crash.software
Projects
Pull Requests
Issues
Builds
syft
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY syft Commits e925d9d4
🤬

  • feat: warn if parsing newer SBOM (#1810)

    If syft is asked to parse an SBOM that was written by a newer version of
syft, emit a warning, since the current version of syft doesn't know about 
fields that may be added in the future.

Signed-off-by: Will Murphy <[email protected]>
  • Loading...
  • William Murphy committed with GitHub 12 months ago
    e925d9d4
    1 parent da362464
  • ■ ■ ■ ■ ■
    go.mod
    skipped 49 lines
    50 50   
    51 51  require (
    52 52   github.com/CycloneDX/cyclonedx-go v0.7.1
     53 + github.com/Masterminds/semver v1.5.0
    53 54   github.com/Masterminds/sprig/v3 v3.2.3
    54 55   github.com/anchore/go-logger v0.0.0-20220728155337-03b66a5207d8
    55 56   github.com/anchore/stereoscope v0.0.0-20230412183729-8602f1afc574
    skipped 121 lines
  • ■ ■ ■ ■ ■ ■
    go.sum
    skipped 61 lines
    62 62  github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=
    63 63  github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
    64 64  github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
     65 +github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
     66 +github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
    65 67  github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g=
    66 68  github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
    67 69  github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
    skipped 1133 lines
  • ■ ■ ■ ■ ■ ■
    syft/formats/syftjson/decoder.go
    skipped 4 lines
    5 5   "fmt"
    6 6   "io"
    7 7   
     8 + "github.com/Masterminds/semver"
     9 + 
     10 + "github.com/anchore/syft/internal"
     11 + "github.com/anchore/syft/internal/log"
    8 12   "github.com/anchore/syft/syft/formats/syftjson/model"
    9 13   "github.com/anchore/syft/syft/sbom"
    10 14  )
    skipped 7 lines
    18 22   return nil, fmt.Errorf("unable to decode syft-json: %w", err)
    19 23   }
    20 24   
     25 + if err := checkSupportedSchema(doc.Schema.Version, internal.JSONSchemaVersion); err != nil {
     26 + log.Warn(err)
     27 + }
     28 + 
    21 29   return toSyftModel(doc)
    22 30  }
    23 31   
     32 +func checkSupportedSchema(documentVerion string, parserVersion string) error {
     33 + documentV, err := semver.NewVersion(documentVerion)
     34 + if err != nil {
     35 + return fmt.Errorf("error comparing document schema version with parser schema version: %w", err)
     36 + }
     37 + 
     38 + parserV, err := semver.NewVersion(parserVersion)
     39 + if err != nil {
     40 + return fmt.Errorf("error comparing document schema version with parser schema version: %w", err)
     41 + }
     42 + 
     43 + if documentV.GreaterThan(parserV) {
     44 + return fmt.Errorf("document has schema version %s, but parser has older schema version (%s)", documentVerion, parserVersion)
     45 + }
     46 + 
     47 + return nil
     48 +}
     49 + 
  • ■ ■ ■ ■ ■ ■
    syft/formats/syftjson/decoder_test.go
    skipped 1 lines
    2 2   
    3 3  import (
    4 4   "bytes"
     5 + "errors"
     6 + "fmt"
    5 7   "strings"
    6 8   "testing"
    7 9   
    skipped 42 lines
    50 52   }
    51 53  }
    52 54   
     55 +func TestOutOfDateParser(t *testing.T) {
     56 + tests := []struct {
     57 + name string
     58 + documentVersion string
     59 + parserVersion string
     60 + want error
     61 + }{{
     62 + name: "no warning when doc version is older",
     63 + documentVersion: "1.0.9",
     64 + parserVersion: "3.1.0",
     65 + }, {
     66 + name: "warning when parser is older",
     67 + documentVersion: "4.3.2",
     68 + parserVersion: "3.1.0",
     69 + want: fmt.Errorf("document has schema version %s, but parser has older schema version (%s)", "4.3.2", "3.1.0"),
     70 + }, {
     71 + name: "warning when document version is unparseable",
     72 + documentVersion: "some-nonsense",
     73 + parserVersion: "3.1.0",
     74 + want: fmt.Errorf("error comparing document schema version with parser schema version: %w", errors.New("Invalid Semantic Version")),
     75 + }, {
     76 + name: "warning when parser version is unparseable",
     77 + documentVersion: "7.1.0",
     78 + parserVersion: "some-nonsense",
     79 + want: fmt.Errorf("error comparing document schema version with parser schema version: %w", errors.New("Invalid Semantic Version")),
     80 + }}
     81 + 
     82 + for _, tt := range tests {
     83 + t.Run(tt.name, func(t *testing.T) {
     84 + got := checkSupportedSchema(tt.documentVersion, tt.parserVersion)
     85 + assert.Equal(t, tt.want, got)
     86 + })
     87 + }
     88 +}
     89 + 
Please wait...
Page is in error, reload to recover