Correct CycloneDX distro decoding (#745)

anchore · Mar 11, 2022 · 6c8102b · 6c8102b
1 parent 7789506
commit 6c8102b
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 23 deletions.
diff --git a/internal/formats/common/cyclonedxhelpers/decoder.go b/internal/formats/common/cyclonedxhelpers/decoder.go
@@ -5,6 +5,8 @@ import (
 	"io"
 
 	"github.com/CycloneDX/cyclonedx-go"
+
+	"github.com/anchore/syft/internal/formats/common"
 	"github.com/anchore/syft/syft/artifact"
 	"github.com/anchore/syft/syft/linux"
 	"github.com/anchore/syft/syft/pkg"
@@ -157,6 +159,14 @@ func linuxReleaseFromOSComponent(component *cyclonedx.Component) *linux.Release
 		}
 	}
 
+	if component.Properties != nil {
+		values := map[string]string{}
+		for _, p := range *component.Properties {
+			values[p.Name] = p.Value
+		}
+		common.DecodeInto(&rel, values, "syft:distro", CycloneDXFields)
+	}
+
 	return rel
 }
 

diff --git a/test/integration/encode_decode_cycle_test.go b/test/integration/encode_decode_cycle_test.go
@@ -54,35 +54,38 @@ func TestEncodeDecodeEncodeCycleComparison(t *testing.T) {
 	for _, test := range tests {
 		t.Run(string(test.formatOption), func(t *testing.T) {
 
-			originalSBOM, _ := catalogFixtureImage(t, "image-pkg-coverage")
+			// use second image for relationships
+			for _, image := range []string{"image-pkg-coverage", "image-owning-package"} {
+				originalSBOM, _ := catalogFixtureImage(t, image)
 
-			format := syft.FormatByID(test.formatOption)
-			require.NotNil(t, format)
+				format := syft.FormatByID(test.formatOption)
+				require.NotNil(t, format)
 
-			by1, err := syft.Encode(originalSBOM, format)
-			assert.NoError(t, err)
+				by1, err := syft.Encode(originalSBOM, format)
+				assert.NoError(t, err)
 
-			newSBOM, newFormat, err := syft.Decode(bytes.NewReader(by1))
-			assert.NoError(t, err)
-			assert.Equal(t, format.ID(), newFormat.ID())
+				newSBOM, newFormat, err := syft.Decode(bytes.NewReader(by1))
+				assert.NoError(t, err)
+				assert.Equal(t, format.ID(), newFormat.ID())
 
-			by2, err := syft.Encode(*newSBOM, format)
-			assert.NoError(t, err)
+				by2, err := syft.Encode(*newSBOM, format)
+				assert.NoError(t, err)
 
-			if test.redactor != nil {
-				by1 = test.redactor(by1)
-				by2 = test.redactor(by2)
-			}
+				if test.redactor != nil {
+					by1 = test.redactor(by1)
+					by2 = test.redactor(by2)
+				}
 
-			if test.json {
-				s1 := string(by1)
-				s2 := string(by2)
-				assert.JSONEq(t, s1, s2)
-			} else {
-				if !assert.True(t, bytes.Equal(by1, by2)) {
-					dmp := diffmatchpatch.New()
-					diffs := dmp.DiffMain(string(by1), string(by2), true)
-					t.Errorf("diff: %s", dmp.DiffPrettyText(diffs))
+				if test.json {
+					s1 := string(by1)
+					s2 := string(by2)
+					assert.JSONEq(t, s1, s2)
+				} else {
+					if !assert.True(t, bytes.Equal(by1, by2)) {
+						dmp := diffmatchpatch.New()
+						diffs := dmp.DiffMain(string(by1), string(by2), true)
+						t.Errorf("diff: %s", dmp.DiffPrettyText(diffs))
+					}
 				}
 			}
 		})