feat: lift compiler package creation to individual per location set

Signed-off-by: Christopher Phillips <[email protected]>
anchore · Oct 5, 2023 · eec4e80 · eec4e80
1 parent 1ca17dd
commit eec4e80
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 41 deletions.
diff --git a/syft/pkg/cataloger/golang/cataloger.go b/syft/pkg/cataloger/golang/cataloger.go
@@ -4,8 +4,13 @@ Package golang provides a concrete Cataloger implementation for go.mod files.
 package golang
 
 import (
+	"fmt"
+	"strings"
+
 	"github.com/anchore/syft/internal"
+	"github.com/anchore/syft/internal/log"
 	"github.com/anchore/syft/syft/artifact"
+	"github.com/anchore/syft/syft/cpe"
 	"github.com/anchore/syft/syft/event/monitor"
 	"github.com/anchore/syft/syft/file"
 	"github.com/anchore/syft/syft/pkg"
@@ -47,5 +52,45 @@ func (p *progressingCataloger) Name() string {
 
 func (p *progressingCataloger) Catalog(resolver file.Resolver) ([]pkg.Package, []artifact.Relationship, error) {
 	defer p.progress.SetCompleted()
-	return p.cataloger.Catalog(resolver)
+	pkgs, relationships, err := p.cataloger.Catalog(resolver)
+	goCompilerPkgs := []pkg.Package{}
+	for _, p := range pkgs {
+		if mValue, ok := p.Metadata.(pkg.GolangBinMetadata); ok {
+			stdLibPkg := newGoStdLib(mValue.GoCompiledVersion, p.Locations)
+			if stdLibPkg != nil {
+				goCompilerPkgs = append(goCompilerPkgs, *stdLibPkg)
+			}
+		}
+	}
+	pkgs = append(pkgs, goCompilerPkgs...)
+	return pkgs, relationships, err
+}
+func newGoStdLib(version string, location file.LocationSet) *pkg.Package {
+	// for matching we need to strip the go prefix
+	// this can be preserved for metadata purposes
+	matchVersion := strings.TrimPrefix(version, "go")
+	cpes := make([]cpe.CPE, 0)
+	compilerCPE, err := cpe.New(fmt.Sprintf("cpe:2.3:a:golang:go:%s:-:*:*:*:*:*:*", matchVersion))
+	if err != nil {
+		log.Warn("could not build cpe for given compiler version: %s", version)
+		return nil
+	}
+
+	cpes = append(cpes, compilerCPE)
+	goCompilerPkg := &pkg.Package{
+		Name:         "Golang Standard Library",
+		Version:      version,
+		PURL:         packageURL("stdlib", matchVersion),
+		CPEs:         cpes,
+		Locations:    location,
+		Language:     pkg.Go,
+		Type:         pkg.GoModulePkg,
+		MetadataType: pkg.GolangBinMetadataType,
+		Metadata: pkg.GolangBinMetadata{
+			GoCompiledVersion: version,
+		},
+	}
+	goCompilerPkg.SetID()
+
+	return goCompilerPkg
 }
diff --git a/syft/pkg/cataloger/golang/parse_go_binary.go b/syft/pkg/cataloger/golang/parse_go_binary.go
@@ -16,9 +16,7 @@ import (
 	"golang.org/x/mod/module"
 
 	"github.com/anchore/syft/internal"
-	"github.com/anchore/syft/internal/log"
 	"github.com/anchore/syft/syft/artifact"
-	"github.com/anchore/syft/syft/cpe"
 	"github.com/anchore/syft/syft/file"
 	"github.com/anchore/syft/syft/pkg"
 	"github.com/anchore/syft/syft/pkg/cataloger/generic"
@@ -61,45 +59,13 @@ func (c *goBinaryCataloger) parseGoBinary(resolver file.Resolver, _ *generic.Env
 	mods := scanFile(unionReader, reader.RealPath)
 	internal.CloseAndLogError(reader.ReadCloser, reader.RealPath)
 
-	compilerVersions := make(map[string]interface{})
-
 	for _, mod := range mods {
-		goPkgs, goCompilerVersion := c.buildGoPkgInfo(resolver, reader.Location, mod, mod.arch)
-		compilerVersions[goCompilerVersion] = struct{}{}
-		pkgs = append(pkgs, goPkgs...)
+		pkgs = append(pkgs, c.buildGoPkgInfo(resolver, reader.Location, mod, mod.arch)...)
 	}
 
-	for key := range compilerVersions {
-		pkg := newGoStdLib(key)
-		pkg.SetID()
-		pkgs = append(pkgs, pkg)
-	}
 	return pkgs, nil, nil
 }
 
-func newGoStdLib(version string) pkg.Package {
-	version = strings.TrimPrefix(version, "go")
-	cpes := make([]cpe.CPE, 0)
-	compilerCPE, err := cpe.New(fmt.Sprintf("cpe:2.3:a:golang:go:%s:-:*:*:*:*:*:*", version))
-	if err != nil {
-		log.Warn("could not build cpe for given compiler version: %s", version)
-	} else {
-		cpes = append(cpes, compilerCPE)
-	}
-	goCompilerPkg := pkg.Package{
-		Name:         "Golang Standard Library",
-		Version:      version,
-		PURL:         packageURL("stdlib", version),
-		CPEs:         cpes,
-		Language:     pkg.Go,
-		Type:         pkg.GoModulePkg,
-		MetadataType: pkg.GolangBinMetadataType,
-		Metadata:     pkg.GolangBinMetadata{},
-	}
-
-	return goCompilerPkg
-}
-
 func (c *goBinaryCataloger) makeGoMainPackage(resolver file.Resolver, mod *extendedBuildInfo, arch string, location file.Location) pkg.Package {
 	gbs := getBuildSettings(mod.Settings)
 	main := c.newGoBinaryPackage(
@@ -254,10 +220,9 @@ func createMainModuleFromPath(path string) (mod debug.Module) {
 	return
 }
 
-func (c *goBinaryCataloger) buildGoPkgInfo(resolver file.Resolver, location file.Location, mod *extendedBuildInfo, arch string) (pkgs []pkg.Package, goCompilerVersion string) {
-	pkgs = make([]pkg.Package, 0)
+func (c *goBinaryCataloger) buildGoPkgInfo(resolver file.Resolver, location file.Location, mod *extendedBuildInfo, arch string) (pkgs []pkg.Package) {
 	if mod == nil {
-		return pkgs, ""
+		return pkgs
 	}
 
 	var empty debug.Module
@@ -285,11 +250,11 @@ func (c *goBinaryCataloger) buildGoPkgInfo(resolver file.Resolver, location file
 	}
 
 	if mod.Main == empty {
-		return pkgs, ""
+		return pkgs
 	}
 
 	main := c.makeGoMainPackage(resolver, mod, arch, location)
 	pkgs = append(pkgs, main)
 
-	return pkgs, mod.GoVersion
+	return pkgs
 }