Enhance CPE generation #472

wagoodman · 2021-08-05T18:49:28Z

Closes #396
Closes #471

github-actions · 2021-08-05T18:52:50Z

Benchmark Test Results

Benchmark results from the latest changes vs base branch

name                                                   time/op
ImagePackageCatalogers/ruby-gemspec-cataloger-2        1.00ms ± 1%
ImagePackageCatalogers/python-package-cataloger-2      1.39ms ± 1%
ImagePackageCatalogers/javascript-package-cataloger-2   472µs ± 3%
ImagePackageCatalogers/dpkgdb-cataloger-2               464µs ± 3%
ImagePackageCatalogers/rpmdb-cataloger-2                474µs ± 3%
ImagePackageCatalogers/java-cataloger-2                6.88ms ± 1%
ImagePackageCatalogers/apkdb-cataloger-2                721µs ± 2%
ImagePackageCatalogers/go-cataloger-2                   249µs ± 1%
ImagePackageCatalogers/rust-cataloger-2                 401µs ± 2%

name                                                   alloc/op
ImagePackageCatalogers/ruby-gemspec-cataloger-2         138kB ± 0%
ImagePackageCatalogers/python-package-cataloger-2       649kB ± 0%
ImagePackageCatalogers/javascript-package-cataloger-2   113kB ± 0%
ImagePackageCatalogers/dpkgdb-cataloger-2               126kB ± 0%
ImagePackageCatalogers/rpmdb-cataloger-2                138kB ± 0%
ImagePackageCatalogers/java-cataloger-2                1.99MB ± 0%
ImagePackageCatalogers/apkdb-cataloger-2               1.16MB ± 0%
ImagePackageCatalogers/go-cataloger-2                  55.6kB ± 0%
ImagePackageCatalogers/rust-cataloger-2                 109kB ± 0%

name                                                   allocs/op
ImagePackageCatalogers/ruby-gemspec-cataloger-2         2.12k ± 0%
ImagePackageCatalogers/python-package-cataloger-2       6.45k ± 0%
ImagePackageCatalogers/javascript-package-cataloger-2   1.92k ± 0%
ImagePackageCatalogers/dpkgdb-cataloger-2               2.39k ± 0%
ImagePackageCatalogers/rpmdb-cataloger-2                3.19k ± 0%
ImagePackageCatalogers/java-cataloger-2                 23.7k ± 0%
ImagePackageCatalogers/apkdb-cataloger-2                1.91k ± 0%
ImagePackageCatalogers/go-cataloger-2                   1.44k ± 0%
ImagePackageCatalogers/rust-cataloger-2                 2.81k ± 0%

luhring · 2021-08-09T14:53:41Z

syft/pkg/cataloger/cpe.go

@@ -1,16 +1,27 @@
 package cataloger


It may be valuable soon (not necessarily now) to introduce a CPE-specific package. There seems to be a lot of rich logic and data, all within the context of the "CPE domain". I noticed that cpe.go is a bit on the large side, and also that we have several files in this directory that all start with cpe_.

agreed (I resisted a lot of possible refactors on this PR that I think there is a lot of room for). My vote is to not do such refactors in this PR though.

internal/string_helpers.go

syft/pkg/cataloger/cpe.go

syft/pkg/cataloger/cpe_specificity.go

luhring

Looks great! 👏

…in fields Signed-off-by: Alex Goodman <[email protected]>

Signed-off-by: Alex Goodman <[email protected]>

… logic Signed-off-by: Alex Goodman <[email protected]>

Signed-off-by: Alex Goodman <[email protected]>

wagoodman · 2021-08-09T19:49:02Z

rebased / force pushed to incorporate #474

* adjust CPE specificity sorting to include field length and bias certain fields Signed-off-by: Alex Goodman <[email protected]> * remove * vendor values from CPE generation Signed-off-by: Alex Goodman <[email protected]> * re-enable generating CPEs for jenkins and jira plugins Signed-off-by: Alex Goodman <[email protected]> * improve CPE generation logic based on java artifactID and groupID Signed-off-by: Alex Goodman <[email protected]> * add ruby-lang as target software candidate for gems in CPE generation logic Signed-off-by: Alex Goodman <[email protected]> * rename filterCpes to filterCPEs Signed-off-by: Alex Goodman <[email protected]> * refactor CPE filters and groupID processing (for linting) Signed-off-by: Alex Goodman <[email protected]> * use ruby-lang as vendor candidate not target software Signed-off-by: Alex Goodman <[email protected]> * address PR comments for CPE generation Signed-off-by: Alex Goodman <[email protected]>

wagoodman requested a review from a team August 5, 2021 18:49

wagoodman self-assigned this Aug 5, 2021

wagoodman marked this pull request as ready for review August 5, 2021 19:05

wagoodman marked this pull request as draft August 5, 2021 19:07

wagoodman marked this pull request as ready for review August 6, 2021 13:53

luhring reviewed Aug 9, 2021

View reviewed changes

luhring approved these changes Aug 9, 2021

View reviewed changes

wagoodman added 9 commits August 9, 2021 15:48

adjust CPE specificity sorting to include field length and bias certa…

be0aeeb

…in fields Signed-off-by: Alex Goodman <[email protected]>

remove * vendor values from CPE generation

3dde7ea

Signed-off-by: Alex Goodman <[email protected]>

re-enable generating CPEs for jenkins and jira plugins

0b1d824

Signed-off-by: Alex Goodman <[email protected]>

improve CPE generation logic based on java artifactID and groupID

330799f

Signed-off-by: Alex Goodman <[email protected]>

add ruby-lang as target software candidate for gems in CPE generation…

fc4867f

… logic Signed-off-by: Alex Goodman <[email protected]>

rename filterCpes to filterCPEs

f10cf5a

Signed-off-by: Alex Goodman <[email protected]>

refactor CPE filters and groupID processing (for linting)

8ca8b84

Signed-off-by: Alex Goodman <[email protected]>

use ruby-lang as vendor candidate not target software

78b057d

Signed-off-by: Alex Goodman <[email protected]>

address PR comments for CPE generation

6d94148

Signed-off-by: Alex Goodman <[email protected]>

wagoodman force-pushed the enhance-cpe-generation-august-2021 branch from 1419fe0 to 6d94148 Compare August 9, 2021 19:48

wagoodman enabled auto-merge (squash) August 9, 2021 19:48

wagoodman merged commit 98d4749 into main Aug 9, 2021

wagoodman deleted the enhance-cpe-generation-august-2021 branch August 9, 2021 19:52

wagoodman added the enhancement New feature or request label Oct 1, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Enhance CPE generation #472

Enhance CPE generation #472

Uh oh!

wagoodman commented Aug 5, 2021 •

edited

Loading

Uh oh!

github-actions bot commented Aug 5, 2021 •

edited

Loading

Uh oh!

luhring Aug 9, 2021

Uh oh!

wagoodman Aug 9, 2021 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

luhring left a comment

Uh oh!

wagoodman commented Aug 9, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Enhance CPE generation #472

Enhance CPE generation #472

Uh oh!

Conversation

wagoodman commented Aug 5, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Aug 5, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Benchmark Test Results

Uh oh!

luhring Aug 9, 2021

Choose a reason for hiding this comment

Uh oh!

wagoodman Aug 9, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

luhring left a comment

Choose a reason for hiding this comment

Uh oh!

wagoodman commented Aug 9, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

wagoodman commented Aug 5, 2021 •

edited

Loading

github-actions bot commented Aug 5, 2021 •

edited

Loading

wagoodman Aug 9, 2021 •

edited

Loading