547bdb2	Less verbose logging in Golang Cataloger (#904 ) * Less verbose logging in Golang Cataloger Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * debug for known gray errors Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * only show warnings when a binary is not a go executable Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-03-22 10:19:18 -07:00
Alex Goodman	7f9edf346a	Bump golangci-lint to 1.45.0 (#909 )	2022-03-22 11:02:36 -04:00
Jonas Xavier	283db88dc4	Omit H1Digest when empty (#902 ) * Omit HD1Field when empty Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update test-fixtures Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-21 11:59:10 -07:00
Jonas Xavier	6ef3e45ffc	Use go 1.18 buildinfo to catalog binaries (#827 ) * initial working version Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * added build settings to pkg metadata wip - unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * handle mach-O FatFiles Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add support to mod replace fixed golang catalger tests trying GH Actions with go 1.18rc1 Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * log error Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use go-macholibre for extraction Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cleaner tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add version to main module Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * check macho file with macholibre Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * run golangci in its own workflow Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci workflow Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix golangci wf yml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix golangci wf yml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci wf Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci wf Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * get arch from bin file headers upgrade macholibre Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test new stereoscope lazy reader interface Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove devel version from golang cataloger Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * switch github workflows to go1.18 stable Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add union reader interface in golang cataloger update stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * simpler golangci validation Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix makefile Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * get archs refactor Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nolint for golang version Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix go bin tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * golangci nolint needs a \n before package Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cleanup Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * move golangci-lint to its own jobs again Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix ci yaml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add support for xcoff files add arch assets to test bin file types Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * clean up golangci-lint config Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nolint for xcoff Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * explain nolints Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove unused xcoff testdata assets Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * make go bin test-fixtures in docker Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix make clean with -f Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update json output schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update schema version in test fixture Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * explain possible empty main module Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-03-16 17:07:02 -07:00
mikey strauss	95271fb10d	NPM PURLs are invalid (#832 ) Signed-off-by: houdini91 <mdstrauss91@gmail.com>	2022-03-15 11:54:33 -04:00
Kenny Moens	7cd3201fe9	Support the .be top-level domain (#873 ) Signed-off-by: Kenny Moens <kenny.moens@cipalschaubroeck.be>	2022-03-15 10:59:13 -04:00
Frankie G-J	44a6e00f7a	Include vendored modules in Go Module package list (#883 ) * include vendored modules in package slice Signed-off-by: Frankie Gallina-Jones <frankieg@vmware.com> * add explanatory comments Signed-off-by: Frankie Gallina-Jones <frankieg@vmware.com>	2022-03-11 12:57:33 -05:00
Keith Zantow	7789506dc6	Experimental GitHub export (#836 )	2022-03-10 22:38:12 -05:00
Alex Goodman	2946813a74	RPM Epoch should be optional in the json schema (#880 )	2022-03-09 14:51:43 -05:00
Sambhav Kothari	39737a2825	Update cyclonedx to v1.4 (#820 )	2022-03-08 12:09:55 -05:00
cipher-ardvark	f2617285d0	Update yarn.lock parser to support latest (berry v3) format (#868 ) * add test cases for yarn parser regex Signed-off-by: Patrick Glass <patrickglass@gmail.com> * update yarn.lock parser to support yarn berry Add support for Yarn v3 (berry) which changes the output Collapse regex for parsing scoped and non-scoped packages Add tests for the regex to ensure backwards compatability and to catch issues with future changes. Signed-off-by: Patrick Glass <patrickglass@gmail.com> * simplify yarn test expressions Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Patrick Glass <patrickglass@gmail.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-03-08 12:07:54 -05:00
Alex Goodman	07d3c9af52	Fix file creation for output options (#875 )	2022-03-08 15:37:28 +00:00
Alex Goodman	991af0d857	Include root path in directory resolve index (#869 )	2022-03-07 11:34:16 -05:00
Alex Goodman	a86dd3704e	Add platform selection (#866 )	2022-03-04 22:41:38 +00:00
Alex Goodman	4af32c5bee	Migrate format definitions to sbom package (#864 )	2022-03-04 17:22:40 -05:00
Christopher Angelo Phillips	afc0c1acd9	855 attest registry source only (#856 ) Add source.NewFromRegistry function so that the syft attest command can always explicitly ask for an OCIRegistry provider rather than rely on local daemon detection for image sources. Attestation can not be used where local images loaded in a daemon are the source. Digest values for the layer identification step in attestation can sometimes vary across workstations. This fix makes it so that attest is generating an SBOM for, and attesting to, a source that exists in an OCI registry. It should never load a source from a local user docker/podman daemon. Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-03-01 23:16:42 -05:00
Keith Zantow	edac8c7bf7	Update CycloneDX to use syft namespace and output multiple CPEs (#849 )	2022-03-01 17:37:52 -05:00
Christopher Angelo Phillips	bb3d713b97	cpe generation update (#850 ) * do not allow empty CPE to be returned as part of a packages list Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-25 17:06:05 -05:00
Alex Goodman	99bb93d0fe	Resolve symlinks when fetching file contents (#782 )	2022-02-24 10:01:59 -05:00
Alex Goodman	7eea98fcc5	Allow for CPE strings that can later be sanitized (#844 )	2022-02-23 15:18:12 -05:00
Christopher Angelo Phillips	256e85bc12	510 - SBOM attestation stdout (#785 ) add syft attest command to produce an attestation as application/vnd.in-toto+json to standard out using on disk PKI Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-02-22 21:45:12 -05:00
Alex Goodman	738b3b60a5	Add exception for handlebars java package to generate nodejs CPE (#837 )	2022-02-22 17:29:28 -05:00
Keith Zantow	20c1d14f6e	Add CycloneDX decoder (#811 )	2022-02-18 11:19:02 -05:00
Jonas Xavier	4b16737b2f	ignore minor parsing error when reading dpkg status files (#786 ) * ignore minor parsing error when reading dpkg status files helps with https://github.com/anchore/syft/issues/733 Question: should we add a smarter parser to guess approximate installed-size value? Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add datasize lib to help dpkg parsing added unit tests to expand coverage of dpkg parsing Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * drop parse error added unit tests to handleNewKeyValue Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * don't return parsing errors from dpkg Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test higher level functions Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * return parsing err to let cataloger handle it Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * ignore key parsing error log warning with relevant context Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add context info to log lines simpler error assertion Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use error.As to assert error in chain Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-02-17 14:05:11 -08:00
mikey strauss	e6b5872bc8	Base64 encoder closing (#822 ) Signed-off-by: houdini91 <mdstrauss91@gmail.com>	2022-02-17 13:10:08 -05:00
Dan Luhring	641c44f449	Fix panic in requirements.txt parsing (#834 ) * Stable sort for pipfile.lock parsing Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Adjust python parsing tests to use go-cmp Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Add failing cases for requirements.txt parsing Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Fix failing cases for requirements.txt parsing Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Refactor parseRequirementsTxt Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Fix static-analysis failure Signed-off-by: Dan Luhring <dan+github@luhrings.com> * Fix comment Signed-off-by: Dan Luhring <dan+github@luhrings.com>	2022-02-17 10:00:16 -05:00
Alex Goodman	51c6eb30f5	bump stereoscope to include functional options (#823 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-14 20:40:51 -05:00
Alex Goodman	ca032434b3	Add pURL generation for java packages + fix NPM pURL generation (#812 ) * enhance pURL generation for java packages Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * optionally split out npm namespaces for pURL generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * nit updates Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-10 13:46:38 -05:00
Jonas Xavier	a04fa68539	Ensure completion of UI progress bar (#810 ) * update stereoscope fetches latest fixes for UI Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use context when getting image Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-02-09 11:23:58 -08:00
Keith Zantow	76f8205936	Suport SPDX SBOM decoding (#738 )	2022-02-09 14:11:20 -05:00
Jonas Xavier	40423d8eee	update stereoscope version - include Podman support (#781 ) * update stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix FilesByMIMEType tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * change expected mime types in unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test stereoscope fix Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove mod replace and use latest stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>	2022-02-01 14:47:15 -08:00
Alex Goodman	f38b0b7256	Refactor install.sh (#765 ) * [wip] get assets based on gh api Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * put install.sh download_asset fn under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * put install.sh install_asset fn under test Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use zip for darwin installs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix install.sh negative test cases Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow errors to propagate in install.sh Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove exit on error from install.sh tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add more docs around install.sh helpers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add integration tests for install.sh Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add install.sh testing to pipeline Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add install test cache to CI Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * make colors globally available Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * test download against github release Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * always test release-based install against latest release Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use better install.sh test names Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-02-01 16:58:47 -05:00
Alex Goodman	d7a23e4bb2	Extract language and package type from pURLs on SBOM decode (#777 ) * add language detection from pURLs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add package type detection from pURLs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add cargo and npm pURL support Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix npm tests and linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-01-27 09:35:16 -05:00
Christopher Angelo Phillips	024a5a9f3f	Add dependencies to cyclonedx (#768 ) Add dependencies to cyclonedx Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: hectorj2f <hectorf@vmware.com>	2022-01-25 15:34:16 -05:00
Peter Balogh	161fa7be4a	[CycloneDX] Add artifactID and groupID to the cycloneDX properties (support lower level struct as properties) (#758 ) * [CycloneDX] Add artifactID and groupID to the cycloneDX properties Signed-off-by: Peter Balogh <p.balogh.sa@gmail.com> * update comment Signed-off-by: Peter Balogh <p.balogh.sa@gmail.com> * additional checks for value Signed-off-by: Peter Balogh <p.balogh.sa@gmail.com> * fill group filed with groupID in the case of Java Signed-off-by: Peter Balogh <p.balogh.sa@gmail.com> * fix linter warning Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2022-01-25 10:36:15 -05:00
Alex Goodman	6f0fad7ffd	encode upstream qualifier on os package pURLs (#769 ) Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-01-25 09:55:56 -05:00
Alex Goodman	1350d6c5bf	Improve package URL support (#754 ) * rename npm metadata struct Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * improve os package URLs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * improve language package URLs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * wire up composer pURL method Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-01-19 22:30:29 +00:00
Sambhav Kothari	aebe843c6f	Improve CycloneDX format output (#710 ) * Improve CycloneDX format output ## Additions to CycloneDX output * CPEs * Authors * Publishers * External References (Website, Distribution, VCS) * Description Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-01-19 11:43:16 -05:00
Alex Goodman	829e500aa9	Add additional PHP metadata (#753 ) * add php related metadata Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enable decoding of php metadata for syftjson format Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add php metadata to json schema Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-01-19 11:42:16 -05:00
Weston Steimel	46dcc84f1a	support .sar for java ecosystem (#748 ) Signed-off-by: Weston Steimel <weston.steimel@gmail.com>	2022-01-18 09:22:02 -05:00
Alex Goodman	706f291679	Replace distro type (#742 ) * remove strong distro type Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump json schema to v3 (breaking distro shape) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow for v2 decoding of distro idLikes field in v3 json decoder Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix casing in simple linux release name Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use discovered name as pretty name in simple linux release Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-01-12 12:13:42 -05:00
Keith Zantow	5e5312c72d	Add support for multiple output files in different formats (#732 )	2022-01-06 17:52:20 -05:00
Alex Goodman	38c4b17847	Add support for searching for jars within archives (#734 ) * add support for searching jars within archives Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add package cataloger config options Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * address review comments + factor out safeCopy helper Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update config docs regarding package archive search options Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * show that unindexed archive cataloging defaults to false Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove lies about -s Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * address review comments Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update search archive note about java Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2022-01-06 21:40:51 +00:00
Christopher Angelo Phillips	01dc78ccc3	683 windows filepath (#735 ) Support Windows Directory Resolver Add function that converts windows to posix functionality Add function that converts posix to windows Add build tags to remove windows developer environment errors redact carriage return specific windows issues Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2022-01-06 11:39:04 -05:00
Sambhav Kothari	2a7325a965	Fix CPE encode/decode when it contains special chars (#714 ) * Fix CPE generation when the generated CPE contains invalid characters Currently syft seems to generate invalid CPEs which do not conform with the official CPE spec. This is because the underlying nvdtools library is not a completely spec compliant implementation and has some interesting bugs/issues. The following are the list of issues I have encountered with nvdtools: 1. It parses strings which are not CPEs incorrectly as valid CPEs. This messes up our filter function which is supposed to filter out any incorrect CPEs we generate. In order to fix this, I have introduced a new regex in the NewCPE function which follows the upstream spec and filters out any incorrect CPEs. 2. Introduce wfn.WFNize for any cpe attributes we infer from packages. This ensures that we are escaping and quoting any special characters before putting them into CPEs. Note that nvdtools has yet another bug in the WFNize function, specifically the "addSlashesAt" part of the function which stops the loop as soon as it encounters ":" a valid character for a WFN attribute after quoting, but the way nvdtools handles it causes it to truncate strings that container ":". As a result strings like "prefix:1.2" which would have been quoted as "prefix\:1.2" end up becoming "prefix" instead causing loss of information and incorrect CPEs being generated. As a result in such cases, we remove out strings containing ":" in any part entirely for now. This is similar to the way we were handling CPE filtering in the past with http urls as vendor strings 3. Add special handling for version which contain ":" due to epochs in debian and rpm. In this case, we strip out the parts before ":" i.e. the epoch and only output the actual function. This ensures we are not discarding valid version strings due to pt #.2. In the future we should look at moving to a more spec compliant cpe parsing library to avoid such shenanigans. Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> * Remove WFNize for input strings WFNize seems to not be part of the standard as per https://pkg.go.dev/github.com/facebookincubator/nvdtools@v0.1.4/wfn#WFNize and seems to have bugs/issues with encode/decode cycles, so I am just removing it at this point and relying on the CPE regex to filter out invalid CPEs for now. Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> * Quote the string on decode to ensure consistent CPE string generation Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> * Add test cases for round-tripping the CPE and fix strip slashes Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> * Add comprehensive tests for cpe parsing Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> * Use strings.Builder instead of byte buffer Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-01-06 09:56:53 -05:00
Weston Steimel	d9aa54cd00	support .par for java ecosystems (#727 ) Signed-off-by: Weston Steimel <weston.steimel@gmail.com>	2022-01-04 16:40:27 -05:00

... 16 17 18 19 20 ...

1199 Commits