fix ELF package correlations (#3151)

anchore · Aug 26, 2024 · b6b5c8e · b6b5c8e
1 parent dad2537
commit b6b5c8e
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 7 deletions.
diff --git a/internal/relationship/binary/binary_dependencies.go b/internal/relationship/binary/binary_dependencies.go
@@ -36,8 +36,7 @@ func generateRelationships(resolver file.Resolver, accessor sbomsync.Accessor, i
 				newRelationships.Add(r)
 			}
 		}
-
-		for _, parentPkg := range s.Artifacts.Packages.Sorted(pkg.BinaryPkg) {
+		for _, parentPkg := range allElfPackages(s) {
 			for _, evidentLocation := range parentPkg.Locations.ToSlice() {
 				if evidentLocation.Annotations[pkg.EvidenceAnnotationKey] != pkg.PrimaryEvidenceAnnotation {
 					continue
@@ -101,7 +100,7 @@ func onlyPrimaryEvidenceLocations(p pkg.Package) []file.Location {
 
 func allElfPackages(s *sbom.SBOM) []pkg.Package {
 	var elfPkgs []pkg.Package
-	for _, p := range s.Artifacts.Packages.Sorted(pkg.BinaryPkg) {
+	for _, p := range s.Artifacts.Packages.Sorted() {
 		if !isElfPackage(p) {
 			continue
 		}

diff --git a/internal/relationship/binary/binary_dependencies_test.go b/internal/relationship/binary/binary_dependencies_test.go
@@ -50,6 +50,22 @@ func TestPackagesToRemove(t *testing.T) {
 	}
 	glibCBinaryELFPackage.SetID()
 
+	glibCBinaryELFPackageAsRPM := pkg.Package{
+		Name: "glibc",
+		Locations: file.NewLocationSet(
+			file.NewLocation(glibcCoordinate.RealPath).WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
+		),
+		Type: pkg.RpmPkg, // note: the elf package claims it is a RPM, not binary
+		Metadata: pkg.ELFBinaryPackageNoteJSONPayload{
+			Type:       "rpm",
+			Vendor:     "syft",
+			System:     "syftsys",
+			SourceRepo: "https://github.com/someone/somewhere.git",
+			Commit:     "5534c38d0ffef9a3f83154f0b7a7fb6ab0ab6dbb",
+		},
+	}
+	glibCBinaryELFPackageAsRPM.SetID()
+
 	glibCBinaryClassifierPackage := pkg.Package{
 		Name: "glibc",
 		Locations: file.NewLocationSet(
@@ -83,9 +99,15 @@ func TestPackagesToRemove(t *testing.T) {
 			want:     []artifact.ID{glibCBinaryELFPackage.ID()},
 		},
 		{
-			name:     "remove no packages when there is a single binary package",
+			name:     "keep packages that are overlapping rpm --> binary when the binary self identifies as an RPM",
 			resolver: file.NewMockResolverForPaths(glibcCoordinate.RealPath),
-			accessor: newAccessor([]pkg.Package{glibCBinaryELFPackage}, map[file.Coordinates]file.Executable{}, nil),
+			accessor: newAccessor([]pkg.Package{glibCPackage, glibCBinaryELFPackageAsRPM}, map[file.Coordinates]file.Executable{}, nil),
+			want:     []artifact.ID{},
+		},
+		{
+			name:     "remove no packages when there is a single binary package (or self identifying RPM)",
+			resolver: file.NewMockResolverForPaths(glibcCoordinate.RealPath),
+			accessor: newAccessor([]pkg.Package{glibCBinaryELFPackage, glibCBinaryELFPackageAsRPM}, map[file.Coordinates]file.Executable{}, nil),
 			want:     []artifact.ID{},
 		},
 		{
@@ -173,9 +195,9 @@ func TestNewDependencyRelationships(t *testing.T) {
 			file.NewLocation(parallelLibCoordinate.RealPath).WithAnnotation(pkg.EvidenceAnnotationKey, pkg.SupportingEvidenceAnnotation),
 		),
 		Language: "",
-		Type:     pkg.BinaryPkg,
+		Type:     pkg.RpmPkg,
 		Metadata: pkg.ELFBinaryPackageNoteJSONPayload{
-			Type:       "testfixture",
+			Type:       "rpm",
 			Vendor:     "syft",
 			System:     "syftsys",
 			SourceRepo: "https://github.com/someone/somewhere.git",