STRLCPY/syft

fix: update cataloger to check for expressions before split (#1819)
```
Signed-off-by: Christopher Phillips <[email protected]>
```
Christopher Angelo Phillips committed with GitHub 12 months ago

1a2a4984

1 parent 42fa9e49

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

■ ■ ■ ■ ■ ■

syft/pkg/cataloger/apkdb/package.go

		skipped 3 lines
4	4		"strings"
5	5
6	6		"github.com/anchore/packageurl-go"
	7	+	"github.com/anchore/syft/syft/license"
7	8		"github.com/anchore/syft/syft/linux"
8	9		"github.com/anchore/syft/syft/pkg"
9	10		"github.com/anchore/syft/syft/source"
10	11		)
11	12
12	13		func newPackage(d parsedData, release *linux.Release, dbLocation source.Location) pkg.Package {
13		-	licenseStrings := strings.Split(d.License, " ")
	14	+	// check if license is a valid spdx expression before splitting
	15	+	licenseStrings := []string{d.License}
	16	+	_, err := license.ParseExpression(d.License)
	17	+	if err != nil {
	18	+	// invalid so update to split on space
	19	+	licenseStrings = strings.Split(d.License, " ")
	20	+	}
14	21
15	22		p := pkg.Package{
16	23		Name: d.Package,
		skipped 41 lines

■ ■ ■ ■ ■ ■

syft/pkg/cataloger/apkdb/parse_apk_db_test.go

		skipped 700 lines
701	701		Name: "libc-utils",
702	702		Version: "0.7.2-r0",
703	703		Licenses: pkg.NewLicenseSet(
704		-	pkg.NewLicenseFromLocations("BSD", location),
	704	+	pkg.NewLicenseFromLocations("MPL-2.0 AND MIT", location),
705	705		),
706	706		Type: pkg.ApkPkg,
707	707		PURL: "pkg:apk/alpine/[email protected]?arch=x86_64&upstream=libc-dev&distro=alpine-3.12",
		skipped 560 lines

■ ■ ■ ■ ■ ■

syft/pkg/cataloger/apkdb/test-fixtures/multiple

		skipped 5 lines
6	6		I:4096
7	7		T:Meta package to pull in correct libc
8	8		U:http://alpinelinux.org
9		-	L:BSD
	9	+	L:MPL-2.0 AND MIT
10	10		o:libc-dev
11	11		m:Natanael Copa <[email protected]>
12	12		t:1575749004
		skipped 44 lines