diff --git a/schema/json/generate.go b/schema/json/generate.go index ad87d148ce1..5bcc8710e6a 100644 --- a/schema/json/generate.go +++ b/schema/json/generate.go @@ -37,7 +37,7 @@ type artifactMetadataContainer struct { Python pkg.PythonPackageMetadata Rpm pkg.RpmMetadata Cargo pkg.CargoPackageMetadata - Go pkg.GolangBinMetadata + Go pkg.GolangMetadata Php pkg.PhpComposerJSONMetadata Dart pkg.DartPubMetadata Dotnet pkg.DotnetDepsMetadata diff --git a/syft/formats/common/cyclonedxhelpers/component_test.go b/syft/formats/common/cyclonedxhelpers/component_test.go index f963d0bb283..04b5040e29c 100644 --- a/syft/formats/common/cyclonedxhelpers/component_test.go +++ b/syft/formats/common/cyclonedxhelpers/component_test.go @@ -90,8 +90,8 @@ func Test_encodeComponentProperties(t *testing.T) { Version: "v0.0.0-20211006190231-62292e806868", Language: pkg.Go, Type: pkg.GoModulePkg, - MetadataType: pkg.GolangBinMetadataType, - Metadata: pkg.GolangBinMetadata{ + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{ GoCompiledVersion: "1.17", Architecture: "amd64", H1Digest: "h1:KlOXYy8wQWTUJYFgkUI40Lzr06ofg5IRXUK5C7qZt1k=", @@ -99,7 +99,7 @@ func Test_encodeComponentProperties(t *testing.T) { }, expected: &[]cyclonedx.Property{ {Name: "syft:package:language", Value: pkg.Go.String()}, - {Name: "syft:package:metadataType", Value: "GolangBinMetadata"}, + {Name: "syft:package:metadataType", Value: "GolangMetadata"}, {Name: "syft:package:type", Value: "go-module"}, {Name: "syft:metadata:architecture", Value: "amd64"}, {Name: "syft:metadata:goCompiledVersion", Value: "1.17"}, diff --git a/syft/formats/common/spdxhelpers/to_format_model.go b/syft/formats/common/spdxhelpers/to_format_model.go index ed9c3220b14..798bd1a278c 100644 --- a/syft/formats/common/spdxhelpers/to_format_model.go +++ b/syft/formats/common/spdxhelpers/to_format_model.go @@ -313,7 +313,7 @@ func toPackageChecksums(p pkg.Package) ([]common.Checksum, bool) { }) } } - case pkg.GolangBinMetadata: + case pkg.GolangMetadata: // because the H1 digest is found in the Golang metadata we cannot claim that the files were analyzed algo, hexStr, err := util.HDigestToSHA(meta.H1Digest) if err != nil { diff --git a/syft/formats/common/spdxhelpers/to_format_model_test.go b/syft/formats/common/spdxhelpers/to_format_model_test.go index f3f90d7c65f..bd579f52ecc 100644 --- a/syft/formats/common/spdxhelpers/to_format_model_test.go +++ b/syft/formats/common/spdxhelpers/to_format_model_test.go @@ -76,8 +76,8 @@ func Test_toPackageChecksums(t *testing.T) { Name: "test", Version: "1.0.0", Language: pkg.Go, - MetadataType: pkg.GolangBinMetadataType, - Metadata: pkg.GolangBinMetadata{ + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{ H1Digest: "h1:9fHAtK0uDfpveeqqo1hkEZJcFvYXAiCN3UutL8F9xHw=", }, }, @@ -381,8 +381,8 @@ func Test_H1Digest(t *testing.T) { pkg: pkg.Package{ Name: "github.com/googleapis/gnostic", Version: "v0.5.5", - MetadataType: pkg.GolangBinMetadataType, - Metadata: pkg.GolangBinMetadata{ + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{ H1Digest: "h1:9fHAtK0uDfpveeqqo1hkEZJcFvYXAiCN3UutL8F9xHw=", }, }, @@ -393,8 +393,8 @@ func Test_H1Digest(t *testing.T) { pkg: pkg.Package{ Name: "github.com/googleapis/gnostic", Version: "v0.5.5", - MetadataType: pkg.GolangBinMetadataType, - Metadata: pkg.GolangBinMetadata{ + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{ H1Digest: "h1:9fHAtK0uzzz", }, }, @@ -405,8 +405,8 @@ func Test_H1Digest(t *testing.T) { pkg: pkg.Package{ Name: "github.com/googleapis/gnostic", Version: "v0.5.5", - MetadataType: pkg.GolangBinMetadataType, - Metadata: pkg.GolangBinMetadata{ + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{ H1Digest: "h12:9fHAtK0uDfpveeqqo1hkEZJcFvYXAiCN3UutL8F9xHw=", }, }, diff --git a/syft/formats/common/spdxhelpers/to_syft_model.go b/syft/formats/common/spdxhelpers/to_syft_model.go index 1ff29288f80..c8b88c5db48 100644 --- a/syft/formats/common/spdxhelpers/to_syft_model.go +++ b/syft/formats/common/spdxhelpers/to_syft_model.go @@ -365,7 +365,7 @@ func extractMetadata(p *spdx.Package, info pkgInfo) (pkg.MetadataType, interface h1Digest = digest break } - return pkg.GolangBinMetadataType, pkg.GolangBinMetadata{ + return pkg.GolangMetadataType, pkg.GolangMetadata{ H1Digest: h1Digest, } } diff --git a/syft/formats/common/spdxhelpers/to_syft_model_test.go b/syft/formats/common/spdxhelpers/to_syft_model_test.go index 3f0b4861c35..f045790d830 100644 --- a/syft/formats/common/spdxhelpers/to_syft_model_test.go +++ b/syft/formats/common/spdxhelpers/to_syft_model_test.go @@ -302,8 +302,8 @@ func TestH1Digest(t *testing.T) { for _, test := range tests { t.Run(test.name, func(t *testing.T) { p := toSyftPackage(&test.pkg) - require.Equal(t, pkg.GolangBinMetadataType, p.MetadataType) - meta := p.Metadata.(pkg.GolangBinMetadata) + require.Equal(t, pkg.GolangMetadataType, p.MetadataType) + meta := p.Metadata.(pkg.GolangMetadata) require.Equal(t, test.expectedDigest, meta.H1Digest) }) } diff --git a/syft/formats/syftjson/model/package_test.go b/syft/formats/syftjson/model/package_test.go index 34677b20bf2..d8bb007d987 100644 --- a/syft/formats/syftjson/model/package_test.go +++ b/syft/formats/syftjson/model/package_test.go @@ -34,7 +34,7 @@ func TestUnmarshalPackageGolang(t *testing.T) { "language": "go", "cpes": [], "purl": "pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0", - "metadataType": "GolangBinMetadata", + "metadataType": "GolangMetadata", "metadata": { "goCompiledVersion": "go1.18", "architecture": "amd64", @@ -43,7 +43,7 @@ func TestUnmarshalPackageGolang(t *testing.T) { }`), assert: func(p *Package) { assert.NotNil(t, p.Metadata) - golangMetadata := p.Metadata.(pkg.GolangBinMetadata) + golangMetadata := p.Metadata.(pkg.GolangMetadata) assert.NotEmpty(t, golangMetadata) assert.Equal(t, "go1.18", golangMetadata.GoCompiledVersion) }, @@ -93,7 +93,7 @@ func Test_unpackMetadata(t *testing.T) { }{ { name: "unmarshal package metadata", - metadataType: pkg.GolangBinMetadataType, + metadataType: pkg.GolangMetadataType, packageData: []byte(`{ "id": "8b594519bc23da50", "name": "gopkg.in/square/go-jose.v2", @@ -109,7 +109,7 @@ func Test_unpackMetadata(t *testing.T) { "language": "go", "cpes": [], "purl": "pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0", - "metadataType": "GolangBinMetadata", + "metadataType": "GolangMetadata", "metadata": { "goCompiledVersion": "go1.18", "architecture": "amd64", @@ -214,11 +214,19 @@ func Test_unpackMetadata(t *testing.T) { }, { name: "can handle package with metadata type but missing metadata", + packageData: []byte(`{ + "metadataType": "GolangMetadata" + }`), + metadataType: pkg.GolangMetadataType, + wantMetadata: pkg.GolangMetadata{}, + }, + { + name: "can handle package with golang bin metadata type", packageData: []byte(`{ "metadataType": "GolangBinMetadata" }`), - metadataType: pkg.GolangBinMetadataType, - wantMetadata: pkg.GolangBinMetadata{}, + metadataType: pkg.GolangMetadataType, + wantMetadata: pkg.GolangMetadata{}, }, { name: "can handle package with unknonwn metadata type and missing metadata", diff --git a/syft/pkg/cataloger/golang/package.go b/syft/pkg/cataloger/golang/package.go index 93f762a5d9a..8a6a951a880 100644 --- a/syft/pkg/cataloger/golang/package.go +++ b/syft/pkg/cataloger/golang/package.go @@ -22,8 +22,8 @@ func newGoBinaryPackage(dep *debug.Module, mainModule, goVersion, architecture s Language: pkg.Go, Type: pkg.GoModulePkg, Locations: source.NewLocationSet(locations...), - MetadataType: pkg.GolangBinMetadataType, - Metadata: pkg.GolangBinMetadata{ + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{ GoCompiledVersion: goVersion, H1Digest: dep.Sum, Architecture: architecture, diff --git a/syft/pkg/cataloger/golang/parse_go_binary_test.go b/syft/pkg/cataloger/golang/parse_go_binary_test.go index acfd435c59a..fba7fe7fd61 100644 --- a/syft/pkg/cataloger/golang/parse_go_binary_test.go +++ b/syft/pkg/cataloger/golang/parse_go_binary_test.go @@ -143,8 +143,8 @@ func TestBuildGoPkgInfo(t *testing.T) { }, }, ), - MetadataType: pkg.GolangBinMetadataType, - Metadata: pkg.GolangBinMetadata{ + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{ GoCompiledVersion: goCompiledVersion, Architecture: archDetails, BuildSettings: defaultBuildSettings, @@ -190,8 +190,8 @@ func TestBuildGoPkgInfo(t *testing.T) { }, }, ), - MetadataType: pkg.GolangBinMetadataType, - Metadata: pkg.GolangBinMetadata{}, + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{}, }, }, }, @@ -233,8 +233,8 @@ func TestBuildGoPkgInfo(t *testing.T) { }, }, ), - MetadataType: pkg.GolangBinMetadataType, - Metadata: pkg.GolangBinMetadata{ + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{ GoCompiledVersion: goCompiledVersion, Architecture: archDetails, H1Digest: "h1:VSVdnH7cQ7V+B33qSJHTCRlNgra1607Q8PzEmnvb2Ic=", @@ -285,8 +285,8 @@ func TestBuildGoPkgInfo(t *testing.T) { }, }, ), - MetadataType: pkg.GolangBinMetadataType, - Metadata: pkg.GolangBinMetadata{ + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{ GoCompiledVersion: goCompiledVersion, Architecture: archDetails, BuildSettings: map[string]string{ @@ -340,8 +340,8 @@ func TestBuildGoPkgInfo(t *testing.T) { }, }, ), - MetadataType: pkg.GolangBinMetadataType, - Metadata: pkg.GolangBinMetadata{ + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{ GoCompiledVersion: goCompiledVersion, Architecture: archDetails, H1Digest: "h1:VSVdnH7cQ7V+B33qSJHTCRlNgra1607Q8PzEmnvb2Ic=", @@ -362,8 +362,8 @@ func TestBuildGoPkgInfo(t *testing.T) { }, }, ), - MetadataType: pkg.GolangBinMetadataType, - Metadata: pkg.GolangBinMetadata{ + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{ GoCompiledVersion: goCompiledVersion, Architecture: archDetails, H1Digest: "h1:DYssiUV1pBmKqzKsm4mqXx8artqC0Q8HgZsVI3lMsAg=", @@ -417,8 +417,8 @@ func TestBuildGoPkgInfo(t *testing.T) { }, }, ), - MetadataType: pkg.GolangBinMetadataType, - Metadata: pkg.GolangBinMetadata{ + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{ GoCompiledVersion: goCompiledVersion, Architecture: archDetails, H1Digest: "h1:PjhxBct4MZii8FFR8+oeS7QOvxKOTZXgk63EU2XpfJE=", @@ -438,8 +438,8 @@ func TestBuildGoPkgInfo(t *testing.T) { }, }, ), - MetadataType: pkg.GolangBinMetadataType, - Metadata: pkg.GolangBinMetadata{ + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{ GoCompiledVersion: goCompiledVersion, Architecture: archDetails, H1Digest: "h1:Ihq/mm/suC88gF8WFcVwk+OV6Tq+wyA1O0E5UEvDglI=", diff --git a/syft/pkg/cataloger/golang/parse_go_mod.go b/syft/pkg/cataloger/golang/parse_go_mod.go index 7f120514fcb..31b00146640 100644 --- a/syft/pkg/cataloger/golang/parse_go_mod.go +++ b/syft/pkg/cataloger/golang/parse_go_mod.go @@ -1,12 +1,15 @@ package golang import ( + "bufio" "fmt" "io" "sort" + "strings" "golang.org/x/mod/modfile" + "github.com/anchore/syft/internal/log" "github.com/anchore/syft/syft/artifact" "github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/pkg/cataloger/generic" @@ -14,7 +17,7 @@ import ( ) // parseGoModFile takes a go.mod and lists all packages discovered. -func parseGoModFile(_ source.FileResolver, _ *generic.Environment, reader source.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { +func parseGoModFile(resolver source.FileResolver, _ *generic.Environment, reader source.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { packages := make(map[string]pkg.Package) contents, err := io.ReadAll(reader) @@ -27,26 +30,39 @@ func parseGoModFile(_ source.FileResolver, _ *generic.Environment, reader source return nil, nil, fmt.Errorf("failed to parse go module: %w", err) } + digests, err := parseGoSumFile(resolver, reader) + if err != nil { + log.Debugf("unable to get go.sum: %v", err) + } + for _, m := range file.Require { packages[m.Mod.Path] = pkg.Package{ - Name: m.Mod.Path, - Version: m.Mod.Version, - Locations: source.NewLocationSet(reader.Location), - PURL: packageURL(m.Mod.Path, m.Mod.Version), - Language: pkg.Go, - Type: pkg.GoModulePkg, + Name: m.Mod.Path, + Version: m.Mod.Version, + Locations: source.NewLocationSet(reader.Location), + PURL: packageURL(m.Mod.Path, m.Mod.Version), + Language: pkg.Go, + Type: pkg.GoModulePkg, + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{ + H1Digest: digests[fmt.Sprintf("%s %s", m.Mod.Path, m.Mod.Version)], + }, } } // remove any old packages and replace with new ones... for _, m := range file.Replace { packages[m.New.Path] = pkg.Package{ - Name: m.New.Path, - Version: m.New.Version, - Locations: source.NewLocationSet(reader.Location), - PURL: packageURL(m.New.Path, m.New.Version), - Language: pkg.Go, - Type: pkg.GoModulePkg, + Name: m.New.Path, + Version: m.New.Version, + Locations: source.NewLocationSet(reader.Location), + PURL: packageURL(m.New.Path, m.New.Version), + Language: pkg.Go, + Type: pkg.GoModulePkg, + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{ + H1Digest: digests[fmt.Sprintf("%s %s", m.New.Path, m.New.Version)], + }, } } @@ -69,3 +85,40 @@ func parseGoModFile(_ source.FileResolver, _ *generic.Environment, reader source return pkgsSlice, nil, nil } + +func parseGoSumFile(resolver source.FileResolver, reader source.LocationReadCloser) (map[string]string, error) { + out := map[string]string{} + + if resolver == nil { + return out, fmt.Errorf("no resolver provided") + } + + goSumPath := strings.TrimSuffix(reader.Location.RealPath, ".mod") + ".sum" + goSumLocation := resolver.RelativeFileByPath(reader.Location, goSumPath) + if goSumLocation == nil { + return nil, fmt.Errorf("unable to resolve: %s", goSumPath) + } + contents, err := resolver.FileContentsByLocation(*goSumLocation) + if err != nil { + return nil, err + } + + // go.sum has the format like: + // github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= + // github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw= + // github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= + scanner := bufio.NewScanner(contents) + // optionally, resize scanner's capacity for lines over 64K, see next example + for scanner.Scan() { + line := scanner.Text() + parts := strings.Split(line, " ") + if len(parts) < 3 { + continue + } + nameVersion := fmt.Sprintf("%s %s", parts[0], parts[1]) + hash := parts[2] + out[nameVersion] = hash + } + + return out, nil +} diff --git a/syft/pkg/cataloger/golang/parse_go_mod_test.go b/syft/pkg/cataloger/golang/parse_go_mod_test.go index 4cd663c6ba4..e526bd70243 100644 --- a/syft/pkg/cataloger/golang/parse_go_mod_test.go +++ b/syft/pkg/cataloger/golang/parse_go_mod_test.go @@ -17,12 +17,14 @@ func TestParseGoMod(t *testing.T) { fixture: "test-fixtures/one-package", expected: []pkg.Package{ { - Name: "github.com/bmatcuk/doublestar", - Version: "v1.3.1", - PURL: "pkg:golang/github.com/bmatcuk/doublestar@v1.3.1", - Locations: source.NewLocationSet(source.NewLocation("test-fixtures/one-package")), - Language: pkg.Go, - Type: pkg.GoModulePkg, + Name: "github.com/bmatcuk/doublestar", + Version: "v1.3.1", + PURL: "pkg:golang/github.com/bmatcuk/doublestar@v1.3.1", + Locations: source.NewLocationSet(source.NewLocation("test-fixtures/one-package")), + Language: pkg.Go, + Type: pkg.GoModulePkg, + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{}, }, }, }, @@ -31,44 +33,54 @@ func TestParseGoMod(t *testing.T) { fixture: "test-fixtures/many-packages", expected: []pkg.Package{ { - Name: "github.com/anchore/go-testutils", - Version: "v0.0.0-20200624184116-66aa578126db", - PURL: "pkg:golang/github.com/anchore/go-testutils@v0.0.0-20200624184116-66aa578126db", - Locations: source.NewLocationSet(source.NewLocation("test-fixtures/many-packages")), - Language: pkg.Go, - Type: pkg.GoModulePkg, + Name: "github.com/anchore/go-testutils", + Version: "v0.0.0-20200624184116-66aa578126db", + PURL: "pkg:golang/github.com/anchore/go-testutils@v0.0.0-20200624184116-66aa578126db", + Locations: source.NewLocationSet(source.NewLocation("test-fixtures/many-packages")), + Language: pkg.Go, + Type: pkg.GoModulePkg, + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{}, }, { - Name: "github.com/anchore/go-version", - Version: "v1.2.2-0.20200701162849-18adb9c92b9b", - PURL: "pkg:golang/github.com/anchore/go-version@v1.2.2-0.20200701162849-18adb9c92b9b", - Locations: source.NewLocationSet(source.NewLocation("test-fixtures/many-packages")), - Language: pkg.Go, - Type: pkg.GoModulePkg, + Name: "github.com/anchore/go-version", + Version: "v1.2.2-0.20200701162849-18adb9c92b9b", + PURL: "pkg:golang/github.com/anchore/go-version@v1.2.2-0.20200701162849-18adb9c92b9b", + Locations: source.NewLocationSet(source.NewLocation("test-fixtures/many-packages")), + Language: pkg.Go, + Type: pkg.GoModulePkg, + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{}, }, { - Name: "github.com/anchore/stereoscope", - Version: "v0.0.0-20200706164556-7cf39d7f4639", - PURL: "pkg:golang/github.com/anchore/stereoscope@v0.0.0-20200706164556-7cf39d7f4639", - Locations: source.NewLocationSet(source.NewLocation("test-fixtures/many-packages")), - Language: pkg.Go, - Type: pkg.GoModulePkg, + Name: "github.com/anchore/stereoscope", + Version: "v0.0.0-20200706164556-7cf39d7f4639", + PURL: "pkg:golang/github.com/anchore/stereoscope@v0.0.0-20200706164556-7cf39d7f4639", + Locations: source.NewLocationSet(source.NewLocation("test-fixtures/many-packages")), + Language: pkg.Go, + Type: pkg.GoModulePkg, + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{}, }, { - Name: "github.com/bmatcuk/doublestar", - Version: "v8.8.8", - PURL: "pkg:golang/github.com/bmatcuk/doublestar@v8.8.8", - Locations: source.NewLocationSet(source.NewLocation("test-fixtures/many-packages")), - Language: pkg.Go, - Type: pkg.GoModulePkg, + Name: "github.com/bmatcuk/doublestar", + Version: "v8.8.8", + PURL: "pkg:golang/github.com/bmatcuk/doublestar@v8.8.8", + Locations: source.NewLocationSet(source.NewLocation("test-fixtures/many-packages")), + Language: pkg.Go, + Type: pkg.GoModulePkg, + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{}, }, { - Name: "github.com/go-test/deep", - Version: "v1.0.6", - PURL: "pkg:golang/github.com/go-test/deep@v1.0.6", - Locations: source.NewLocationSet(source.NewLocation("test-fixtures/many-packages")), - Language: pkg.Go, - Type: pkg.GoModulePkg, + Name: "github.com/go-test/deep", + Version: "v1.0.6", + PURL: "pkg:golang/github.com/go-test/deep@v1.0.6", + Locations: source.NewLocationSet(source.NewLocation("test-fixtures/many-packages")), + Language: pkg.Go, + Type: pkg.GoModulePkg, + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{}, }, }, }, @@ -83,3 +95,62 @@ func TestParseGoMod(t *testing.T) { }) } } + +func Test_GoSumHashes(t *testing.T) { + tests := []struct { + fixture string + expected []pkg.Package + }{ + { + fixture: "test-fixtures/go-sum-hashes", + expected: []pkg.Package{ + { + Name: "github.com/CycloneDX/cyclonedx-go", + Version: "v0.6.0", + PURL: "pkg:golang/github.com/CycloneDX/cyclonedx-go@v0.6.0", + Locations: source.NewLocationSet(source.NewLocation("go.mod")), + FoundBy: "go-mod-file-cataloger", + Language: pkg.Go, + Type: pkg.GoModulePkg, + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{}, + }, + { + Name: "github.com/acarl005/stripansi", + Version: "v0.0.0-20180116102854-5a71ef0e047d", + PURL: "pkg:golang/github.com/acarl005/stripansi@v0.0.0-20180116102854-5a71ef0e047d", + Locations: source.NewLocationSet(source.NewLocation("go.mod")), + FoundBy: "go-mod-file-cataloger", + Language: pkg.Go, + Type: pkg.GoModulePkg, + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{ + H1Digest: "h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=", + }, + }, + { + Name: "github.com/mgutz/ansi", + Version: "v0.0.0-20200706080929-d51e80ef957d", + PURL: "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d", + Locations: source.NewLocationSet(source.NewLocation("go.mod")), + FoundBy: "go-mod-file-cataloger", + Language: pkg.Go, + Type: pkg.GoModulePkg, + MetadataType: pkg.GolangMetadataType, + Metadata: pkg.GolangMetadata{ + H1Digest: "h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=", + }, + }, + }, + }, + } + + for _, test := range tests { + t.Run(test.fixture, func(t *testing.T) { + pkgtest.NewCatalogTester(). + FromDirectory(t, test.fixture). + Expects(test.expected, nil). + TestCataloger(t, NewGoModFileCataloger()) + }) + } +} diff --git a/syft/pkg/cataloger/golang/test-fixtures/go-sum-hashes/go.mod b/syft/pkg/cataloger/golang/test-fixtures/go-sum-hashes/go.mod new file mode 100644 index 00000000000..c626c3632fe --- /dev/null +++ b/syft/pkg/cataloger/golang/test-fixtures/go-sum-hashes/go.mod @@ -0,0 +1,11 @@ +module github.com/anchore/syft + +go 1.18 + +require ( + github.com/CycloneDX/cyclonedx-go v0.7.0 + github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d + github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect +) + +replace github.com/CycloneDX/cyclonedx-go => github.com/CycloneDX/cyclonedx-go v0.6.0 diff --git a/syft/pkg/cataloger/golang/test-fixtures/go-sum-hashes/go.sum b/syft/pkg/cataloger/golang/test-fixtures/go-sum-hashes/go.sum new file mode 100644 index 00000000000..4a2cebfd635 --- /dev/null +++ b/syft/pkg/cataloger/golang/test-fixtures/go-sum-hashes/go.sum @@ -0,0 +1,7 @@ +github.com/CycloneDX/cyclonedx-go v0.7.0 h1:jNxp8hL7UpcvPDFXjY+Y1ibFtsW+e5zyF9QoSmhK/zg= +github.com/CycloneDX/cyclonedx-go v0.7.0/go.mod h1:W5Z9w8pTTL+t+yG3PCiFRGlr8PUlE0pGWzKSJbsyXkg= +github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= +github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo= +github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= +github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI= +github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= diff --git a/syft/pkg/golang_bin_metadata.go b/syft/pkg/golang_metadata.go similarity index 82% rename from syft/pkg/golang_bin_metadata.go rename to syft/pkg/golang_metadata.go index c9c1d3e0a9c..ca088e88edd 100644 --- a/syft/pkg/golang_bin_metadata.go +++ b/syft/pkg/golang_metadata.go @@ -1,7 +1,7 @@ package pkg -// GolangBinMetadata represents all captured data for a Golang Binary -type GolangBinMetadata struct { +// GolangMetadata represents all captured data for a Golang Binary +type GolangMetadata struct { BuildSettings map[string]string `json:"goBuildSettings,omitempty" cyclonedx:"goBuildSettings"` GoCompiledVersion string `json:"goCompiledVersion" cyclonedx:"goCompiledVersion"` Architecture string `json:"architecture" cyclonedx:"architecture"` diff --git a/syft/pkg/metadata.go b/syft/pkg/metadata.go index c757c3f5ec6..adcb5b6a8ce 100644 --- a/syft/pkg/metadata.go +++ b/syft/pkg/metadata.go @@ -24,7 +24,7 @@ const ( PythonPackageMetadataType MetadataType = "PythonPackageMetadata" RustCargoPackageMetadataType MetadataType = "RustCargoPackageMetadata" KbPackageMetadataType MetadataType = "KbPackageMetadata" - GolangBinMetadataType MetadataType = "GolangBinMetadata" + GolangMetadataType MetadataType = "GolangMetadata" PhpComposerJSONMetadataType MetadataType = "PhpComposerJsonMetadata" CocoapodsMetadataType MetadataType = "CocoapodsMetadataType" ConanMetadataType MetadataType = "ConanMetadataType" @@ -47,7 +47,7 @@ var AllMetadataTypes = []MetadataType{ PythonPackageMetadataType, RustCargoPackageMetadataType, KbPackageMetadataType, - GolangBinMetadataType, + GolangMetadataType, PhpComposerJSONMetadataType, CocoapodsMetadataType, ConanMetadataType, @@ -70,7 +70,7 @@ var MetadataTypeByName = map[MetadataType]reflect.Type{ PythonPackageMetadataType: reflect.TypeOf(PythonPackageMetadata{}), RustCargoPackageMetadataType: reflect.TypeOf(CargoPackageMetadata{}), KbPackageMetadataType: reflect.TypeOf(KbPackageMetadata{}), - GolangBinMetadataType: reflect.TypeOf(GolangBinMetadata{}), + GolangMetadataType: reflect.TypeOf(GolangMetadata{}), PhpComposerJSONMetadataType: reflect.TypeOf(PhpComposerJSONMetadata{}), CocoapodsMetadataType: reflect.TypeOf(CocoapodsMetadata{}), ConanMetadataType: reflect.TypeOf(ConanMetadata{}), @@ -83,5 +83,8 @@ func CleanMetadataType(typ MetadataType) MetadataType { if typ == "RpmdbMetadata" { return RpmMetadataType } + if typ == "GolangBinMetadata" { + return GolangMetadataType + } return typ }