remove dead code; get tests passing with upgraded syft 0.43.0

go.mod

@@ -7,15 +7,16 @@ require (
 	github.com/Masterminds/semver/v3 v3.1.1
 	github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04
 	github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b
-	github.com/anchore/stereoscope v0.0.0-20220322123031-7a744f443e99
-	github.com/anchore/syft v0.42.2
+	github.com/anchore/stereoscope v0.0.0-20220330165332-7fc73ee7b0f0
+	github.com/anchore/syft v0.43.0
 	github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5
 	github.com/gabriel-vasile/mimetype v1.4.0
+	github.com/google/go-cmp v0.5.7
 	github.com/google/uuid v1.3.0
 	github.com/onsi/gomega v1.18.1
 	github.com/pelletier/go-toml v1.9.4
 	github.com/sclevine/spec v1.4.0
-	github.com/scylladb/go-set v1.0.2
+	github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e
 	github.com/sergi/go-diff v1.2.0
 	github.com/stretchr/testify v1.7.0
 	github.com/ulikunitz/xz v0.5.10

sbom/internal/formats/common/testutils/utils.go

@@ -157,9 +157,9 @@ func populateImageCatalog(catalog *pkg.Catalog, img *image.Image) {
 	catalog.Add(pkg.Package{
 		Name:    "package-1",
 		Version: "1.0.1",
-		Locations: []source.Location{
+		Locations: source.NewLocationSet(
 			source.NewLocationFromImage(string(ref1.RealPath), *ref1, img),
-		},
+		),
 		Type:         pkg.PythonPkg,
 		FoundBy:      "the-cataloger-1",
 		Language:     pkg.Python,
@@ -177,9 +177,9 @@ func populateImageCatalog(catalog *pkg.Catalog, img *image.Image) {
 	catalog.Add(pkg.Package{
 		Name:    "package-2",
 		Version: "2.0.1",
-		Locations: []source.Location{
+		Locations: source.NewLocationSet(
 			source.NewLocationFromImage(string(ref2.RealPath), *ref2, img),
-		},
+		),
 		Type:         pkg.DebPkg,
 		FoundBy:      "the-cataloger-2",
 		MetadataType: pkg.DpkgMetadataType,
@@ -234,9 +234,9 @@ func newDirectoryCatalog() *pkg.Catalog {
 		Version: "1.0.1",
 		Type:    pkg.PythonPkg,
 		FoundBy: "the-cataloger-1",
-		Locations: []source.Location{
+		Locations: source.NewLocationSet(
 			source.NewLocation("/some/path/pkg1"),
-		},
+		),
 		Language:     pkg.Python,
 		MetadataType: pkg.PythonPackageMetadataType,
 		Licenses:     []string{"MIT"},
@@ -259,9 +259,9 @@ func newDirectoryCatalog() *pkg.Catalog {
 		Version: "2.0.1",
 		Type:    pkg.DebPkg,
 		FoundBy: "the-cataloger-2",
-		Locations: []source.Location{
+		Locations: source.NewLocationSet(
 			source.NewLocation("/some/path/pkg1"),
-		},
+		),
 		MetadataType: pkg.DpkgMetadataType,
 		Metadata: pkg.DpkgMetadata{
 			Package: "package-2",

sbom/internal/formats/cyclonedx13/cyclonedxhelpers/author.go

@@ -30,19 +30,3 @@ func encodeAuthor(p pkg.Package) string {
 	}
 	return ""
 }
-
-//nolint:unused
-func decodeAuthor(author string, metadata interface{}) {
-	switch meta := metadata.(type) {
-	case *pkg.NpmPackageJSONMetadata:
-		meta.Author = author
-	case *pkg.PythonPackageMetadata:
-		parts := strings.SplitN(author, " <", 2)
-		meta.Author = parts[0]
-		if len(parts) > 1 {
-			meta.AuthorEmail = strings.TrimSuffix(parts[1], ">")
-		}
-	case *pkg.GemMetadata:
-		meta.Authors = strings.Split(author, ",")
-	}
-}

sbom/internal/formats/cyclonedx13/cyclonedxhelpers/component.go

@@ -1,20 +1,17 @@
 package cyclonedxhelpers
 
 import (
-	"reflect"
-
 	"github.com/anchore/syft/syft/pkg"
-	"github.com/anchore/syft/syft/source"
-	"github.com/paketo-buildpacks/packit/v2/sbom/internal/formats/common"
 	"github.com/paketo-buildpacks/packit/v2/sbom/internal/formats/cyclonedx13/cyclonedx"
 )
 
 // Relies on cycloneDX published structs
 func encodeComponent(p pkg.Package) cyclonedx.Component {
 	props := encodeProperties(p, "syft:package")
 	props = append(props, encodeCPEs(p)...)
-	if len(p.Locations) > 0 {
-		props = append(props, encodeProperties(p.Locations, "syft:location")...)
+	locations := p.Locations.ToSlice()
+	if len(locations) > 0 {
+		props = append(props, encodeProperties(locations, "syft:location")...)
 	}
 	if hasMetadata(p) {
 		props = append(props, encodeProperties(p.Metadata, "syft:metadata")...)
@@ -44,61 +41,3 @@ func encodeComponent(p pkg.Package) cyclonedx.Component {
 func hasMetadata(p pkg.Package) bool {
 	return p.Metadata != nil
 }
-
-//nolint:unused,deadcode
-func decodeComponent(c *cyclonedx.Component) *pkg.Package {
-	values := map[string]string{}
-	for _, p := range *c.Properties {
-		values[p.Name] = p.Value
-	}
-
-	p := &pkg.Package{
-		Name:      c.Name,
-		Version:   c.Version,
-		Locations: decodeLocations(values),
-		Licenses:  decodeLicenses(c),
-		CPEs:      decodeCPEs(c),
-		PURL:      c.PackageURL,
-	}
-
-	common.DecodeInto(p, values, "syft:package", CycloneDXFields)
-
-	p.Metadata = decodePackageMetadata(values, c, p.MetadataType)
-
-	if p.Type == "" {
-		p.Type = pkg.TypeFromPURL(p.PURL)
-	}
-
-	return p
-}
-
-//nolint:unused
-func decodeLocations(vals map[string]string) []source.Location {
-	v := common.Decode(reflect.TypeOf([]source.Location{}), vals, "syft:location", CycloneDXFields)
-	out, _ := v.([]source.Location)
-	return out
-}
-
-//nolint:unused
-func decodePackageMetadata(vals map[string]string, c *cyclonedx.Component, typ pkg.MetadataType) interface{} {
-	if typ != "" && c.Properties != nil {
-		metaTyp, ok := pkg.MetadataTypeByName[typ]
-		if !ok {
-			return nil
-		}
-		metaPtrTyp := reflect.PtrTo(metaTyp)
-		metaPtr := common.Decode(metaPtrTyp, vals, "syft:metadata", CycloneDXFields)
-
-		// Map all explicit metadata properties
-		decodeAuthor(c.Author, metaPtr)
-		decodeGroup(c.Group, metaPtr)
-		decodePublisher(c.Publisher, metaPtr)
-		decodeDescription(c.Description, metaPtr)
-		decodeExternalReferences(c, metaPtr)
-
-		// return the actual interface{} -> struct ... not interface{} -> *struct
-		return common.PtrToStruct(metaPtr)
-	}
-
-	return nil
-}

sbom/internal/formats/cyclonedx13/cyclonedxhelpers/component_test.go

@@ -27,9 +27,9 @@ func Test_encodeComponentProperties(t *testing.T) {
 			name: "from apk",
 			input: pkg.Package{
 				FoundBy: "cataloger",
-				Locations: []source.Location{
-					{Coordinates: source.Coordinates{RealPath: "test"}},
-				},
+				Locations: source.NewLocationSet(
+					source.Location{Coordinates: source.Coordinates{RealPath: "test"}},
+				),
 				Metadata: pkg.ApkMetadata{
 					Package:          "libc-utils",
 					OriginPackage:    "libc-dev",

sbom/internal/formats/cyclonedx13/cyclonedxhelpers/cpe.go

@@ -29,30 +29,3 @@ func encodeCPEs(p pkg.Package) (out []cyclonedx.Property) {
 	}
 	return
 }
-
-//nolint:unused
-func decodeCPEs(c *cyclonedx.Component) (out []pkg.CPE) {
-	if c.CPE != "" {
-		cp, err := pkg.NewCPE(c.CPE)
-		if err != nil {
-			// log.Warnf("invalid CPE: %s", c.CPE)
-		} else {
-			out = append(out, cp)
-		}
-	}
-
-	if c.Properties != nil {
-		for _, p := range *c.Properties {
-			if p.Name == "syft:cpe23" {
-				cp, err := pkg.NewCPE(p.Value)
-				if err != nil {
-					// log.Warnf("invalid CPE: %s", p.Value)
-				} else {
-					out = append(out, cp)
-				}
-			}
-		}
-	}
-
-	return
-}

sbom/internal/formats/cyclonedx13/cyclonedxhelpers/description.go

@@ -13,13 +13,3 @@ func encodeDescription(p pkg.Package) string {
 	}
 	return ""
 }
-
-//nolint:unused
-func decodeDescription(description string, metadata interface{}) {
-	switch meta := metadata.(type) {
-	case *pkg.ApkMetadata:
-		meta.Description = description
-	case *pkg.NpmPackageJSONMetadata:
-		meta.Description = description
-	}
-}

sbom/internal/formats/cyclonedx13/cyclonedxhelpers/external_references.go

@@ -2,7 +2,6 @@ package cyclonedxhelpers
 
 import (
 	"fmt"
-	"strings"
 
 	"github.com/anchore/syft/syft/pkg"
 	"github.com/paketo-buildpacks/packit/v2/sbom/internal/formats/cyclonedx13/cyclonedx"
@@ -66,55 +65,3 @@ func encodeExternalReferences(p pkg.Package) *[]cyclonedx.ExternalReference {
 	}
 	return nil
 }
-
-//nolint:unused
-func decodeExternalReferences(c *cyclonedx.Component, metadata interface{}) {
-	if c.ExternalReferences == nil {
-		return
-	}
-	switch meta := metadata.(type) {
-	case *pkg.ApkMetadata:
-		meta.URL = refURL(c, cyclonedx.ERTypeDistribution)
-	case *pkg.CargoPackageMetadata:
-		meta.Source = refURL(c, cyclonedx.ERTypeDistribution)
-	case *pkg.NpmPackageJSONMetadata:
-		meta.URL = refURL(c, cyclonedx.ERTypeDistribution)
-		meta.Homepage = refURL(c, cyclonedx.ERTypeWebsite)
-	case *pkg.GemMetadata:
-		meta.Homepage = refURL(c, cyclonedx.ERTypeWebsite)
-	case *pkg.PythonPackageMetadata:
-		if meta.DirectURLOrigin == nil {
-			meta.DirectURLOrigin = &pkg.PythonDirectURLOriginInfo{}
-		}
-		meta.DirectURLOrigin.URL = refURL(c, cyclonedx.ERTypeVCS)
-		meta.DirectURLOrigin.CommitID = strings.TrimPrefix(refComment(c, cyclonedx.ERTypeVCS), "commit: ")
-	}
-}
-
-//nolint:unused
-func findExternalRef(c *cyclonedx.Component, typ cyclonedx.ExternalReferenceType) *cyclonedx.ExternalReference {
-	if c.ExternalReferences != nil {
-		for _, r := range *c.ExternalReferences {
-			if r.Type == typ {
-				return &r
-			}
-		}
-	}
-	return nil
-}
-
-//nolint:unused
-func refURL(c *cyclonedx.Component, typ cyclonedx.ExternalReferenceType) string {
-	if r := findExternalRef(c, typ); r != nil {
-		return r.URL
-	}
-	return ""
-}
-
-//nolint:unused
-func refComment(c *cyclonedx.Component, typ cyclonedx.ExternalReferenceType) string {
-	if r := findExternalRef(c, typ); r != nil {
-		return r.Comment
-	}
-	return ""
-}

sbom/internal/formats/cyclonedx13/cyclonedxhelpers/group.go

@@ -10,13 +10,3 @@ func encodeGroup(p pkg.Package) string {
 	}
 	return ""
 }
-
-//nolint:unused
-func decodeGroup(group string, metadata interface{}) {
-	if meta, ok := metadata.(*pkg.JavaMetadata); ok {
-		if meta.PomProperties == nil {
-			meta.PomProperties = &pkg.PomProperties{}
-		}
-		meta.PomProperties.GroupID = group
-	}
-}

sbom/internal/formats/cyclonedx13/cyclonedxhelpers/licenses.go

@@ -23,13 +23,3 @@ func encodeLicenses(p pkg.Package) *cyclonedx.Licenses {
 	}
 	return nil
 }
-
-//nolint:unused
-func decodeLicenses(c *cyclonedx.Component) (out []string) {
-	if c.Licenses != nil {
-		for _, l := range *c.Licenses {
-			out = append(out, l.License.ID)
-		}
-	}
-	return
-}

sbom/internal/formats/cyclonedx13/cyclonedxhelpers/publisher.go

@@ -17,15 +17,3 @@ func encodePublisher(p pkg.Package) string {
 	}
 	return ""
 }
-
-//nolint:unused
-func decodePublisher(publisher string, metadata interface{}) {
-	switch meta := metadata.(type) {
-	case *pkg.ApkMetadata:
-		meta.Maintainer = publisher
-	case *pkg.RpmdbMetadata:
-		meta.Vendor = publisher
-	case *pkg.DpkgMetadata:
-		meta.Maintainer = publisher
-	}
-}

sbom/internal/formats/syft2/encoder_test.go

@@ -44,13 +44,13 @@ func TestEncodeFullJSONDocument(t *testing.T) {
 	p1 := pkg.Package{
 		Name:    "package-1",
 		Version: "1.0.1",
-		Locations: []source.Location{
-			{
+		Locations: source.NewLocationSet(
+			source.Location{
 				Coordinates: source.Coordinates{
 					RealPath: "/a/place/a",
 				},
 			},
-		},
+		),
 		Type:         pkg.PythonPkg,
 		FoundBy:      "the-cataloger-1",
 		Language:     pkg.Python,
@@ -70,13 +70,13 @@ func TestEncodeFullJSONDocument(t *testing.T) {
 	p2 := pkg.Package{
 		Name:    "package-2",
 		Version: "2.0.1",
-		Locations: []source.Location{
-			{
+		Locations: source.NewLocationSet(
+			source.Location{
 				Coordinates: source.Coordinates{
 					RealPath: "/b/place/b",
 				},
 			},
-		},
+		),
 		Type:         pkg.DebPkg,
 		FoundBy:      "the-cataloger-2",
 		MetadataType: pkg.DpkgMetadataType,

sbom/internal/formats/syft2/test-fixtures/snapshot/TestDirectoryEncoder.golden

@@ -1,7 +1,7 @@
 {
  "artifacts": [
   {
-   "id": "1d97af55efe9512f",
+   "id": "b85dbb4e6ece5082",
    "name": "package-1",
    "version": "1.0.1",
    "type": "python",
@@ -36,7 +36,7 @@
    }
   },
   {
-   "id": "ad3d1c4abd84bf75",
+   "id": "ceda99598967ae8d",
    "name": "package-2",
    "version": "2.0.1",
    "type": "deb",