Skip to content

Use Java package names to determine known groupIDs #2032

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kzantow merged 4 commits into from
Aug 17, 2023
Merged

Use Java package names to determine known groupIDs #2032

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e0e33b8
feat: use java package names to determine known groupids
kzantow Aug 16, 2023
5ed48bc
Merge remote-tracking branch 'origin/main' into feat/spring-groupid
kzantow Aug 17, 2023
4411273
chore: PR feedback
kzantow Aug 17, 2023
86c096e
chore: add apache ant groupIDs
kzantow Aug 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 8 additions & 4 deletions syft/pkg/cataloger/common/cpe/java.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,13 +181,13 @@ func GroupIDsFromJavaPackage(p pkg.Package) (groupIDs []string) {
return nil
}

return GroupIDsFromJavaMetadata(metadata)
return GroupIDsFromJavaMetadata(p.Name, metadata)
}

func GroupIDsFromJavaMetadata(metadata pkg.JavaMetadata) (groupIDs []string) {
func GroupIDsFromJavaMetadata(pkgName string, metadata pkg.JavaMetadata) (groupIDs []string) {
groupIDs = append(groupIDs, groupIDsFromPomProperties(metadata.PomProperties)...)
groupIDs = append(groupIDs, groupIDsFromPomProject(metadata.PomProject)...)
groupIDs = append(groupIDs, groupIDsFromJavaManifest(metadata.Manifest)...)
groupIDs = append(groupIDs, groupIDsFromJavaManifest(pkgName, metadata.Manifest)...)

return groupIDs
}
Expand Down Expand Up @@ -241,7 +241,11 @@ func addGroupIDsFromGroupIDsAndArtifactID(groupID, artifactID string) (groupIDs
return groupIDs
}

func groupIDsFromJavaManifest(manifest *pkg.JavaManifest) []string {
func groupIDsFromJavaManifest(pkgName string, manifest *pkg.JavaManifest) []string {
if groupID, ok := defaultArtifactIDToGroupID[pkgName]; ok {
Comment thread
kzantow marked this conversation as resolved.
return []string{groupID}
}

if manifest == nil {
return nil
}
Expand Down
69 changes: 69 additions & 0 deletions syft/pkg/cataloger/common/cpe/java_groupid_map.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
package cpe

var defaultArtifactIDToGroupID = map[string]string{
"ant": "org.apache.ant",
"ant-antlr": "org.apache.ant",
"ant-antunit": "org.apache.ant",
"ant-apache-bcel": "org.apache.ant",
"ant-apache-bsf": "org.apache.ant",
"ant-apache-log4j": "org.apache.ant",
"ant-apache-oro": "org.apache.ant",
"ant-apache-regexp": "org.apache.ant",
"ant-apache-resolver": "org.apache.ant",
"ant-apache-xalan2": "org.apache.ant",
"ant-commons-logging": "org.apache.ant",
"ant-commons-net": "org.apache.ant",
"ant-compress": "org.apache.ant",
"ant-dotnet": "org.apache.ant",
"ant-imageio": "org.apache.ant",
"ant-jai": "org.apache.ant",
"ant-jakartamail": "org.apache.ant",
"ant-javamail": "org.apache.ant",
"ant-jdepend": "org.apache.ant",
"ant-jmf": "org.apache.ant",
"ant-jsch": "org.apache.ant",
"ant-junit": "org.apache.ant",
"ant-junit4": "org.apache.ant",
"ant-junitlauncher": "org.apache.ant",
"ant-launcher": "org.apache.ant",
"ant-netrexx": "org.apache.ant",
"ant-nodeps": "org.apache.ant",
"ant-parent": "org.apache.ant",
"ant-starteam": "org.apache.ant",
"ant-stylebook": "org.apache.ant",
"ant-swing": "org.apache.ant",
"ant-testutil": "org.apache.ant",
"ant-trax": "org.apache.ant",
"ant-weblogic": "org.apache.ant",
"ant-xz": "org.apache.ant",
"spring": "org.springframework",
"spring-amqp": "org.springframework.amqp",
"spring-batch-core": "org.springframework.batch",
"spring-beans": "org.springframework",
"spring-boot": "org.springframework.boot",
"spring-boot-starter-web": "org.springframework.boot",
"spring-boot-starter-webflux": "org.springframework.boot",
"spring-cloud-function-context": "org.springframework.cloud",
"spring-cloud-function-parent": "org.springframework.cloud",
"spring-cloud-gateway": "org.springframework.cloud",
"spring-cloud-openfeign-core": "org.springframework.cloud",
"spring-cloud-task-dependencies": "org.springframework.cloud",
"spring-core": "org.springframework",
"spring-data-jpa": "org.springframework.data",
"spring-data-mongodb": "org.springframework.data",
"spring-data-rest-core": "org.springframework.data",
"spring-expression": "org.springframework",
"spring-integration-zip": "org.springframework.integration",
"spring-oxm": "org.springframework",
"spring-security-core": "org.springframework.security",
"spring-security-config": "org.springframework.security",
"spring-security-oauth": "org.springframework.security.oauth",
"spring-security-oauth-parent": "org.springframework.security.oauth",
"spring-security-oauth2-client": "org.springframework.security",
"spring-session-core": "org.springframework.session",
"spring-vault-core": "org.springframework.vault",
"spring-web": "org.springframework",
"spring-webflow": "org.springframework.webflow",
"spring-webflux": "org.springframework",
"spring-webmvc": "org.springframework",
}
36 changes: 36 additions & 0 deletions syft/pkg/cataloger/common/cpe/java_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"testing"

"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"

"github.com/anchore/syft/syft/pkg"
)
Expand Down Expand Up @@ -427,3 +428,38 @@ func Test_vendorsFromJavaManifestNames(t *testing.T) {
})
}
}

func Test_groupIDsFromJavaManifest(t *testing.T) {
tests := []struct {
name string
manifest pkg.JavaManifest
expected []string
}{
{
name: "spring-security-core",
manifest: pkg.JavaManifest{},
expected: []string{"org.springframework.security"},
},
{
name: "spring-web",
manifest: pkg.JavaManifest{},
expected: []string{"org.springframework"},
},
{
name: "spring-foo",
manifest: pkg.JavaManifest{
Main: map[string]string{
"Implementation-Vendor": "org.foo",
},
},
expected: []string{"org.foo"},
},
}

for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
got := groupIDsFromJavaManifest(test.name, &test.manifest)
require.Equal(t, test.expected, got)
})
}
}
2 changes: 1 addition & 1 deletion syft/pkg/cataloger/java/package_url.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
// PackageURL returns the PURL for the specific java package (see https://github.com/package-url/purl-spec)
func packageURL(name, version string, metadata pkg.JavaMetadata) string {
var groupID = name
groupIDs := cpe.GroupIDsFromJavaMetadata(metadata)
groupIDs := cpe.GroupIDsFromJavaMetadata(name, metadata)
if len(groupIDs) > 0 {
groupID = groupIDs[0]
}
Expand Down