mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
0c5f03235e
* refactor: move apk upstream logic to apk metadata Export the logic for parsing upstream APK package names so it can be accessed from apk metadata objects directly. This also tightens the upstream regex pattern as several edge cases were being missed. Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix: ensure correct handling for apk packages beginning with digits Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * fix: upstream generation for ruby Signed-off-by: Weston Steimel <weston.steimel@anchore.com> --------- Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
57 lines
1.3 KiB
Go
57 lines
1.3 KiB
Go
package apkdb
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"github.com/anchore/packageurl-go"
|
|
"github.com/anchore/syft/syft/linux"
|
|
"github.com/anchore/syft/syft/pkg"
|
|
"github.com/anchore/syft/syft/source"
|
|
)
|
|
|
|
func newPackage(d pkg.ApkMetadata, release *linux.Release, locations ...source.Location) pkg.Package {
|
|
p := pkg.Package{
|
|
Name: d.Package,
|
|
Version: d.Version,
|
|
Locations: source.NewLocationSet(locations...),
|
|
Licenses: strings.Split(d.License, " "),
|
|
PURL: packageURL(d, release),
|
|
Type: pkg.ApkPkg,
|
|
MetadataType: pkg.ApkMetadataType,
|
|
Metadata: d,
|
|
}
|
|
|
|
p.SetID()
|
|
|
|
return p
|
|
}
|
|
|
|
// packageURL returns the PURL for the specific Alpine package (see https://github.com/package-url/purl-spec)
|
|
func packageURL(m pkg.ApkMetadata, distro *linux.Release) string {
|
|
if distro == nil || distro.ID != "alpine" {
|
|
// note: there is no namespace variation (like with debian ID_LIKE for ubuntu ID, for example)
|
|
return ""
|
|
}
|
|
|
|
qualifiers := map[string]string{
|
|
pkg.PURLQualifierArch: m.Architecture,
|
|
}
|
|
|
|
upstream := m.Upstream()
|
|
if upstream != "" && upstream != m.Package {
|
|
qualifiers[pkg.PURLQualifierUpstream] = upstream
|
|
}
|
|
|
|
return packageurl.NewPackageURL(
|
|
packageurl.TypeAlpine,
|
|
"alpine",
|
|
m.Package,
|
|
m.Version,
|
|
pkg.PURLQualifiers(
|
|
qualifiers,
|
|
distro,
|
|
),
|
|
"",
|
|
).ToString()
|
|
}
|