STRLCPY/syft

fix: merging of binary packages (#1583)
Keith Zantow committed with GitHub 1 year ago

f5e20521

1 parent 8f6a317f

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

■ ■ ■ ■ ■ ■

internal/constants.go

		skipped 5 lines
6	6
7	7		// JSONSchemaVersion is the current schema version output by the JSON encoder
8	8		// This is roughly following the "SchemaVer" guidelines for versioning the JSON schema. Please see schema/json/README.md for details on how to increment.
9		-	JSONSchemaVersion = "6.2.0"
	9	+	JSONSchemaVersion = "7.0.0"
10	10		)
11	11

■ ■ ■ ■ ■ ■

schema/json/schema-7.0.0.json

1	+	{
2	+	"$schema": "https://json-schema.org/draft/2020-12/schema",
3	+	"$id": "https://github.com/anchore/syft/syft/formats/syftjson/model/document",
4	+	"$ref": "#/$defs/Document",
5	+	"$defs": {
6	+	"AlpmFileRecord": {
7	+	"properties": {
8	+	"path": {
9	+	"type": "string"
10	+	},
11	+	"type": {
12	+	"type": "string"
13	+	},
14	+	"uid": {
15	+	"type": "string"
16	+	},
17	+	"gid": {
18	+	"type": "string"
19	+	},
20	+	"time": {
21	+	"type": "string",
22	+	"format": "date-time"
23	+	},
24	+	"size": {
25	+	"type": "string"
26	+	},
27	+	"link": {
28	+	"type": "string"
29	+	},
30	+	"digest": {
31	+	"items": {
32	+	"$ref": "#/$defs/Digest"
33	+	},
34	+	"type": "array"
35	+	}
36	+	},
37	+	"type": "object"
38	+	},
39	+	"AlpmMetadata": {
40	+	"properties": {
41	+	"basepackage": {
42	+	"type": "string"
43	+	},
44	+	"package": {
45	+	"type": "string"
46	+	},
47	+	"version": {
48	+	"type": "string"
49	+	},
50	+	"description": {
51	+	"type": "string"
52	+	},
53	+	"architecture": {
54	+	"type": "string"
55	+	},
56	+	"size": {
57	+	"type": "integer"
58	+	},
59	+	"packager": {
60	+	"type": "string"
61	+	},
62	+	"license": {
63	+	"type": "string"
64	+	},
65	+	"url": {
66	+	"type": "string"
67	+	},
68	+	"validation": {
69	+	"type": "string"
70	+	},
71	+	"reason": {
72	+	"type": "integer"
73	+	},
74	+	"files": {
75	+	"items": {
76	+	"$ref": "#/$defs/AlpmFileRecord"
77	+	},
78	+	"type": "array"
79	+	},
80	+	"backup": {
81	+	"items": {
82	+	"$ref": "#/$defs/AlpmFileRecord"
83	+	},
84	+	"type": "array"
85	+	}
86	+	},
87	+	"type": "object",
88	+	"required": [
89	+	"basepackage",
90	+	"package",
91	+	"version",
92	+	"description",
93	+	"architecture",
94	+	"size",
95	+	"packager",
96	+	"license",
97	+	"url",
98	+	"validation",
99	+	"reason",
100	+	"files",
101	+	"backup"
102	+	]
103	+	},
104	+	"ApkFileRecord": {
105	+	"properties": {
106	+	"path": {
107	+	"type": "string"
108	+	},
109	+	"ownerUid": {
110	+	"type": "string"
111	+	},
112	+	"ownerGid": {
113	+	"type": "string"
114	+	},
115	+	"permissions": {
116	+	"type": "string"
117	+	},
118	+	"digest": {
119	+	"$ref": "#/$defs/Digest"
120	+	}
121	+	},
122	+	"type": "object",
123	+	"required": [
124	+	"path"
125	+	]
126	+	},
127	+	"ApkMetadata": {
128	+	"properties": {
129	+	"package": {
130	+	"type": "string"
131	+	},
132	+	"originPackage": {
133	+	"type": "string"
134	+	},
135	+	"maintainer": {
136	+	"type": "string"
137	+	},
138	+	"version": {
139	+	"type": "string"
140	+	},
141	+	"license": {
142	+	"type": "string"
143	+	},
144	+	"architecture": {
145	+	"type": "string"
146	+	},
147	+	"url": {
148	+	"type": "string"
149	+	},
150	+	"description": {
151	+	"type": "string"
152	+	},
153	+	"size": {
154	+	"type": "integer"
155	+	},
156	+	"installedSize": {
157	+	"type": "integer"
158	+	},
159	+	"pullDependencies": {
160	+	"items": {
161	+	"type": "string"
162	+	},
163	+	"type": "array"
164	+	},
165	+	"provides": {
166	+	"items": {
167	+	"type": "string"
168	+	},
169	+	"type": "array"
170	+	},
171	+	"pullChecksum": {
172	+	"type": "string"
173	+	},
174	+	"gitCommitOfApkPort": {
175	+	"type": "string"
176	+	},
177	+	"files": {
178	+	"items": {
179	+	"$ref": "#/$defs/ApkFileRecord"
180	+	},
181	+	"type": "array"
182	+	}
183	+	},
184	+	"type": "object",
185	+	"required": [
186	+	"package",
187	+	"originPackage",
188	+	"maintainer",
189	+	"version",
190	+	"license",
191	+	"architecture",
192	+	"url",
193	+	"description",
194	+	"size",
195	+	"installedSize",
196	+	"pullDependencies",
197	+	"provides",
198	+	"pullChecksum",
199	+	"gitCommitOfApkPort",
200	+	"files"
201	+	]
202	+	},
203	+	"BinaryMetadata": {
204	+	"properties": {
205	+	"matches": {
206	+	"items": {
207	+	"$ref": "#/$defs/ClassifierMatch"
208	+	},
209	+	"type": "array"
210	+	}
211	+	},
212	+	"type": "object",
213	+	"required": [
214	+	"matches"
215	+	]
216	+	},
217	+	"CargoPackageMetadata": {
218	+	"properties": {
219	+	"name": {
220	+	"type": "string"
221	+	},
222	+	"version": {
223	+	"type": "string"
224	+	},
225	+	"source": {
226	+	"type": "string"
227	+	},
228	+	"checksum": {
229	+	"type": "string"
230	+	},
231	+	"dependencies": {
232	+	"items": {
233	+	"type": "string"
234	+	},
235	+	"type": "array"
236	+	}
237	+	},
238	+	"type": "object",
239	+	"required": [
240	+	"name",
241	+	"version",
242	+	"source",
243	+	"checksum",
244	+	"dependencies"
245	+	]
246	+	},
247	+	"ClassifierMatch": {
248	+	"properties": {
249	+	"classifier": {
250	+	"type": "string"
251	+	},
252	+	"location": {
253	+	"$ref": "#/$defs/Location"
254	+	}
255	+	},
256	+	"type": "object",
257	+	"required": [
258	+	"classifier",
259	+	"location"
260	+	]
261	+	},
262	+	"CocoapodsMetadata": {
263	+	"properties": {
264	+	"checksum": {
265	+	"type": "string"
266	+	}
267	+	},
268	+	"type": "object",
269	+	"required": [
270	+	"checksum"
271	+	]
272	+	},
273	+	"ConanLockMetadata": {
274	+	"properties": {
275	+	"ref": {
276	+	"type": "string"
277	+	},
278	+	"package_id": {
279	+	"type": "string"
280	+	},
281	+	"prev": {
282	+	"type": "string"
283	+	},
284	+	"requires": {
285	+	"type": "string"
286	+	},
287	+	"build_requires": {
288	+	"type": "string"
289	+	},
290	+	"py_requires": {
291	+	"type": "string"
292	+	},
293	+	"options": {
294	+	"patternProperties": {
295	+	".*": {
296	+	"type": "string"
297	+	}
298	+	},
299	+	"type": "object"
300	+	},
301	+	"path": {
302	+	"type": "string"
303	+	},
304	+	"context": {
305	+	"type": "string"
306	+	}
307	+	},
308	+	"type": "object",
309	+	"required": [
310	+	"ref"
311	+	]
312	+	},
313	+	"ConanMetadata": {
314	+	"properties": {
315	+	"ref": {
316	+	"type": "string"
317	+	}
318	+	},
319	+	"type": "object",
320	+	"required": [
321	+	"ref"
322	+	]
323	+	},
324	+	"Coordinates": {
325	+	"properties": {
326	+	"path": {
327	+	"type": "string"
328	+	},
329	+	"layerID": {
330	+	"type": "string"
331	+	}
332	+	},
333	+	"type": "object",
334	+	"required": [
335	+	"path"
336	+	]
337	+	},
338	+	"DartPubMetadata": {
339	+	"properties": {
340	+	"name": {
341	+	"type": "string"
342	+	},
343	+	"version": {
344	+	"type": "string"
345	+	},
346	+	"hosted_url": {
347	+	"type": "string"
348	+	},
349	+	"vcs_url": {
350	+	"type": "string"
351	+	}
352	+	},
353	+	"type": "object",
354	+	"required": [
355	+	"name",
356	+	"version"
357	+	]
358	+	},
359	+	"Descriptor": {
360	+	"properties": {
361	+	"name": {
362	+	"type": "string"
363	+	},
364	+	"version": {
365	+	"type": "string"
366	+	},
367	+	"configuration": true
368	+	},
369	+	"type": "object",
370	+	"required": [
371	+	"name",
372	+	"version"
373	+	]
374	+	},
375	+	"Digest": {
376	+	"properties": {
377	+	"algorithm": {
378	+	"type": "string"
379	+	},
380	+	"value": {
381	+	"type": "string"
382	+	}
383	+	},
384	+	"type": "object",
385	+	"required": [
386	+	"algorithm",
387	+	"value"
388	+	]
389	+	},
390	+	"Document": {
391	+	"properties": {
392	+	"artifacts": {
393	+	"items": {
394	+	"$ref": "#/$defs/Package"
395	+	},
396	+	"type": "array"
397	+	},
398	+	"artifactRelationships": {
399	+	"items": {
400	+	"$ref": "#/$defs/Relationship"
401	+	},
402	+	"type": "array"
403	+	},
404	+	"files": {
405	+	"items": {
406	+	"$ref": "#/$defs/File"
407	+	},
408	+	"type": "array"
409	+	},
410	+	"secrets": {
411	+	"items": {
412	+	"$ref": "#/$defs/Secrets"
413	+	},
414	+	"type": "array"
415	+	},
416	+	"source": {
417	+	"$ref": "#/$defs/Source"
418	+	},
419	+	"distro": {
420	+	"$ref": "#/$defs/LinuxRelease"
421	+	},
422	+	"descriptor": {
423	+	"$ref": "#/$defs/Descriptor"
424	+	},
425	+	"schema": {
426	+	"$ref": "#/$defs/Schema"
427	+	}
428	+	},
429	+	"type": "object",
430	+	"required": [
431	+	"artifacts",
432	+	"artifactRelationships",
433	+	"source",
434	+	"distro",
435	+	"descriptor",
436	+	"schema"
437	+	]
438	+	},
439	+	"DotnetDepsMetadata": {
440	+	"properties": {
441	+	"name": {
442	+	"type": "string"
443	+	},
444	+	"version": {
445	+	"type": "string"
446	+	},
447	+	"path": {
448	+	"type": "string"
449	+	},
450	+	"sha512": {
451	+	"type": "string"
452	+	},
453	+	"hashPath": {
454	+	"type": "string"
455	+	}
456	+	},
457	+	"type": "object",
458	+	"required": [
459	+	"name",
460	+	"version",
461	+	"path",
462	+	"sha512",
463	+	"hashPath"
464	+	]
465	+	},
466	+	"DpkgFileRecord": {
467	+	"properties": {
468	+	"path": {
469	+	"type": "string"
470	+	},
471	+	"digest": {
472	+	"$ref": "#/$defs/Digest"
473	+	},
474	+	"isConfigFile": {
475	+	"type": "boolean"
476	+	}
477	+	},
478	+	"type": "object",
479	+	"required": [
480	+	"path",
481	+	"isConfigFile"
482	+	]
483	+	},
484	+	"DpkgMetadata": {
485	+	"properties": {
486	+	"package": {
487	+	"type": "string"
488	+	},
489	+	"source": {
490	+	"type": "string"
491	+	},
492	+	"version": {
493	+	"type": "string"
494	+	},
495	+	"sourceVersion": {
496	+	"type": "string"
497	+	},
498	+	"architecture": {
499	+	"type": "string"
500	+	},
501	+	"maintainer": {
502	+	"type": "string"
503	+	},
504	+	"installedSize": {
505	+	"type": "integer"
506	+	},
507	+	"files": {
508	+	"items": {
509	+	"$ref": "#/$defs/DpkgFileRecord"
510	+	},
511	+	"type": "array"
512	+	}
513	+	},
514	+	"type": "object",
515	+	"required": [
516	+	"package",
517	+	"source",
518	+	"version",
519	+	"sourceVersion",
520	+	"architecture",
521	+	"maintainer",
522	+	"installedSize",
523	+	"files"
524	+	]
525	+	},
526	+	"File": {
527	+	"properties": {
528	+	"id": {
529	+	"type": "string"
530	+	},
531	+	"location": {
532	+	"$ref": "#/$defs/Coordinates"
533	+	},
534	+	"metadata": {
535	+	"$ref": "#/$defs/FileMetadataEntry"
536	+	},
537	+	"contents": {
538	+	"type": "string"
539	+	},
540	+	"digests": {
541	+	"items": {
542	+	"$ref": "#/$defs/Digest"
543	+	},
544	+	"type": "array"
545	+	}
546	+	},
547	+	"type": "object",
548	+	"required": [
549	+	"id",
550	+	"location"
551	+	]
552	+	},
553	+	"FileMetadataEntry": {
554	+	"properties": {
555	+	"mode": {
556	+	"type": "integer"
557	+	},
558	+	"type": {
559	+	"type": "string"
560	+	},
561	+	"linkDestination": {
562	+	"type": "string"
563	+	},
564	+	"userID": {
565	+	"type": "integer"
566	+	},
567	+	"groupID": {
568	+	"type": "integer"
569	+	},
570	+	"mimeType": {
571	+	"type": "string"
572	+	}
573	+	},
574	+	"type": "object",
575	+	"required": [
576	+	"mode",
577	+	"type",
578	+	"userID",
579	+	"groupID",
580	+	"mimeType"
581	+	]
582	+	},
583	+	"GemMetadata": {
584	+	"properties": {
585	+	"name": {
586	+	"type": "string"
587	+	},
588	+	"version": {
589	+	"type": "string"
590	+	},
591	+	"files": {
592	+	"items": {
593	+	"type": "string"
594	+	},
595	+	"type": "array"
596	+	},
597	+	"authors": {
598	+	"items": {
599	+	"type": "string"
600	+	},
601	+	"type": "array"
602	+	},
603	+	"licenses": {
604	+	"items": {
605	+	"type": "string"
606	+	},
607	+	"type": "array"
608	+	},
609	+	"homepage": {
610	+	"type": "string"
611	+	}
612	+	},
613	+	"type": "object",
614	+	"required": [
615	+	"name",
616	+	"version"
617	+	]
618	+	},
619	+	"GolangBinMetadata": {
620	+	"properties": {
621	+	"goBuildSettings": {
622	+	"patternProperties": {
623	+	".*": {
624	+	"type": "string"
625	+	}
626	+	},
627	+	"type": "object"
628	+	},
629	+	"goCompiledVersion": {
630	+	"type": "string"
631	+	},
632	+	"architecture": {
633	+	"type": "string"
634	+	},
635	+	"h1Digest": {
636	+	"type": "string"
637	+	},
638	+	"mainModule": {
639	+	"type": "string"
640	+	}
641	+	},
642	+	"type": "object",
643	+	"required": [
644	+	"goCompiledVersion",
645	+	"architecture"
646	+	]
647	+	},
648	+	"GolangModMetadata": {
649	+	"properties": {
650	+	"h1Digest": {
651	+	"type": "string"
652	+	}
653	+	},
654	+	"type": "object"
655	+	},
656	+	"HackageMetadata": {
657	+	"properties": {
658	+	"name": {
659	+	"type": "string"
660	+	},
661	+	"version": {
662	+	"type": "string"
663	+	},
664	+	"pkgHash": {
665	+	"type": "string"
666	+	},
667	+	"snapshotURL": {
668	+	"type": "string"
669	+	}
670	+	},
671	+	"type": "object",
672	+	"required": [
673	+	"name",
674	+	"version"
675	+	]
676	+	},
677	+	"IDLikes": {
678	+	"items": {
679	+	"type": "string"
680	+	},
681	+	"type": "array"
682	+	},
683	+	"JavaManifest": {
684	+	"properties": {
685	+	"main": {
686	+	"patternProperties": {
687	+	".*": {
688	+	"type": "string"
689	+	}
690	+	},
691	+	"type": "object"
692	+	},
693	+	"namedSections": {
694	+	"patternProperties": {
695	+	".*": {
696	+	"patternProperties": {
697	+	".*": {
698	+	"type": "string"
699	+	}
700	+	},
701	+	"type": "object"
702	+	}
703	+	},
704	+	"type": "object"
705	+	}
706	+	},
707	+	"type": "object"
708	+	},
709	+	"JavaMetadata": {
710	+	"properties": {
711	+	"virtualPath": {
712	+	"type": "string"
713	+	},
714	+	"manifest": {
715	+	"$ref": "#/$defs/JavaManifest"
716	+	},
717	+	"pomProperties": {
718	+	"$ref": "#/$defs/PomProperties"
719	+	},
720	+	"pomProject": {
721	+	"$ref": "#/$defs/PomProject"
722	+	},
723	+	"digest": {
724	+	"items": {
725	+	"$ref": "#/$defs/Digest"
726	+	},
727	+	"type": "array"
728	+	}
729	+	},
730	+	"type": "object",
731	+	"required": [
732	+	"virtualPath"
733	+	]
734	+	},
735	+	"KbPackageMetadata": {
736	+	"properties": {
737	+	"product_id": {
738	+	"type": "string"
739	+	},
740	+	"kb": {
741	+	"type": "string"
742	+	}
743	+	},
744	+	"type": "object",
745	+	"required": [
746	+	"product_id",
747	+	"kb"
748	+	]
749	+	},
750	+	"LinuxRelease": {
751	+	"properties": {
752	+	"prettyName": {
753	+	"type": "string"
754	+	},
755	+	"name": {
756	+	"type": "string"
757	+	},
758	+	"id": {
759	+	"type": "string"
760	+	},
761	+	"idLike": {
762	+	"$ref": "#/$defs/IDLikes"
763	+	},
764	+	"version": {
765	+	"type": "string"
766	+	},
767	+	"versionID": {
768	+	"type": "string"
769	+	},
770	+	"versionCodename": {
771	+	"type": "string"
772	+	},
773	+	"buildID": {
774	+	"type": "string"
775	+	},
776	+	"imageID": {
777	+	"type": "string"
778	+	},
779	+	"imageVersion": {
780	+	"type": "string"
781	+	},
782	+	"variant": {
783	+	"type": "string"
784	+	},
785	+	"variantID": {
786	+	"type": "string"
787	+	},
788	+	"homeURL": {
789	+	"type": "string"
790	+	},
791	+	"supportURL": {
792	+	"type": "string"
793	+	},
794	+	"bugReportURL": {
795	+	"type": "string"
796	+	},
797	+	"privacyPolicyURL": {
798	+	"type": "string"
799	+	},
800	+	"cpeName": {
801	+	"type": "string"
802	+	}
803	+	},
804	+	"type": "object"
805	+	},
806	+	"Location": {
807	+	"properties": {
808	+	"path": {
809	+	"type": "string"
810	+	},
811	+	"layerID": {
812	+	"type": "string"
813	+	},
814	+	"virtualPath": {
815	+	"type": "string"
816	+	}
817	+	},
818	+	"type": "object",
819	+	"required": [
820	+	"path"
821	+	]
822	+	},
823	+	"MixLockMetadata": {
824	+	"properties": {
825	+	"name": {
826	+	"type": "string"
827	+	},
828	+	"version": {
829	+	"type": "string"
830	+	},
831	+	"pkgHash": {
832	+	"type": "string"
833	+	},
834	+	"pkgHashExt": {
835	+	"type": "string"
836	+	}
837	+	},
838	+	"type": "object",
839	+	"required": [
840	+	"name",
841	+	"version",
842	+	"pkgHash",
843	+	"pkgHashExt"
844	+	]
845	+	},
846	+	"NpmPackageJSONMetadata": {
847	+	"properties": {
848	+	"name": {
849	+	"type": "string"
850	+	},
851	+	"version": {
852	+	"type": "string"
853	+	},
854	+	"files": {
855	+	"items": {
856	+	"type": "string"
857	+	},
858	+	"type": "array"
859	+	},
860	+	"author": {
861	+	"type": "string"
862	+	},
863	+	"licenses": {
864	+	"items": {
865	+	"type": "string"
866	+	},
867	+	"type": "array"
868	+	},
869	+	"homepage": {
870	+	"type": "string"
871	+	},
872	+	"description": {
873	+	"type": "string"
874	+	},
875	+	"url": {
876	+	"type": "string"
877	+	},
878	+	"private": {
879	+	"type": "boolean"
880	+	}
881	+	},
882	+	"type": "object",
883	+	"required": [
884	+	"name",
885	+	"version",
886	+	"author",
887	+	"licenses",
888	+	"homepage",
889	+	"description",
890	+	"url",
891	+	"private"
892	+	]
893	+	},
894	+	"NpmPackageLockJSONMetadata": {
895	+	"properties": {
896	+	"resolved": {
897	+	"type": "string"
898	+	},
899	+	"integrity": {
900	+	"type": "string"
901	+	}
902	+	},
903	+	"type": "object",
904	+	"required": [
905	+	"resolved",
906	+	"integrity"
907	+	]
908	+	},
909	+	"Package": {
910	+	"properties": {
911	+	"id": {
912	+	"type": "string"
913	+	},
914	+	"name": {
915	+	"type": "string"
916	+	},
917	+	"version": {
918	+	"type": "string"
919	+	},
920	+	"type": {
921	+	"type": "string"
922	+	},
923	+	"foundBy": {
924	+	"type": "string"
925	+	},
926	+	"locations": {
927	+	"items": {
928	+	"$ref": "#/$defs/Coordinates"
929	+	},
930	+	"type": "array"
931	+	},
932	+	"licenses": {
933	+	"items": {
934	+	"type": "string"
935	+	},
936	+	"type": "array"
937	+	},
938	+	"language": {
939	+	"type": "string"
940	+	},
941	+	"cpes": {
942	+	"items": {
943	+	"type": "string"
944	+	},
945	+	"type": "array"
946	+	},
947	+	"purl": {
948	+	"type": "string"
949	+	},
950	+	"metadataType": {
951	+	"type": "string"
952	+	},
953	+	"metadata": {
954	+	"anyOf": [
955	+	{
956	+	"type": "null"
957	+	},
958	+	{
959	+	"$ref": "#/$defs/AlpmMetadata"
960	+	},
961	+	{
962	+	"$ref": "#/$defs/ApkMetadata"
963	+	},
964	+	{
965	+	"$ref": "#/$defs/BinaryMetadata"
966	+	},
967	+	{
968	+	"$ref": "#/$defs/CargoPackageMetadata"
969	+	},
970	+	{
971	+	"$ref": "#/$defs/CocoapodsMetadata"
972	+	},
973	+	{
974	+	"$ref": "#/$defs/ConanLockMetadata"
975	+	},
976	+	{
977	+	"$ref": "#/$defs/ConanMetadata"
978	+	},
979	+	{
980	+	"$ref": "#/$defs/DartPubMetadata"
981	+	},
982	+	{
983	+	"$ref": "#/$defs/DotnetDepsMetadata"
984	+	},
985	+	{
986	+	"$ref": "#/$defs/DpkgMetadata"
987	+	},
988	+	{
989	+	"$ref": "#/$defs/GemMetadata"
990	+	},
991	+	{
992	+	"$ref": "#/$defs/GolangBinMetadata"
993	+	},
994	+	{
995	+	"$ref": "#/$defs/GolangModMetadata"
996	+	},
997	+	{
998	+	"$ref": "#/$defs/HackageMetadata"
999	+	},
1000	+	{
1001	+	"$ref": "#/$defs/JavaMetadata"
1002	+	},
1003	+	{
1004	+	"$ref": "#/$defs/KbPackageMetadata"
1005	+	},
1006	+	{
1007	+	"$ref": "#/$defs/MixLockMetadata"
1008	+	},
1009	+	{
1010	+	"$ref": "#/$defs/NpmPackageJSONMetadata"
1011	+	},
1012	+	{
1013	+	"$ref": "#/$defs/NpmPackageLockJSONMetadata"
1014	+	},
1015	+	{
1016	+	"$ref": "#/$defs/PhpComposerJSONMetadata"
1017	+	},
1018	+	{
1019	+	"$ref": "#/$defs/PortageMetadata"
1020	+	},
1021	+	{
1022	+	"$ref": "#/$defs/PythonPackageMetadata"
1023	+	},
1024	+	{
1025	+	"$ref": "#/$defs/PythonPipfileLockMetadata"
1026	+	},
1027	+	{
1028	+	"$ref": "#/$defs/RebarLockMetadata"
1029	+	},
1030	+	{
1031	+	"$ref": "#/$defs/RpmMetadata"
1032	+	}
1033	+	]
1034	+	}
1035	+	},
1036	+	"type": "object",
1037	+	"required": [
1038	+	"id",
1039	+	"name",
1040	+	"version",
1041	+	"type",
1042	+	"foundBy",
1043	+	"locations",
1044	+	"licenses",
1045	+	"language",
1046	+	"cpes",
1047	+	"purl"
1048	+	]
1049	+	},
1050	+	"PhpComposerAuthors": {
1051	+	"properties": {
1052	+	"name": {
1053	+	"type": "string"
1054	+	},
1055	+	"email": {
1056	+	"type": "string"
1057	+	},
1058	+	"homepage": {
1059	+	"type": "string"
1060	+	}
1061	+	},
1062	+	"type": "object",
1063	+	"required": [
1064	+	"name"
1065	+	]
1066	+	},
1067	+	"PhpComposerExternalReference": {
1068	+	"properties": {
1069	+	"type": {
1070	+	"type": "string"
1071	+	},
1072	+	"url": {
1073	+	"type": "string"
1074	+	},
1075	+	"reference": {
1076	+	"type": "string"
1077	+	},
1078	+	"shasum": {
1079	+	"type": "string"
1080	+	}
1081	+	},
1082	+	"type": "object",
1083	+	"required": [
1084	+	"type",
1085	+	"url",
1086	+	"reference"
1087	+	]
1088	+	},
1089	+	"PhpComposerJSONMetadata": {
1090	+	"properties": {
1091	+	"name": {
1092	+	"type": "string"
1093	+	},
1094	+	"version": {
1095	+	"type": "string"
1096	+	},
1097	+	"source": {
1098	+	"$ref": "#/$defs/PhpComposerExternalReference"
1099	+	},
1100	+	"dist": {
1101	+	"$ref": "#/$defs/PhpComposerExternalReference"
1102	+	},
1103	+	"require": {
1104	+	"patternProperties": {
1105	+	".*": {
1106	+	"type": "string"
1107	+	}
1108	+	},
1109	+	"type": "object"
1110	+	},
1111	+	"provide": {
1112	+	"patternProperties": {
1113	+	".*": {
1114	+	"type": "string"
1115	+	}
1116	+	},
1117	+	"type": "object"
1118	+	},
1119	+	"require-dev": {
1120	+	"patternProperties": {
1121	+	".*": {
1122	+	"type": "string"
1123	+	}
1124	+	},
1125	+	"type": "object"
1126	+	},
1127	+	"suggest": {
1128	+	"patternProperties": {
1129	+	".*": {
1130	+	"type": "string"
1131	+	}
1132	+	},
1133	+	"type": "object"
1134	+	},
1135	+	"type": {
1136	+	"type": "string"
1137	+	},
1138	+	"notification-url": {
1139	+	"type": "string"
1140	+	},
1141	+	"bin": {
1142	+	"items": {
1143	+	"type": "string"
1144	+	},
1145	+	"type": "array"
1146	+	},
1147	+	"license": {
1148	+	"items": {
1149	+	"type": "string"
1150	+	},
1151	+	"type": "array"
1152	+	},
1153	+	"authors": {
1154	+	"items": {
1155	+	"$ref": "#/$defs/PhpComposerAuthors"
1156	+	},
1157	+	"type": "array"
1158	+	},
1159	+	"description": {
1160	+	"type": "string"
1161	+	},
1162	+	"homepage": {
1163	+	"type": "string"
1164	+	},
1165	+	"keywords": {
1166	+	"items": {
1167	+	"type": "string"
1168	+	},
1169	+	"type": "array"
1170	+	},
1171	+	"time": {
1172	+	"type": "string"
1173	+	}
1174	+	},
1175	+	"type": "object",
1176	+	"required": [
1177	+	"name",
1178	+	"version",
1179	+	"source",
1180	+	"dist"
1181	+	]
1182	+	},
1183	+	"PomParent": {
1184	+	"properties": {
1185	+	"groupId": {
1186	+	"type": "string"
1187	+	},
1188	+	"artifactId": {
1189	+	"type": "string"
1190	+	},
1191	+	"version": {
1192	+	"type": "string"
1193	+	}
1194	+	},
1195	+	"type": "object",
1196	+	"required": [
1197	+	"groupId",
1198	+	"artifactId",
1199	+	"version"
1200	+	]
1201	+	},
1202	+	"PomProject": {
1203	+	"properties": {
1204	+	"path": {
1205	+	"type": "string"
1206	+	},
1207	+	"parent": {
1208	+	"$ref": "#/$defs/PomParent"
1209	+	},
1210	+	"groupId": {
1211	+	"type": "string"
1212	+	},
1213	+	"artifactId": {
1214	+	"type": "string"
1215	+	},
1216	+	"version": {
1217	+	"type": "string"
1218	+	},
1219	+	"name": {
1220	+	"type": "string"
1221	+	},
1222	+	"description": {
1223	+	"type": "string"
1224	+	},
1225	+	"url": {
1226	+	"type": "string"
1227	+	}
1228	+	},
1229	+	"type": "object",
1230	+	"required": [
1231	+	"path",
1232	+	"groupId",
1233	+	"artifactId",
1234	+	"version",
1235	+	"name"
1236	+	]
1237	+	},
1238	+	"PomProperties": {
1239	+	"properties": {
1240	+	"path": {
1241	+	"type": "string"
1242	+	},
1243	+	"name": {
1244	+	"type": "string"
1245	+	},
1246	+	"groupId": {
1247	+	"type": "string"
1248	+	},
1249	+	"artifactId": {
1250	+	"type": "string"
1251	+	},
1252	+	"version": {
1253	+	"type": "string"
1254	+	},
1255	+	"extraFields": {
1256	+	"patternProperties": {
1257	+	".*": {
1258	+	"type": "string"
1259	+	}
1260	+	},
1261	+	"type": "object"
1262	+	}
1263	+	},
1264	+	"type": "object",
1265	+	"required": [
1266	+	"path",
1267	+	"name",
1268	+	"groupId",
1269	+	"artifactId",
1270	+	"version"
1271	+	]
1272	+	},
1273	+	"PortageFileRecord": {
1274	+	"properties": {
1275	+	"path": {
1276	+	"type": "string"
1277	+	},
1278	+	"digest": {
1279	+	"$ref": "#/$defs/Digest"
1280	+	}
1281	+	},
1282	+	"type": "object",
1283	+	"required": [
1284	+	"path"
1285	+	]
1286	+	},
1287	+	"PortageMetadata": {
1288	+	"properties": {
1289	+	"installedSize": {
1290	+	"type": "integer"
1291	+	},
1292	+	"files": {
1293	+	"items": {
1294	+	"$ref": "#/$defs/PortageFileRecord"
1295	+	},
1296	+	"type": "array"
1297	+	}
1298	+	},
1299	+	"type": "object",
1300	+	"required": [
1301	+	"installedSize",
1302	+	"files"
1303	+	]
1304	+	},
1305	+	"PythonDirectURLOriginInfo": {
1306	+	"properties": {
1307	+	"url": {
1308	+	"type": "string"
1309	+	},
1310	+	"commitId": {
1311	+	"type": "string"
1312	+	},
1313	+	"vcs": {
1314	+	"type": "string"
1315	+	}
1316	+	},
1317	+	"type": "object",
1318	+	"required": [
1319	+	"url"
1320	+	]
1321	+	},
1322	+	"PythonFileDigest": {
1323	+	"properties": {
1324	+	"algorithm": {
1325	+	"type": "string"
1326	+	},
1327	+	"value": {
1328	+	"type": "string"
1329	+	}
1330	+	},
1331	+	"type": "object",
1332	+	"required": [
1333	+	"algorithm",
1334	+	"value"
1335	+	]
1336	+	},
1337	+	"PythonFileRecord": {
1338	+	"properties": {
1339	+	"path": {
1340	+	"type": "string"
1341	+	},
1342	+	"digest": {
1343	+	"$ref": "#/$defs/PythonFileDigest"
1344	+	},
1345	+	"size": {
1346	+	"type": "string"
1347	+	}
1348	+	},
1349	+	"type": "object",
1350	+	"required": [
1351	+	"path"
1352	+	]
1353	+	},
1354	+	"PythonPackageMetadata": {
1355	+	"properties": {
1356	+	"name": {
1357	+	"type": "string"
1358	+	},
1359	+	"version": {
1360	+	"type": "string"
1361	+	},
1362	+	"license": {
1363	+	"type": "string"
1364	+	},
1365	+	"author": {
1366	+	"type": "string"
1367	+	},
1368	+	"authorEmail": {
1369	+	"type": "string"
1370	+	},
1371	+	"platform": {
1372	+	"type": "string"
1373	+	},
1374	+	"files": {
1375	+	"items": {
1376	+	"$ref": "#/$defs/PythonFileRecord"
1377	+	},
1378	+	"type": "array"
1379	+	},
1380	+	"sitePackagesRootPath": {
1381	+	"type": "string"
1382	+	},
1383	+	"topLevelPackages": {
1384	+	"items": {
1385	+	"type": "string"
1386	+	},
1387	+	"type": "array"
1388	+	},
1389	+	"directUrlOrigin": {
1390	+	"$ref": "#/$defs/PythonDirectURLOriginInfo"
1391	+	}
1392	+	},
1393	+	"type": "object",
1394	+	"required": [
1395	+	"name",
1396	+	"version",
1397	+	"license",
1398	+	"author",
1399	+	"authorEmail",
1400	+	"platform",
1401	+	"sitePackagesRootPath"
1402	+	]
1403	+	},
1404	+	"PythonPipfileLockMetadata": {
1405	+	"properties": {
1406	+	"hashes": {
1407	+	"items": {
1408	+	"type": "string"
1409	+	},
1410	+	"type": "array"
1411	+	},
1412	+	"index": {
1413	+	"type": "string"
1414	+	}
1415	+	},
1416	+	"type": "object",
1417	+	"required": [
1418	+	"hashes",
1419	+	"index"
1420	+	]
1421	+	},
1422	+	"RebarLockMetadata": {
1423	+	"properties": {
1424	+	"name": {
1425	+	"type": "string"
1426	+	},
1427	+	"version": {
1428	+	"type": "string"
1429	+	},
1430	+	"pkgHash": {
1431	+	"type": "string"
1432	+	},
1433	+	"pkgHashExt": {
1434	+	"type": "string"
1435	+	}
1436	+	},
1437	+	"type": "object",
1438	+	"required": [
1439	+	"name",
1440	+	"version",
1441	+	"pkgHash",
1442	+	"pkgHashExt"
1443	+	]
1444	+	},
1445	+	"Relationship": {
1446	+	"properties": {
1447	+	"parent": {
1448	+	"type": "string"
1449	+	},
1450	+	"child": {
1451	+	"type": "string"
1452	+	},
1453	+	"type": {
1454	+	"type": "string"
1455	+	},
1456	+	"metadata": true
1457	+	},
1458	+	"type": "object",
1459	+	"required": [
1460	+	"parent",
1461	+	"child",
1462	+	"type"
1463	+	]
1464	+	},
1465	+	"RpmMetadata": {
1466	+	"properties": {
1467	+	"name": {
1468	+	"type": "string"
1469	+	},
1470	+	"version": {
1471	+	"type": "string"
1472	+	},
1473	+	"epoch": {
1474	+	"oneOf": [
1475	+	{
1476	+	"type": "integer"
1477	+	},
1478	+	{
1479	+	"type": "null"
1480	+	}
1481	+	]
1482	+	},
1483	+	"architecture": {
1484	+	"type": "string"
1485	+	},
1486	+	"release": {
1487	+	"type": "string"
1488	+	},
1489	+	"sourceRpm": {
1490	+	"type": "string"
1491	+	},
1492	+	"size": {
1493	+	"type": "integer"
1494	+	},
1495	+	"license": {
1496	+	"type": "string"
1497	+	},
1498	+	"vendor": {
1499	+	"type": "string"
1500	+	},
1501	+	"modularityLabel": {
1502	+	"type": "string"
1503	+	},
1504	+	"files": {
1505	+	"items": {
1506	+	"$ref": "#/$defs/RpmdbFileRecord"
1507	+	},
1508	+	"type": "array"
1509	+	}
1510	+	},
1511	+	"type": "object",
1512	+	"required": [
1513	+	"name",
1514	+	"version",
1515	+	"epoch",
1516	+	"architecture",
1517	+	"release",
1518	+	"sourceRpm",
1519	+	"size",
1520	+	"license",
1521	+	"vendor",
1522	+	"modularityLabel",
1523	+	"files"
1524	+	]
1525	+	},
1526	+	"RpmdbFileRecord": {
1527	+	"properties": {
1528	+	"path": {
1529	+	"type": "string"
1530	+	},
1531	+	"mode": {
1532	+	"type": "integer"
1533	+	},
1534	+	"size": {
1535	+	"type": "integer"
1536	+	},
1537	+	"digest": {
1538	+	"$ref": "#/$defs/Digest"
1539	+	},
1540	+	"userName": {
1541	+	"type": "string"
1542	+	},
1543	+	"groupName": {
1544	+	"type": "string"
1545	+	},
1546	+	"flags": {
1547	+	"type": "string"
1548	+	}
1549	+	},
1550	+	"type": "object",
1551	+	"required": [
1552	+	"path",
1553	+	"mode",
1554	+	"size",
1555	+	"digest",
1556	+	"userName",
1557	+	"groupName",
1558	+	"flags"
1559	+	]
1560	+	},
1561	+	"Schema": {
1562	+	"properties": {
1563	+	"version": {
1564	+	"type": "string"
1565	+	},
1566	+	"url": {
1567	+	"type": "string"
1568	+	}
1569	+	},
1570	+	"type": "object",
1571	+	"required": [
1572	+	"version",
1573	+	"url"
1574	+	]
1575	+	},
1576	+	"SearchResult": {
1577	+	"properties": {
1578	+	"classification": {
1579	+	"type": "string"
1580	+	},
1581	+	"lineNumber": {
1582	+	"type": "integer"
1583	+	},
1584	+	"lineOffset": {
1585	+	"type": "integer"
1586	+	},
1587	+	"seekPosition": {
1588	+	"type": "integer"
1589	+	},
1590	+	"length": {
1591	+	"type": "integer"
1592	+	},
1593	+	"value": {
1594	+	"type": "string"
1595	+	}
1596	+	},
1597	+	"type": "object",
1598	+	"required": [
1599	+	"classification",
1600	+	"lineNumber",
1601	+	"lineOffset",
1602	+	"seekPosition",
1603	+	"length"
1604	+	]
1605	+	},
1606	+	"Secrets": {
1607	+	"properties": {
1608	+	"location": {
1609	+	"$ref": "#/$defs/Coordinates"
1610	+	},
1611	+	"secrets": {
1612	+	"items": {
1613	+	"$ref": "#/$defs/SearchResult"
1614	+	},
1615	+	"type": "array"
1616	+	}
1617	+	},
1618	+	"type": "object",
1619	+	"required": [
1620	+	"location",
1621	+	"secrets"
1622	+	]
1623	+	},
1624	+	"Source": {
1625	+	"properties": {
1626	+	"id": {
1627	+	"type": "string"
1628	+	},
1629	+	"type": {
1630	+	"type": "string"
1631	+	},
1632	+	"target": true
1633	+	},
1634	+	"type": "object",
1635	+	"required": [
1636	+	"id",
1637	+	"type",
1638	+	"target"
1639	+	]
1640	+	}
1641	+	}
1642	+	}
1643	+

■ ■ ■ ■ ■ ■

syft/formats/syftjson/encoder_test.go

skipped 212 lines
213 213 s,
214 214 *updateJson,
215 215 true,
216 + schemaVersionRedactor,
216 217 )
217 218 }
218 219

All occurrences

■ ■ ■ ■ ■ ■

syft/formats/syftjson/format.go

1	1		package syftjson
2	2
3	3		import (
	4	+	"github.com/anchore/syft/internal"
4	5		"github.com/anchore/syft/syft/sbom"
5	6		)
6	7
		skipped 1 lines
8	9
9	10		func Format() sbom.Format {
10	11		return sbom.NewFormat(
11		-	"6",
	12	+	internal.JSONSchemaVersion,
12	13		encoder,
13	14		decoder,
14	15		validator,
		skipped 4 lines

■ ■ ■ ■ ■ ■

syft/formats/syftjson/to_format_model_test.go

1	1		package syftjson
2	2
3	3		import (
4		-	"strings"
5	4		"testing"
6	5
7	6		"github.com/scylladb/go-set/strset"
		skipped 1 lines
9	8		"github.com/stretchr/testify/require"
10	9
11	10		"github.com/anchore/stereoscope/pkg/file"
12		-	"github.com/anchore/syft/internal"
13	11		"github.com/anchore/syft/syft/formats/syftjson/model"
14	12		"github.com/anchore/syft/syft/source"
15	13		)
16		-
17		-	func Test_SyftJsonID_Compatibility(t *testing.T) {
18		-	jsonMajorVersion := strings.Split(internal.JSONSchemaVersion, ".")[0]
19		-	assert.Equal(t, jsonMajorVersion, string(Format().Version()))
20		-	}
21	14
22	15		func Test_toSourceModel(t *testing.T) {
23	16		allSchemes := strset.New()
		skipped 139 lines

■ ■ ■ ■ ■ ■

syft/pkg/binary_metadata.go

1	1		package pkg
2	2
	3	+	import "github.com/anchore/syft/syft/source"
	4	+
3	5		type BinaryMetadata struct {
4		-	Classifier string `mapstructure:"Classifier" json:"classifier"`
5		-	RealPath string `mapstructure:"RealPath" json:"realPath"`
6		-	VirtualPath string `mapstructure:"VirtualPath" json:"virtualPath"`
	6	+	Matches []ClassifierMatch `mapstructure:"Matches" json:"matches"`
	7	+	}
	8	+
	9	+	type ClassifierMatch struct {
	10	+	Classifier string `mapstructure:"Classifier" json:"classifier"`
	11	+	Location source.Location `mapstructure:"Location" json:"location"`
7	12		}
8	13

■ ■ ■ ■ ■ ■

syft/pkg/cataloger/binary/cataloger.go

		skipped 32 lines
33	33
34	34		for _, cls := range defaultClassifiers {
35	35		log.WithFields("classifier", cls.Class).Trace("cataloging binaries")
36		-	pkgs, err := catalog(resolver, cls)
	36	+	newPkgs, err := catalog(resolver, cls)
37	37		if err != nil {
38	38		log.WithFields("error", err, "classifier", cls.Class).Warn("unable to catalog binary package: %w", err)
39	39		continue
40	40		}
41		-	packages = append(packages, pkgs...)
	41	+	newPackages:
	42	+	for i := range newPkgs {
	43	+	newPkg := &newPkgs[i]
	44	+	for j := range packages {
	45	+	p := &packages[j]
	46	+	// consolidate identical packages found in different locations or by different classifiers
	47	+	if packagesMatch(p, newPkg) {
	48	+	mergePackages(p, newPkg)
	49	+	continue newPackages
	50	+	}
	51	+	}
	52	+	packages = append(packages, *newPkg)
	53	+	}
42	54		}
43	55
44	56		return packages, relationships, nil
45	57		}
46	58
47		-	func catalog(resolver source.FileResolver, cls classifier) ([]pkg.Package, error) {
48		-	var pkgs []pkg.Package
	59	+	// mergePackages merges information from the extra package into the target package
	60	+	func mergePackages(target pkg.Package, extra pkg.Package) {
	61	+	// add the locations
	62	+	target.Locations.Add(extra.Locations.ToSlice()...)
	63	+	// update the metadata to indicate which classifiers were used
	64	+	meta, _ := target.Metadata.(pkg.BinaryMetadata)
	65	+	if m, ok := extra.Metadata.(pkg.BinaryMetadata); ok {
	66	+	meta.Matches = append(meta.Matches, m.Matches...)
	67	+	}
	68	+	target.Metadata = meta
	69	+	}
	70	+
	71	+	func catalog(resolver source.FileResolver, cls classifier) (packages []pkg.Package, err error) {
49	72		locations, err := resolver.FilesByGlob(cls.FileGlob)
50	73		if err != nil {
51	74		return nil, err
		skipped 4 lines
56	79		return nil, err
57	80		}
58	81		locationReader := source.NewLocationReadCloser(location, reader)
59		-	newPkgs, err := cls.EvidenceMatcher(cls, locationReader)
	82	+	pkgs, err := cls.EvidenceMatcher(cls, locationReader)
60	83		if err != nil {
61	84		return nil, err
62	85		}
63		-	newPackages:
64		-	for i := range newPkgs {
65		-	newPkg := &newPkgs[i]
66		-	for j := range pkgs {
67		-	p := &pkgs[j]
68		-	// consolidate identical packages found in different locations,
69		-	// but continue to track each location
70		-	if packagesMatch(p, newPkg) {
71		-	p.Locations.Add(newPkg.Locations.ToSlice()...)
72		-	continue newPackages
73		-	}
74		-	}
75		-	pkgs = append(pkgs, *newPkg)
76		-	}
	86	+	packages = append(packages, pkgs...)
77	87		}
78		-	return pkgs, nil
	88	+	return packages, nil
79	89		}
80	90
81	91		// packagesMatch returns true if the binary packages "match" based on basic criteria
		skipped 11 lines

■ ■ ■ ■ ■ ■

syft/pkg/cataloger/binary/cataloger_test.go

		skipped 1 lines
2	2
3	3		import (
4	4		"errors"
	5	+	"fmt"
5	6		"io"
6	7		"testing"
7	8
		skipped 19 lines
27	28		Version: "15beta4",
28	29		Type: "binary",
29	30		PURL: "pkg:generic/postgresql@15beta4",
30		-	Locations: singleLocation("postgres"),
31		-	Metadata: pkg.BinaryMetadata{
32		-	Classifier: "postgresql-binary",
33		-	},
	31	+	Locations: locations("postgres"),
	32	+	Metadata: metadata("postgresql-binary"),
34	33		},
35	34		},
36	35		{
		skipped 4 lines
41	40		Version: "15.1",
42	41		Type: "binary",
43	42		PURL: "pkg:generic/[email protected]",
44		-	Locations: singleLocation("postgres"),
45		-	Metadata: pkg.BinaryMetadata{
46		-	Classifier: "postgresql-binary",
47		-	},
	43	+	Locations: locations("postgres"),
	44	+	Metadata: metadata("postgresql-binary"),
48	45		},
49	46		},
50	47		{
		skipped 4 lines
55	52		Version: "9.6.24",
56	53		Type: "binary",
57	54		PURL: "pkg:generic/[email protected]",
58		-	Locations: singleLocation("postgres"),
59		-	Metadata: pkg.BinaryMetadata{
60		-	Classifier: "postgresql-binary",
61		-	},
	55	+	Locations: locations("postgres"),
	56	+	Metadata: metadata("postgresql-binary"),
62	57		},
63	58		},
64	59		{
		skipped 4 lines
69	64		Version: "9.5alpha1",
70	65		Type: "binary",
71	66		PURL: "pkg:generic/[email protected]",
72		-	Locations: singleLocation("postgres"),
	67	+	Locations: locations("postgres"),
	68	+	Metadata: metadata("postgresql-binary"),
	69	+	},
	70	+	},
	71	+	{
	72	+	name: "positive-python-duplicates",
	73	+	fixtureDir: "test-fixtures/classifiers/positive/python-duplicates",
	74	+	expected: pkg.Package{
	75	+	Name: "python",
	76	+	Version: "3.8.16",
	77	+	Type: "binary",
	78	+	PURL: "pkg:generic/[email protected]",
	79	+	Locations: locations("dir/python3.8", "python3.8", "libpython3.8.so", "patchlevel.h"),
73	80		Metadata: pkg.BinaryMetadata{
74		-	Classifier: "postgresql-binary",
	81	+	Matches: []pkg.ClassifierMatch{
	82	+	match("python-binary", "dir/python3.8"),
	83	+	match("python-binary", "python3.8"),
	84	+	match("python-binary-lib", "libpython3.8.so"),
	85	+	match("cpython-source", "patchlevel.h"),
	86	+	},
75	87		},
76	88		},
77	89		},
		skipped 5 lines
83	95		Version: "2.9.6",
84	96		Type: "binary",
85	97		PURL: "pkg:generic/[email protected]",
86		-	Locations: singleLocation("traefik"),
87		-	Metadata: pkg.BinaryMetadata{
88		-	Classifier: "traefik-binary",
89		-	},
	98	+	Locations: locations("traefik"),
	99	+	Metadata: metadata("traefik-binary"),
90	100		},
91	101		},
92	102		{
		skipped 4 lines
97	107		Version: "1.7.34",
98	108		Type: "binary",
99	109		PURL: "pkg:generic/[email protected]",
100		-	Locations: singleLocation("traefik"),
101		-	Metadata: pkg.BinaryMetadata{
102		-	Classifier: "traefik-binary",
103		-	},
	110	+	Locations: locations("traefik"),
	111	+	Metadata: metadata("traefik-binary"),
104	112		},
105	113		},
106	114		{
		skipped 4 lines
111	119		Version: "1.6.18",
112	120		Type: "binary",
113	121		PURL: "pkg:generic/[email protected]",
114		-	Locations: singleLocation("memcached"),
115		-	Metadata: pkg.BinaryMetadata{
116		-	Classifier: "memcached-binary",
117		-	},
	122	+	Locations: locations("memcached"),
	123	+	Metadata: metadata("memcached-binary"),
118	124		},
119	125		},
120	126		{
		skipped 4 lines
125	131		Version: "2.4.54",
126	132		Type: "binary",
127	133		PURL: "pkg:generic/[email protected]",
128		-	Locations: singleLocation("httpd"),
129		-	Metadata: pkg.BinaryMetadata{
130		-	Classifier: "httpd-binary",
131		-	},
	134	+	Locations: locations("httpd"),
	135	+	Metadata: metadata("httpd-binary"),
132	136		},
133	137		},
134	138		{
		skipped 4 lines
139	143		Version: "8.2.1",
140	144		Type: "binary",
141	145		PURL: "pkg:generic/[email protected]",
142		-	Locations: singleLocation("php"),
143		-	Metadata: pkg.BinaryMetadata{
144		-	Classifier: "php-cli-binary",
145		-	},
	146	+	Locations: locations("php"),
	147	+	Metadata: metadata("php-cli-binary"),
146	148		},
147	149		},
148	150		{
		skipped 4 lines
153	155		Version: "8.2.1",
154	156		Type: "binary",
155	157		PURL: "pkg:generic/[email protected]",
156		-	Locations: singleLocation("php-fpm"),
157		-	Metadata: pkg.BinaryMetadata{
158		-	Classifier: "php-fpm-binary",
159		-	},
	158	+	Locations: locations("php-fpm"),
	159	+	Metadata: metadata("php-fpm-binary"),
160	160		},
161	161		},
162	162		{
		skipped 4 lines
167	167		Version: "8.2.1",
168	168		Type: "binary",
169	169		PURL: "pkg:generic/[email protected]",
170		-	Locations: singleLocation("libphp.so"),
171		-	Metadata: pkg.BinaryMetadata{
172		-	Classifier: "php-apache-binary",
173		-	},
	170	+	Locations: locations("libphp.so"),
	171	+	Metadata: metadata("php-apache-binary"),
174	172		},
175	173		},
176	174		{
		skipped 46 lines
223	221		Version: "2.8.23",
224	222		Type: "binary",
225	223		PURL: "pkg:generic/[email protected]",
226		-	Locations: singleLocation("redis-server"),
227		-	Metadata: pkg.BinaryMetadata{
228		-	Classifier: "redis-binary",
229		-	},
	224	+	Locations: locations("redis-server"),
	225	+	Metadata: metadata("redis-binary"),
230	226		},
231	227		},
232	228		{
		skipped 4 lines
237	233		Version: "4.0.11",
238	234		Type: "binary",
239	235		PURL: "pkg:generic/[email protected]",
240		-	Locations: singleLocation("redis-server"),
241		-	Metadata: pkg.BinaryMetadata{
242		-	Classifier: "redis-binary",
243		-	},
	236	+	Locations: locations("redis-server"),
	237	+	Metadata: metadata("redis-binary"),
244	238		},
245	239		},
246	240		{
		skipped 4 lines
251	245		Version: "5.0.0",
252	246		Type: "binary",
253	247		PURL: "pkg:generic/[email protected]",
254		-	Locations: singleLocation("redis-server"),
255		-	Metadata: pkg.BinaryMetadata{
256		-	Classifier: "redis-binary",
257		-	},
	248	+	Locations: locations("redis-server"),
	249	+	Metadata: metadata("redis-binary"),
258	250		},
259	251		},
260	252		{
		skipped 4 lines
265	257		Version: "6.0.16",
266	258		Type: "binary",
267	259		PURL: "pkg:generic/[email protected]",
268		-	Locations: singleLocation("redis-server"),
269		-	Metadata: pkg.BinaryMetadata{
270		-	Classifier: "redis-binary",
271		-	},
	260	+	Locations: locations("redis-server"),
	261	+	Metadata: metadata("redis-binary"),
272	262		},
273	263		},
274	264		{
		skipped 4 lines
279	269		Version: "7.0.0",
280	270		Type: "binary",
281	271		PURL: "pkg:generic/[email protected]",
282		-	Locations: singleLocation("redis-server"),
283		-	Metadata: pkg.BinaryMetadata{
284		-	Classifier: "redis-binary",
285		-	},
	272	+	Locations: locations("redis-server"),
	273	+	Metadata: metadata("redis-binary"),
286	274		},
287	275		},
288	276		{
289	277		name: "positive-libpython3.7.so",
290		-	fixtureDir: "test-fixtures/classifiers/positive",
	278	+	fixtureDir: "test-fixtures/classifiers/positive/python-binary-lib-3.7",
291	279		expected: pkg.Package{
292	280		Name: "python",
293	281		Version: "3.7.4a-vZ9",
294	282		PURL: "pkg:generic/[email protected]",
295		-	Locations: singleLocation("libpython3.7.so"),
296		-	Metadata: pkg.BinaryMetadata{
297		-	Classifier: "python-binary-lib",
298		-	},
	283	+	Locations: locations("libpython3.7.so"),
	284	+	Metadata: metadata("python-binary-lib"),
299	285		},
300	286		},
301	287		{
302	288		name: "positive-python3.6",
303		-	fixtureDir: "test-fixtures/classifiers/positive",
	289	+	fixtureDir: "test-fixtures/classifiers/positive/python-binary-3.6",
304	290		expected: pkg.Package{
305	291		Name: "python",
306	292		Version: "3.6.3a-vZ9",
307	293		PURL: "pkg:generic/[email protected]",
308		-	Locations: singleLocation("python3.6"),
309		-	Metadata: pkg.BinaryMetadata{
310		-	Classifier: "python-binary",
311		-	},
	294	+	Locations: locations("python3.6"),
	295	+	Metadata: metadata("python-binary"),
312	296		},
313	297		},
314	298		{
315	299		name: "positive-patchlevel.h",
316		-	fixtureDir: "test-fixtures/classifiers/positive",
	300	+	fixtureDir: "test-fixtures/classifiers/positive/python-source-3.9",
317	301		expected: pkg.Package{
318	302		Name: "python",
319	303		Version: "3.9-aZ5",
320	304		PURL: "pkg:generic/[email protected]",
321		-	Locations: singleLocation("patchlevel.h"),
322		-	Metadata: pkg.BinaryMetadata{
323		-	Classifier: "cpython-source",
324		-	},
	305	+	Locations: locations("patchlevel.h"),
	306	+	Metadata: metadata("cpython-source"),
325	307		},
326	308		},
327	309		{
328	310		name: "positive-go",
329		-	fixtureDir: "test-fixtures/classifiers/positive",
	311	+	fixtureDir: "test-fixtures/classifiers/positive/go-1.14",
330	312		expected: pkg.Package{
331	313		Name: "go",
332	314		Version: "1.14",
333	315		PURL: "pkg:generic/[email protected]",
334		-	Locations: singleLocation("go"),
335		-	Metadata: pkg.BinaryMetadata{
336		-	Classifier: "go-binary",
337		-	},
	316	+	Locations: locations("go"),
	317	+	Metadata: metadata("go-binary"),
338	318		},
339	319		},
340	320		{
341	321		name: "positive-node",
342		-	fixtureDir: "test-fixtures/classifiers/positive",
	322	+	fixtureDir: "test-fixtures/classifiers/positive/node-19.2.1",
343	323		expected: pkg.Package{
344	324		Name: "node",
345	325		Version: "19.2.1",
346	326		PURL: "pkg:generic/[email protected]",
347		-	Locations: singleLocation("node"),
348		-	Metadata: pkg.BinaryMetadata{
349		-	Classifier: "nodejs-binary",
350		-	},
	327	+	Locations: locations("node"),
	328	+	Metadata: metadata("nodejs-binary"),
351	329		},
352	330		},
353	331		{
354	332		name: "positive-go-hint",
355		-	fixtureDir: "test-fixtures/classifiers/positive",
	333	+	fixtureDir: "test-fixtures/classifiers/positive/go-hint-1.15",
356	334		expected: pkg.Package{
357	335		Name: "go",
358	336		Version: "1.15",
359	337		PURL: "pkg:generic/[email protected]",
360		-	Locations: singleLocation("VERSION"),
361		-	Metadata: pkg.BinaryMetadata{
362		-	Classifier: "go-binary-hint",
363		-	},
	338	+	Locations: locations("VERSION"),
	339	+	Metadata: metadata("go-binary-hint"),
364	340		},
365	341		},
366	342		{
367	343		name: "positive-busybox",
368		-	fixtureDir: "test-fixtures/classifiers/positive",
	344	+	fixtureDir: "test-fixtures/classifiers/positive/busybox-3.33.3",
369	345		expected: pkg.Package{
370	346		Name: "busybox",
371	347		Version: "3.33.3",
372		-	Locations: singleLocation("["), // note: busybox is a link to [
373		-	Metadata: pkg.BinaryMetadata{
374		-	Classifier: "busybox-binary",
375		-	VirtualPath: "busybox",
376		-	},
	348	+	Locations: locations("["), // note: busybox is a link to [
	349	+	Metadata: metadata("busybox-binary", "[", "busybox"),
377	350		},
378	351		},
379	352		{
		skipped 4 lines
384	357		Version: "1.8.0_352-b08",
385	358		Type: "binary",
386	359		PURL: "pkg:generic/[email protected]_352-b08",
387		-	Locations: singleLocation("java"),
388		-	Metadata: pkg.BinaryMetadata{
389		-	Classifier: "java-binary-openjdk",
390		-	VirtualPath: "java",
391		-	},
	360	+	Locations: locations("java"),
	361	+	Metadata: metadata("java-binary-openjdk", "java"),
392	362		},
393	363		},
394	364		{
		skipped 4 lines
399	369		Version: "11.0.17+8-LTS",
400	370		Type: "binary",
401	371		PURL: "pkg:generic/[email protected]+8-LTS",
402		-	Locations: singleLocation("java"),
403		-	Metadata: pkg.BinaryMetadata{
404		-	Classifier: "java-binary-openjdk",
405		-	VirtualPath: "java",
406		-	},
	372	+	Locations: locations("java"),
	373	+	Metadata: metadata("java-binary-openjdk", "java"),
407	374		},
408	375		},
409	376		{
		skipped 4 lines
414	381		Version: "19.0.1+10-21",
415	382		Type: "binary",
416	383		PURL: "pkg:generic/[email protected]+10-21",
417		-	Locations: singleLocation("java"),
418		-	Metadata: pkg.BinaryMetadata{
419		-	Classifier: "java-binary-oracle",
420		-	VirtualPath: "java",
421		-	},
	384	+	Locations: locations("java"),
	385	+	Metadata: metadata("java-binary-oracle", "java"),
422	386		},
423	387		},
424	388		{
		skipped 4 lines
429	393		Version: "19.0.1+10-21",
430	394		Type: "binary",
431	395		PURL: "pkg:generic/[email protected]+10-21",
432		-	Locations: singleLocation("java"),
433		-	Metadata: pkg.BinaryMetadata{
434		-	Classifier: "java-binary-oracle",
435		-	VirtualPath: "java",
436		-	},
	396	+	Locations: locations("java"),
	397	+	Metadata: metadata("java-binary-oracle", "java"),
437	398		},
438	399		},
439	400		{
		skipped 4 lines
444	405		Version: "1.8.0-foreman_2022_09_22_15_30-b00",
445	406		Type: "binary",
446	407		PURL: "pkg:generic/[email protected]_2022_09_22_15_30-b00",
447		-	Locations: singleLocation("java"),
448		-	Metadata: pkg.BinaryMetadata{
449		-	Classifier: "java-binary-ibm",
450		-	VirtualPath: "java",
451		-	},
	408	+	Locations: locations("java"),
	409	+	Metadata: metadata("java-binary-ibm", "java"),
452	410		},
453	411		},
454	412		}
		skipped 11 lines
466	424		packages, _, err := c.Catalog(resolver)
467	425		require.NoError(t, err)
468	426
469		-	ok := false
470	427		for _, p := range packages {
471		-	if test.expected.Locations.ToSlice()[0].RealPath == p.Locations.ToSlice()[0].RealPath {
472		-	ok = true
473		-	assertPackagesAreEqual(t, test.expected, p)
	428	+	expectedLocations := test.expected.Locations.ToSlice()
	429	+	gotLocations := p.Locations.ToSlice()
	430	+	require.Len(t, gotLocations, len(expectedLocations))
	431	+
	432	+	for i, expectedLocation := range expectedLocations {
	433	+	gotLocation := gotLocations[i]
	434	+	if expectedLocation.RealPath != gotLocation.RealPath {
	435	+	t.Fatalf("locations do not match; expected: %v got: %v", expectedLocations, gotLocations)
	436	+	}
474	437		}
475		-	}
476	438
477		-	if !ok {
478		-	t.Fatalf("could not find test location=%q", test.expected.Locations.ToSlice()[0].RealPath)
	439	+	assertPackagesAreEqual(t, test.expected, p)
479	440		}
480		-
481	441		})
482	442		}
483	443		}
		skipped 10 lines
494	454		expected: pkg.Package{
495	455		Name: "busybox",
496	456		Version: "1.35.0",
497		-	Locations: singleLocation("/bin/["),
498		-	Metadata: pkg.BinaryMetadata{
499		-	Classifier: "busybox-binary",
500		-	VirtualPath: "/bin/busybox",
501		-	},
	457	+	Locations: locations("/bin/["),
	458	+	Metadata: metadata("busybox-binary", "/bin/[", "/bin/busybox"),
502	459		},
503	460		},
504	461		}
		skipped 12 lines
517	474		packages, _, err := c.Catalog(resolver)
518	475		require.NoError(t, err)
519	476
520		-	ok := false
521	477		for _, p := range packages {
522		-	if test.expected.Locations.ToSlice()[0].RealPath == p.Locations.ToSlice()[0].RealPath {
523		-	ok = true
524		-	assertPackagesAreEqual(t, test.expected, p)
	478	+	expectedLocations := test.expected.Locations.ToSlice()
	479	+	gotLocations := p.Locations.ToSlice()
	480	+	require.Len(t, gotLocations, len(expectedLocations))
	481	+
	482	+	for i, expectedLocation := range expectedLocations {
	483	+	gotLocation := gotLocations[i]
	484	+	if expectedLocation.RealPath != gotLocation.RealPath {
	485	+	t.Fatalf("locations do not match; expected: %v got: %v", expectedLocations, gotLocations)
	486	+	}
525	487		}
526		-	}
527	488
528		-	if !ok {
529		-	t.Fatalf("could not find test location=%q", test.expected.Locations.ToSlice()[0].RealPath)
	489	+	assertPackagesAreEqual(t, test.expected, p)
530	490		}
531		-
532	491		})
533	492		}
534	493		}
		skipped 12 lines
547	506		assert.Equal(t, 0, len(actualResults))
548	507		}
549	508
550		-	func singleLocation(s string) source.LocationSet {
551		-	return source.NewLocationSet(source.NewLocation(s))
	509	+	func locations(locations ...string) source.LocationSet {
	510	+	var locs []source.Location
	511	+	for _, s := range locations {
	512	+	locs = append(locs, source.NewLocation(s))
	513	+	}
	514	+	return source.NewLocationSet(locs...)
	515	+	}
	516	+
	517	+	// metadata paths are: realPath, virtualPath
	518	+	func metadata(classifier string, paths ...string) pkg.BinaryMetadata {
	519	+	return pkg.BinaryMetadata{
	520	+	Matches: []pkg.ClassifierMatch{
	521	+	match(classifier, paths...),
	522	+	},
	523	+	}
	524	+	}
	525	+
	526	+	// match paths are: realPath, virtualPath
	527	+	func match(classifier string, paths ...string) pkg.ClassifierMatch {
	528	+	realPath := ""
	529	+	if len(paths) > 0 {
	530	+	realPath = paths[0]
	531	+	}
	532	+	virtualPath := ""
	533	+	if len(paths) > 1 {
	534	+	virtualPath = paths[1]
	535	+	}
	536	+	return pkg.ClassifierMatch{
	537	+	Classifier: classifier,
	538	+	Location: source.Location{
	539	+	Coordinates: source.Coordinates{
	540	+	RealPath: realPath,
	541	+	},
	542	+	VirtualPath: virtualPath,
	543	+	},
	544	+	}
552	545		}
553	546
554	547		func assertPackagesAreEqual(t *testing.T, expected pkg.Package, p pkg.Package) {
555		-	meta1 := expected.Metadata.(pkg.BinaryMetadata)
556		-	meta2 := p.Metadata.(pkg.BinaryMetadata)
	548	+	m1 := expected.Metadata.(pkg.BinaryMetadata).Matches
	549	+	m2 := p.Metadata.(pkg.BinaryMetadata).Matches
	550	+	matches := true
	551	+	if len(m1) == len(m2) {
	552	+	for i, m1 := range m1 {
	553	+	m2 := m2[i]
	554	+	if m1.Classifier != m2.Classifier {
	555	+	matches = false
	556	+	break
	557	+	}
	558	+	if m1.Location.RealPath != "" && m1.Location.RealPath != m2.Location.RealPath {
	559	+	matches = false
	560	+	break
	561	+	}
	562	+	if m1.Location.VirtualPath != "" && m1.Location.VirtualPath != m2.Location.VirtualPath {
	563	+	matches = false
	564	+	break
	565	+	}
	566	+	}
	567	+	} else {
	568	+	matches = false
	569	+	}
557	570		if expected.Name != p.Name \|\|
558	571		expected.Version != p.Version \|\|
559	572		expected.PURL != p.PURL \|\|
560		-	meta1.Classifier != meta2.Classifier {
561		-	assert.Failf(t, "packages not equal", "%v != %v", expected, p)
	573	+	!matches {
	574	+	assert.Failf(t, "packages not equal", "%v != %v", stringifyPkg(expected), stringifyPkg(p))
562	575		}
	576	+	}
	577	+
	578	+	func stringifyPkg(p pkg.Package) string {
	579	+	matches := p.Metadata.(pkg.BinaryMetadata).Matches
	580	+	return fmt.Sprintf("(name=%s, version=%s, purl=%s, matches=%+v)", p.Name, p.Version, p.PURL, matches)
563	581		}
564	582
565	583		type panicyResolver struct {
		skipped 20 lines
586	604		return nil, errors.New("not implemented")
587	605		}
588	606
589		-	func (p *panicyResolver) HasPath(s string) bool {
	607	+	func (p *panicyResolver) HasPath(_ string) bool {
590	608		return true
591	609		}
592	610
		skipped 36 lines

■ ■ ■ ■ ■ ■

syft/pkg/cataloger/binary/classifier.go

		skipped 130 lines
131	131		FoundBy: catalogerName,
132	132		MetadataType: pkg.BinaryMetadataType,
133	133		Metadata: pkg.BinaryMetadata{
134		-	Classifier: classifier.Class,
135		-	RealPath: reader.RealPath,
136		-	VirtualPath: reader.VirtualPath,
	134	+	Matches: []pkg.ClassifierMatch{
	135	+	{
	136	+	Classifier: classifier.Class,
	137	+	Location: reader.Location,
	138	+	},
	139	+	},
137	140		},
138	141		}
139	142
		skipped 41 lines

■ ■ ■ ■ ■ ■

syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/.gitignore

1 - !libpython3.7.so
2 - !libphp.so
1 + !*.so
2 + !VERSION

All occurrences
syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/[ syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/busybox-3.33.3/[

Content is identical
syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/busybox syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/busybox-3.33.3/busybox

Content is identical
syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/go syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/go-1.14/go

Binary file.
syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/VERSION syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/go-hint-1.15/VERSION

Content is identical
syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/node syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/node-19.2.1/node

Content is identical
syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/python3.6 syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/python-binary-3.6/python3.6

Content is identical
syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/libpython3.7.so syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/python-binary-lib-3.7/libpython3.7.so

Content is identical
■ ■ ■ ■ ■ ■

syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/python-duplicates/dir/python3.8

1 + 3.8.16
2 +

All occurrences
■ ■ ■ ■ ■ ■

syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/python-duplicates/libpython3.8.so

1 + 3.8.16
2 +

All occurrences
■ ■ ■ ■ ■ ■

syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/python-duplicates/patchlevel.h

1 + #define PY_VERSION 3.8.16
2 +

All occurrences
■ ■ ■ ■ ■ ■

syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/python-duplicates/python3.8

1 + 3.8.16
2 +

All occurrences
syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/patchlevel.h syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/python-source-3.9/patchlevel.h

Content is identical

■ ■ ■ ■ ■ ■

syft/source/location.go

		skipped 12 lines
13	13		Coordinates `cyclonedx:""` // Empty string here means there is no intermediate property name, e.g. syft:locations:0:path without "coordinates"
14	14		// note: it is IMPORTANT to ignore anything but the coordinates for a Location when considering the ID (hash value)
15	15		// since the coordinates are the minimally correct ID for a location (symlinks should not come into play)
16		-	VirtualPath string `hash:"ignore"` // The path to the file which may or may not have hardlinks / symlinks
17		-	ref file.Reference `hash:"ignore"` // The file reference relative to the stereoscope.FileCatalog that has more information about this location.
	16	+	VirtualPath string `hash:"ignore" json:"virtualPath,omitempty"` // The path to the file which may or may not have hardlinks / symlinks
	17	+	ref file.Reference `hash:"ignore"` // The file reference relative to the stereoscope.FileCatalog that has more information about this location.
18	18		}
19	19
20	20		// NewLocation creates a new Location representing a path without denoting a filesystem or FileCatalog reference.
		skipped 93 lines

		skipped 212 lines
213	213		s,
214	214		*updateJson,
215	215		true,
	216	+	schemaVersionRedactor,
216	217		)
217	218		}
218	219

1		-	!libpython3.7.so
2		-	!libphp.so
	1	+	!*.so
	2	+	!VERSION

	1	+	3.8.16
	2	+

	1	+	3.8.16
	2	+

	1	+	#define PY_VERSION 3.8.16
	2	+

fix: merging of binary packages (#1583)