Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: duplicate packages when identical except location #1249

Closed
wants to merge 10 commits into from
+1,719 −119
Closed

fix: duplicate packages when identical except location #1249

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
26d5476
feat: remove location from id to prevent dups
cpendery Oct 5, 2022
3ace75c
test: update some golden snapshots
cpendery Oct 5, 2022
fe88ed3
chore: regenerate snapshot fixtures for all format
spiffcs Oct 6, 2022
8c9c5fd
fix: add virtualPath back to hash struct method
spiffcs Oct 6, 2022
153f770
refactor: update digests hashed; ignore VirtualPath
spiffcs Oct 6, 2022
38cbe94
refactor: remove specific sort; digests are hashed
spiffcs Oct 6, 2022
119f643
refactor: update JavaMetadata.VirtualPath to be []
spiffcs Oct 7, 2022
f6ba30d
fix: update merge to account for java VirtualPath1
spiffcs Oct 7, 2022
0a4d187
Merge branch 'main' into feat-dups
spiffcs Oct 11, 2022
fa6d156
fix: add schema updates; modify ci tests
spiffcs Oct 11, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid:3ea3363f-3945-4859-9ba1-9a395983d248",
"serialNumber": "urn:uuid:2169027d-1466-4b04-9b07-34c6ce513539",
"version": 1,
"metadata": {
"timestamp": "2022-05-23T12:05:00-07:00",
"timestamp": "2022-10-05T21:08:02-04:00",
"tools": [
{
"vendor": "anchore",
Expand All @@ -20,7 +20,7 @@
},
"components": [
{
"bom-ref": "b85dbb4e6ece5082",
"bom-ref": "2a90c3effff7fb4f",
"type": "library",
"name": "package-1",
"version": "1.0.1",
Expand Down Expand Up @@ -57,7 +57,7 @@
]
},
{
"bom-ref": "pkg:deb/debian/[email protected]?package-id=ceda99598967ae8d",
"bom-ref": "pkg:deb/debian/[email protected]?package-id=982bd655c9957788",
"type": "library",
"name": "package-2",
"version": "2.0.1",
Expand Down
14 changes: 7 additions & 7 deletions syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid:c825402b-bbfa-4ad5-81b1-6a8332a6a8b6",
"serialNumber": "urn:uuid:49ee8684-f17f-4b27-b652-08700616a46c",
"version": 1,
"metadata": {
"timestamp": "2022-05-23T12:05:01-07:00",
"timestamp": "2022-10-05T21:08:02-04:00",
"tools": [
{
"vendor": "anchore",
Expand All @@ -13,15 +13,15 @@
}
],
"component": {
"bom-ref": "e779c1ed804ba529",
"bom-ref": "e7c509028e64e19d",
"type": "container",
"name": "user-image-input",
"version": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368"
}
},
"components": [
{
"bom-ref": "2a46171f91c8d4bc",
"bom-ref": "2a56b96c604f3ab3",
"type": "library",
"name": "package-1",
"version": "1.0.1",
Expand Down Expand Up @@ -53,7 +53,7 @@
},
{
"name": "syft:location:0:layerID",
"value": "sha256:cd8f3884f1211d65c19ce5bbc5174bcd2ce8ba96b63e5b3693969a53279c4405"
"value": "sha256:4965affaf42a7174561882c5fd87e2db6f0b07df532459ba86f98a8bd2af11de"
},
{
"name": "syft:location:0:path",
Expand All @@ -62,7 +62,7 @@
]
},
{
"bom-ref": "pkg:deb/debian/[email protected]?package-id=ae77680e9b1d087e",
"bom-ref": "pkg:deb/debian/[email protected]?package-id=982bd655c9957788",
"type": "library",
"name": "package-2",
"version": "2.0.1",
Expand All @@ -83,7 +83,7 @@
},
{
"name": "syft:location:0:layerID",
"value": "sha256:42d2ea51c688e6dc7be81a305acbe006d27a6ef0c26ae3888fd0d4ce44f69265"
"value": "sha256:460c3e27be163efe75df048c4d4cf3a22e7e363f02521fa2e82a3bd257a682d4"
},
{
"name": "syft:location:0:path",
Expand Down
Binary file modified syft/formats/cyclonedxjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden
View file
Open in desktop
Binary file not shown.
8 changes: 4 additions & 4 deletions syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:a259c072-aaaf-4a3f-a707-49f691b1e9d9" version="1">
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:ff838d64-bc9b-40f8-ada8-b2a86efbf7c1" version="1">
<metadata>
<timestamp>2022-05-23T12:02:41-07:00</timestamp>
<timestamp>2022-10-05T21:14:00-04:00</timestamp>
<tools>
<tool>
<vendor>anchore</vendor>
Expand All @@ -14,7 +14,7 @@
</component>
</metadata>
<components>
<component bom-ref="b85dbb4e6ece5082" type="library">
<component bom-ref="2a90c3effff7fb4f" type="library">
<name>package-1</name>
<version>1.0.1</version>
<licenses>
Expand All @@ -32,7 +32,7 @@
<property name="syft:location:0:path">/some/path/pkg1</property>
</properties>
</component>
<component bom-ref="pkg:deb/debian/[email protected]?package-id=ceda99598967ae8d" type="library">
<component bom-ref="pkg:deb/debian/[email protected]?package-id=982bd655c9957788" type="library">
<name>package-2</name>
<version>2.0.1</version>
<cpe>cpe:2.3:*:some:package:2:*:*:*:*:*:*:*</cpe>
Expand Down
14 changes: 7 additions & 7 deletions syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,21 @@
<?xml version="1.0" encoding="UTF-8"?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:155802bd-09e5-4b95-9485-826b94447495" version="1">
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:3c0a4fce-ed64-4357-8736-7b454769ead2" version="1">
<metadata>
<timestamp>2022-05-23T12:02:42-07:00</timestamp>
<timestamp>2022-10-05T21:14:00-04:00</timestamp>
<tools>
<tool>
<vendor>anchore</vendor>
<name>syft</name>
<version>v0.42.0-bogus</version>
</tool>
</tools>
<component bom-ref="e779c1ed804ba529" type="container">
<component bom-ref="e7c509028e64e19d" type="container">
<name>user-image-input</name>
<version>sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368</version>
</component>
</metadata>
<components>
<component bom-ref="2a46171f91c8d4bc" type="library">
<component bom-ref="2a56b96c604f3ab3" type="library">
<name>package-1</name>
<version>1.0.1</version>
<licenses>
Expand All @@ -30,11 +30,11 @@
<property name="syft:package:language">python</property>
<property name="syft:package:metadataType">PythonPackageMetadata</property>
<property name="syft:package:type">python</property>
<property name="syft:location:0:layerID">sha256:cd8f3884f1211d65c19ce5bbc5174bcd2ce8ba96b63e5b3693969a53279c4405</property>
<property name="syft:location:0:layerID">sha256:4965affaf42a7174561882c5fd87e2db6f0b07df532459ba86f98a8bd2af11de</property>
<property name="syft:location:0:path">/somefile-1.txt</property>
</properties>
</component>
<component bom-ref="pkg:deb/debian/[email protected]?package-id=ae77680e9b1d087e" type="library">
<component bom-ref="pkg:deb/debian/[email protected]?package-id=982bd655c9957788" type="library">
<name>package-2</name>
<version>2.0.1</version>
<cpe>cpe:2.3:*:some:package:2:*:*:*:*:*:*:*</cpe>
Expand All @@ -43,7 +43,7 @@
<property name="syft:package:foundBy">the-cataloger-2</property>
<property name="syft:package:metadataType">DpkgMetadata</property>
<property name="syft:package:type">deb</property>
<property name="syft:location:0:layerID">sha256:42d2ea51c688e6dc7be81a305acbe006d27a6ef0c26ae3888fd0d4ce44f69265</property>
<property name="syft:location:0:layerID">sha256:460c3e27be163efe75df048c4d4cf3a22e7e363f02521fa2e82a3bd257a682d4</property>
<property name="syft:location:0:path">/somefile-2.txt</property>
<property name="syft:metadata:installedSize">0</property>
</properties>
Expand Down
Binary file modified syft/formats/cyclonedxxml/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden
View file
Open in desktop
Binary file not shown.
10 changes: 5 additions & 5 deletions syft/formats/spdx22json/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,18 @@
"name": "/some/path",
"spdxVersion": "SPDX-2.2",
"creationInfo": {
"created": "2022-05-23T19:10:22.25645Z",
"created": "2022-10-05T19:47:00.536845Z",
"creators": [
"Organization: Anchore, Inc",
"Tool: syft-v0.42.0-bogus"
],
"licenseListVersion": "3.17"
"licenseListVersion": "3.18"
},
"dataLicense": "CC0-1.0",
"documentNamespace": "https://anchore.com/syft/dir/some/path-81dbcbfa-251d-4ad5-9b01-be91afb16469",
"documentNamespace": "https://anchore.com/syft/dir/some/path-d2cf5b49-ce38-488e-8519-19ba1c77733f",
"packages": [
{
"SPDXID": "SPDXRef-b85dbb4e6ece5082",
"SPDXID": "SPDXRef-2a90c3effff7fb4f",
"name": "package-1",
"licenseConcluded": "MIT",
"downloadLocation": "NOASSERTION",
Expand All @@ -36,7 +36,7 @@
"versionInfo": "1.0.1"
},
{
"SPDXID": "SPDXRef-ceda99598967ae8d",
"SPDXID": "SPDXRef-982bd655c9957788",
"name": "package-2",
"licenseConcluded": "NONE",
"downloadLocation": "NOASSERTION",
Expand Down
10 changes: 5 additions & 5 deletions syft/formats/spdx22json/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,18 @@
"name": "user-image-input",
"spdxVersion": "SPDX-2.2",
"creationInfo": {
"created": "2022-05-23T19:10:22.412847Z",
"created": "2022-10-05T19:47:01.104611Z",
"creators": [
"Organization: Anchore, Inc",
"Tool: syft-v0.42.0-bogus"
],
"licenseListVersion": "3.17"
"licenseListVersion": "3.18"
},
"dataLicense": "CC0-1.0",
"documentNamespace": "https://anchore.com/syft/image/user-image-input-c9945597-78ce-4e9b-89d2-68b8e4e4ccb9",
"documentNamespace": "https://anchore.com/syft/image/user-image-input-cc71fd4c-1f74-4d35-beea-67d21d67679e",
"packages": [
{
"SPDXID": "SPDXRef-2a46171f91c8d4bc",
"SPDXID": "SPDXRef-2a56b96c604f3ab3",
"name": "package-1",
"licenseConcluded": "MIT",
"downloadLocation": "NOASSERTION",
Expand All @@ -36,7 +36,7 @@
"versionInfo": "1.0.1"
},
{
"SPDXID": "SPDXRef-ae77680e9b1d087e",
"SPDXID": "SPDXRef-982bd655c9957788",
"name": "package-2",
"licenseConcluded": "NONE",
"downloadLocation": "NOASSERTION",
Expand Down
20 changes: 10 additions & 10 deletions syft/formats/spdx22json/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,18 @@
"name": "user-image-input",
"spdxVersion": "SPDX-2.2",
"creationInfo": {
"created": "2022-09-19T18:39:05.841331Z",
"created": "2022-10-05T19:47:01.110308Z",
"creators": [
"Organization: Anchore, Inc",
"Tool: syft-v0.42.0-bogus"
],
"licenseListVersion": "3.18"
},
"dataLicense": "CC0-1.0",
"documentNamespace": "https://anchore.com/syft/image/user-image-input-6cf0595e-7d69-4990-aef5-8183b52023b9",
"documentNamespace": "https://anchore.com/syft/image/user-image-input-aa6c73fa-fb4c-49af-a3ff-44ae082e518d",
"packages": [
{
"SPDXID": "SPDXRef-2a46171f91c8d4bc",
"SPDXID": "SPDXRef-2a56b96c604f3ab3",
"name": "package-1",
"licenseConcluded": "MIT",
"downloadLocation": "NOASSERTION",
Expand Down Expand Up @@ -44,7 +44,7 @@
"versionInfo": "1.0.1"
},
{
"SPDXID": "SPDXRef-ae77680e9b1d087e",
"SPDXID": "SPDXRef-982bd655c9957788",
"name": "package-2",
"licenseConcluded": "NONE",
"downloadLocation": "NOASSERTION",
Expand Down Expand Up @@ -118,32 +118,32 @@
],
"relationships": [
{
"spdxElementId": "SPDXRef-2a46171f91c8d4bc",
"spdxElementId": "SPDXRef-2a56b96c604f3ab3",
"relationshipType": "CONTAINS",
"relatedSpdxElement": "SPDXRef-5265a4dde3edbf7c"
},
{
"spdxElementId": "SPDXRef-2a46171f91c8d4bc",
"spdxElementId": "SPDXRef-2a56b96c604f3ab3",
"relationshipType": "CONTAINS",
"relatedSpdxElement": "SPDXRef-839d99ee67d9d174"
},
{
"spdxElementId": "SPDXRef-2a46171f91c8d4bc",
"spdxElementId": "SPDXRef-2a56b96c604f3ab3",
"relationshipType": "CONTAINS",
"relatedSpdxElement": "SPDXRef-9c2f7510199b17f6"
},
{
"spdxElementId": "SPDXRef-2a46171f91c8d4bc",
"spdxElementId": "SPDXRef-2a56b96c604f3ab3",
"relationshipType": "CONTAINS",
"relatedSpdxElement": "SPDXRef-c641caa71518099f"
},
{
"spdxElementId": "SPDXRef-2a46171f91c8d4bc",
"spdxElementId": "SPDXRef-2a56b96c604f3ab3",
"relationshipType": "CONTAINS",
"relatedSpdxElement": "SPDXRef-c6f5b29dca12661f"
},
{
"spdxElementId": "SPDXRef-2a46171f91c8d4bc",
"spdxElementId": "SPDXRef-2a56b96c604f3ab3",
"relationshipType": "CONTAINS",
"relatedSpdxElement": "SPDXRef-f9e49132a4b96ccd"
}
Expand Down
Binary file modified syft/formats/spdx22json/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden
View file
Open in desktop
Binary file not shown.
12 changes: 6 additions & 6 deletions syft/formats/spdx22tagvalue/test-fixtures/snapshot/TestSPDXJSONSPDXIDs.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,16 @@ SPDXVersion: SPDX-2.2
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: .
DocumentNamespace: https://anchore.com/syft/dir/bdb67358-651c-4dd8-b5ee-5318936eb16a
LicenseListVersion: 3.17
DocumentNamespace: https://anchore.com/syft/dir/2c8c96ca-2b8f-46cc-bdab-2f3bd4e9f8e6
LicenseListVersion: 3.18
Creator: Organization: Anchore, Inc
Creator: Tool: syft-v0.42.0-bogus
Created: 2022-06-07T19:33:39Z
Created: 2022-10-06T01:06:05Z

##### Package: @at-sign

PackageName: @at-sign
SPDXID: SPDXRef-Package---at-sign-739e4f0d93fb8298
SPDXID: SPDXRef-Package---at-sign-a13c298001ac6444
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageLicenseConcluded: NONE
Expand All @@ -21,7 +21,7 @@ PackageCopyrightText: NOASSERTION
##### Package: some/slashes

PackageName: some/slashes
SPDXID: SPDXRef-Package--some-slashes-26db06648b24bff9
SPDXID: SPDXRef-Package--some-slashes-5bd9ab07c1a10a05
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageLicenseConcluded: NONE
Expand All @@ -31,7 +31,7 @@ PackageCopyrightText: NOASSERTION
##### Package: under_scores

PackageName: under_scores
SPDXID: SPDXRef-Package--under-scores-250cbfefcdea318b
SPDXID: SPDXRef-Package--under-scores-eaf456a50fe77e5d
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageLicenseConcluded: NONE
Expand Down
10 changes: 5 additions & 5 deletions syft/formats/spdx22tagvalue/test-fixtures/snapshot/TestSPDXTagValueDirectoryEncoder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,16 @@ SPDXVersion: SPDX-2.2
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: /some/path
DocumentNamespace: https://anchore.com/syft/dir/some/path-c6b20d03-1478-4513-9feb-1ec427d4b547
LicenseListVersion: 3.17
DocumentNamespace: https://anchore.com/syft/dir/some/path-d9816458-7761-40d7-a97a-2cbb6c0bfde8
LicenseListVersion: 3.18
Creator: Organization: Anchore, Inc
Creator: Tool: syft-v0.42.0-bogus
Created: 2022-05-24T22:51:02Z
Created: 2022-10-06T01:06:04Z

##### Package: package-2

PackageName: package-2
SPDXID: SPDXRef-Package-deb-package-2-ceda99598967ae8d
SPDXID: SPDXRef-Package-deb-package-2-982bd655c9957788
PackageVersion: 2.0.1
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
Expand All @@ -24,7 +24,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:deb/debian/[email protected]
##### Package: package-1

PackageName: package-1
SPDXID: SPDXRef-Package-python-package-1-b85dbb4e6ece5082
SPDXID: SPDXRef-Package-python-package-1-2a90c3effff7fb4f
PackageVersion: 1.0.1
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
Expand Down
10 changes: 5 additions & 5 deletions syft/formats/spdx22tagvalue/test-fixtures/snapshot/TestSPDXTagValueImageEncoder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,16 @@ SPDXVersion: SPDX-2.2
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: user-image-input
DocumentNamespace: https://anchore.com/syft/image/user-image-input-12a877bc-fe9b-40ef-aa9c-4d34f108d0d6
LicenseListVersion: 3.17
DocumentNamespace: https://anchore.com/syft/image/user-image-input-02826aec-021e-4f01-9b82-6fa2f830f20a
LicenseListVersion: 3.18
Creator: Organization: Anchore, Inc
Creator: Tool: syft-v0.42.0-bogus
Created: 2022-05-24T22:51:02Z
Created: 2022-10-06T01:06:05Z

##### Package: package-2

PackageName: package-2
SPDXID: SPDXRef-Package-deb-package-2-ae77680e9b1d087e
SPDXID: SPDXRef-Package-deb-package-2-982bd655c9957788
PackageVersion: 2.0.1
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
Expand All @@ -24,7 +24,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:deb/debian/[email protected]
##### Package: package-1

PackageName: package-1
SPDXID: SPDXRef-Package-python-package-1-2a46171f91c8d4bc
SPDXID: SPDXRef-Package-python-package-1-2a56b96c604f3ab3
PackageVersion: 1.0.1
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
Expand Down
Binary file modified syft/formats/spdx22tagvalue/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden
View file
Open in desktop
Binary file not shown.
Loading