Skip to content

Commit

Permalink
Bump Syft in Grype to pull in unmarshaling fix (#1703)
Browse files Browse the repository at this point in the history 
* WIP: package builds but tests do not

Signed-off-by: Will Murphy <[email protected]>

* WIP: some unit tests compile

Signed-off-by: Will Murphy <[email protected]>

* WIP: unit tests compile but do not pass

Signed-off-by: Will Murphy <[email protected]>

* Units passing with some changes to syft

Signed-off-by: Will Murphy <[email protected]>

* fix: excludes plus bad sbom should not suppress error

Signed-off-by: Will Murphy <[email protected]>

* add conan entry v2 package test

Signed-off-by: Will Murphy <[email protected]>

* bump syft again

Signed-off-by: Will Murphy <[email protected]>

* chore: fix compiler error in integration tests

Signed-off-by: Will Murphy <[email protected]>

* chore: remove erlang OTP from package types that must be seen in test image

Signed-off-by: Will Murphy <[email protected]>

* bump syft version used

Signed-off-by: Alex Goodman <[email protected]>

---------

Signed-off-by: Will Murphy <[email protected]>
Signed-off-by: Alex Goodman <[email protected]>
Co-authored-by: Alex Goodman <[email protected]>
  • Loading branch information
@willmurphyscode @wagoodman
willmurphyscode and wagoodman authored Feb 7, 2024
1 parent 68b2796 commit 396cc0a
Show file tree
Hide file tree
Showing 27 changed files with 268 additions and 203 deletions.
14 changes: 7 additions & 7 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,13 @@ require (
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
github.com/adrg/xdg v0.4.0
github.com/anchore/bubbly v0.0.0-20231115134915-def0aba654a9
github.com/anchore/clio v0.0.0-20231016125544-c98a83e1c7fc
github.com/anchore/clio v0.0.0-20240131202212-9eba61247448
github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a
github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04
github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4
github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501
github.com/anchore/stereoscope v0.0.1
github.com/anchore/syft v0.103.1
github.com/anchore/packageurl-go v0.1.1-0.20240202171727-877e1747d426
github.com/anchore/stereoscope v0.0.2-0.20240202153536-bfa15e446f06
github.com/anchore/syft v0.103.2-0.20240207163149-da31eed6374d
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
github.com/bmatcuk/doublestar/v2 v2.0.4
github.com/charmbracelet/bubbletea v0.25.0
Expand Down Expand Up @@ -89,7 +89,7 @@ require (
github.com/becheran/wildmatch-go v1.0.0 // indirect
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect
github.com/charmbracelet/bubbles v0.17.1 // indirect
github.com/charmbracelet/bubbles v0.18.0 // indirect
github.com/charmbracelet/harmonica v0.2.0 // indirect
github.com/cloudflare/circl v1.3.7 // indirect
github.com/containerd/cgroups v1.1.0 // indirect
Expand Down Expand Up @@ -194,7 +194,7 @@ require (
github.com/pkg/profile v1.7.0 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
github.com/rivo/uniseg v0.2.0 // indirect
github.com/rivo/uniseg v0.4.6 // indirect
github.com/rogpeppe/go-internal v1.12.0 // indirect
github.com/saferwall/pe v1.4.8 // indirect
github.com/sagikazarmark/locafero v0.3.0 // indirect
Expand Down Expand Up @@ -234,7 +234,7 @@ require (
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/multierr v1.9.0 // indirect
golang.org/x/crypto v0.18.0 // indirect
golang.org/x/mod v0.14.0 // indirect
golang.org/x/mod v0.15.0 // indirect
golang.org/x/net v0.20.0 // indirect
golang.org/x/oauth2 v0.15.0 // indirect
golang.org/x/sync v0.5.0 // indirect
Expand Down
27 changes: 14 additions & 13 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -235,8 +235,8 @@ github.com/anchore/archiver/v3 v3.5.2 h1:Bjemm2NzuRhmHy3m0lRe5tNoClB9A4zYyDV58Pa
github.com/anchore/archiver/v3 v3.5.2/go.mod h1:e3dqJ7H78uzsRSEACH1joayhuSyhnonssnDhppzS1L4=
github.com/anchore/bubbly v0.0.0-20231115134915-def0aba654a9 h1:p0ZIe0htYOX284Y4axJaGBvXHU0VCCzLN5Wf5XbKStU=
github.com/anchore/bubbly v0.0.0-20231115134915-def0aba654a9/go.mod h1:3ZsFB9tzW3vl4gEiUeuSOMDnwroWxIxJelOOHUp8dSw=
github.com/anchore/clio v0.0.0-20231016125544-c98a83e1c7fc h1:A1KFO+zZZmbNlz1+WKsCF0RKVx6XRoxsAG3lrqH9hUQ=
github.com/anchore/clio v0.0.0-20231016125544-c98a83e1c7fc/go.mod h1:QeWvNzxsrUNxcs6haQo3OtISfXUXW0qAuiG4EQiz0GU=
github.com/anchore/clio v0.0.0-20240131202212-9eba61247448 h1:ZgecmkxhH5im+9jPs7Ra1Thmv/p4IBDsoCFD6W8pENg=
github.com/anchore/clio v0.0.0-20240131202212-9eba61247448/go.mod h1:t5Mld8naKcG8RTPjW/2n7bfyBKFl1A6PvtXw+v64gK0=
github.com/anchore/fangs v0.0.0-20231201140849-5075d28d6d8b h1:L/djgY7ZbZ/38+wUtdkk398W3PIBJLkt1N8nU/7e47A=
github.com/anchore/fangs v0.0.0-20231201140849-5075d28d6d8b/go.mod h1:TLcE0RE5+8oIx2/NPWem/dq1DeaMoC+fPEH7hoSzPLo=
github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a h1:nJ2G8zWKASyVClGVgG7sfM5mwoZlZ2zYpIzN2OhjWkw=
Expand All @@ -249,12 +249,12 @@ github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 h1:VzprUTpc0v
github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04/go.mod h1:6dK64g27Qi1qGQZ67gFmBFvEHScy0/C8qhQhNe5B5pQ=
github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4 h1:rmZG77uXgE+o2gozGEBoUMpX27lsku+xrMwlmBZJtbg=
github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501 h1:AV7qjwMcM4r8wFhJq3jLRztew3ywIyPTRapl2T1s9o8=
github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
github.com/anchore/stereoscope v0.0.1 h1:OxF7PaxMltnAxjLnDMyka+SKRIQar/bBkDdavsnjyxM=
github.com/anchore/stereoscope v0.0.1/go.mod h1:IylG7ofLoUKHwS1XDF6rPhOmaE3GgpAgsMdvvYfooTU=
github.com/anchore/syft v0.103.1 h1:E5VJoNeFDh8AOetPkT8h5tyl8GmCRV8aeA1XZlwxS4U=
github.com/anchore/syft v0.103.1/go.mod h1:Ph25SA9kx4nJS8XlgTmI4/FvPCX7PbRyA5LBdlcH1zQ=
github.com/anchore/packageurl-go v0.1.1-0.20240202171727-877e1747d426 h1:agoiZchSf1Nnnos1azwIg5hk5Ao9TzZNBD9++AChGEg=
github.com/anchore/packageurl-go v0.1.1-0.20240202171727-877e1747d426/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
github.com/anchore/stereoscope v0.0.2-0.20240202153536-bfa15e446f06 h1:3NAS33Bqrw87wckTff6/yXYDL1h3Wm6OiqaR1kcvW10=
github.com/anchore/stereoscope v0.0.2-0.20240202153536-bfa15e446f06/go.mod h1:uydT2ful8TY7Hr1WH1V1ZecSq/2TqXpAsGkMiy7lxD0=
github.com/anchore/syft v0.103.2-0.20240207163149-da31eed6374d h1:YivlSmLJgnOdxAhKitf5sjYIsPrBFUn5nbAtYuanv7o=
github.com/anchore/syft v0.103.2-0.20240207163149-da31eed6374d/go.mod h1:Sp1juSmwcyo1fg1r7YE8TYLgRG+mcA0IKDeJcrGF8Dk=
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY=
Expand Down Expand Up @@ -304,8 +304,8 @@ github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/charmbracelet/bubbles v0.17.1 h1:0SIyjOnkrsfDo88YvPgAWvZMwXe26TP6drRvmkjyUu4=
github.com/charmbracelet/bubbles v0.17.1/go.mod h1:9HxZWlkCqz2PRwsCbYl7a3KXvGzFaDHpYbSYMJ+nE3o=
github.com/charmbracelet/bubbles v0.18.0 h1:PYv1A036luoBGroX6VWjQIE9Syf2Wby2oOl/39KLfy0=
github.com/charmbracelet/bubbles v0.18.0/go.mod h1:08qhZhtIwzgrtBjAcJnij1t1H0ZRjwHyGsy6AL11PSw=
github.com/charmbracelet/bubbletea v0.25.0 h1:bAfwk7jRz7FKFl9RzlIULPkStffg5k6pNt5dywy4TcM=
github.com/charmbracelet/bubbletea v0.25.0/go.mod h1:EN3QDR1T5ZdWmdfDzYcqOCAps45+QIJbLOBxmVNWNNg=
github.com/charmbracelet/harmonica v0.2.0 h1:8NxJWRWg/bzKqqEaaeFNipOu77YR5t8aSwG4pgaUBiQ=
Expand Down Expand Up @@ -866,8 +866,9 @@ github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0ua
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.6 h1:Sovz9sDSwbOz9tgUy8JpT+KgCkPYJEN/oYzlJiYTNLg=
github.com/rivo/uniseg v0.4.6/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
Expand Down Expand Up @@ -1115,8 +1116,8 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8=
golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
Expand Down
6 changes: 3 additions & 3 deletions grype/cpe/cpe.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import (
func NewSlice(cpeStrs ...string) ([]cpe.CPE, error) {
var cpes []cpe.CPE
for _, c := range cpeStrs {
value, err := cpe.New(c)
value, err := cpe.New(c, "")
if err != nil {
log.Warnf("excluding invalid CPE %q: %v", c, err)
continue
Expand All @@ -23,9 +23,9 @@ func NewSlice(cpeStrs ...string) ([]cpe.CPE, error) {

func MatchWithoutVersion(c cpe.CPE, candidates []cpe.CPE) []cpe.CPE {
matches := make([]cpe.CPE, 0)
a := wfn.Attributes(c)
a := wfn.Attributes(c.Attributes)
for _, candidate := range candidates {
canCopy := wfn.Attributes(candidate)
canCopy := wfn.Attributes(candidate.Attributes)
if a.MatchWithoutVersion(&canCopy) {
matches = append(matches, candidate)
}
Expand Down
96 changes: 48 additions & 48 deletions grype/cpe/cpe_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,88 +17,88 @@ func TestMatchWithoutVersion(t *testing.T) {
}{
{
name: "GoCase",
compare: cpe.Must("cpe:2.3:*:python-requests:requests:2.3.0:*:*:*:*:python:*:*"),
compare: cpe.Must("cpe:2.3:*:python-requests:requests:2.3.0:*:*:*:*:python:*:*", ""),
candidates: []cpe.CPE{
cpe.Must("cpe:2.3:a:python-requests:requests:2.2.1:*:*:*:*:*:*:*"),
cpe.Must("cpe:2.3:a:python-requests:requests:2.2.1:*:*:*:*:*:*:*", ""),
},
expected: []cpe.CPE{
cpe.Must("cpe:2.3:a:python-requests:requests:2.2.1:*:*:*:*:*:*:*"),
cpe.Must("cpe:2.3:a:python-requests:requests:2.2.1:*:*:*:*:*:*:*", ""),
},
},
{
name: "IgnoreVersion",
compare: cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:java:*:*"),
compare: cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:java:*:*", ""),
candidates: []cpe.CPE{
cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name:name:3.3:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name:name:5.5:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name:name:3.3:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name:name:5.5:*:*:*:*:java:*:*", ""),
},
expected: []cpe.CPE{
cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name:name:3.3:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name:name:5.5:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name:name:3.3:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name:name:5.5:*:*:*:*:java:*:*", ""),
},
},
{
name: "MatchByTargetSW",
compare: cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:java:*:*"),
compare: cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:java:*:*", ""),
candidates: []cpe.CPE{
cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:maven:*:*"),
cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:jenkins:*:*"),
cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:cloudbees_jenkins:*:*"),
cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:*:*:*"),
cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:maven:*:*", ""),
cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:jenkins:*:*", ""),
cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:cloudbees_jenkins:*:*", ""),
cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:*:*:*", ""),
},
expected: []cpe.CPE{
cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:*:*:*"),
cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name:name:3.2:*:*:*:*:*:*:*", ""),
},
},
{
name: "MatchByName",
compare: cpe.Must("cpe:2.3:*:name:name5:3.2:*:*:*:*:java:*:*"),
compare: cpe.Must("cpe:2.3:*:name:name5:3.2:*:*:*:*:java:*:*", ""),
candidates: []cpe.CPE{
cpe.Must("cpe:2.3:*:name:name1:3.2:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name:name2:3.2:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name:name3:3.2:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name:name4:3.2:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name:name5:3.2:*:*:*:*:*:*:*"),
cpe.Must("cpe:2.3:*:name:name1:3.2:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name:name2:3.2:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name:name3:3.2:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name:name4:3.2:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name:name5:3.2:*:*:*:*:*:*:*", ""),
},
expected: []cpe.CPE{
cpe.Must("cpe:2.3:*:name:name5:3.2:*:*:*:*:*:*:*"),
cpe.Must("cpe:2.3:*:name:name5:3.2:*:*:*:*:*:*:*", ""),
},
},
{
name: "MatchByVendor",
compare: cpe.Must("cpe:2.3:*:name3:name:3.2:*:*:*:*:java:*:*"),
compare: cpe.Must("cpe:2.3:*:name3:name:3.2:*:*:*:*:java:*:*", ""),
candidates: []cpe.CPE{
cpe.Must("cpe:2.3:*:name1:name:3.2:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name3:name:3.2:*:*:*:*:jaba-no-bother:*:*"),
cpe.Must("cpe:2.3:*:name3:name:3.2:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name4:name:3.2:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name5:name:3.2:*:*:*:*:*:*:*"),
cpe.Must("cpe:2.3:*:name1:name:3.2:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name3:name:3.2:*:*:*:*:jaba-no-bother:*:*", ""),
cpe.Must("cpe:2.3:*:name3:name:3.2:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name4:name:3.2:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name5:name:3.2:*:*:*:*:*:*:*", ""),
},
expected: []cpe.CPE{
cpe.Must("cpe:2.3:*:name3:name:3.2:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name3:name:3.2:*:*:*:*:java:*:*", ""),
},
},
{
name: "MatchAnyVendorOrTargetSW",
compare: cpe.Must("cpe:2.3:*:*:name:3.2:*:*:*:*:*:*:*"),
compare: cpe.Must("cpe:2.3:*:*:name:3.2:*:*:*:*:*:*:*", ""),
candidates: []cpe.CPE{
cpe.Must("cpe:2.3:*:name1:name:3.2:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name3:name:3.2:*:*:*:*:jaba-no-bother:*:*"),
cpe.Must("cpe:2.3:*:name3:name:3.2:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name4:name:3.2:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name5:name:3.2:*:*:*:*:*:*:*"),
cpe.Must("cpe:2.3:*:name5:NOMATCH:3.2:*:*:*:*:*:*:*"),
cpe.Must("cpe:2.3:*:name1:name:3.2:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name3:name:3.2:*:*:*:*:jaba-no-bother:*:*", ""),
cpe.Must("cpe:2.3:*:name3:name:3.2:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name4:name:3.2:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name5:name:3.2:*:*:*:*:*:*:*", ""),
cpe.Must("cpe:2.3:*:name5:NOMATCH:3.2:*:*:*:*:*:*:*", ""),
},
expected: []cpe.CPE{
cpe.Must("cpe:2.3:*:name1:name:3.2:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name3:name:3.2:*:*:*:*:jaba-no-bother:*:*"),
cpe.Must("cpe:2.3:*:name3:name:3.2:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name4:name:3.2:*:*:*:*:java:*:*"),
cpe.Must("cpe:2.3:*:name5:name:3.2:*:*:*:*:*:*:*"),
cpe.Must("cpe:2.3:*:name1:name:3.2:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name3:name:3.2:*:*:*:*:jaba-no-bother:*:*", ""),
cpe.Must("cpe:2.3:*:name3:name:3.2:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name4:name:3.2:*:*:*:*:java:*:*", ""),
cpe.Must("cpe:2.3:*:name5:name:3.2:*:*:*:*:*:*:*", ""),
},
},
}
Expand All @@ -109,17 +109,17 @@ func TestMatchWithoutVersion(t *testing.T) {

if len(actual) != len(test.expected) {
for _, e := range actual {
t.Errorf(" unexpected entry: %+v", e.BindToFmtString())
t.Errorf(" unexpected entry: %+v", e.Attributes.BindToFmtString())
}
t.Fatalf("unexpected number of entries: %d", len(actual))
}

for idx, a := range actual {
e := test.expected[idx]
if a.BindToFmtString() != e.BindToFmtString() {
if a.Attributes.BindToFmtString() != e.Attributes.BindToFmtString() {
dmp := diffmatchpatch.New()
diffs := dmp.DiffMain(a.BindToFmtString(), e.BindToFmtString(), true)
t.Errorf("mismatched entries @ %d:\n\texpected:%+v\n\t actual:%+v\n\t diff:%+v\n", idx, e.BindToFmtString(), a.BindToFmtString(), dmp.DiffPrettyText(diffs))
diffs := dmp.DiffMain(a.Attributes.BindToFmtString(), e.Attributes.BindToFmtString(), true)
t.Errorf("mismatched entries @ %d:\n\texpected:%+v\n\t actual:%+v\n\t diff:%+v\n", idx, e.Attributes.BindToFmtString(), a.Attributes.BindToFmtString(), dmp.DiffPrettyText(diffs))
}
}
})
Expand Down
10 changes: 5 additions & 5 deletions grype/db/vulnerability_provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,17 +141,17 @@ func (pr *VulnerabilityProvider) GetByCPE(requestCPE cpe.CPE) ([]vulnerability.V
return nil, nil
}

if requestCPE.Product == wfn.Any || requestCPE.Product == wfn.NA {
if requestCPE.Attributes.Product == wfn.Any || requestCPE.Attributes.Product == wfn.NA {
return nil, fmt.Errorf("product name is required")
}

for _, ns := range namespaces {
allPkgVulns, err := pr.reader.SearchForVulnerabilities(ns.String(), ns.Resolver().Normalize(requestCPE.Product))
allPkgVulns, err := pr.reader.SearchForVulnerabilities(ns.String(), ns.Resolver().Normalize(requestCPE.Attributes.Product))
if err != nil {
return nil, fmt.Errorf("provider failed to fetch namespace=%q product=%q: %w", ns, requestCPE.Product, err)
return nil, fmt.Errorf("provider failed to fetch namespace=%q product=%q: %w", ns, requestCPE.Attributes.Product, err)
}

normalizedRequestCPE, err := cpe.New(ns.Resolver().Normalize(requestCPE.BindToFmtString()))
normalizedRequestCPE, err := cpe.New(ns.Resolver().Normalize(requestCPE.Attributes.BindToFmtString()), requestCPE.Source)

if err != nil {
normalizedRequestCPE = requestCPE
Expand All @@ -169,7 +169,7 @@ func (pr *VulnerabilityProvider) GetByCPE(requestCPE cpe.CPE) ([]vulnerability.V
if len(candidateMatchCpes) > 0 {
vulnObj, err := vulnerability.NewVulnerability(vuln)
if err != nil {
return nil, fmt.Errorf("provider failed to inflate vulnerability record (namespace=%q id=%q cpe=%q): %w", vuln.Namespace, vuln.ID, requestCPE.BindToFmtString(), err)
return nil, fmt.Errorf("provider failed to inflate vulnerability record (namespace=%q id=%q cpe=%q): %w", vuln.Namespace, vuln.ID, requestCPE.Attributes.BindToFmtString(), err)
}

vulnObj.CPEs = candidateMatchCpes
Expand Down
Loading

0 comments on commit 396cc0a

Please sign in to comment.