Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 340b5e1

Browse files
wagoodmanwagoodman
authored
Add relationships for rust audit binary packages (anchore#3500)
* add rust audit binary pkg relationships Signed-off-by: Alex Goodman <[email protected]> * fix linting Signed-off-by: Alex Goodman <[email protected]> --------- Signed-off-by: Alex Goodman <[email protected]>
1 parent 4adb56d commit 340b5e1

File tree

12 files changed

+460
-50
lines changed

12 files changed

+460
-50
lines changed

cmd/syft/internal/options/source.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,11 +5,11 @@ import (
55
"sort"
66
"strings"
77

8-
stereoscopeFile "github.com/anchore/stereoscope/pkg/file"
98
"github.com/dustin/go-humanize"
109
"github.com/scylladb/go-set/strset"
1110

1211
"github.com/anchore/clio"
12+
stereoscopeFile "github.com/anchore/stereoscope/pkg/file"
1313
"github.com/anchore/syft/syft/source/sourceproviders"
1414
)
1515

syft/internal/fileresolver/file_indexer.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,11 +5,12 @@ import (
55
"os"
66
"path/filepath"
77

8+
"github.com/wagoodman/go-progress"
9+
810
"github.com/anchore/stereoscope/pkg/file"
911
"github.com/anchore/stereoscope/pkg/filetree"
1012
"github.com/anchore/syft/internal/log"
1113
"github.com/anchore/syft/syft/internal/windows"
12-
"github.com/wagoodman/go-progress"
1314
)
1415

1516
type fileIndexer struct {

syft/internal/fileresolver/file_indexer_test.go

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,15 @@
11
package fileresolver
22

33
import (
4-
"github.com/anchore/stereoscope/pkg/file"
5-
"github.com/stretchr/testify/assert"
6-
"github.com/stretchr/testify/require"
74
"io/fs"
85
"os"
96
"path"
107
"testing"
8+
9+
"github.com/stretchr/testify/assert"
10+
"github.com/stretchr/testify/require"
11+
12+
"github.com/anchore/stereoscope/pkg/file"
1113
)
1214

1315
// - Verify that both the parent and the path are indexed

syft/internal/fileresolver/filetree_resolver_test.go

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,13 +14,14 @@ import (
1414
"testing"
1515
"time"
1616

17-
stereoscopeFile "github.com/anchore/stereoscope/pkg/file"
18-
"github.com/anchore/syft/syft/file"
1917
"github.com/google/go-cmp/cmp"
2018
"github.com/scylladb/go-set/strset"
2119
"github.com/stretchr/testify/assert"
2220
"github.com/stretchr/testify/require"
2321
"go.uber.org/goleak"
22+
23+
stereoscopeFile "github.com/anchore/stereoscope/pkg/file"
24+
"github.com/anchore/syft/syft/file"
2425
)
2526

2627
// Tests for filetree resolver when directory is used for index

syft/pkg/cataloger/rust/cataloger.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,8 @@ import (
99
"github.com/anchore/syft/syft/pkg/cataloger/generic"
1010
)
1111

12+
const cargoAuditBinaryCatalogerName = "cargo-auditable-binary-cataloger"
13+
1214
// NewCargoLockCataloger returns a new Rust Cargo lock file cataloger object.
1315
func NewCargoLockCataloger() pkg.Cataloger {
1416
return generic.NewCataloger("rust-cargo-lock-cataloger").
@@ -18,6 +20,6 @@ func NewCargoLockCataloger() pkg.Cataloger {
1820
// NewAuditBinaryCataloger returns a new Rust auditable binary cataloger object that can detect dependencies
1921
// in binaries produced with https://github.com/Shnatsel/rust-audit
2022
func NewAuditBinaryCataloger() pkg.Cataloger {
21-
return generic.NewCataloger("cargo-auditable-binary-cataloger").
23+
return generic.NewCataloger(cargoAuditBinaryCatalogerName).
2224
WithParserByMimeTypes(parseAuditBinary, mimetype.ExecutableMIMETypeSet.List()...)
2325
}

syft/pkg/cataloger/rust/cataloger_test.go

Lines changed: 247 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -3,48 +3,270 @@ package rust
33
import (
44
"testing"
55

6+
"github.com/anchore/syft/syft/artifact"
67
"github.com/anchore/syft/syft/file"
78
"github.com/anchore/syft/syft/pkg"
89
"github.com/anchore/syft/syft/pkg/cataloger/internal/pkgtest"
910
)
1011

1112
func TestNewAuditBinaryCataloger(t *testing.T) {
13+
locations := file.NewLocationSet(file.NewVirtualLocation("/usr/local/bin/hello_world", "/usr/local/bin/hello_world"))
14+
15+
argh := pkg.Package{
16+
Name: "argh",
17+
Version: "0.1.12",
18+
PURL: "pkg:cargo/[email protected]",
19+
FoundBy: "cargo-auditable-binary-cataloger",
20+
Locations: locations,
21+
Language: pkg.Rust,
22+
Type: pkg.RustPkg,
23+
Metadata: pkg.RustBinaryAuditEntry{
24+
Name: "argh",
25+
Version: "0.1.12",
26+
Source: "crates.io",
27+
},
28+
}
29+
30+
arghDerive := pkg.Package{
31+
Name: "argh_derive",
32+
Version: "0.1.12",
33+
PURL: "pkg:cargo/[email protected]",
34+
FoundBy: "cargo-auditable-binary-cataloger",
35+
Locations: locations,
36+
Language: pkg.Rust,
37+
Type: pkg.RustPkg,
38+
Metadata: pkg.RustBinaryAuditEntry{
39+
Name: "argh_derive",
40+
Version: "0.1.12",
41+
Source: "crates.io",
42+
},
43+
}
44+
45+
arghShared := pkg.Package{
46+
Name: "argh_shared",
47+
Version: "0.1.12",
48+
PURL: "pkg:cargo/[email protected]",
49+
FoundBy: "cargo-auditable-binary-cataloger",
50+
Locations: locations,
51+
Language: pkg.Rust,
52+
Type: pkg.RustPkg,
53+
Metadata: pkg.RustBinaryAuditEntry{
54+
Name: "argh_shared",
55+
Version: "0.1.12",
56+
Source: "crates.io",
57+
},
58+
}
59+
60+
helloWorld := pkg.Package{
61+
Name: "hello_world",
62+
Version: "0.1.0",
63+
PURL: "pkg:cargo/[email protected]",
64+
FoundBy: "cargo-auditable-binary-cataloger",
65+
Locations: locations,
66+
Language: pkg.Rust,
67+
Type: pkg.RustPkg,
68+
Metadata: pkg.RustBinaryAuditEntry{
69+
Name: "hello_world",
70+
Version: "0.1.0",
71+
Source: "local",
72+
},
73+
}
74+
75+
procMacro2 := pkg.Package{
76+
Name: "proc-macro2",
77+
Version: "1.0.92",
78+
PURL: "pkg:cargo/[email protected]",
79+
FoundBy: "cargo-auditable-binary-cataloger",
80+
Locations: locations,
81+
Language: pkg.Rust,
82+
Type: pkg.RustPkg,
83+
Metadata: pkg.RustBinaryAuditEntry{
84+
Name: "proc-macro2",
85+
Version: "1.0.92",
86+
Source: "crates.io",
87+
},
88+
}
89+
90+
quote := pkg.Package{
91+
Name: "quote",
92+
Version: "1.0.37",
93+
PURL: "pkg:cargo/[email protected]",
94+
FoundBy: "cargo-auditable-binary-cataloger",
95+
Locations: locations,
96+
Language: pkg.Rust,
97+
Type: pkg.RustPkg,
98+
Metadata: pkg.RustBinaryAuditEntry{
99+
Name: "quote",
100+
Version: "1.0.37",
101+
Source: "crates.io",
102+
},
103+
}
104+
105+
serde := pkg.Package{
106+
Name: "serde",
107+
Version: "1.0.215",
108+
PURL: "pkg:cargo/[email protected]",
109+
FoundBy: "cargo-auditable-binary-cataloger",
110+
Locations: locations,
111+
Language: pkg.Rust,
112+
Type: pkg.RustPkg,
113+
Metadata: pkg.RustBinaryAuditEntry{
114+
Name: "serde",
115+
Version: "1.0.215",
116+
Source: "crates.io",
117+
},
118+
}
119+
120+
serdeDerive := pkg.Package{
121+
Name: "serde_derive",
122+
Version: "1.0.215",
123+
PURL: "pkg:cargo/[email protected]",
124+
FoundBy: "cargo-auditable-binary-cataloger",
125+
Locations: locations,
126+
Language: pkg.Rust,
127+
Type: pkg.RustPkg,
128+
Metadata: pkg.RustBinaryAuditEntry{
129+
Name: "serde_derive",
130+
Version: "1.0.215",
131+
Source: "crates.io",
132+
},
133+
}
134+
135+
syn := pkg.Package{
136+
Name: "syn",
137+
Version: "2.0.90",
138+
PURL: "pkg:cargo/[email protected]",
139+
FoundBy: "cargo-auditable-binary-cataloger",
140+
Locations: locations,
141+
Language: pkg.Rust,
142+
Type: pkg.RustPkg,
143+
Metadata: pkg.RustBinaryAuditEntry{
144+
Name: "syn",
145+
Version: "2.0.90",
146+
Source: "crates.io",
147+
},
148+
}
149+
150+
unicodeIdent := pkg.Package{
151+
Name: "unicode-ident",
152+
Version: "1.0.14",
153+
PURL: "pkg:cargo/[email protected]",
154+
FoundBy: "cargo-auditable-binary-cataloger",
155+
Locations: locations,
156+
Language: pkg.Rust,
157+
Type: pkg.RustPkg,
158+
Metadata: pkg.RustBinaryAuditEntry{
159+
Name: "unicode-ident",
160+
Version: "1.0.14",
161+
Source: "crates.io",
162+
},
163+
}
12164

13165
expectedPkgs := []pkg.Package{
166+
argh,
167+
arghDerive,
168+
arghShared,
169+
helloWorld,
170+
procMacro2,
171+
quote,
172+
serde,
173+
serdeDerive,
174+
syn,
175+
unicodeIdent,
176+
}
177+
178+
expectedRelationships := []artifact.Relationship{
14179
{
15-
Name: "auditable",
16-
Version: "0.1.0",
17-
PURL: "pkg:cargo/[email protected]",
18-
FoundBy: "cargo-auditable-binary-cataloger",
19-
Locations: file.NewLocationSet(file.NewVirtualLocation("/hello-auditable", "/hello-auditable")),
20-
Language: pkg.Rust,
21-
Type: pkg.RustPkg,
22-
Metadata: pkg.RustBinaryAuditEntry{
23-
Name: "auditable",
24-
Version: "0.1.0",
25-
Source: "local",
26-
},
180+
From: argh,
181+
To: helloWorld,
182+
Type: artifact.DependencyOfRelationship,
27183
},
28184
{
29-
Name: "hello-auditable",
30-
Version: "0.1.0",
31-
PURL: "pkg:cargo/[email protected]",
32-
FoundBy: "cargo-auditable-binary-cataloger",
33-
Locations: file.NewLocationSet(file.NewVirtualLocation("/hello-auditable", "/hello-auditable")),
34-
Language: pkg.Rust,
35-
Type: pkg.RustPkg,
36-
Metadata: pkg.RustBinaryAuditEntry{
37-
Name: "hello-auditable",
38-
Version: "0.1.0",
39-
Source: "local",
40-
},
185+
From: arghDerive,
186+
To: argh,
187+
Type: artifact.DependencyOfRelationship,
188+
},
189+
{
190+
From: arghShared,
191+
To: argh,
192+
Type: artifact.DependencyOfRelationship,
193+
},
194+
{
195+
From: arghShared,
196+
To: arghDerive,
197+
Type: artifact.DependencyOfRelationship,
198+
},
199+
{
200+
From: procMacro2,
201+
To: arghDerive,
202+
Type: artifact.DependencyOfRelationship,
203+
},
204+
{
205+
From: procMacro2,
206+
To: quote,
207+
Type: artifact.DependencyOfRelationship,
208+
},
209+
{
210+
From: procMacro2,
211+
To: serdeDerive,
212+
Type: artifact.DependencyOfRelationship,
213+
},
214+
{
215+
From: procMacro2,
216+
To: syn,
217+
Type: artifact.DependencyOfRelationship,
218+
},
219+
{
220+
From: quote,
221+
To: arghDerive,
222+
Type: artifact.DependencyOfRelationship,
223+
},
224+
{
225+
From: quote,
226+
To: serdeDerive,
227+
Type: artifact.DependencyOfRelationship,
228+
},
229+
{
230+
From: quote,
231+
To: syn,
232+
Type: artifact.DependencyOfRelationship,
233+
},
234+
{
235+
From: serde,
236+
To: arghShared,
237+
Type: artifact.DependencyOfRelationship,
238+
},
239+
{
240+
From: serdeDerive,
241+
To: serde,
242+
Type: artifact.DependencyOfRelationship,
243+
},
244+
{
245+
From: syn,
246+
To: arghDerive,
247+
Type: artifact.DependencyOfRelationship,
248+
},
249+
{
250+
From: syn,
251+
To: serdeDerive,
252+
Type: artifact.DependencyOfRelationship,
253+
},
254+
{
255+
From: unicodeIdent,
256+
To: procMacro2,
257+
Type: artifact.DependencyOfRelationship,
258+
},
259+
{
260+
From: unicodeIdent,
261+
To: syn,
262+
Type: artifact.DependencyOfRelationship,
41263
},
42264
}
43265

44266
pkgtest.NewCatalogTester().
45267
WithImageResolver(t, "image-audit").
46268
IgnoreLocationLayer(). // this fixture can be rebuilt, thus the layer ID will change
47-
Expects(expectedPkgs, nil).
269+
Expects(expectedPkgs, expectedRelationships).
48270
TestCataloger(t, NewAuditBinaryCataloger())
49271
}
50272

0 commit comments

Comments
 (0)