Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: remove author contributing to javascript CPEs #1669

Merged
merged 1 commit into from
Mar 14, 2023

Conversation

kzantow
Copy link
Contributor

@kzantow kzantow commented Mar 14, 2023

Syft was generating CPEs for javascript packages and including author information, but these were just splitting by @, assuming the author may have been an email address. However, the author is the form Name <email> (url), e.g. George Costanza <george@costanza.net> (https://costanza.net), which could result in a CPE similar to:

cpe:2.3:a:george-costanza-<george:package:6.14.6:*:*:*:*:*:*:*

This PR simply removes using the author, as there were not any identified cases that this was useful.

Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow kzantow enabled auto-merge (squash) March 14, 2023 14:02
@github-actions
Copy link

Benchmark Test Results

Benchmark results from the latest changes vs base branch
goos: linux
goarch: amd64
pkg: github.com/anchore/syft/test/integration
cpu: Intel(R) Xeon(R) CPU E5-2673 v3 @ 2.40GHz
                                                          │ ./.tmp/benchmark-7773351.txt │
                                                          │            sec/op            │
ImagePackageCatalogers/alpmdb-cataloger-2                                   14.70m ± 24%
ImagePackageCatalogers/ruby-gemspec-cataloger-2                             1.142m ±  2%
ImagePackageCatalogers/python-package-cataloger-2                           3.926m ±  2%
ImagePackageCatalogers/php-composer-installed-cataloger-2                   906.7µ ±  3%
ImagePackageCatalogers/javascript-package-cataloger-2                       515.8µ ±  3%
ImagePackageCatalogers/dpkgdb-cataloger-2                                   728.4µ ±  4%
ImagePackageCatalogers/rpm-db-cataloger-2                                   687.6µ ± 11%
ImagePackageCatalogers/java-cataloger-2                                     14.13m ±  4%
ImagePackageCatalogers/graalvm-native-image-cataloger-2                     12.08µ ±  3%
ImagePackageCatalogers/apkdb-cataloger-2                                    746.3µ ±  3%
ImagePackageCatalogers/go-module-binary-cataloger-2                         25.57µ ±  1%
ImagePackageCatalogers/dotnet-deps-cataloger-2                              1.333m ±  6%
ImagePackageCatalogers/portage-cataloger-2                                  474.9µ ±  4%
ImagePackageCatalogers/sbom-cataloger-2                                     142.4µ ±  2%
ImagePackageCatalogers/binary-cataloger-2                                   235.6µ ±  3%
geomean                                                                     633.7µ

                                                          │ ./.tmp/benchmark-7773351.txt │
                                                          │             B/op             │
ImagePackageCatalogers/alpmdb-cataloger-2                                   5.061Mi ± 0%
ImagePackageCatalogers/ruby-gemspec-cataloger-2                             123.8Ki ± 0%
ImagePackageCatalogers/python-package-cataloger-2                           947.4Ki ± 0%
ImagePackageCatalogers/php-composer-installed-cataloger-2                   155.9Ki ± 0%
ImagePackageCatalogers/javascript-package-cataloger-2                       90.70Ki ± 0%
ImagePackageCatalogers/dpkgdb-cataloger-2                                   144.8Ki ± 0%
ImagePackageCatalogers/rpm-db-cataloger-2                                   170.3Ki ± 0%
ImagePackageCatalogers/java-cataloger-2                                     2.720Mi ± 0%
ImagePackageCatalogers/graalvm-native-image-cataloger-2                     1.555Ki ± 0%
ImagePackageCatalogers/apkdb-cataloger-2                                    129.3Ki ± 0%
ImagePackageCatalogers/go-module-binary-cataloger-2                         3.133Ki ± 0%
ImagePackageCatalogers/dotnet-deps-cataloger-2                              314.5Ki ± 0%
ImagePackageCatalogers/portage-cataloger-2                                  75.44Ki ± 0%
ImagePackageCatalogers/sbom-cataloger-2                                     13.05Ki ± 0%
ImagePackageCatalogers/binary-cataloger-2                                   27.63Ki ± 0%
geomean                                                                     108.0Ki

                                                          │ ./.tmp/benchmark-7773351.txt │
                                                          │          allocs/op           │
ImagePackageCatalogers/alpmdb-cataloger-2                                    86.71k ± 0%
ImagePackageCatalogers/ruby-gemspec-cataloger-2                              2.049k ± 0%
ImagePackageCatalogers/python-package-cataloger-2                            15.49k ± 0%
ImagePackageCatalogers/php-composer-installed-cataloger-2                    3.457k ± 0%
ImagePackageCatalogers/javascript-package-cataloger-2                        1.214k ± 0%
ImagePackageCatalogers/dpkgdb-cataloger-2                                    2.646k ± 0%
ImagePackageCatalogers/rpm-db-cataloger-2                                    3.759k ± 0%
ImagePackageCatalogers/java-cataloger-2                                      38.26k ± 0%
ImagePackageCatalogers/graalvm-native-image-cataloger-2                       40.00 ± 0%
ImagePackageCatalogers/apkdb-cataloger-2                                     3.438k ± 0%
ImagePackageCatalogers/go-module-binary-cataloger-2                           101.0 ± 0%
ImagePackageCatalogers/dotnet-deps-cataloger-2                               5.011k ± 0%
ImagePackageCatalogers/portage-cataloger-2                                   1.487k ± 0%
ImagePackageCatalogers/sbom-cataloger-2                                       392.0 ± 0%
ImagePackageCatalogers/binary-cataloger-2                                     788.0 ± 0%
geomean                                                                      2.204k

@kzantow kzantow added the bug Something isn't working label Mar 14, 2023
@kzantow kzantow merged commit 3027350 into main Mar 14, 2023
@kzantow kzantow deleted the fix/javascript-package-lock-author-cpes branch March 14, 2023 14:10
spiffcs added a commit to deitch/syft that referenced this pull request Mar 21, 2023
* main: (47 commits)
  Deprecate config.yaml as valid config source; Add unit regression for correct config paths (anchore#1640)
  chore: Update syft bootstrap tools to latest versions. (anchore#1682)
  Update documentation: (anchore#1680)
  chore: Update Stereoscope to 7928713c391e20abaede6a029f4ce37b628a4c8b (anchore#1681)
  fix: reduce logging for bad dpkg lines (anchore#1675)
  fix ruby classifier (anchore#1678)
  feat: add shared dir for easier cleanup (anchore#1676)
  chore(deps): bump github.com/google/go-containerregistry (anchore#1672)
  chore(deps): bump actions/setup-go from 3 to 4 (anchore#1671)
  fix: move defer after error to protect panic case (anchore#1670)
  feat: add argocd, helm, kustomize and kubectl binary classifiers (anchore#1663)
  defer closing file (anchore#1668)
  fix: remove author contributing to javascript CPEs (anchore#1669)
  fix: more python matching support (anchore#1667)
  Update syft bootstrap tools to latest versions. (anchore#1666)
  feat: add ruby classifier (anchore#1665)
  Update syft bootstrap tools to latest versions. (anchore#1658)
  fix: improved Python binary detection (anchore#1648)
  fix: suppress some known incorrect vendor candidates for npm CPEs (anchore#1659)
  fix: sanitize SPDX LicenseRefs (anchore#1657)
  ...

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants