From 2f4c445da5c423f6f1a4edb69d480ff46164cf3c Mon Sep 17 00:00:00 2001 From: Henry Sachs Date: Thu, 6 Apr 2023 17:44:45 +0200 Subject: [PATCH 1/6] feat: gradle lockfile support if you're using gradle > 7.0 syft can now catalog your lockfile to have a sbom with confident results Signed-off-by: Henry Sachs --- syft/pkg/cataloger/cataloger.go | 3 + syft/pkg/cataloger/java/cataloger.go | 8 +++ .../cataloger/java/parse_gradle_lockfile.go | 64 +++++++++++++++++++ .../java/parse_gradle_lockfile_test.go | 52 +++++++++++++++ .../java/test-fixtures/gradle/.gitignore | 1 + .../java/test-fixtures/gradle/build.gradle | 58 +++++++++++++++++ .../java/test-fixtures/gradle/gradle.lockfile | 7 ++ .../build-example-java-app-gradle.sh | 2 +- .../java-builds/example-java-app/build.gradle | 53 +++++++++++---- .../example-java-app/gradle.lockfile | 7 ++ 10 files changed, 241 insertions(+), 14 deletions(-) create mode 100644 syft/pkg/cataloger/java/parse_gradle_lockfile.go create mode 100644 syft/pkg/cataloger/java/parse_gradle_lockfile_test.go create mode 100644 syft/pkg/cataloger/java/test-fixtures/gradle/.gitignore create mode 100644 syft/pkg/cataloger/java/test-fixtures/gradle/build.gradle create mode 100644 syft/pkg/cataloger/java/test-fixtures/gradle/gradle.lockfile create mode 100644 syft/pkg/cataloger/java/test-fixtures/java-builds/example-java-app/gradle.lockfile diff --git a/syft/pkg/cataloger/cataloger.go b/syft/pkg/cataloger/cataloger.go index 9bab7043e3b..b16e3b60d3f 100644 --- a/syft/pkg/cataloger/cataloger.go +++ b/syft/pkg/cataloger/cataloger.go @@ -48,6 +48,7 @@ func ImageCatalogers(cfg Config) []pkg.Cataloger { rpm.NewRpmDBCataloger(), java.NewJavaCataloger(cfg.Java()), java.NewNativeImageCataloger(), + java.NewJavaGradleLockfileCataloger(), apkdb.NewApkdbCataloger(), golang.NewGoModuleBinaryCataloger(cfg.Go()), dotnet.NewDotnetDepsCataloger(), @@ -73,6 +74,7 @@ func DirectoryCatalogers(cfg Config) []pkg.Cataloger { java.NewJavaCataloger(cfg.Java()), java.NewJavaPomCataloger(), java.NewNativeImageCataloger(), + java.NewJavaGradleLockfileCataloger(), apkdb.NewApkdbCataloger(), golang.NewGoModuleBinaryCataloger(cfg.Go()), golang.NewGoModFileCataloger(cfg.Go()), @@ -107,6 +109,7 @@ func AllCatalogers(cfg Config) []pkg.Cataloger { java.NewJavaCataloger(cfg.Java()), java.NewJavaPomCataloger(), java.NewNativeImageCataloger(), + java.NewJavaGradleLockfileCataloger(), apkdb.NewApkdbCataloger(), golang.NewGoModuleBinaryCataloger(cfg.Go()), golang.NewGoModFileCataloger(cfg.Go()), diff --git a/syft/pkg/cataloger/java/cataloger.go b/syft/pkg/cataloger/java/cataloger.go index 09ed0d1ab01..73d64c5d255 100644 --- a/syft/pkg/cataloger/java/cataloger.go +++ b/syft/pkg/cataloger/java/cataloger.go @@ -31,3 +31,11 @@ func NewJavaPomCataloger() *generic.Cataloger { return generic.NewCataloger("java-pom-cataloger"). WithParserByGlobs(parserPomXML, "**/pom.xml") } + +// NewJavaGradleLockfileCataloger returns a cataloger capable of parsing +// dependencies from a gradle.lockfile file. +// older versions of lockfiles aren't supported yet +func NewJavaGradleLockfileCataloger() *generic.Cataloger { + return generic.NewCataloger("java-gradle-lockfile-cataloger"). + WithParserByGlobs(parserGradleLockfile, gradleLockfileDirGlob) +} diff --git a/syft/pkg/cataloger/java/parse_gradle_lockfile.go b/syft/pkg/cataloger/java/parse_gradle_lockfile.go new file mode 100644 index 00000000000..87c6e3a32f8 --- /dev/null +++ b/syft/pkg/cataloger/java/parse_gradle_lockfile.go @@ -0,0 +1,64 @@ +package java + +import ( + "bufio" + "strings" + + "github.com/anchore/syft/syft/artifact" + "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/pkg/cataloger/generic" + "github.com/anchore/syft/syft/source" +) + +const gradleLockfileDirGlob = "**/gradle.lockfile*" + +// Dependency represents a single dependency in the gradle.lockfile file +type LockfileDependency struct { + Group string + Name string + Version string +} + +func parserGradleLockfile(_ source.FileResolver, _ *generic.Environment, reader source.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { + var pkgs []pkg.Package + + // Create a new scanner to read the file + scanner := bufio.NewScanner(reader) + + // Create slices to hold the dependencies and plugins + dependencies := []LockfileDependency{} + + // Loop over all lines in the file + for scanner.Scan() { + line := scanner.Text() + + // Trim leading and trailing whitespace from the line + line = strings.TrimSpace(line) + + groupNameVersion := line + groupNameVersion = strings.Trim(groupNameVersion, "\"") + parts := strings.Split(groupNameVersion, ":") + + // we have a version directly specified + if len(parts) == 3 { + version := strings.Split(parts[2], "=") + // Create a new Dependency struct and add it to the dependencies slice + dep := LockfileDependency{Group: parts[0], Name: parts[1], Version: version[0]} + dependencies = append(dependencies, dep) + } + } + // map the dependencies + for _, dep := range dependencies { + mappedPkg := pkg.Package{ + Name: dep.Name, + Version: dep.Version, + Locations: source.NewLocationSet(reader.Location), + Language: pkg.Java, + Type: pkg.JavaPkg, // TODO: should we differentiate between packages from jar/war/zip versus packages from a Gradle.xml that were not installed yet? + MetadataType: pkg.JavaMetadataType, + } + pkgs = append(pkgs, mappedPkg) + } + + return pkgs, nil, nil +} diff --git a/syft/pkg/cataloger/java/parse_gradle_lockfile_test.go b/syft/pkg/cataloger/java/parse_gradle_lockfile_test.go new file mode 100644 index 00000000000..69b13129f3e --- /dev/null +++ b/syft/pkg/cataloger/java/parse_gradle_lockfile_test.go @@ -0,0 +1,52 @@ +package java + +import ( + "testing" + + "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/pkg/cataloger/internal/pkgtest" + "github.com/anchore/syft/syft/source" +) + +func Test_parserGradleLockfile(t *testing.T) { + tests := []struct { + input string + expected []pkg.Package + }{ + { + input: "test-fixtures/gradle/gradle.lockfile", + expected: []pkg.Package{ + { + Name: "hamcrest-core", + Version: "1.3", + Language: pkg.Java, + Type: pkg.JavaPkg, + MetadataType: pkg.JavaMetadataType, + }, + { + Name: "joda-time", + Version: "2.2", + Language: pkg.Java, + Type: pkg.JavaPkg, + MetadataType: pkg.JavaMetadataType, + }, + { + Name: "junit", + Version: "4.12", + Language: pkg.Java, + Type: pkg.JavaPkg, + MetadataType: pkg.JavaMetadataType, + }, + }, + }, + } + + for _, test := range tests { + t.Run(test.input, func(t *testing.T) { + for i := range test.expected { + test.expected[i].Locations.Add(source.NewLocation(test.input)) + } + pkgtest.TestFileParser(t, test.input, parserGradleLockfile, test.expected, nil) + }) + } +} diff --git a/syft/pkg/cataloger/java/test-fixtures/gradle/.gitignore b/syft/pkg/cataloger/java/test-fixtures/gradle/.gitignore new file mode 100644 index 00000000000..08a55c09bdf --- /dev/null +++ b/syft/pkg/cataloger/java/test-fixtures/gradle/.gitignore @@ -0,0 +1 @@ +.gradle diff --git a/syft/pkg/cataloger/java/test-fixtures/gradle/build.gradle b/syft/pkg/cataloger/java/test-fixtures/gradle/build.gradle new file mode 100644 index 00000000000..1d700e273fe --- /dev/null +++ b/syft/pkg/cataloger/java/test-fixtures/gradle/build.gradle @@ -0,0 +1,58 @@ +plugins { + id 'java' + id 'eclipse' + id 'application' +} + +mainClassName = 'hello.HelloWorld' + +dependencyLocking { + lockAllConfigurations() +} +// tag::repositories[] +repositories { + mavenCentral() +} +// end::repositories[] + +// tag::dependencies[] +sourceCompatibility = 1.8 +targetCompatibility = 1.8 + +dependencies { + implementation "joda-time:joda-time:2.2" + testImplementation "junit:junit:4.12" +} +// end::dependencies[] + +// tag::jar[] +jar { + archivesBaseName = 'example-java-app-gradle' + version = '0.1.0' + manifest { + attributes( + 'Main-Class': 'hello.HelloWorld' + ) + } + from { + configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) } + } +} +// end::jar[] + +// tag::wrapper[] +// end::wrapper[] + +// to invoke: gradle resolveAndLockAll --write-locks +tasks.register('resolveAndLockAll') { + notCompatibleWithConfigurationCache("Filters configurations at execution time") + doFirst { + assert gradle.startParameter.writeDependencyLocks + } + doLast { + configurations.findAll { + // Add any custom filtering on the configurations to be resolved + it.canBeResolved + }.each { it.resolve() } + } +} diff --git a/syft/pkg/cataloger/java/test-fixtures/gradle/gradle.lockfile b/syft/pkg/cataloger/java/test-fixtures/gradle/gradle.lockfile new file mode 100644 index 00000000000..b6edb43b980 --- /dev/null +++ b/syft/pkg/cataloger/java/test-fixtures/gradle/gradle.lockfile @@ -0,0 +1,7 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +joda-time:joda-time:2.2=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath +junit:junit:4.12=testCompileClasspath,testRuntimeClasspath +org.hamcrest:hamcrest-core:1.3=testCompileClasspath,testRuntimeClasspath +empty=annotationProcessor,testAnnotationProcessor diff --git a/syft/pkg/cataloger/java/test-fixtures/java-builds/build-example-java-app-gradle.sh b/syft/pkg/cataloger/java/test-fixtures/java-builds/build-example-java-app-gradle.sh index 345542c93ee..075733ddce1 100755 --- a/syft/pkg/cataloger/java/test-fixtures/java-builds/build-example-java-app-gradle.sh +++ b/syft/pkg/cataloger/java/test-fixtures/java-builds/build-example-java-app-gradle.sh @@ -4,7 +4,7 @@ set -uxe # note: this can be easily done in a 1-liner, however circle CI does NOT allow volume mounts from the host in docker executors (since they are on remote hosts, where the host files are inaccessible) PKGSDIR=$1 -CTRID=$(docker create -u "$(id -u):$(id -g)" -v /example-java-app -w /example-java-app gradle:6.8.3-jdk gradle build) +CTRID=$(docker create -u "$(id -u):$(id -g)" -v /example-java-app -w /example-java-app gradle:8.0.2-jdk gradle build) function cleanup() { docker rm "${CTRID}" diff --git a/syft/pkg/cataloger/java/test-fixtures/java-builds/example-java-app/build.gradle b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-java-app/build.gradle index 0dac0e13b0a..1d700e273fe 100644 --- a/syft/pkg/cataloger/java/test-fixtures/java-builds/example-java-app/build.gradle +++ b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-java-app/build.gradle @@ -1,31 +1,58 @@ -apply plugin: 'java' -apply plugin: 'eclipse' -apply plugin: 'application' +plugins { + id 'java' + id 'eclipse' + id 'application' +} mainClassName = 'hello.HelloWorld' +dependencyLocking { + lockAllConfigurations() +} // tag::repositories[] repositories { mavenCentral() } // end::repositories[] -// tag::jar[] -jar { - baseName = 'example-java-app-gradle' - version = '0.1.0' -} -// end::jar[] - // tag::dependencies[] sourceCompatibility = 1.8 targetCompatibility = 1.8 dependencies { - compile "joda-time:joda-time:2.2" - testCompile "junit:junit:4.12" + implementation "joda-time:joda-time:2.2" + testImplementation "junit:junit:4.12" } // end::dependencies[] +// tag::jar[] +jar { + archivesBaseName = 'example-java-app-gradle' + version = '0.1.0' + manifest { + attributes( + 'Main-Class': 'hello.HelloWorld' + ) + } + from { + configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) } + } +} +// end::jar[] + // tag::wrapper[] -// end::wrapper[] \ No newline at end of file +// end::wrapper[] + +// to invoke: gradle resolveAndLockAll --write-locks +tasks.register('resolveAndLockAll') { + notCompatibleWithConfigurationCache("Filters configurations at execution time") + doFirst { + assert gradle.startParameter.writeDependencyLocks + } + doLast { + configurations.findAll { + // Add any custom filtering on the configurations to be resolved + it.canBeResolved + }.each { it.resolve() } + } +} diff --git a/syft/pkg/cataloger/java/test-fixtures/java-builds/example-java-app/gradle.lockfile b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-java-app/gradle.lockfile new file mode 100644 index 00000000000..b6edb43b980 --- /dev/null +++ b/syft/pkg/cataloger/java/test-fixtures/java-builds/example-java-app/gradle.lockfile @@ -0,0 +1,7 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +joda-time:joda-time:2.2=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath +junit:junit:4.12=testCompileClasspath,testRuntimeClasspath +org.hamcrest:hamcrest-core:1.3=testCompileClasspath,testRuntimeClasspath +empty=annotationProcessor,testAnnotationProcessor From c3027a6b5d935939fbc637645a2f13ed6ca3c7d5 Mon Sep 17 00:00:00 2001 From: Henry Sachs Date: Thu, 6 Apr 2023 18:17:52 +0200 Subject: [PATCH 2/6] fix: TestParseJar test Signed-off-by: Henry Sachs --- .../pkg/cataloger/java/archive_parser_test.go | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/syft/pkg/cataloger/java/archive_parser_test.go b/syft/pkg/cataloger/java/archive_parser_test.go index cd2affb50ce..101c4e9476f 100644 --- a/syft/pkg/cataloger/java/archive_parser_test.go +++ b/syft/pkg/cataloger/java/archive_parser_test.go @@ -159,10 +159,39 @@ func TestParseJar(t *testing.T) { Manifest: &pkg.JavaManifest{ Main: map[string]string{ "Manifest-Version": "1.0", + "Main-Class": "hello.HelloWorld", }, }, }, }, + "joda-time": { + Name: "joda-time", + Version: "2.2", + PURL: "pkg:maven/joda-time/joda-time@2.2", + Language: pkg.Java, + Type: pkg.JavaPkg, + MetadataType: pkg.JavaMetadataType, + Metadata: pkg.JavaMetadata{ + // ensure that nested packages with different names than that of the parent are appended as + // a suffix on the virtual path + VirtualPath: "test-fixtures/java-builds/packages/example-java-app-gradle-0.1.0.jar:joda-time", + PomProperties: &pkg.PomProperties{ + Path: "META-INF/maven/joda-time/joda-time/pom.properties", + GroupID: "joda-time", + ArtifactID: "joda-time", + Version: "2.2", + }, + PomProject: &pkg.PomProject{ + Path: "META-INF/maven/joda-time/joda-time/pom.xml", + GroupID: "joda-time", + ArtifactID: "joda-time", + Version: "2.2", + Name: "Joda time", + Description: "Date and time library to replace JDK date handling", + URL: "http://joda-time.sourceforge.net", + }, + }, + }, }, }, { From 40906b8f152bbcb4e892b13daeb95986a82d1093 Mon Sep 17 00:00:00 2001 From: Henry Sachs Date: Thu, 6 Apr 2023 20:13:56 +0200 Subject: [PATCH 3/6] fix: initial review comments Signed-off-by: Henry Sachs --- syft/pkg/cataloger/cataloger.go | 1 - syft/pkg/cataloger/java/cataloger.go | 2 +- syft/pkg/cataloger/java/parse_gradle_lockfile.go | 4 ++-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/syft/pkg/cataloger/cataloger.go b/syft/pkg/cataloger/cataloger.go index b16e3b60d3f..2d7cdf2353c 100644 --- a/syft/pkg/cataloger/cataloger.go +++ b/syft/pkg/cataloger/cataloger.go @@ -48,7 +48,6 @@ func ImageCatalogers(cfg Config) []pkg.Cataloger { rpm.NewRpmDBCataloger(), java.NewJavaCataloger(cfg.Java()), java.NewNativeImageCataloger(), - java.NewJavaGradleLockfileCataloger(), apkdb.NewApkdbCataloger(), golang.NewGoModuleBinaryCataloger(cfg.Go()), dotnet.NewDotnetDepsCataloger(), diff --git a/syft/pkg/cataloger/java/cataloger.go b/syft/pkg/cataloger/java/cataloger.go index 73d64c5d255..c20f7b01a17 100644 --- a/syft/pkg/cataloger/java/cataloger.go +++ b/syft/pkg/cataloger/java/cataloger.go @@ -37,5 +37,5 @@ func NewJavaPomCataloger() *generic.Cataloger { // older versions of lockfiles aren't supported yet func NewJavaGradleLockfileCataloger() *generic.Cataloger { return generic.NewCataloger("java-gradle-lockfile-cataloger"). - WithParserByGlobs(parserGradleLockfile, gradleLockfileDirGlob) + WithParserByGlobs(parserGradleLockfile, gradleLockfileGlob) } diff --git a/syft/pkg/cataloger/java/parse_gradle_lockfile.go b/syft/pkg/cataloger/java/parse_gradle_lockfile.go index 87c6e3a32f8..ee2b05e70a9 100644 --- a/syft/pkg/cataloger/java/parse_gradle_lockfile.go +++ b/syft/pkg/cataloger/java/parse_gradle_lockfile.go @@ -10,7 +10,7 @@ import ( "github.com/anchore/syft/syft/source" ) -const gradleLockfileDirGlob = "**/gradle.lockfile*" +const gradleLockfileGlob = "**/gradle.lockfile*" // Dependency represents a single dependency in the gradle.lockfile file type LockfileDependency struct { @@ -54,7 +54,7 @@ func parserGradleLockfile(_ source.FileResolver, _ *generic.Environment, reader Version: dep.Version, Locations: source.NewLocationSet(reader.Location), Language: pkg.Java, - Type: pkg.JavaPkg, // TODO: should we differentiate between packages from jar/war/zip versus packages from a Gradle.xml that were not installed yet? + Type: pkg.JavaPkg, MetadataType: pkg.JavaMetadataType, } pkgs = append(pkgs, mappedPkg) From 419bb3ef3460249740e78e17df50810ac285cec3 Mon Sep 17 00:00:00 2001 From: Henry Sachs Date: Thu, 6 Apr 2023 20:16:20 +0200 Subject: [PATCH 4/6] fix: split at the equal operator Signed-off-by: Henry Sachs --- syft/pkg/cataloger/java/parse_gradle_lockfile.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/syft/pkg/cataloger/java/parse_gradle_lockfile.go b/syft/pkg/cataloger/java/parse_gradle_lockfile.go index ee2b05e70a9..0aabf4d1ed9 100644 --- a/syft/pkg/cataloger/java/parse_gradle_lockfile.go +++ b/syft/pkg/cataloger/java/parse_gradle_lockfile.go @@ -36,7 +36,7 @@ func parserGradleLockfile(_ source.FileResolver, _ *generic.Environment, reader line = strings.TrimSpace(line) groupNameVersion := line - groupNameVersion = strings.Trim(groupNameVersion, "\"") + groupNameVersion = strings.Split(groupNameVersion, "=")[0] parts := strings.Split(groupNameVersion, ":") // we have a version directly specified From d897911521bf8e1b6d62cac1c0874d71e031a320 Mon Sep 17 00:00:00 2001 From: Henry Sachs Date: Thu, 6 Apr 2023 20:17:37 +0200 Subject: [PATCH 5/6] fix: take part directly we split beforehand Signed-off-by: Henry Sachs --- syft/pkg/cataloger/java/parse_gradle_lockfile.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/syft/pkg/cataloger/java/parse_gradle_lockfile.go b/syft/pkg/cataloger/java/parse_gradle_lockfile.go index 0aabf4d1ed9..7248933029e 100644 --- a/syft/pkg/cataloger/java/parse_gradle_lockfile.go +++ b/syft/pkg/cataloger/java/parse_gradle_lockfile.go @@ -41,9 +41,8 @@ func parserGradleLockfile(_ source.FileResolver, _ *generic.Environment, reader // we have a version directly specified if len(parts) == 3 { - version := strings.Split(parts[2], "=") // Create a new Dependency struct and add it to the dependencies slice - dep := LockfileDependency{Group: parts[0], Name: parts[1], Version: version[0]} + dep := LockfileDependency{Group: parts[0], Name: parts[1], Version: parts[2]} dependencies = append(dependencies, dep) } } From 938a5b49cf94426932c8a69691221e4f68c90cbf Mon Sep 17 00:00:00 2001 From: Henry Sachs Date: Thu, 6 Apr 2023 20:43:08 +0200 Subject: [PATCH 6/6] fix: function name Signed-off-by: Henry Sachs --- syft/pkg/cataloger/java/cataloger.go | 2 +- syft/pkg/cataloger/java/parse_gradle_lockfile.go | 2 +- syft/pkg/cataloger/java/parse_gradle_lockfile_test.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/syft/pkg/cataloger/java/cataloger.go b/syft/pkg/cataloger/java/cataloger.go index c20f7b01a17..be880a75723 100644 --- a/syft/pkg/cataloger/java/cataloger.go +++ b/syft/pkg/cataloger/java/cataloger.go @@ -37,5 +37,5 @@ func NewJavaPomCataloger() *generic.Cataloger { // older versions of lockfiles aren't supported yet func NewJavaGradleLockfileCataloger() *generic.Cataloger { return generic.NewCataloger("java-gradle-lockfile-cataloger"). - WithParserByGlobs(parserGradleLockfile, gradleLockfileGlob) + WithParserByGlobs(parseGradleLockfile, gradleLockfileGlob) } diff --git a/syft/pkg/cataloger/java/parse_gradle_lockfile.go b/syft/pkg/cataloger/java/parse_gradle_lockfile.go index 7248933029e..65ea51466f0 100644 --- a/syft/pkg/cataloger/java/parse_gradle_lockfile.go +++ b/syft/pkg/cataloger/java/parse_gradle_lockfile.go @@ -19,7 +19,7 @@ type LockfileDependency struct { Version string } -func parserGradleLockfile(_ source.FileResolver, _ *generic.Environment, reader source.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { +func parseGradleLockfile(_ source.FileResolver, _ *generic.Environment, reader source.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { var pkgs []pkg.Package // Create a new scanner to read the file diff --git a/syft/pkg/cataloger/java/parse_gradle_lockfile_test.go b/syft/pkg/cataloger/java/parse_gradle_lockfile_test.go index 69b13129f3e..65129efcff2 100644 --- a/syft/pkg/cataloger/java/parse_gradle_lockfile_test.go +++ b/syft/pkg/cataloger/java/parse_gradle_lockfile_test.go @@ -46,7 +46,7 @@ func Test_parserGradleLockfile(t *testing.T) { for i := range test.expected { test.expected[i].Locations.Add(source.NewLocation(test.input)) } - pkgtest.TestFileParser(t, test.input, parserGradleLockfile, test.expected, nil) + pkgtest.TestFileParser(t, test.input, parseGradleLockfile, test.expected, nil) }) } }