crash.software
Projects
Pull Requests
Issues
Builds
syft
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY syft Commits 68f8df95
🤬
  • ■ ■ ■ ■ ■ ■
    syft/pkg/cataloger/golang/parse_go_binary.go
    skipped 84 lines
    85 85   version, hasVersion := gbs["vcs.revision"]
    86 86   timestamp, hasTimestamp := gbs["vcs.time"]
    87 87   
    88  - if hasVersion {
    89  - if hasTimestamp {
    90  - //NOTE: err is ignored, because if parsing fails
    91  - // we still use the empty Time{} struct to generate an empty date, like 00010101000000
    92  - // for consistency with the pseudo-version format: https://go.dev/ref/mod#pseudo-versions
    93  - ts, _ := time.Parse(time.RFC3339, timestamp)
    94  - if len(version) >= 12 {
    95  - version = version[:12]
    96  - }
     88 + var ldflags string
     89 + if metadata, ok := main.Metadata.(pkg.GolangBinMetadata); ok {
     90 + // we've found a specific version from the ldflags! use it as the version.
     91 + // why not combine that with the pseudo version (e.g. v1.2.3-0.20210101000000-abcdef123456)?
     92 + // short answer: we're assuming that if a specific semver was provided in the ldflags that
     93 + // there is a matching vcs tag to match that could be referenced. This assumption could
     94 + // be incorrect in terms of the go.mod contents, but is not incorrect in terms of the logical
     95 + // version of the package.
     96 + ldflags = metadata.BuildSettings["-ldflags"]
     97 + }
    97 98   
    98  - var ldflags string
    99  - if metadata, ok := main.Metadata.(pkg.GolangBinMetadata); ok {
    100  - ldflags = metadata.BuildSettings["-ldflags"]
    101  - }
    102  - 
    103  - majorVersion, fullVersion := extractVersionFromLDFlags(ldflags)
    104  - if fullVersion != "" {
    105  - // we've found a specific version from the ldflags! use it as the version.
    106  - // why not combine that with the pseudo version (e.g. v1.2.3-0.20210101000000-abcdef123456)?
    107  - // short answer: we're assuming that if a specific semver was provided in the ldflags that
    108  - // there is a matching vcs tag to match that could be referenced. This assumption could
    109  - // be incorrect in terms of the go.mod contents, but is not incorrect in terms of the logical
    110  - // version of the package.
    111  - version = fullVersion
    112  - } else {
    113  - version = module.PseudoVersion(majorVersion, fullVersion, ts, version)
    114  - }
     99 + majorVersion, fullVersion := extractVersionFromLDFlags(ldflags)
     100 + if fullVersion != "" {
     101 + version = fullVersion
     102 + } else if hasVersion && hasTimestamp {
     103 + //NOTE: err is ignored, because if parsing fails
     104 + // we still use the empty Time{} struct to generate an empty date, like 00010101000000
     105 + // for consistency with the pseudo-version format: https://go.dev/ref/mod#pseudo-versions
     106 + ts, _ := time.Parse(time.RFC3339, timestamp)
     107 + if len(version) >= 12 {
     108 + version = version[:12]
    115 109   }
    116 110   
     111 + version = module.PseudoVersion(majorVersion, fullVersion, ts, version)
     112 + }
     113 + if version != "" {
    117 114   main.Version = version
    118 115   main.PURL = packageURL(main.Name, main.Version)
    119 116   
    skipped 180 lines
  • ■ ■ ■ ■ ■ ■
    syft/pkg/cataloger/golang/parse_go_binary_test.go
    skipped 346 lines
    347 347   },
    348 348   },
    349 349   {
    350  - name: "parse main mod and replace devel version with one from ldflags",
     350 + name: "parse main mod and replace devel version with one from ldflags with vcs. build settings",
    351 351   arch: archDetails,
    352 352   mod: &debug.BuildInfo{
    353 353   GoVersion: goCompiledVersion,
    skipped 33 lines
    387 387   "vcs.revision": "41bc6bb410352845f22766e27dd48ba93aa825a4",
    388 388   "vcs.time": "2022-10-14T19:54:57Z",
    389 389   "-ldflags": `build -ldflags="-w -s -extldflags '-static' -X github.com/anchore/syft/internal/version.version=0.79.0`,
     390 + },
     391 + MainModule: "github.com/anchore/syft",
     392 + },
     393 + },
     394 + },
     395 + },
     396 + {
     397 + name: "parse main mod and replace devel version with one from ldflags without any vcs. build settings",
     398 + arch: archDetails,
     399 + mod: &debug.BuildInfo{
     400 + GoVersion: goCompiledVersion,
     401 + Main: debug.Module{Path: "github.com/anchore/syft", Version: "(devel)"},
     402 + Settings: []debug.BuildSetting{
     403 + {Key: "GOARCH", Value: archDetails},
     404 + {Key: "GOOS", Value: "darwin"},
     405 + {Key: "GOAMD64", Value: "v1"},
     406 + {Key: "-ldflags", Value: `build -ldflags="-w -s -extldflags '-static' -X github.com/anchore/syft/internal/version.version=0.79.0`},
     407 + },
     408 + },
     409 + expected: []pkg.Package{
     410 + {
     411 + Name: "github.com/anchore/syft",
     412 + Language: pkg.Go,
     413 + Type: pkg.GoModulePkg,
     414 + Version: "v0.79.0",
     415 + PURL: "pkg:golang/github.com/anchore/[email protected]",
     416 + Locations: file.NewLocationSet(
     417 + file.NewLocationFromCoordinates(
     418 + file.Coordinates{
     419 + RealPath: "/a-path",
     420 + FileSystemID: "layer-id",
     421 + },
     422 + ).WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
     423 + ),
     424 + MetadataType: pkg.GolangBinMetadataType,
     425 + Metadata: pkg.GolangBinMetadata{
     426 + GoCompiledVersion: goCompiledVersion,
     427 + Architecture: archDetails,
     428 + BuildSettings: map[string]string{
     429 + "GOARCH": archDetails,
     430 + "GOOS": "darwin",
     431 + "GOAMD64": "v1",
     432 + "-ldflags": `build -ldflags="-w -s -extldflags '-static' -X github.com/anchore/syft/internal/version.version=0.79.0`,
     433 + },
     434 + MainModule: "github.com/anchore/syft",
     435 + },
     436 + },
     437 + },
     438 + },
     439 + {
     440 + name: "parse main mod and replace devel version with one from ldflags main.version without any vcs. build settings",
     441 + arch: archDetails,
     442 + mod: &debug.BuildInfo{
     443 + GoVersion: goCompiledVersion,
     444 + Main: debug.Module{Path: "github.com/anchore/syft", Version: "(devel)"},
     445 + Settings: []debug.BuildSetting{
     446 + {Key: "GOARCH", Value: archDetails},
     447 + {Key: "GOOS", Value: "darwin"},
     448 + {Key: "GOAMD64", Value: "v1"},
     449 + {Key: "-ldflags", Value: `build -ldflags="-w -s -extldflags '-static' -X main.version=0.79.0`},
     450 + },
     451 + },
     452 + expected: []pkg.Package{
     453 + {
     454 + Name: "github.com/anchore/syft",
     455 + Language: pkg.Go,
     456 + Type: pkg.GoModulePkg,
     457 + Version: "v0.79.0",
     458 + PURL: "pkg:golang/github.com/anchore/[email protected]",
     459 + Locations: file.NewLocationSet(
     460 + file.NewLocationFromCoordinates(
     461 + file.Coordinates{
     462 + RealPath: "/a-path",
     463 + FileSystemID: "layer-id",
     464 + },
     465 + ).WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
     466 + ),
     467 + MetadataType: pkg.GolangBinMetadataType,
     468 + Metadata: pkg.GolangBinMetadata{
     469 + GoCompiledVersion: goCompiledVersion,
     470 + Architecture: archDetails,
     471 + BuildSettings: map[string]string{
     472 + "GOARCH": archDetails,
     473 + "GOOS": "darwin",
     474 + "GOAMD64": "v1",
     475 + "-ldflags": `build -ldflags="-w -s -extldflags '-static' -X main.version=0.79.0`,
     476 + },
     477 + MainModule: "github.com/anchore/syft",
     478 + },
     479 + },
     480 + },
     481 + },
     482 + {
     483 + name: "parse main mod and replace devel version with one from ldflags main.Version without any vcs. build settings",
     484 + arch: archDetails,
     485 + mod: &debug.BuildInfo{
     486 + GoVersion: goCompiledVersion,
     487 + Main: debug.Module{Path: "github.com/anchore/syft", Version: "(devel)"},
     488 + Settings: []debug.BuildSetting{
     489 + {Key: "GOARCH", Value: archDetails},
     490 + {Key: "GOOS", Value: "darwin"},
     491 + {Key: "GOAMD64", Value: "v1"},
     492 + {Key: "-ldflags", Value: `build -ldflags="-w -s -extldflags '-static' -X main.Version=0.79.0`},
     493 + },
     494 + },
     495 + expected: []pkg.Package{
     496 + {
     497 + Name: "github.com/anchore/syft",
     498 + Language: pkg.Go,
     499 + Type: pkg.GoModulePkg,
     500 + Version: "v0.79.0",
     501 + PURL: "pkg:golang/github.com/anchore/[email protected]",
     502 + Locations: file.NewLocationSet(
     503 + file.NewLocationFromCoordinates(
     504 + file.Coordinates{
     505 + RealPath: "/a-path",
     506 + FileSystemID: "layer-id",
     507 + },
     508 + ).WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
     509 + ),
     510 + MetadataType: pkg.GolangBinMetadataType,
     511 + Metadata: pkg.GolangBinMetadata{
     512 + GoCompiledVersion: goCompiledVersion,
     513 + Architecture: archDetails,
     514 + BuildSettings: map[string]string{
     515 + "GOARCH": archDetails,
     516 + "GOOS": "darwin",
     517 + "GOAMD64": "v1",
     518 + "-ldflags": `build -ldflags="-w -s -extldflags '-static' -X main.Version=0.79.0`,
    390 519   },
    391 520   MainModule: "github.com/anchore/syft",
    392 521   },
    skipped 376 lines
Please wait...
Page is in error, reload to recover