mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
52 lines
1.3 KiB
Go
52 lines
1.3 KiB
Go
package spdxhelpers
|
|
|
|
import (
|
|
"github.com/anchore/syft/internal/formats/spdx22json/model"
|
|
"github.com/anchore/syft/internal/log"
|
|
"github.com/anchore/syft/syft/pkg"
|
|
)
|
|
|
|
func ExternalRefs(p pkg.Package) (externalRefs []model.ExternalRef) {
|
|
externalRefs = make([]model.ExternalRef, 0)
|
|
|
|
for _, c := range p.CPEs {
|
|
externalRefs = append(externalRefs, model.ExternalRef{
|
|
ReferenceCategory: model.SecurityReferenceCategory,
|
|
ReferenceLocator: c.BindToFmtString(),
|
|
ReferenceType: model.Cpe23ExternalRefType,
|
|
})
|
|
}
|
|
|
|
if p.PURL != "" {
|
|
externalRefs = append(externalRefs, model.ExternalRef{
|
|
ReferenceCategory: model.PackageManagerReferenceCategory,
|
|
ReferenceLocator: p.PURL,
|
|
ReferenceType: model.PurlExternalRefType,
|
|
})
|
|
}
|
|
return externalRefs
|
|
}
|
|
|
|
func ExtractPURL(refs []model.ExternalRef) string {
|
|
for _, r := range refs {
|
|
if r.ReferenceType == model.PurlExternalRefType {
|
|
return r.ReferenceLocator
|
|
}
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func ExtractCPEs(refs []model.ExternalRef) (cpes []pkg.CPE) {
|
|
for _, r := range refs {
|
|
if r.ReferenceType == model.Cpe23ExternalRefType {
|
|
cpe, err := pkg.NewCPE(r.ReferenceLocator)
|
|
if err != nil {
|
|
log.Warnf("unable to extract SPDX CPE=%q: %+v", r.ReferenceLocator, err)
|
|
continue
|
|
}
|
|
cpes = append(cpes, cpe)
|
|
}
|
|
}
|
|
return cpes
|
|
}
|