diff --git a/internal/relationship/binary/binary_dependencies.go b/internal/relationship/binary/binary_dependencies.go index b23b42b9a42..210f88114c3 100644 --- a/internal/relationship/binary/binary_dependencies.go +++ b/internal/relationship/binary/binary_dependencies.go @@ -36,8 +36,7 @@ func generateRelationships(resolver file.Resolver, accessor sbomsync.Accessor, i newRelationships.Add(r) } } - - for _, parentPkg := range s.Artifacts.Packages.Sorted(pkg.BinaryPkg) { + for _, parentPkg := range allElfPackages(s) { for _, evidentLocation := range parentPkg.Locations.ToSlice() { if evidentLocation.Annotations[pkg.EvidenceAnnotationKey] != pkg.PrimaryEvidenceAnnotation { continue @@ -101,7 +100,7 @@ func onlyPrimaryEvidenceLocations(p pkg.Package) []file.Location { func allElfPackages(s *sbom.SBOM) []pkg.Package { var elfPkgs []pkg.Package - for _, p := range s.Artifacts.Packages.Sorted(pkg.BinaryPkg) { + for _, p := range s.Artifacts.Packages.Sorted() { if !isElfPackage(p) { continue } diff --git a/internal/relationship/binary/binary_dependencies_test.go b/internal/relationship/binary/binary_dependencies_test.go index 33c6436c351..ea524fa1f7c 100644 --- a/internal/relationship/binary/binary_dependencies_test.go +++ b/internal/relationship/binary/binary_dependencies_test.go @@ -50,6 +50,22 @@ func TestPackagesToRemove(t *testing.T) { } glibCBinaryELFPackage.SetID() + glibCBinaryELFPackageAsRPM := pkg.Package{ + Name: "glibc", + Locations: file.NewLocationSet( + file.NewLocation(glibcCoordinate.RealPath).WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation), + ), + Type: pkg.RpmPkg, // note: the elf package claims it is a RPM, not binary + Metadata: pkg.ELFBinaryPackageNoteJSONPayload{ + Type: "rpm", + Vendor: "syft", + System: "syftsys", + SourceRepo: "https://github.com/someone/somewhere.git", + Commit: "5534c38d0ffef9a3f83154f0b7a7fb6ab0ab6dbb", + }, + } + glibCBinaryELFPackageAsRPM.SetID() + glibCBinaryClassifierPackage := pkg.Package{ Name: "glibc", Locations: file.NewLocationSet( @@ -83,9 +99,15 @@ func TestPackagesToRemove(t *testing.T) { want: []artifact.ID{glibCBinaryELFPackage.ID()}, }, { - name: "remove no packages when there is a single binary package", + name: "keep packages that are overlapping rpm --> binary when the binary self identifies as an RPM", resolver: file.NewMockResolverForPaths(glibcCoordinate.RealPath), - accessor: newAccessor([]pkg.Package{glibCBinaryELFPackage}, map[file.Coordinates]file.Executable{}, nil), + accessor: newAccessor([]pkg.Package{glibCPackage, glibCBinaryELFPackageAsRPM}, map[file.Coordinates]file.Executable{}, nil), + want: []artifact.ID{}, + }, + { + name: "remove no packages when there is a single binary package (or self identifying RPM)", + resolver: file.NewMockResolverForPaths(glibcCoordinate.RealPath), + accessor: newAccessor([]pkg.Package{glibCBinaryELFPackage, glibCBinaryELFPackageAsRPM}, map[file.Coordinates]file.Executable{}, nil), want: []artifact.ID{}, }, { @@ -173,9 +195,9 @@ func TestNewDependencyRelationships(t *testing.T) { file.NewLocation(parallelLibCoordinate.RealPath).WithAnnotation(pkg.EvidenceAnnotationKey, pkg.SupportingEvidenceAnnotation), ), Language: "", - Type: pkg.BinaryPkg, + Type: pkg.RpmPkg, Metadata: pkg.ELFBinaryPackageNoteJSONPayload{ - Type: "testfixture", + Type: "rpm", Vendor: "syft", System: "syftsys", SourceRepo: "https://github.com/someone/somewhere.git",