From 2c97d5de47f3f213a2fd27adb1924a1632bb809b Mon Sep 17 00:00:00 2001 From: Alex Goodman Date: Tue, 12 Nov 2024 09:47:15 -0500 Subject: [PATCH] minor review adjustments Signed-off-by: Alex Goodman --- go.mod | 2 +- internal/task/package_tasks.go | 2 +- syft/internal/packagemetadata/names.go | 2 +- syft/pkg/cataloger/terraform/cataloger.go | 7 ++--- .../pkg/cataloger/terraform/cataloger_test.go | 6 ++-- syft/pkg/cataloger/terraform/parse_tf_lock.go | 9 +++--- syft/pkg/type.go | 28 +++++++++---------- 7 files changed, 27 insertions(+), 29 deletions(-) diff --git a/go.mod b/go.mod index d104b003989..d7f4b3aabf9 100644 --- a/go.mod +++ b/go.mod @@ -89,8 +89,8 @@ require google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirec require ( github.com/BurntSushi/toml v1.4.0 github.com/OneOfOne/xxhash v1.2.8 - github.com/hashicorp/hcl/v2 v2.22.0 github.com/adrg/xdg v0.5.3 + github.com/hashicorp/hcl/v2 v2.22.0 github.com/magiconair/properties v1.8.7 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 ) diff --git a/internal/task/package_tasks.go b/internal/task/package_tasks.go index cb5b69f57bf..35442e145a2 100644 --- a/internal/task/package_tasks.go +++ b/internal/task/package_tasks.go @@ -152,6 +152,6 @@ func DefaultPackageTaskFactories() PackageTaskFactories { ), newSimplePackageTaskFactory(sbomCataloger.NewCataloger, "sbom"), // note: not evidence of installed packages newSimplePackageTaskFactory(wordpress.NewWordpressPluginCataloger, pkgcataloging.DirectoryTag, pkgcataloging.ImageTag, "wordpress"), - newSimplePackageTaskFactory(terraform.NewTerraformCataloger, pkgcataloging.DirectoryTag, "terraform"), + newSimplePackageTaskFactory(terraform.NewLockCataloger, pkgcataloging.DeclaredTag, pkgcataloging.DirectoryTag, "terraform"), } } diff --git a/syft/internal/packagemetadata/names.go b/syft/internal/packagemetadata/names.go index 9a4d42adbcd..7f433ab12dc 100644 --- a/syft/internal/packagemetadata/names.go +++ b/syft/internal/packagemetadata/names.go @@ -109,7 +109,7 @@ var jsonTypes = makeJSONTypes( jsonNamesWithoutLookup(pkg.RustBinaryAuditEntry{}, "rust-cargo-audit-entry", "RustCargoPackageMetadata"), // the legacy value is split into two types, where the other is preferred jsonNames(pkg.WordpressPluginEntry{}, "wordpress-plugin-entry", "WordpressMetadata"), jsonNames(pkg.LuaRocksPackage{}, "luarocks-package"), - jsonNames(pkg.TerraformLockEntry{}, "terraform-lock-entry", "TerraformMetadata"), + jsonNames(pkg.TerraformLockEntry{}, "terraform-lock-entry"), ) func expandLegacyNameVariants(names ...string) []string { diff --git a/syft/pkg/cataloger/terraform/cataloger.go b/syft/pkg/cataloger/terraform/cataloger.go index efdd0940c02..893c0b54a57 100644 --- a/syft/pkg/cataloger/terraform/cataloger.go +++ b/syft/pkg/cataloger/terraform/cataloger.go @@ -5,8 +5,7 @@ import ( "github.com/anchore/syft/syft/pkg/cataloger/generic" ) -func NewTerraformCataloger() pkg.Cataloger { - return generic.NewCataloger("terraform-cataloger"). - WithParserByGlobs(parseTerraformLock, "**/.terraform.lock.hcl"). - WithProcessors() +func NewLockCataloger() pkg.Cataloger { + return generic.NewCataloger("terraform-lock-cataloger"). + WithParserByGlobs(parseTerraformLock, "**/.terraform.lock.hcl") } diff --git a/syft/pkg/cataloger/terraform/cataloger_test.go b/syft/pkg/cataloger/terraform/cataloger_test.go index 695c578fc33..dda41bdd7fa 100644 --- a/syft/pkg/cataloger/terraform/cataloger_test.go +++ b/syft/pkg/cataloger/terraform/cataloger_test.go @@ -11,7 +11,7 @@ import ( ) func TestTerraformCataloger(t *testing.T) { - c := NewTerraformCataloger() + c := NewLockCataloger() fileLoc := file.NewLocation(".terraform.lock.hcl") location := fileLoc.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation) @@ -19,7 +19,7 @@ func TestTerraformCataloger(t *testing.T) { awsProviderPkg := pkg.Package{ Name: "registry.terraform.io/hashicorp/aws", Version: "5.72.1", - FoundBy: "terraform-cataloger", + FoundBy: "terraform-lock-cataloger", Locations: file.NewLocationSet(location), Type: pkg.TerraformPkg, PURL: "pkg:terraform/registry.terraform.io/hashicorp/aws@5.72.1", @@ -52,7 +52,7 @@ func TestTerraformCataloger(t *testing.T) { gcpProviderPkg := pkg.Package{ Name: "registry.terraform.io/hashicorp/google", Version: "6.8.0", - FoundBy: "terraform-cataloger", + FoundBy: "terraform-lock-cataloger", Locations: file.NewLocationSet(location), Type: pkg.TerraformPkg, PURL: "pkg:terraform/registry.terraform.io/hashicorp/google@6.8.0", diff --git a/syft/pkg/cataloger/terraform/parse_tf_lock.go b/syft/pkg/cataloger/terraform/parse_tf_lock.go index a5c7832c4b1..1976fd978f1 100644 --- a/syft/pkg/cataloger/terraform/parse_tf_lock.go +++ b/syft/pkg/cataloger/terraform/parse_tf_lock.go @@ -5,9 +5,9 @@ import ( "fmt" "io" - "github.com/anchore/packageurl-go" "github.com/hashicorp/hcl/v2/hclsimple" + "github.com/anchore/packageurl-go" "github.com/anchore/syft/syft/artifact" "github.com/anchore/syft/syft/file" "github.com/anchore/syft/syft/pkg" @@ -34,10 +34,9 @@ func parseTerraformLock(_ context.Context, _ file.Resolver, _ *generic.Environme pkgs := make([]pkg.Package, 0, len(lockFile.Providers)) for _, provider := range lockFile.Providers { - pkg := pkg.Package{ + p := pkg.Package{ Name: provider.URL, Version: provider.Version, - FoundBy: "terraform-cataloger", Locations: file.NewLocationSet(reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)), Licenses: pkg.NewLicenseSet(), // TODO: license could be found in .terraform/providers/${name}/${version}/${arch}/LICENSE.txt // TODO: Language? @@ -46,9 +45,9 @@ func parseTerraformLock(_ context.Context, _ file.Resolver, _ *generic.Environme PURL: packageurl.NewPackageURL(packageurl.TypeTerraform, "", provider.URL, provider.Version, nil, "").String(), Metadata: provider, } - pkg.SetID() + p.SetID() - pkgs = append(pkgs, pkg) + pkgs = append(pkgs, p) } return pkgs, nil, nil diff --git a/syft/pkg/type.go b/syft/pkg/type.go index 54da790fab8..27b6c773eea 100644 --- a/syft/pkg/type.go +++ b/syft/pkg/type.go @@ -33,6 +33,7 @@ const ( LinuxKernelModulePkg Type = "linux-kernel-module" NixPkg Type = "nix" NpmPkg Type = "npm" + OpamPkg Type = "opam" PhpComposerPkg Type = "php-composer" PhpPeclPkg Type = "php-pecl" PortagePkg Type = "portage" @@ -43,9 +44,8 @@ const ( RustPkg Type = "rust-crate" SwiftPkg Type = "swift" SwiplPackPkg Type = "swiplpack" - OpamPkg Type = "opam" - WordpressPluginPkg Type = "wordpress-plugin" TerraformPkg Type = "terraform" + WordpressPluginPkg Type = "wordpress-plugin" ) // AllPkgs represents all supported package types @@ -72,6 +72,7 @@ var AllPkgs = []Type{ LinuxKernelModulePkg, NixPkg, NpmPkg, + OpamPkg, PhpComposerPkg, PhpPeclPkg, PortagePkg, @@ -82,9 +83,8 @@ var AllPkgs = []Type{ RustPkg, SwiftPkg, SwiplPackPkg, - OpamPkg, - WordpressPluginPkg, TerraformPkg, + WordpressPluginPkg, } // PackageURLType returns the PURL package type for the current package. @@ -133,14 +133,16 @@ func (t Type) PackageURLType() string { return packageurl.TypePyPi case PortagePkg: return "portage" + case LuaRocksPkg: + return packageurl.TypeLuaRocks case NixPkg: return "nix" case NpmPkg: return packageurl.TypeNPM + case OpamPkg: + return "opam" case Rpkg: return packageurl.TypeCran - case LuaRocksPkg: - return packageurl.TypeLuaRocks case RpmPkg: return packageurl.TypeRPM case RustPkg: @@ -149,12 +151,10 @@ func (t Type) PackageURLType() string { return packageurl.TypeSwift case SwiplPackPkg: return "swiplpack" - case OpamPkg: - return "opam" - case WordpressPluginPkg: - return "wordpress-plugin" case TerraformPkg: return "terraform" + case WordpressPluginPkg: + return "wordpress-plugin" default: // TODO: should this be a "generic" purl type instead? return "" @@ -225,18 +225,18 @@ func TypeByName(name string) Type { return LinuxKernelModulePkg case "nix": return NixPkg + case "opam": + return OpamPkg case packageurl.TypeCran: return Rpkg case packageurl.TypeSwift: return SwiftPkg case "swiplpack": return SwiplPackPkg - case "opam": - return OpamPkg - case "wordpress-plugin": - return WordpressPluginPkg case "terraform": return TerraformPkg + case "wordpress-plugin": + return WordpressPluginPkg default: return UnknownPkg }