Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add distro information to package URLs for OS packages #754

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jan 19, 2022
Merged

Add distro information to package URLs for OS packages #754

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
7834a4e
rename npm metadata struct
wagoodman Jan 18, 2022
b93d6c4
improve os package URLs
wagoodman Jan 18, 2022
fc9a849
improve language package URLs
wagoodman Jan 18, 2022
0210a16
wire up composer pURL method
wagoodman Jan 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 15 additions & 12 deletions syft/pkg/apk_metadata.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,18 @@ package pkg
import (
"sort"

"github.com/anchore/syft/syft/file"

"github.com/anchore/packageurl-go"
"github.com/anchore/syft/syft/file"
"github.com/anchore/syft/syft/linux"
"github.com/scylladb/go-set/strset"
)

const ApkDBGlob = "**/lib/apk/db/installed"

var _ FileOwner = (*ApkMetadata)(nil)
var (
_ FileOwner = (*ApkMetadata)(nil)
_ urlIdentifier = (*ApkMetadata)(nil)
)

// ApkMetadata represents all captured data for a Alpine DB package entry.
// See the following sources for more information:
Expand Down Expand Up @@ -45,22 +48,22 @@ type ApkFileRecord struct {
}

// PackageURL returns the PURL for the specific Alpine package (see https://github.com/package-url/purl-spec)
func (m ApkMetadata) PackageURL() string {
pURL := packageurl.NewPackageURL(
func (m ApkMetadata) PackageURL(distro *linux.Release) string {
return packageurl.NewPackageURL(
// note: this is currently a candidate and not technically within spec
// see https://github.com/package-url/purl-spec#other-candidate-types-to-define
"alpine",
"",
m.Package,
m.Version,
packageurl.Qualifiers{
{
Key: "arch",
Value: m.Architecture,
purlQualifiers(
map[string]string{
purlArchQualifier: m.Architecture,
},
},
"")
return pURL.ToString()
distro,
),
"",
).ToString()
}

func (m ApkMetadata) OwnedFiles() (result []string) {
Expand Down
38 changes: 33 additions & 5 deletions syft/pkg/apk_metadata_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package pkg

import (
"github.com/anchore/syft/syft/linux"
"strings"
"testing"

Expand All @@ -11,16 +12,35 @@ import (

func TestApkMetadata_pURL(t *testing.T) {
tests := []struct {
name string
metadata ApkMetadata
distro linux.Release
expected string
}{
{
name: "gocase",
metadata: ApkMetadata{
Package: "p",
Version: "v",
Architecture: "a",
},
expected: "pkg:alpine/p@v?arch=a",
distro: linux.Release{
ID: "alpine",
VersionID: "3.4.6",
},
expected: "pkg:alpine/p@v?arch=a&distro=alpine-3.4.6",
},
{
name: "missing architecure",
metadata: ApkMetadata{
Package: "p",
Version: "v",
},
distro: linux.Release{
ID: "alpine",
VersionID: "3.4.6",
},
expected: "pkg:alpine/p@v?distro=alpine-3.4.6",
},
// verify #351
{
Expand All @@ -29,21 +49,29 @@ func TestApkMetadata_pURL(t *testing.T) {
Version: "v84",
Architecture: "am86",
},
expected: "pkg:alpine/g++@v84?arch=am86",
distro: linux.Release{
ID: "alpine",
VersionID: "3.4.6",
},
expected: "pkg:alpine/g++@v84?arch=am86&distro=alpine-3.4.6",
},
{
metadata: ApkMetadata{
Package: "g plus plus",
Version: "v84",
Architecture: "am86",
},
expected: "pkg:alpine/g%20plus%20plus@v84?arch=am86",
distro: linux.Release{
ID: "alpine",
VersionID: "3.15.0",
},
expected: "pkg:alpine/g%20plus%20plus@v84?arch=am86&distro=alpine-3.15.0",
},
}

for _, test := range tests {
t.Run(test.expected, func(t *testing.T) {
actual := test.metadata.PackageURL()
t.Run(test.name, func(t *testing.T) {
actual := test.metadata.PackageURL(&test.distro)
if actual != test.expected {
dmp := diffmatchpatch.New()
diffs := dmp.DiffMain(test.expected, actual, true)
Expand Down
2 changes: 1 addition & 1 deletion syft/pkg/cataloger/catalog.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ func Catalog(resolver source.FileResolver, release *linux.Release, catalogers ..
p.CPEs = cpe.Generate(p)

// generate PURL (note: this is excluded from package ID, so is safe to mutate)
p.PURL = generatePackageURL(p, release)
p.PURL = pkg.URL(p, release)

// create file-to-package relationships for files owned by the package
owningRelationships, err := packageFileOwnershipRelationships(p, resolver)
Expand Down
49 changes: 0 additions & 49 deletions syft/pkg/cataloger/package_url.go
View file
Open in desktop

This file was deleted.

166 changes: 0 additions & 166 deletions syft/pkg/cataloger/package_url_test.go
View file
Open in desktop

This file was deleted.

Loading