Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade generic cataloger #1281

Merged
merged 3 commits into from
Oct 24, 2022
+495 −245
Merged

Upgrade generic cataloger #1281

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7de878b
add second generation of generic cataloger
wagoodman Oct 20, 2022
4db61bb
upgrade aplm cataloger to use generic.Cataloger
wagoodman Oct 21, 2022
463a29a
remove pacakge found-by attribute from the definition of a package ID
wagoodman Oct 24, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid:3ea3363f-3945-4859-9ba1-9a395983d248",
"serialNumber": "urn:uuid:f426926b-4867-4b52-9142-23997f685f2c",
"version": 1,
"metadata": {
"timestamp": "2022-05-23T12:05:00-07:00",
"timestamp": "2022-10-24T09:54:37-04:00",
"tools": [
{
"vendor": "anchore",
Expand All @@ -20,7 +20,7 @@
},
"components": [
{
"bom-ref": "b85dbb4e6ece5082",
"bom-ref": "e624319940d8d36a",
"type": "library",
"name": "package-1",
"version": "1.0.1",
Expand Down Expand Up @@ -57,7 +57,7 @@
]
},
{
"bom-ref": "pkg:deb/debian/[email protected]?package-id=ceda99598967ae8d",
"bom-ref": "pkg:deb/debian/[email protected]?package-id=b8645f4ac2a0891e",
"type": "library",
"name": "package-2",
"version": "2.0.1",
Expand Down
14 changes: 7 additions & 7 deletions syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid:c825402b-bbfa-4ad5-81b1-6a8332a6a8b6",
"serialNumber": "urn:uuid:41bbbcc7-694d-4b07-a678-0afb67dabdf9",
"version": 1,
"metadata": {
"timestamp": "2022-05-23T12:05:01-07:00",
"timestamp": "2022-10-24T09:54:37-04:00",
"tools": [
{
"vendor": "anchore",
Expand All @@ -13,15 +13,15 @@
}
],
"component": {
"bom-ref": "e779c1ed804ba529",
"bom-ref": "522dc6b135a55bb4",
"type": "container",
"name": "user-image-input",
"version": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368"
}
},
"components": [
{
"bom-ref": "2a46171f91c8d4bc",
"bom-ref": "5ffee24fb164cffc",
"type": "library",
"name": "package-1",
"version": "1.0.1",
Expand Down Expand Up @@ -53,7 +53,7 @@
},
{
"name": "syft:location:0:layerID",
"value": "sha256:cd8f3884f1211d65c19ce5bbc5174bcd2ce8ba96b63e5b3693969a53279c4405"
"value": "sha256:fb6beecb75b39f4bb813dbf177e501edd5ddb3e69bb45cedeb78c676ee1b7a59"
},
{
"name": "syft:location:0:path",
Expand All @@ -62,7 +62,7 @@
]
},
{
"bom-ref": "pkg:deb/debian/[email protected]?package-id=ae77680e9b1d087e",
"bom-ref": "pkg:deb/debian/[email protected]?package-id=8b16570b2b4155c3",
"type": "library",
"name": "package-2",
"version": "2.0.1",
Expand All @@ -83,7 +83,7 @@
},
{
"name": "syft:location:0:layerID",
"value": "sha256:42d2ea51c688e6dc7be81a305acbe006d27a6ef0c26ae3888fd0d4ce44f69265"
"value": "sha256:319b588ce64253a87b533c8ed01cf0025e0eac98e7b516e12532957e1244fdec"
},
{
"name": "syft:location:0:path",
Expand Down
Binary file modified syft/formats/cyclonedxjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden
View file
Open in desktop
Binary file not shown.
8 changes: 4 additions & 4 deletions syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:a259c072-aaaf-4a3f-a707-49f691b1e9d9" version="1">
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:19df9583-d8b7-4683-81a6-e57cc8841321" version="1">
<metadata>
<timestamp>2022-05-23T12:02:41-07:00</timestamp>
<timestamp>2022-10-24T09:54:54-04:00</timestamp>
<tools>
<tool>
<vendor>anchore</vendor>
Expand All @@ -14,7 +14,7 @@
</component>
</metadata>
<components>
<component bom-ref="b85dbb4e6ece5082" type="library">
<component bom-ref="e624319940d8d36a" type="library">
<name>package-1</name>
<version>1.0.1</version>
<licenses>
Expand All @@ -32,7 +32,7 @@
<property name="syft:location:0:path">/some/path/pkg1</property>
</properties>
</component>
<component bom-ref="pkg:deb/debian/[email protected]?package-id=ceda99598967ae8d" type="library">
<component bom-ref="pkg:deb/debian/[email protected]?package-id=b8645f4ac2a0891e" type="library">
<name>package-2</name>
<version>2.0.1</version>
<cpe>cpe:2.3:*:some:package:2:*:*:*:*:*:*:*</cpe>
Expand Down
14 changes: 7 additions & 7 deletions syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,21 @@
<?xml version="1.0" encoding="UTF-8"?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:155802bd-09e5-4b95-9485-826b94447495" version="1">
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:5342511c-3580-4cae-b373-20bbf14ba7a3" version="1">
<metadata>
<timestamp>2022-05-23T12:02:42-07:00</timestamp>
<timestamp>2022-10-24T09:54:54-04:00</timestamp>
<tools>
<tool>
<vendor>anchore</vendor>
<name>syft</name>
<version>v0.42.0-bogus</version>
</tool>
</tools>
<component bom-ref="e779c1ed804ba529" type="container">
<component bom-ref="522dc6b135a55bb4" type="container">
<name>user-image-input</name>
<version>sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368</version>
</component>
</metadata>
<components>
<component bom-ref="2a46171f91c8d4bc" type="library">
<component bom-ref="5ffee24fb164cffc" type="library">
<name>package-1</name>
<version>1.0.1</version>
<licenses>
Expand All @@ -30,11 +30,11 @@
<property name="syft:package:language">python</property>
<property name="syft:package:metadataType">PythonPackageMetadata</property>
<property name="syft:package:type">python</property>
<property name="syft:location:0:layerID">sha256:cd8f3884f1211d65c19ce5bbc5174bcd2ce8ba96b63e5b3693969a53279c4405</property>
<property name="syft:location:0:layerID">sha256:fb6beecb75b39f4bb813dbf177e501edd5ddb3e69bb45cedeb78c676ee1b7a59</property>
<property name="syft:location:0:path">/somefile-1.txt</property>
</properties>
</component>
<component bom-ref="pkg:deb/debian/[email protected]?package-id=ae77680e9b1d087e" type="library">
<component bom-ref="pkg:deb/debian/[email protected]?package-id=8b16570b2b4155c3" type="library">
<name>package-2</name>
<version>2.0.1</version>
<cpe>cpe:2.3:*:some:package:2:*:*:*:*:*:*:*</cpe>
Expand All @@ -43,7 +43,7 @@
<property name="syft:package:foundBy">the-cataloger-2</property>
<property name="syft:package:metadataType">DpkgMetadata</property>
<property name="syft:package:type">deb</property>
<property name="syft:location:0:layerID">sha256:42d2ea51c688e6dc7be81a305acbe006d27a6ef0c26ae3888fd0d4ce44f69265</property>
<property name="syft:location:0:layerID">sha256:319b588ce64253a87b533c8ed01cf0025e0eac98e7b516e12532957e1244fdec</property>
<property name="syft:location:0:path">/somefile-2.txt</property>
<property name="syft:metadata:installedSize">0</property>
</properties>
Expand Down
Binary file modified syft/formats/cyclonedxxml/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden
View file
Open in desktop
Binary file not shown.
10 changes: 5 additions & 5 deletions syft/formats/spdx22json/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,18 @@
"name": "/some/path",
"spdxVersion": "SPDX-2.2",
"creationInfo": {
"created": "2022-05-23T19:10:22.25645Z",
"created": "2022-10-24T13:54:19.225779Z",
"creators": [
"Organization: Anchore, Inc",
"Tool: syft-v0.42.0-bogus"
],
"licenseListVersion": "3.17"
"licenseListVersion": "3.18"
},
"dataLicense": "CC0-1.0",
"documentNamespace": "https://anchore.com/syft/dir/some/path-81dbcbfa-251d-4ad5-9b01-be91afb16469",
"documentNamespace": "https://anchore.com/syft/dir/some/path-cd89c782-240b-461e-81a1-63863e02642f",
"packages": [
{
"SPDXID": "SPDXRef-b85dbb4e6ece5082",
"SPDXID": "SPDXRef-e624319940d8d36a",
"name": "package-1",
"licenseConcluded": "MIT",
"downloadLocation": "NOASSERTION",
Expand All @@ -36,7 +36,7 @@
"versionInfo": "1.0.1"
},
{
"SPDXID": "SPDXRef-ceda99598967ae8d",
"SPDXID": "SPDXRef-b8645f4ac2a0891e",
"name": "package-2",
"licenseConcluded": "NONE",
"downloadLocation": "NOASSERTION",
Expand Down
10 changes: 5 additions & 5 deletions syft/formats/spdx22json/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,18 @@
"name": "user-image-input",
"spdxVersion": "SPDX-2.2",
"creationInfo": {
"created": "2022-05-23T19:10:22.412847Z",
"created": "2022-10-24T13:54:19.477217Z",
"creators": [
"Organization: Anchore, Inc",
"Tool: syft-v0.42.0-bogus"
],
"licenseListVersion": "3.17"
"licenseListVersion": "3.18"
},
"dataLicense": "CC0-1.0",
"documentNamespace": "https://anchore.com/syft/image/user-image-input-c9945597-78ce-4e9b-89d2-68b8e4e4ccb9",
"documentNamespace": "https://anchore.com/syft/image/user-image-input-0b40ce75-7e54-4760-bd9d-4fa833b352dd",
"packages": [
{
"SPDXID": "SPDXRef-2a46171f91c8d4bc",
"SPDXID": "SPDXRef-5ffee24fb164cffc",
"name": "package-1",
"licenseConcluded": "MIT",
"downloadLocation": "NOASSERTION",
Expand All @@ -36,7 +36,7 @@
"versionInfo": "1.0.1"
},
{
"SPDXID": "SPDXRef-ae77680e9b1d087e",
"SPDXID": "SPDXRef-8b16570b2b4155c3",
"name": "package-2",
"licenseConcluded": "NONE",
"downloadLocation": "NOASSERTION",
Expand Down
20 changes: 10 additions & 10 deletions syft/formats/spdx22json/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,18 @@
"name": "user-image-input",
"spdxVersion": "SPDX-2.2",
"creationInfo": {
"created": "2022-09-19T18:39:05.841331Z",
"created": "2022-10-24T13:54:19.48428Z",
"creators": [
"Organization: Anchore, Inc",
"Tool: syft-v0.42.0-bogus"
],
"licenseListVersion": "3.18"
},
"dataLicense": "CC0-1.0",
"documentNamespace": "https://anchore.com/syft/image/user-image-input-6cf0595e-7d69-4990-aef5-8183b52023b9",
"documentNamespace": "https://anchore.com/syft/image/user-image-input-1a4dc179-1222-463c-b4e9-619131af7e97",
"packages": [
{
"SPDXID": "SPDXRef-2a46171f91c8d4bc",
"SPDXID": "SPDXRef-5ffee24fb164cffc",
"name": "package-1",
"licenseConcluded": "MIT",
"downloadLocation": "NOASSERTION",
Expand Down Expand Up @@ -44,7 +44,7 @@
"versionInfo": "1.0.1"
},
{
"SPDXID": "SPDXRef-ae77680e9b1d087e",
"SPDXID": "SPDXRef-8b16570b2b4155c3",
"name": "package-2",
"licenseConcluded": "NONE",
"downloadLocation": "NOASSERTION",
Expand Down Expand Up @@ -118,32 +118,32 @@
],
"relationships": [
{
"spdxElementId": "SPDXRef-2a46171f91c8d4bc",
"spdxElementId": "SPDXRef-5ffee24fb164cffc",
"relationshipType": "CONTAINS",
"relatedSpdxElement": "SPDXRef-5265a4dde3edbf7c"
},
{
"spdxElementId": "SPDXRef-2a46171f91c8d4bc",
"spdxElementId": "SPDXRef-5ffee24fb164cffc",
"relationshipType": "CONTAINS",
"relatedSpdxElement": "SPDXRef-839d99ee67d9d174"
},
{
"spdxElementId": "SPDXRef-2a46171f91c8d4bc",
"spdxElementId": "SPDXRef-5ffee24fb164cffc",
"relationshipType": "CONTAINS",
"relatedSpdxElement": "SPDXRef-9c2f7510199b17f6"
},
{
"spdxElementId": "SPDXRef-2a46171f91c8d4bc",
"spdxElementId": "SPDXRef-5ffee24fb164cffc",
"relationshipType": "CONTAINS",
"relatedSpdxElement": "SPDXRef-c641caa71518099f"
},
{
"spdxElementId": "SPDXRef-2a46171f91c8d4bc",
"spdxElementId": "SPDXRef-5ffee24fb164cffc",
"relationshipType": "CONTAINS",
"relatedSpdxElement": "SPDXRef-c6f5b29dca12661f"
},
{
"spdxElementId": "SPDXRef-2a46171f91c8d4bc",
"spdxElementId": "SPDXRef-5ffee24fb164cffc",
"relationshipType": "CONTAINS",
"relatedSpdxElement": "SPDXRef-f9e49132a4b96ccd"
}
Expand Down
Binary file modified syft/formats/spdx22json/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden
View file
Open in desktop
Binary file not shown.
12 changes: 6 additions & 6 deletions syft/formats/spdx22tagvalue/test-fixtures/snapshot/TestSPDXJSONSPDXIDs.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,16 @@ SPDXVersion: SPDX-2.2
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: .
DocumentNamespace: https://anchore.com/syft/dir/bdb67358-651c-4dd8-b5ee-5318936eb16a
LicenseListVersion: 3.17
DocumentNamespace: https://anchore.com/syft/dir/4593d944-756e-49aa-af4e-b1a5acf09b97
LicenseListVersion: 3.18
Creator: Organization: Anchore, Inc
Creator: Tool: syft-v0.42.0-bogus
Created: 2022-06-07T19:33:39Z
Created: 2022-10-24T13:53:53Z

##### Package: @at-sign

PackageName: @at-sign
SPDXID: SPDXRef-Package---at-sign-739e4f0d93fb8298
SPDXID: SPDXRef-Package---at-sign-fe69bc18c2698fc4
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageLicenseConcluded: NONE
Expand All @@ -21,7 +21,7 @@ PackageCopyrightText: NOASSERTION
##### Package: some/slashes

PackageName: some/slashes
SPDXID: SPDXRef-Package--some-slashes-26db06648b24bff9
SPDXID: SPDXRef-Package--some-slashes-57ed206c09e6e5f4
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageLicenseConcluded: NONE
Expand All @@ -31,7 +31,7 @@ PackageCopyrightText: NOASSERTION
##### Package: under_scores

PackageName: under_scores
SPDXID: SPDXRef-Package--under-scores-250cbfefcdea318b
SPDXID: SPDXRef-Package--under-scores-8b7505907fdaf19d
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageLicenseConcluded: NONE
Expand Down
10 changes: 5 additions & 5 deletions syft/formats/spdx22tagvalue/test-fixtures/snapshot/TestSPDXTagValueDirectoryEncoder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,16 @@ SPDXVersion: SPDX-2.2
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: /some/path
DocumentNamespace: https://anchore.com/syft/dir/some/path-c6b20d03-1478-4513-9feb-1ec427d4b547
LicenseListVersion: 3.17
DocumentNamespace: https://anchore.com/syft/dir/some/path-a4e58523-00d0-4135-9d21-cf586fbd340c
LicenseListVersion: 3.18
Creator: Organization: Anchore, Inc
Creator: Tool: syft-v0.42.0-bogus
Created: 2022-05-24T22:51:02Z
Created: 2022-10-24T13:53:52Z

##### Package: package-2

PackageName: package-2
SPDXID: SPDXRef-Package-deb-package-2-ceda99598967ae8d
SPDXID: SPDXRef-Package-deb-package-2-b8645f4ac2a0891e
PackageVersion: 2.0.1
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
Expand All @@ -24,7 +24,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:deb/debian/[email protected]
##### Package: package-1

PackageName: package-1
SPDXID: SPDXRef-Package-python-package-1-b85dbb4e6ece5082
SPDXID: SPDXRef-Package-python-package-1-e624319940d8d36a
PackageVersion: 1.0.1
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
Expand Down
10 changes: 5 additions & 5 deletions syft/formats/spdx22tagvalue/test-fixtures/snapshot/TestSPDXTagValueImageEncoder.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,16 @@ SPDXVersion: SPDX-2.2
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: user-image-input
DocumentNamespace: https://anchore.com/syft/image/user-image-input-12a877bc-fe9b-40ef-aa9c-4d34f108d0d6
LicenseListVersion: 3.17
DocumentNamespace: https://anchore.com/syft/image/user-image-input-639f628a-5f8b-4050-a69e-90c85f0d7837
LicenseListVersion: 3.18
Creator: Organization: Anchore, Inc
Creator: Tool: syft-v0.42.0-bogus
Created: 2022-05-24T22:51:02Z
Created: 2022-10-24T13:53:53Z

##### Package: package-2

PackageName: package-2
SPDXID: SPDXRef-Package-deb-package-2-ae77680e9b1d087e
SPDXID: SPDXRef-Package-deb-package-2-8b16570b2b4155c3
PackageVersion: 2.0.1
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
Expand All @@ -24,7 +24,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:deb/debian/[email protected]
##### Package: package-1

PackageName: package-1
SPDXID: SPDXRef-Package-python-package-1-2a46171f91c8d4bc
SPDXID: SPDXRef-Package-python-package-1-5ffee24fb164cffc
PackageVersion: 1.0.1
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
Expand Down
Binary file modified syft/formats/spdx22tagvalue/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden
View file
Open in desktop
Binary file not shown.
Loading