Skip to content

Commit

Permalink
Add license extraction to RPM extractor and proto.
Browse files Browse the repository at this point in the history
PiperOrigin-RevId: 625411754
  • Loading branch information
Yousef Alowayed authored and copybara-github committed Apr 16, 2024
1 parent 979384a commit 7b7aa0e
Show file tree
Hide file tree
Showing 6 changed files with 76 additions and 2 deletions.
1 change: 1 addition & 0 deletions binary/proto/proto.go
Original file line number Diff line number Diff line change
Expand Up @@ -274,6 +274,7 @@ func setProtoMetadata(meta any, i *spb.Inventory) {
OsBuildId: m.OSBuildID,
Vendor: m.Vendor,
Architecture: m.Architecture,
License: m.License,
},
}
case *cos.Metadata:
Expand Down
56 changes: 54 additions & 2 deletions binary/proto/proto_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ import (
"github.com/google/osv-scalibr/extractor/language/javascript/packagejson"
"github.com/google/osv-scalibr/extractor/language/python/wheelegg"
"github.com/google/osv-scalibr/extractor/os/dpkg"
"github.com/google/osv-scalibr/extractor/os/rpm"
"github.com/google/osv-scalibr/extractor/sbom/spdx"
"github.com/google/osv-scalibr/plugin"
"github.com/google/osv-scalibr/purl"
Expand Down Expand Up @@ -274,6 +275,57 @@ func TestScanResultToProto(t *testing.T) {
Locations: []string{"/file3"},
Extractor: "sbom/spdx",
}
purlRPMInventory := &extractor.Inventory{
Name: "openssh-clients",
Version: "5.3p1",
Metadata: &rpm.Metadata{
PackageName: "openssh-clients",
SourceRPM: "openssh-5.3p1-124.el6_10.src.rpm",
Epoch: 2,
OSID: "rhel",
OSVersionID: "8.9",
OSBuildID: "",
OSName: "Red Hat Enterprise Linux",
Vendor: "CentOS",
Architecture: "x86_64",
License: "BSD",
},
Locations: []string{"/file1"},
Extractor: "os/rpm",
}
purlRPMInventoryProto := &spb.Inventory{
Name: "openssh-clients",
Version: "5.3p1",
Purl: &spb.Purl{
Purl: "pkg:rpm/rhel/[email protected]?arch=x86_64&distro=rhel-8.9&epoch=2&sourcerpm=openssh-5.3p1-124.el6_10.src.rpm",
Type: purl.TypeRPM,
Namespace: "rhel",
Name: "openssh-clients",
Version: "5.3p1",
Qualifiers: []*spb.Qualifier{
&spb.Qualifier{Key: "arch", Value: "x86_64"},
&spb.Qualifier{Key: "distro", Value: "rhel-8.9"},
&spb.Qualifier{Key: "epoch", Value: "2"},
&spb.Qualifier{Key: "sourcerpm", Value: "openssh-5.3p1-124.el6_10.src.rpm"},
},
},
Metadata: &spb.Inventory_RpmMetadata{
RpmMetadata: &spb.RPMPackageMetadata{
PackageName: "openssh-clients",
SourceRpm: "openssh-5.3p1-124.el6_10.src.rpm",
Epoch: 2,
OsId: "rhel",
OsVersionId: "8.9",
OsBuildId: "",
OsName: "Red Hat Enterprise Linux",
Vendor: "CentOS",
Architecture: "x86_64",
License: "BSD",
},
},
Locations: []string{"/file1"},
Extractor: "os/rpm",
}

testCases := []struct {
desc string
Expand All @@ -300,7 +352,7 @@ func TestScanResultToProto(t *testing.T) {
Status: success,
},
},
Inventories: []*extractor.Inventory{purlDPKGInventory, purlPythonInventory, purlJavascriptInventory, cpeInventory},
Inventories: []*extractor.Inventory{purlDPKGInventory, purlPythonInventory, purlJavascriptInventory, cpeInventory, purlRPMInventory},
Findings: []*detector.Finding{
&detector.Finding{
Adv: &detector.Advisory{
Expand Down Expand Up @@ -343,7 +395,7 @@ func TestScanResultToProto(t *testing.T) {
Status: successProto,
},
},
Inventories: []*spb.Inventory{purlDPKGInventoryProto, purlPythonInventoryProto, purlJavascriptInventoryProto, cpeInventoryProto},
Inventories: []*spb.Inventory{purlDPKGInventoryProto, purlPythonInventoryProto, purlJavascriptInventoryProto, cpeInventoryProto, purlRPMInventoryProto},
Findings: []*spb.Finding{
&spb.Finding{
Adv: &spb.Advisory{
Expand Down
1 change: 1 addition & 0 deletions binary/proto/scan_result.proto
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,7 @@ message RPMPackageMetadata {
string os_name = 7;
string vendor = 8;
string architecture = 9;
string license = 10;
}

// The additional data found in COS packages.
Expand Down
6 changes: 6 additions & 0 deletions extractor/os/rpm/extractor.go
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,7 @@ func (e Extractor) Extract(ctx context.Context, input *extractor.ScanInput) ([]*
OSBuildID: m["BUILD_ID"],
Vendor: p.Vendor,
Architecture: p.Architecture,
License: p.License,
}

i := &extractor.Inventory{
Expand Down Expand Up @@ -167,6 +168,7 @@ func (e Extractor) parseRPMDB(path string) ([]rpmPackageInfo, error) {
SourceRPM: pkg.SourceRpm,
Vendor: pkg.Vendor,
Architecture: pkg.Arch,
License: pkg.License,
}

result = append(result, newPkg)
Expand All @@ -184,6 +186,7 @@ type rpmPackageInfo struct {
Maintainer string
Vendor string
Architecture string
License string
}

func toNamespace(m *Metadata) string {
Expand Down Expand Up @@ -227,6 +230,9 @@ func (e Extractor) ToPURL(i *extractor.Inventory) (*purl.PackageURL, error) {
if m.SourceRPM != "" {
q[purl.SourceRPM] = m.SourceRPM
}
if m.Architecture != "" {
q[purl.Arch] = m.Architecture
}
return &purl.PackageURL{
Type: purl.TypeRPM,
Namespace: toNamespace(m),
Expand Down
13 changes: 13 additions & 0 deletions extractor/os/rpm/extractor_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,7 @@ func TestExtract(t *testing.T) {
OSName: "Fedora Linux",
Vendor: "SUSE LLC <https://www.suse.com/>",
Architecture: "x86_64",
License: "GPL-2.0+",
},
},
&extractor.Inventory{
Expand All @@ -134,6 +135,7 @@ func TestExtract(t *testing.T) {
OSVersionID: "38",
Vendor: "SUSE LLC <https://www.suse.com/>",
Architecture: "x86_64",
License: "GPL-3.0-or-later",
},
},
&extractor.Inventory{
Expand All @@ -150,6 +152,7 @@ func TestExtract(t *testing.T) {
OSName: "Fedora Linux",
Vendor: "SUSE LLC <https://www.suse.com/>",
Architecture: "x86_64",
License: "GPL-3.0-or-later",
},
},
},
Expand All @@ -175,6 +178,7 @@ func TestExtract(t *testing.T) {
OSName: "Fedora Linux",
Vendor: "CentOS",
Architecture: "x86_64",
License: "GPLv2+",
},
},
&extractor.Inventory{
Expand All @@ -191,6 +195,7 @@ func TestExtract(t *testing.T) {
OSName: "Fedora Linux",
Vendor: "CentOS",
Architecture: "x86_64",
License: "LGPLv2+",
},
},
&extractor.Inventory{
Expand All @@ -207,6 +212,7 @@ func TestExtract(t *testing.T) {
OSName: "Fedora Linux",
Vendor: "CentOS",
Architecture: "noarch",
License: "Public Domain",
},
},
},
Expand Down Expand Up @@ -261,6 +267,7 @@ func TestExtract(t *testing.T) {
OSName: "Fedora Linux",
Vendor: "Rocky Enterprise Software Foundation",
Architecture: "x86_64",
License: "GPLv2",
},
},
&extractor.Inventory{
Expand All @@ -277,6 +284,7 @@ func TestExtract(t *testing.T) {
OSName: "Fedora Linux",
Vendor: "Rocky Enterprise Software Foundation",
Architecture: "x86_64",
License: "LGPLv2+",
},
},
&extractor.Inventory{
Expand All @@ -293,6 +301,7 @@ func TestExtract(t *testing.T) {
OSName: "Fedora Linux",
Vendor: "Rocky Enterprise Software Foundation",
Architecture: "noarch",
License: "Public Domain",
},
},
},
Expand All @@ -318,6 +327,7 @@ func TestExtract(t *testing.T) {
OSBuildID: "asdf",
Vendor: "Rocky Enterprise Software Foundation",
Architecture: "x86_64",
License: "GPLv2",
},
},
&extractor.Inventory{
Expand All @@ -333,6 +343,7 @@ func TestExtract(t *testing.T) {
OSBuildID: "asdf",
Vendor: "Rocky Enterprise Software Foundation",
Architecture: "x86_64",
License: "LGPLv2+",
},
},
&extractor.Inventory{
Expand All @@ -348,6 +359,7 @@ func TestExtract(t *testing.T) {
OSBuildID: "asdf",
Vendor: "Rocky Enterprise Software Foundation",
Architecture: "noarch",
License: "Public Domain",
},
},
},
Expand Down Expand Up @@ -380,6 +392,7 @@ func TestExtract(t *testing.T) {
OSName: "Fedora",
OSVersionID: "32",
Architecture: "x86_64",
License: "GPL",
},
},
},
Expand Down
1 change: 1 addition & 0 deletions extractor/os/rpm/metadata.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,5 @@ type Metadata struct {
OSBuildID string
Vendor string
Architecture string
License string
}

0 comments on commit 7b7aa0e

Please sign in to comment.