crash.software
Projects
Pull Requests
Issues
Builds
syft
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY syft Commits f7702a95
🤬

  • fix: correct apk purls for other distros

    The apk purl spec allows for vendor-specific namespace.  I noticed
in the embedded SBOMs from wolfi that the purls are of the form
`pkg:apk/wolfi/[email protected]?arch=x86`, but the current logic in
syft actually prevents purl generation entirely if the distro isn't
alpine, so this corrects that behaviour.

Signed-off-by: Weston Steimel <[email protected]>
  • Loading...
  • Weston Steimel committed 1 year ago
    f7702a95
    1 parent 3a78371f
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■
    syft/pkg/cataloger/apkdb/package.go
    skipped 27 lines
    28 28   
    29 29  // packageURL returns the PURL for the specific Alpine package (see https://github.com/package-url/purl-spec)
    30 30  func packageURL(m pkg.ApkMetadata, distro *linux.Release) string {
    31  - if distro == nil || distro.ID != "alpine" {
    32  - // note: there is no namespace variation (like with debian ID_LIKE for ubuntu ID, for example)
     31 + if distro == nil {
    33 32   return ""
    34 33   }
    35 34   
    skipped 8 lines
    44 43   
    45 44   return packageurl.NewPackageURL(
    46 45   packageurl.TypeAlpine,
    47  - "alpine",
     46 + strings.ToLower(distro.ID),
    48 47   m.Package,
    49 48   m.Version,
    50 49   pkg.PURLQualifiers(
    skipped 7 lines
  • ■ ■ ■ ■ ■
    syft/pkg/cataloger/apkdb/package_test.go
    skipped 19 lines
    20 20   expected string
    21 21   }{
    22 22   {
    23  - name: "bad distro",
     23 + name: "non-alpine distro",
    24 24   metadata: pkg.ApkMetadata{
    25 25   Package: "p",
    26 26   Version: "v",
    skipped 3 lines
    30 30   ID: "something else",
    31 31   VersionID: "3.4.6",
    32 32   },
    33  - expected: "",
     33 + expected: "pkg:apk/something%20else/p@v?arch=a&distro=something%20else-3.4.6",
    34 34   },
    35 35   {
    36 36   name: "gocase",
    skipped 198 lines
    235 235   VersionID: "3.4.6",
    236 236   },
    237 237   expected: "pkg:apk/alpine/[email protected]?arch=a&upstream=abc101-a12345&distro=alpine-3.4.6",
     238 + },
     239 + {
     240 + name: "wolfi distro",
     241 + metadata: pkg.ApkMetadata{
     242 + Package: "p",
     243 + Version: "v",
     244 + Architecture: "a",
     245 + },
     246 + distro: linux.Release{
     247 + ID: "wolfi",
     248 + VersionID: "20221230",
     249 + },
     250 + expected: "pkg:apk/wolfi/p@v?arch=a&distro=wolfi-20221230",
    238 251   },
    239 252   }
    240 253   
    skipped 77 lines
Please wait...
Page is in error, reload to recover