Skip to content

Commit

Permalink
Fix panic in apkdb parsing on empty "provides" values (#1494)
Browse files Browse the repository at this point in the history
* Add failing test for strip version specifiers panic

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

* Fix test

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

* Prevent panic scenario in helper func

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

* Fix lint issue

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

* add tests for apk stripVersionSpecifier() and remove caller empty value check

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
  • Loading branch information
luhring and wagoodman authored Jan 20, 2023
1 parent 36a0945 commit e58050b
Show file tree
Hide file tree
Showing 2 changed files with 67 additions and 1 deletion.
8 changes: 7 additions & 1 deletion syft/pkg/cataloger/apkdb/parse_apk_db.go
Original file line number Diff line number Diff line change
Expand Up @@ -361,5 +361,11 @@ func stripVersionSpecifier(s string) string {
// examples:
// musl>=1 --> musl
// cmd:scanelf=1.3.4-r0 --> cmd:scanelf
return splitAny(s, "<>=")[0]

items := splitAny(s, "<>=")
if len(items) == 0 {
return s
}

return items[0]
}
60 changes: 60 additions & 0 deletions syft/pkg/cataloger/apkdb/parse_apk_db_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -911,6 +911,27 @@ func Test_discoverPackageDependencies(t *testing.T) {
}
},
},
{
name: "strip version specifiers with empty provides value",
genFn: func() ([]pkg.Package, []artifact.Relationship) {
a := pkg.Package{
Name: "package-a",
Metadata: pkg.ApkMetadata{
Dependencies: []string{"so:libc.musl-x86_64.so.1"},
},
}
a.SetID()
b := pkg.Package{
Name: "package-b",
Metadata: pkg.ApkMetadata{
Provides: []string{""},
},
}
b.SetID()

return []pkg.Package{a, b}, nil
},
},
{
name: "depends on package name",
genFn: func() ([]pkg.Package, []artifact.Relationship) {
Expand Down Expand Up @@ -1126,3 +1147,42 @@ func newLocationReadCloser(t *testing.T, path string) source.LocationReadCloser

return source.NewLocationReadCloser(source.NewLocation(path), f)
}

func Test_stripVersionSpecifier(t *testing.T) {
tests := []struct {
name string
version string
want string
}{
{
name: "empty expression",
version: "",
want: "",
},
{
name: "no expression",
version: "cmd:foo",
want: "cmd:foo",
},
{
name: "=",
version: "cmd:scanelf=1.3.4-r0",
want: "cmd:scanelf",
},
{
name: ">=",
version: "cmd:scanelf>=1.3.4-r0",
want: "cmd:scanelf",
},
{
name: "<",
version: "cmd:scanelf<1.3.4-r0",
want: "cmd:scanelf",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
assert.Equal(t, tt.want, stripVersionSpecifier(tt.version))
})
}
}

0 comments on commit e58050b

Please sign in to comment.