-
Notifications
You must be signed in to change notification settings - Fork 593
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Parse the Maven license from the pom.xml if not contained in the mani… (
#2115) * Parse the Maven license from the pom.xml if not contained in the manifest Signed-off-by: Colm O hEigeartaigh <[email protected]> * chore: restore 10.0.2 schema Signed-off-by: Christopher Phillips <[email protected]> * chore: generate new 11.0.1 schema Signed-off-by: Christopher Phillips <[email protected]> * refactor: remove schema change Signed-off-by: Christopher Phillips <[email protected]> * test: update unit tests to align with new pattern Signed-off-by: Christopher Phillips <[email protected]> * chore: pr feedback Signed-off-by: Christopher Phillips <[email protected]> * chore: remove struct tags Signed-off-by: Christopher Phillips <[email protected]> * keep license name and url semantics preserved on the pkg object Signed-off-by: Alex Goodman <[email protected]> --------- Signed-off-by: Colm O hEigeartaigh <[email protected]> Signed-off-by: Christopher Phillips <[email protected]> Signed-off-by: Alex Goodman <[email protected]> Co-authored-by: Christopher Angelo Phillips <[email protected]> Co-authored-by: Christopher Phillips <[email protected]> Co-authored-by: Alex Goodman <[email protected]>
- Loading branch information
1 parent
185d0d1
commit 0748945
Showing
6 changed files
with
692 additions
and
83 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,7 +6,6 @@ import ( | |
"io" | ||
"os" | ||
"os/exec" | ||
"path" | ||
"path/filepath" | ||
"strings" | ||
"syscall" | ||
|
@@ -17,6 +16,7 @@ import ( | |
|
||
"github.com/anchore/syft/internal" | ||
"github.com/anchore/syft/syft/file" | ||
"github.com/anchore/syft/syft/license" | ||
"github.com/anchore/syft/syft/pkg" | ||
"github.com/anchore/syft/syft/pkg/cataloger/internal/pkgtest" | ||
) | ||
|
@@ -83,11 +83,13 @@ func generateJavaBuildFixture(t *testing.T, fixturePath string) { | |
|
||
func TestParseJar(t *testing.T) { | ||
tests := []struct { | ||
name string | ||
fixture string | ||
expected map[string]pkg.Package | ||
ignoreExtras []string | ||
}{ | ||
{ | ||
name: "example-jenkins-plugin", | ||
fixture: "test-fixtures/java-builds/packages/example-jenkins-plugin.hpi", | ||
ignoreExtras: []string{ | ||
"Plugin-Version", // has dynamic date | ||
|
@@ -146,6 +148,7 @@ func TestParseJar(t *testing.T) { | |
}, | ||
}, | ||
{ | ||
name: "example-java-app-gradle", | ||
fixture: "test-fixtures/java-builds/packages/example-java-app-gradle-0.1.0.jar", | ||
expected: map[string]pkg.Package{ | ||
"example-java-app-gradle": { | ||
|
@@ -172,6 +175,16 @@ func TestParseJar(t *testing.T) { | |
Language: pkg.Java, | ||
Type: pkg.JavaPkg, | ||
MetadataType: pkg.JavaMetadataType, | ||
Licenses: pkg.NewLicenseSet( | ||
pkg.NewLicenseFromFields( | ||
"Apache 2", | ||
"http://www.apache.org/licenses/LICENSE-2.0.txt", | ||
func() *file.Location { | ||
l := file.NewLocation("test-fixtures/java-builds/packages/example-java-app-gradle-0.1.0.jar") | ||
return &l | ||
}(), | ||
), | ||
), | ||
Metadata: pkg.JavaMetadata{ | ||
// ensure that nested packages with different names than that of the parent are appended as | ||
// a suffix on the virtual path with a colon separator between group name and artifact name | ||
|
@@ -196,6 +209,7 @@ func TestParseJar(t *testing.T) { | |
}, | ||
}, | ||
{ | ||
name: "example-java-app-maven", | ||
fixture: "test-fixtures/java-builds/packages/example-java-app-maven-0.1.0.jar", | ||
ignoreExtras: []string{ | ||
"Build-Jdk", // can't guarantee the JDK used at build time | ||
|
@@ -231,9 +245,19 @@ func TestParseJar(t *testing.T) { | |
}, | ||
}, | ||
"joda-time": { | ||
Name: "joda-time", | ||
Version: "2.9.2", | ||
PURL: "pkg:maven/joda-time/[email protected]", | ||
Name: "joda-time", | ||
Version: "2.9.2", | ||
PURL: "pkg:maven/joda-time/[email protected]", | ||
Licenses: pkg.NewLicenseSet( | ||
pkg.NewLicenseFromFields( | ||
"Apache 2", | ||
"http://www.apache.org/licenses/LICENSE-2.0.txt", | ||
func() *file.Location { | ||
l := file.NewLocation("test-fixtures/java-builds/packages/example-java-app-maven-0.1.0.jar") | ||
return &l | ||
}(), | ||
), | ||
), | ||
Language: pkg.Java, | ||
Type: pkg.JavaPkg, | ||
MetadataType: pkg.JavaMetadataType, | ||
|
@@ -263,7 +287,7 @@ func TestParseJar(t *testing.T) { | |
} | ||
|
||
for _, test := range tests { | ||
t.Run(path.Base(test.fixture), func(t *testing.T) { | ||
t.Run(test.name, func(t *testing.T) { | ||
|
||
generateJavaBuildFixture(t, test.fixture) | ||
|
||
|
@@ -618,7 +642,7 @@ func Test_newPackageFromMavenData(t *testing.T) { | |
tests := []struct { | ||
name string | ||
props pkg.PomProperties | ||
project *pkg.PomProject | ||
project *parsedPomProject | ||
parent *pkg.Package | ||
expectedParent pkg.Package | ||
expectedPackage *pkg.Package | ||
|
@@ -687,18 +711,29 @@ func Test_newPackageFromMavenData(t *testing.T) { | |
ArtifactID: "some-artifact-id", | ||
Version: "1.0", | ||
}, | ||
project: &pkg.PomProject{ | ||
Parent: &pkg.PomParent{ | ||
GroupID: "some-parent-group-id", | ||
ArtifactID: "some-parent-artifact-id", | ||
Version: "1.0-parent", | ||
}, | ||
Name: "some-name", | ||
GroupID: "some-group-id", | ||
ArtifactID: "some-artifact-id", | ||
Version: "1.0", | ||
Description: "desc", | ||
URL: "aweso.me", | ||
project: &parsedPomProject{ | ||
PomProject: &pkg.PomProject{ | ||
Parent: &pkg.PomParent{ | ||
GroupID: "some-parent-group-id", | ||
ArtifactID: "some-parent-artifact-id", | ||
Version: "1.0-parent", | ||
}, | ||
Name: "some-name", | ||
GroupID: "some-group-id", | ||
ArtifactID: "some-artifact-id", | ||
Version: "1.0", | ||
Description: "desc", | ||
URL: "aweso.me", | ||
}, | ||
Licenses: []pkg.License{ | ||
{ | ||
Value: "MIT", | ||
SPDXExpression: "MIT", | ||
Type: license.Declared, | ||
URLs: internal.NewStringSet("https://opensource.org/licenses/MIT"), | ||
Locations: file.NewLocationSet(file.NewLocation("some-license-path")), | ||
}, | ||
}, | ||
}, | ||
parent: &pkg.Package{ | ||
Name: "some-parent-name", | ||
|
@@ -727,6 +762,15 @@ func Test_newPackageFromMavenData(t *testing.T) { | |
Language: pkg.Java, | ||
Type: pkg.JavaPkg, | ||
MetadataType: pkg.JavaMetadataType, | ||
Licenses: pkg.NewLicenseSet( | ||
pkg.License{ | ||
Value: "MIT", | ||
SPDXExpression: "MIT", | ||
Type: license.Declared, | ||
URLs: internal.NewStringSet("https://opensource.org/licenses/MIT"), | ||
Locations: file.NewLocationSet(file.NewLocation("some-license-path")), | ||
}, | ||
), | ||
Metadata: pkg.JavaMetadata{ | ||
VirtualPath: virtualPath + ":" + "some-group-id" + ":" + "some-artifact-id", | ||
PomProperties: &pkg.PomProperties{ | ||
|
Oops, something went wrong.