STRLCPY/grype

Add support for Syft IDs in JSON output (#1266)

* Add support for Syft IDs in output

Signed-off-by: Dan Luhring <[email protected]>

* go mod tidy

Signed-off-by: Dan Luhring <[email protected]>

* make lint-fix

Signed-off-by: Dan Luhring <[email protected]>

* Convert map to for loop

Signed-off-by: Dan Luhring <[email protected]>

---------

Signed-off-by: Dan Luhring <[email protected]>

Dan Luhring committed with GitHub 12 months ago

850a4acb

1 parent 9ba7a6a1

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

Total 7 files Show one by one

■ ■ ■ ■ ■ ■

grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterDir.golden

		skipped 1 lines
2	2		"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
3	3		"bomFormat": "CycloneDX",
4	4		"specVersion": "1.4",
5		-	"serialNumber": "urn:uuid:e598c6ef-9834-47e0-ace3-a4ef0c7a351c",
	5	+	"serialNumber": "urn:uuid:f701dea7-2715-48eb-8d63-878377007e65",
6	6		"version": 1,
7	7		"metadata": {
8		-	"timestamp": "2023-04-04T10:31:46-04:00",
	8	+	"timestamp": "2023-05-04T09:41:30-04:00",
9	9		"tools": [
10	10		{
11	11		"vendor": "anchore",
		skipped 40 lines
52	52		],
53	53		"vulnerabilities": [
54	54		{
55		-	"bom-ref": "urn:uuid:0677b2cd-e4a0-4530-a6f9-2d021f640e3f",
	55	+	"bom-ref": "urn:uuid:befb74e5-738d-4b2c-adf2-03d276553bca",
56	56		"id": "CVE-1999-0001",
57	57		"source": {},
58	58		"references": [
		skipped 14 lines
73	73		"advisories": [],
74	74		"affects": [
75	75		{
76		-	"ref": "539d6c66-f75b-40fb-a3e5-799ab369780d"
	76	+	"ref": "96699b00fe3004b4"
77	77		}
78	78		]
79	79		},
80	80		{
81		-	"bom-ref": "urn:uuid:d0e3c417-5c5d-4387-8b20-0b2d2222627d",
	81	+	"bom-ref": "urn:uuid:9cf43de2-c92a-4f29-add6-29bdd71a0285",
82	82		"id": "CVE-1999-0002",
83	83		"source": {},
84	84		"references": [
		skipped 14 lines
99	99		"advisories": [],
100	100		"affects": [
101	101		{
102		-	"ref": "12a142fd-c719-4211-bebf-a0bb27792b44"
	102	+	"ref": "b4013a965511376c"
103	103		}
104	104		]
105	105		}
		skipped 3 lines

■ ■ ■ ■ ■ ■

grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterImage.golden

		skipped 1 lines
2	2		"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
3	3		"bomFormat": "CycloneDX",
4	4		"specVersion": "1.4",
5		-	"serialNumber": "urn:uuid:84b461cc-7dae-4b27-b10c-9fa45d6471c1",
	5	+	"serialNumber": "urn:uuid:102e3928-5e9e-4352-bdfe-b9eb64b837f8",
6	6		"version": 1,
7	7		"metadata": {
8		-	"timestamp": "2023-04-04T10:31:46-04:00",
	8	+	"timestamp": "2023-05-04T09:41:30-04:00",
9	9		"tools": [
10	10		{
11	11		"vendor": "anchore",
		skipped 40 lines
52	52		],
53	53		"vulnerabilities": [
54	54		{
55		-	"bom-ref": "urn:uuid:fb869742-e287-4f54-bea2-0710d8b38b2a",
	55	+	"bom-ref": "urn:uuid:e082487a-f943-4d4a-8f7c-020d4b0838c4",
56	56		"id": "CVE-1999-0001",
57	57		"source": {},
58	58		"references": [
		skipped 14 lines
73	73		"advisories": [],
74	74		"affects": [
75	75		{
76		-	"ref": "acc5f5aa-41e6-4097-b8ab-97a8a5418942"
	76	+	"ref": "96699b00fe3004b4"
77	77		}
78	78		]
79	79		},
80	80		{
81		-	"bom-ref": "urn:uuid:b798d805-8e1d-40bc-b7ed-b7b6dcd7f85d",
	81	+	"bom-ref": "urn:uuid:3d8b0870-5c57-4063-b30d-56102dd49ec1",
82	82		"id": "CVE-1999-0002",
83	83		"source": {},
84	84		"references": [
		skipped 14 lines
99	99		"advisories": [],
100	100		"affects": [
101	101		{
102		-	"ref": "c7b6618a-15c5-4677-9b56-1b5c47afb39e"
	102	+	"ref": "b4013a965511376c"
103	103		}
104	104		]
105	105		}
		skipped 3 lines

■ ■ ■ ■ ■ ■

grype/presenter/json/test-fixtures/snapshot/TestEmptyJsonPresenter.golden

skipped 13 lines
14 14 "descriptor": {
15 15 "name": "grype",
16 16 "version": "[not provided]",
17 - "timestamp": ""
17 + "timestamp":""
18 18 }
19 19 }
20 20

All occurrences

■ ■ ■ ■ ■ ■

grype/presenter/json/test-fixtures/snapshot/TestJsonDirsPresenter.golden

		skipped 41 lines
42	42		}
43	43		],
44	44		"artifact": {
	45	+	"id": "96699b00fe3004b4",
45	46		"name": "package-1",
46	47		"version": "1.1.1",
47	48		"type": "rpm",
		skipped 63 lines
111	112		}
112	113		],
113	114		"artifact": {
	115	+	"id": "b4013a965511376c",
114	116		"name": "package-2",
115	117		"version": "2.2.2",
116	118		"type": "deb",
		skipped 29 lines
146	148		"descriptor": {
147	149		"name": "grype",
148	150		"version": "[not provided]",
149		-	"timestamp": ""
	151	+	"timestamp":""
150	152		}
151	153		}
152	154

■ ■ ■ ■ ■ ■

grype/presenter/json/test-fixtures/snapshot/TestJsonImgsPresenter.golden

		skipped 41 lines
42	42		}
43	43		],
44	44		"artifact": {
	45	+	"id": "96699b00fe3004b4",
45	46		"name": "package-1",
46	47		"version": "1.1.1",
47	48		"type": "rpm",
		skipped 63 lines
111	112		}
112	113		],
113	114		"artifact": {
	115	+	"id": "b4013a965511376c",
114	116		"name": "package-2",
115	117		"version": "2.2.2",
116	118		"type": "deb",
		skipped 58 lines
175	177		"descriptor": {
176	178		"name": "grype",
177	179		"version": "[not provided]",
178		-	"timestamp": ""
	180	+	"timestamp":""
179	181		}
180	182		}
181	183

■ ■ ■ ■ ■ ■

grype/presenter/models/models_helpers.go

		skipped 3 lines
4	4		"regexp"
5	5		"testing"
6	6
7		-	"github.com/google/uuid"
	7	+	"github.com/stretchr/testify/require"
8	8
9	9		grypeDb "github.com/anchore/grype/grype/db/v5"
10	10		"github.com/anchore/grype/grype/match"
11	11		"github.com/anchore/grype/grype/pkg"
12	12		"github.com/anchore/grype/grype/vulnerability"
13	13		"github.com/anchore/stereoscope/pkg/image"
	14	+	"github.com/anchore/syft/syft/artifact"
14	15		"github.com/anchore/syft/syft/cpe"
15	16		"github.com/anchore/syft/syft/linux"
16	17		syftPkg "github.com/anchore/syft/syft/pkg"
		skipped 112 lines
129	130		func generatePackages(t *testing.T) []pkg.Package {
130	131		t.Helper()
131	132		epoch := 2
132		-	return []pkg.Package{
	133	+
	134	+	pkgs := []pkg.Package{
133	135		{
134		-	ID: pkg.ID(uuid.NewString()),
135	136		Name: "package-1",
136	137		Version: "1.1.1",
137	138		Type: syftPkg.RpmPkg,
		skipped 19 lines
157	158		},
158	159		},
159	160		{
160		-	ID: pkg.ID(uuid.NewString()),
161	161		Name: "package-2",
162	162		Version: "2.2.2",
163	163		Type: syftPkg.DebPkg,
		skipped 10 lines
174	174		Licenses: []string{"MIT", "Apache-2.0"},
175	175		},
176	176		}
	177	+
	178	+	updatedPkgs := make([]pkg.Package, 0, len(pkgs))
	179	+
	180	+	for _, p := range pkgs {
	181	+	id, err := artifact.IDByHash(p)
	182	+	require.NoError(t, err)
	183	+
	184	+	p.ID = pkg.ID(id)
	185	+	updatedPkgs = append(updatedPkgs, p)
	186	+	}
	187	+
	188	+	return updatedPkgs
177	189		}
178	190
179	191		func generateContext(t *testing.T, scheme syftSource.Scheme) pkg.Context {
		skipped 62 lines

■ ■ ■ ■ ■ ■

grype/presenter/models/package.go

		skipped 7 lines
8	8
9	9		// Package is meant to be only the fields that are needed when displaying a single pkg.Package object for the JSON presenter.
10	10		type Package struct {
	11	+	ID string `json:"id"`
11	12		Name string `json:"name"`
12	13		Version string `json:"version"`
13	14		Type syftPkg.Type `json:"type"`
		skipped 38 lines
52	53		}
53	54
54	55		return Package{
	56	+	ID: string(p.ID),
55	57		Name: p.Name,
56	58		Version: p.Version,
57	59		Locations: coordinates,
		skipped 11 lines

		skipped 13 lines
14	14		"descriptor": {
15	15		"name": "grype",
16	16		"version": "[not provided]",
17		-	"timestamp": ""
	17	+	"timestamp":""
18	18		}
19	19		}
20	20