From 10464642e9090c4ee5d1d40b7596e924d22088d3 Mon Sep 17 00:00:00 2001 From: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com> Date: Thu, 3 Nov 2022 10:00:14 -0400 Subject: [PATCH] fix: only generate PURL on empty string (#1312) --- syft/pkg/cataloger/catalog.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/syft/pkg/cataloger/catalog.go b/syft/pkg/cataloger/catalog.go index 79d7dc0bb4f1..3a2b0f771856 100644 --- a/syft/pkg/cataloger/catalog.go +++ b/syft/pkg/cataloger/catalog.go @@ -45,9 +45,7 @@ func newMonitor() (*progress.Manual, *progress.Manual) { func Catalog(resolver source.FileResolver, release *linux.Release, catalogers ...pkg.Cataloger) (*pkg.Catalog, []artifact.Relationship, error) { catalog := pkg.NewCatalog() var allRelationships []artifact.Relationship - filesProcessed, packagesDiscovered := newMonitor() - // perform analysis, accumulating errors for each failed analysis var errs error for _, c := range catalogers { @@ -70,7 +68,9 @@ func Catalog(resolver source.FileResolver, release *linux.Release, catalogers .. p.CPEs = append(p.CPEs, cpe.Generate(p)...) // generate PURL (note: this is excluded from package ID, so is safe to mutate) - p.PURL = pkg.URL(p, release) + if p.PURL == "" { + p.PURL = pkg.URL(p, release) + } // if we were not able to identify the language we have an opportunity // to try and get this value from the PURL. Worst case we assert that @@ -86,7 +86,6 @@ func Catalog(resolver source.FileResolver, release *linux.Release, catalogers .. } else { allRelationships = append(allRelationships, owningRelationships...) } - // add to catalog catalog.Add(p) }