mirror of
https://github.com/anchore/syft.git
synced 2025-11-19 17:33:18 +01:00
1aaa644007
* [wip] Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * distinct the package metadata functions Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove metadata type from package core model Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * incorporate review feedback for names Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add RPM archive metadata and split parser helpers Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * clarify the python package metadata type Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename the KB metadata type Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * break hackage and composer types by use case Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * linting fix Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix encoding and decoding for syft-json and cyclonedx Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump json schema to 11 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update cyclonedx-json snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update cyclonedx-xml snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update spdx-json snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update spdx-tv snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update syft-json snapshots Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * correct metadata type in stack yaml parser test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix bom-ref redactor for cyclonedx-xml Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tests for legacy package metadata names Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * regenerate json schema v11 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix legacy HackageMetadataType reflect type value check Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * packagemetadata discovery should account for type shadowing Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump json schema version to v12 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update json schema to incorporate changes from main Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add syft-json legacy config option Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tests around v11-v12 json decoding Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add docs for SYFT_JSON_LEGACY Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename structs to be compliant with new naming scheme Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
66 lines
2.3 KiB
Go
66 lines
2.3 KiB
Go
package pkg
|
|
|
|
import (
|
|
"sort"
|
|
|
|
"github.com/scylladb/go-set/strset"
|
|
|
|
"github.com/anchore/syft/syft/file"
|
|
)
|
|
|
|
// RpmDBGlob is the glob pattern used to find RPM DB files. Where:
|
|
// - /var/lib/rpm/... is the typical path for most distributions
|
|
// - /usr/share/rpm/... is common for rpm-ostree distributions (coreos-like)
|
|
// - Packages is the legacy Berkeley db based format
|
|
// - Packages.db is the "ndb" format used in SUSE
|
|
// - rpmdb.sqlite is the sqlite format used in fedora + derivates
|
|
const RpmDBGlob = "**/{var/lib,usr/share,usr/lib/sysimage}/rpm/{Packages,Packages.db,rpmdb.sqlite}"
|
|
|
|
// RpmManifestGlob is used in CBL-Mariner distroless images
|
|
const RpmManifestGlob = "**/var/lib/rpmmanifest/container-manifest-2"
|
|
|
|
var _ FileOwner = (*RpmDBEntry)(nil)
|
|
|
|
// RpmArchive represents all captured data from a RPM package archive.
|
|
type RpmArchive RpmDBEntry
|
|
|
|
// RpmDBEntry represents all captured data from a RPM DB package entry.
|
|
type RpmDBEntry struct {
|
|
Name string `json:"name"`
|
|
Version string `json:"version"`
|
|
Epoch *int `json:"epoch" cyclonedx:"epoch" jsonschema:"nullable"`
|
|
Arch string `json:"architecture"`
|
|
Release string `json:"release" cyclonedx:"release"`
|
|
SourceRpm string `json:"sourceRpm" cyclonedx:"sourceRpm"`
|
|
Size int `json:"size" cyclonedx:"size"`
|
|
Vendor string `json:"vendor"`
|
|
ModularityLabel string `json:"modularityLabel"`
|
|
Files []RpmFileRecord `json:"files"`
|
|
}
|
|
|
|
// RpmFileRecord represents the file metadata for a single file attributed to a RPM package.
|
|
type RpmFileRecord struct {
|
|
Path string `json:"path"`
|
|
Mode RpmFileMode `json:"mode"`
|
|
Size int `json:"size"`
|
|
Digest file.Digest `json:"digest"`
|
|
UserName string `json:"userName"`
|
|
GroupName string `json:"groupName"`
|
|
Flags string `json:"flags"`
|
|
}
|
|
|
|
// RpmFileMode is the raw file mode for a single file. This can be interpreted as the linux stat.h mode (see https://pubs.opengroup.org/onlinepubs/007908799/xsh/sysstat.h.html)
|
|
type RpmFileMode uint16
|
|
|
|
func (m RpmDBEntry) OwnedFiles() (result []string) {
|
|
s := strset.New()
|
|
for _, f := range m.Files {
|
|
if f.Path != "" {
|
|
s.Add(f.Path)
|
|
}
|
|
}
|
|
result = s.List()
|
|
sort.Strings(result)
|
|
return result
|
|
}
|