diff --git a/internal/constants.go b/internal/constants.go index 9e023db95d9..a5b3f8dc795 100644 --- a/internal/constants.go +++ b/internal/constants.go @@ -6,5 +6,5 @@ const ( // JSONSchemaVersion is the current schema version output by the JSON encoder // This is roughly following the "SchemaVer" guidelines for versioning the JSON schema. Please see schema/json/README.md for details on how to increment. - JSONSchemaVersion = "6.2.0" + JSONSchemaVersion = "7.0.0" ) diff --git a/internal/logicalstrings.go b/internal/logicalstrings.go index f2288af4a89..0620d2fd5d5 100644 --- a/internal/logicalstrings.go +++ b/internal/logicalstrings.go @@ -3,6 +3,8 @@ package internal import ( "fmt" "strings" + + "github.com/invopop/jsonschema" ) type Joiner string @@ -47,6 +49,20 @@ func (l LogicalStrings) String() string { return strings.Join(parts, fmt.Sprintf(" %s ", joiner)) } +func (l LogicalStrings) MarshalJSON() ([]byte, error) { + return []byte(fmt.Sprintf(`"%s"`, l.String())), nil +} + +func (l *LogicalStrings) UnmarshalJSON(data []byte) error { + raw := strings.Trim(string(data), `"`) + ls, err := ParseLogicalStrings(raw) + if err != nil { + return err + } + *l = ls + return nil +} + // Process processes each simple element inside the LogicalStrings through a provided function, // returning a new LogicalStrings with the fields replaced. func (l LogicalStrings) Process(f func(string) string) LogicalStrings { @@ -70,6 +86,14 @@ func (l LogicalStrings) Elements() []string { return elements } +func (l LogicalStrings) JSONSchema() *jsonschema.Schema { + return &jsonschema.Schema{ + Type: "string", + Title: "Logical Strings", + Description: "strings with simple or complex logical combinations", + } +} + // ParseLogicalStrings parse strings joined by AND or OR, as well as compounded by ( and ), into a LogicalStrings struct func ParseLogicalStrings(s string) (LogicalStrings, error) { var ( @@ -105,7 +129,9 @@ func ParseLogicalStrings(s string) (LogicalStrings, error) { } if currentExpression != "" { simple, joiner := parseSimpleExpression(currentExpression) - currentLS.Simple = append(currentLS.Simple, simple...) + if len(simple) > 0 { + currentLS.Simple = append(currentLS.Simple, simple...) + } currentLS.Joiner = joiner } return currentLS, nil diff --git a/schema/json/schema-7.0.0.json b/schema/json/schema-7.0.0.json new file mode 100644 index 00000000000..575f51e5355 --- /dev/null +++ b/schema/json/schema-7.0.0.json @@ -0,0 +1,1617 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://github.com/anchore/syft/syft/formats/syftjson/model/document", + "$ref": "#/$defs/Document", + "$defs": { + "AlpmFileRecord": { + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + }, + "uid": { + "type": "string" + }, + "gid": { + "type": "string" + }, + "time": { + "type": "string", + "format": "date-time" + }, + "size": { + "type": "string" + }, + "link": { + "type": "string" + }, + "digest": { + "items": { + "$ref": "#/$defs/Digest" + }, + "type": "array" + } + }, + "type": "object" + }, + "AlpmMetadata": { + "properties": { + "basepackage": { + "type": "string" + }, + "package": { + "type": "string" + }, + "version": { + "type": "string" + }, + "description": { + "type": "string" + }, + "architecture": { + "type": "string" + }, + "size": { + "type": "integer" + }, + "packager": { + "type": "string" + }, + "license": { + "type": "string" + }, + "url": { + "type": "string" + }, + "validation": { + "type": "string" + }, + "reason": { + "type": "integer" + }, + "files": { + "items": { + "$ref": "#/$defs/AlpmFileRecord" + }, + "type": "array" + }, + "backup": { + "items": { + "$ref": "#/$defs/AlpmFileRecord" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "basepackage", + "package", + "version", + "description", + "architecture", + "size", + "packager", + "license", + "url", + "validation", + "reason", + "files", + "backup" + ] + }, + "ApkFileRecord": { + "properties": { + "path": { + "type": "string" + }, + "ownerUid": { + "type": "string" + }, + "ownerGid": { + "type": "string" + }, + "permissions": { + "type": "string" + }, + "digest": { + "$ref": "#/$defs/Digest" + } + }, + "type": "object", + "required": [ + "path" + ] + }, + "ApkMetadata": { + "properties": { + "package": { + "type": "string" + }, + "originPackage": { + "type": "string" + }, + "maintainer": { + "type": "string" + }, + "version": { + "type": "string" + }, + "license": { + "type": "string" + }, + "architecture": { + "type": "string" + }, + "url": { + "type": "string" + }, + "description": { + "type": "string" + }, + "size": { + "type": "integer" + }, + "installedSize": { + "type": "integer" + }, + "pullDependencies": { + "items": { + "type": "string" + }, + "type": "array" + }, + "provides": { + "items": { + "type": "string" + }, + "type": "array" + }, + "pullChecksum": { + "type": "string" + }, + "gitCommitOfApkPort": { + "type": "string" + }, + "files": { + "items": { + "$ref": "#/$defs/ApkFileRecord" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "package", + "originPackage", + "maintainer", + "version", + "license", + "architecture", + "url", + "description", + "size", + "installedSize", + "pullDependencies", + "provides", + "pullChecksum", + "gitCommitOfApkPort", + "files" + ] + }, + "BinaryMetadata": { + "properties": { + "classifier": { + "type": "string" + }, + "realPath": { + "type": "string" + }, + "virtualPath": { + "type": "string" + } + }, + "type": "object", + "required": [ + "classifier", + "realPath", + "virtualPath" + ] + }, + "CargoPackageMetadata": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "source": { + "type": "string" + }, + "checksum": { + "type": "string" + }, + "dependencies": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "name", + "version", + "source", + "checksum", + "dependencies" + ] + }, + "CocoapodsMetadata": { + "properties": { + "checksum": { + "type": "string" + } + }, + "type": "object", + "required": [ + "checksum" + ] + }, + "ConanLockMetadata": { + "properties": { + "ref": { + "type": "string" + }, + "package_id": { + "type": "string" + }, + "prev": { + "type": "string" + }, + "requires": { + "type": "string" + }, + "build_requires": { + "type": "string" + }, + "py_requires": { + "type": "string" + }, + "options": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "path": { + "type": "string" + }, + "context": { + "type": "string" + } + }, + "type": "object", + "required": [ + "ref" + ] + }, + "ConanMetadata": { + "properties": { + "ref": { + "type": "string" + } + }, + "type": "object", + "required": [ + "ref" + ] + }, + "Coordinates": { + "properties": { + "path": { + "type": "string" + }, + "layerID": { + "type": "string" + } + }, + "type": "object", + "required": [ + "path" + ] + }, + "DartPubMetadata": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "hosted_url": { + "type": "string" + }, + "vcs_url": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "version" + ] + }, + "Descriptor": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "configuration": true + }, + "type": "object", + "required": [ + "name", + "version" + ] + }, + "Digest": { + "properties": { + "algorithm": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "algorithm", + "value" + ] + }, + "Document": { + "properties": { + "artifacts": { + "items": { + "$ref": "#/$defs/Package" + }, + "type": "array" + }, + "artifactRelationships": { + "items": { + "$ref": "#/$defs/Relationship" + }, + "type": "array" + }, + "files": { + "items": { + "$ref": "#/$defs/File" + }, + "type": "array" + }, + "secrets": { + "items": { + "$ref": "#/$defs/Secrets" + }, + "type": "array" + }, + "source": { + "$ref": "#/$defs/Source" + }, + "distro": { + "$ref": "#/$defs/LinuxRelease" + }, + "descriptor": { + "$ref": "#/$defs/Descriptor" + }, + "schema": { + "$ref": "#/$defs/Schema" + } + }, + "type": "object", + "required": [ + "artifacts", + "artifactRelationships", + "source", + "distro", + "descriptor", + "schema" + ] + }, + "DotnetDepsMetadata": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "path": { + "type": "string" + }, + "sha512": { + "type": "string" + }, + "hashPath": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "version", + "path", + "sha512", + "hashPath" + ] + }, + "DpkgFileRecord": { + "properties": { + "path": { + "type": "string" + }, + "digest": { + "$ref": "#/$defs/Digest" + }, + "isConfigFile": { + "type": "boolean" + } + }, + "type": "object", + "required": [ + "path", + "isConfigFile" + ] + }, + "DpkgMetadata": { + "properties": { + "package": { + "type": "string" + }, + "source": { + "type": "string" + }, + "version": { + "type": "string" + }, + "sourceVersion": { + "type": "string" + }, + "architecture": { + "type": "string" + }, + "maintainer": { + "type": "string" + }, + "installedSize": { + "type": "integer" + }, + "files": { + "items": { + "$ref": "#/$defs/DpkgFileRecord" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "package", + "source", + "version", + "sourceVersion", + "architecture", + "maintainer", + "installedSize", + "files" + ] + }, + "File": { + "properties": { + "id": { + "type": "string" + }, + "location": { + "$ref": "#/$defs/Coordinates" + }, + "metadata": { + "$ref": "#/$defs/FileMetadataEntry" + }, + "contents": { + "type": "string" + }, + "digests": { + "items": { + "$ref": "#/$defs/Digest" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "id", + "location" + ] + }, + "FileMetadataEntry": { + "properties": { + "mode": { + "type": "integer" + }, + "type": { + "type": "string" + }, + "linkDestination": { + "type": "string" + }, + "userID": { + "type": "integer" + }, + "groupID": { + "type": "integer" + }, + "mimeType": { + "type": "string" + } + }, + "type": "object", + "required": [ + "mode", + "type", + "userID", + "groupID", + "mimeType" + ] + }, + "GemMetadata": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "files": { + "items": { + "type": "string" + }, + "type": "array" + }, + "authors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "licenses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "homepage": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "version" + ] + }, + "GolangBinMetadata": { + "properties": { + "goBuildSettings": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "goCompiledVersion": { + "type": "string" + }, + "architecture": { + "type": "string" + }, + "h1Digest": { + "type": "string" + }, + "mainModule": { + "type": "string" + } + }, + "type": "object", + "required": [ + "goCompiledVersion", + "architecture" + ] + }, + "GolangModMetadata": { + "properties": { + "h1Digest": { + "type": "string" + } + }, + "type": "object" + }, + "HackageMetadata": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "pkgHash": { + "type": "string" + }, + "snapshotURL": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "version" + ] + }, + "IDLikes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "JavaManifest": { + "properties": { + "main": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "namedSections": { + "patternProperties": { + ".*": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "JavaMetadata": { + "properties": { + "virtualPath": { + "type": "string" + }, + "manifest": { + "$ref": "#/$defs/JavaManifest" + }, + "pomProperties": { + "$ref": "#/$defs/PomProperties" + }, + "pomProject": { + "$ref": "#/$defs/PomProject" + }, + "digest": { + "items": { + "$ref": "#/$defs/Digest" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "virtualPath" + ] + }, + "KbPackageMetadata": { + "properties": { + "product_id": { + "type": "string" + }, + "kb": { + "type": "string" + } + }, + "type": "object", + "required": [ + "product_id", + "kb" + ] + }, + "LinuxRelease": { + "properties": { + "prettyName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "id": { + "type": "string" + }, + "idLike": { + "$ref": "#/$defs/IDLikes" + }, + "version": { + "type": "string" + }, + "versionID": { + "type": "string" + }, + "versionCodename": { + "type": "string" + }, + "buildID": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "imageVersion": { + "type": "string" + }, + "variant": { + "type": "string" + }, + "variantID": { + "type": "string" + }, + "homeURL": { + "type": "string" + }, + "supportURL": { + "type": "string" + }, + "bugReportURL": { + "type": "string" + }, + "privacyPolicyURL": { + "type": "string" + }, + "cpeName": { + "type": "string" + } + }, + "type": "object" + }, + "LogicalStrings": { + "type": "string", + "title": "Logical Strings", + "description": "strings with simple or complex logical combinations" + }, + "MixLockMetadata": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "pkgHash": { + "type": "string" + }, + "pkgHashExt": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "version", + "pkgHash", + "pkgHashExt" + ] + }, + "NpmPackageJSONMetadata": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "files": { + "items": { + "type": "string" + }, + "type": "array" + }, + "author": { + "type": "string" + }, + "licenses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "homepage": { + "type": "string" + }, + "description": { + "type": "string" + }, + "url": { + "type": "string" + }, + "private": { + "type": "boolean" + } + }, + "type": "object", + "required": [ + "name", + "version", + "author", + "licenses", + "homepage", + "description", + "url", + "private" + ] + }, + "NpmPackageLockJSONMetadata": { + "properties": { + "resolved": { + "type": "string" + }, + "integrity": { + "type": "string" + } + }, + "type": "object", + "required": [ + "resolved", + "integrity" + ] + }, + "Package": { + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "type": { + "type": "string" + }, + "foundBy": { + "type": "string" + }, + "locations": { + "items": { + "$ref": "#/$defs/Coordinates" + }, + "type": "array" + }, + "licenses": { + "$ref": "#/$defs/LogicalStrings" + }, + "language": { + "type": "string" + }, + "cpes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "purl": { + "type": "string" + }, + "metadataType": { + "type": "string" + }, + "metadata": { + "anyOf": [ + { + "type": "null" + }, + { + "$ref": "#/$defs/AlpmMetadata" + }, + { + "$ref": "#/$defs/ApkMetadata" + }, + { + "$ref": "#/$defs/BinaryMetadata" + }, + { + "$ref": "#/$defs/CargoPackageMetadata" + }, + { + "$ref": "#/$defs/CocoapodsMetadata" + }, + { + "$ref": "#/$defs/ConanLockMetadata" + }, + { + "$ref": "#/$defs/ConanMetadata" + }, + { + "$ref": "#/$defs/DartPubMetadata" + }, + { + "$ref": "#/$defs/DotnetDepsMetadata" + }, + { + "$ref": "#/$defs/DpkgMetadata" + }, + { + "$ref": "#/$defs/GemMetadata" + }, + { + "$ref": "#/$defs/GolangBinMetadata" + }, + { + "$ref": "#/$defs/GolangModMetadata" + }, + { + "$ref": "#/$defs/HackageMetadata" + }, + { + "$ref": "#/$defs/JavaMetadata" + }, + { + "$ref": "#/$defs/KbPackageMetadata" + }, + { + "$ref": "#/$defs/MixLockMetadata" + }, + { + "$ref": "#/$defs/NpmPackageJSONMetadata" + }, + { + "$ref": "#/$defs/NpmPackageLockJSONMetadata" + }, + { + "$ref": "#/$defs/PhpComposerJSONMetadata" + }, + { + "$ref": "#/$defs/PortageMetadata" + }, + { + "$ref": "#/$defs/PythonPackageMetadata" + }, + { + "$ref": "#/$defs/PythonPipfileLockMetadata" + }, + { + "$ref": "#/$defs/RebarLockMetadata" + }, + { + "$ref": "#/$defs/RpmMetadata" + } + ] + } + }, + "type": "object", + "required": [ + "id", + "name", + "version", + "type", + "foundBy", + "locations", + "licenses", + "language", + "cpes", + "purl" + ] + }, + "PhpComposerAuthors": { + "properties": { + "name": { + "type": "string" + }, + "email": { + "type": "string" + }, + "homepage": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "PhpComposerExternalReference": { + "properties": { + "type": { + "type": "string" + }, + "url": { + "type": "string" + }, + "reference": { + "type": "string" + }, + "shasum": { + "type": "string" + } + }, + "type": "object", + "required": [ + "type", + "url", + "reference" + ] + }, + "PhpComposerJSONMetadata": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "source": { + "$ref": "#/$defs/PhpComposerExternalReference" + }, + "dist": { + "$ref": "#/$defs/PhpComposerExternalReference" + }, + "require": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "provide": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "require-dev": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "suggest": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "type": { + "type": "string" + }, + "notification-url": { + "type": "string" + }, + "bin": { + "items": { + "type": "string" + }, + "type": "array" + }, + "license": { + "items": { + "type": "string" + }, + "type": "array" + }, + "authors": { + "items": { + "$ref": "#/$defs/PhpComposerAuthors" + }, + "type": "array" + }, + "description": { + "type": "string" + }, + "homepage": { + "type": "string" + }, + "keywords": { + "items": { + "type": "string" + }, + "type": "array" + }, + "time": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "version", + "source", + "dist" + ] + }, + "PomParent": { + "properties": { + "groupId": { + "type": "string" + }, + "artifactId": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object", + "required": [ + "groupId", + "artifactId", + "version" + ] + }, + "PomProject": { + "properties": { + "path": { + "type": "string" + }, + "parent": { + "$ref": "#/$defs/PomParent" + }, + "groupId": { + "type": "string" + }, + "artifactId": { + "type": "string" + }, + "version": { + "type": "string" + }, + "name": { + "type": "string" + }, + "description": { + "type": "string" + }, + "url": { + "type": "string" + } + }, + "type": "object", + "required": [ + "path", + "groupId", + "artifactId", + "version", + "name" + ] + }, + "PomProperties": { + "properties": { + "path": { + "type": "string" + }, + "name": { + "type": "string" + }, + "groupId": { + "type": "string" + }, + "artifactId": { + "type": "string" + }, + "version": { + "type": "string" + }, + "extraFields": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object", + "required": [ + "path", + "name", + "groupId", + "artifactId", + "version" + ] + }, + "PortageFileRecord": { + "properties": { + "path": { + "type": "string" + }, + "digest": { + "$ref": "#/$defs/Digest" + } + }, + "type": "object", + "required": [ + "path" + ] + }, + "PortageMetadata": { + "properties": { + "installedSize": { + "type": "integer" + }, + "files": { + "items": { + "$ref": "#/$defs/PortageFileRecord" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "installedSize", + "files" + ] + }, + "PythonDirectURLOriginInfo": { + "properties": { + "url": { + "type": "string" + }, + "commitId": { + "type": "string" + }, + "vcs": { + "type": "string" + } + }, + "type": "object", + "required": [ + "url" + ] + }, + "PythonFileDigest": { + "properties": { + "algorithm": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "algorithm", + "value" + ] + }, + "PythonFileRecord": { + "properties": { + "path": { + "type": "string" + }, + "digest": { + "$ref": "#/$defs/PythonFileDigest" + }, + "size": { + "type": "string" + } + }, + "type": "object", + "required": [ + "path" + ] + }, + "PythonPackageMetadata": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "license": { + "type": "string" + }, + "author": { + "type": "string" + }, + "authorEmail": { + "type": "string" + }, + "platform": { + "type": "string" + }, + "files": { + "items": { + "$ref": "#/$defs/PythonFileRecord" + }, + "type": "array" + }, + "sitePackagesRootPath": { + "type": "string" + }, + "topLevelPackages": { + "items": { + "type": "string" + }, + "type": "array" + }, + "directUrlOrigin": { + "$ref": "#/$defs/PythonDirectURLOriginInfo" + } + }, + "type": "object", + "required": [ + "name", + "version", + "license", + "author", + "authorEmail", + "platform", + "sitePackagesRootPath" + ] + }, + "PythonPipfileLockMetadata": { + "properties": { + "hashes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "index": { + "type": "string" + } + }, + "type": "object", + "required": [ + "hashes", + "index" + ] + }, + "RebarLockMetadata": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "pkgHash": { + "type": "string" + }, + "pkgHashExt": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "version", + "pkgHash", + "pkgHashExt" + ] + }, + "Relationship": { + "properties": { + "parent": { + "type": "string" + }, + "child": { + "type": "string" + }, + "type": { + "type": "string" + }, + "metadata": true + }, + "type": "object", + "required": [ + "parent", + "child", + "type" + ] + }, + "RpmMetadata": { + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "epoch": { + "oneOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ] + }, + "architecture": { + "type": "string" + }, + "release": { + "type": "string" + }, + "sourceRpm": { + "type": "string" + }, + "size": { + "type": "integer" + }, + "license": { + "type": "string" + }, + "vendor": { + "type": "string" + }, + "modularityLabel": { + "type": "string" + }, + "files": { + "items": { + "$ref": "#/$defs/RpmdbFileRecord" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "name", + "version", + "epoch", + "architecture", + "release", + "sourceRpm", + "size", + "license", + "vendor", + "modularityLabel", + "files" + ] + }, + "RpmdbFileRecord": { + "properties": { + "path": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "size": { + "type": "integer" + }, + "digest": { + "$ref": "#/$defs/Digest" + }, + "userName": { + "type": "string" + }, + "groupName": { + "type": "string" + }, + "flags": { + "type": "string" + } + }, + "type": "object", + "required": [ + "path", + "mode", + "size", + "digest", + "userName", + "groupName", + "flags" + ] + }, + "Schema": { + "properties": { + "version": { + "type": "string" + }, + "url": { + "type": "string" + } + }, + "type": "object", + "required": [ + "version", + "url" + ] + }, + "SearchResult": { + "properties": { + "classification": { + "type": "string" + }, + "lineNumber": { + "type": "integer" + }, + "lineOffset": { + "type": "integer" + }, + "seekPosition": { + "type": "integer" + }, + "length": { + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "classification", + "lineNumber", + "lineOffset", + "seekPosition", + "length" + ] + }, + "Secrets": { + "properties": { + "location": { + "$ref": "#/$defs/Coordinates" + }, + "secrets": { + "items": { + "$ref": "#/$defs/SearchResult" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "location", + "secrets" + ] + }, + "Source": { + "properties": { + "id": { + "type": "string" + }, + "type": { + "type": "string" + }, + "target": true + }, + "type": "object", + "required": [ + "id", + "type", + "target" + ] + } + } +} diff --git a/syft/file/test-fixtures/snapshot/stereoscope-fixture-image-file-type-mix.golden b/syft/file/test-fixtures/snapshot/stereoscope-fixture-image-file-type-mix.golden index e85036214d9..632a1f2d995 100644 Binary files a/syft/file/test-fixtures/snapshot/stereoscope-fixture-image-file-type-mix.golden and b/syft/file/test-fixtures/snapshot/stereoscope-fixture-image-file-type-mix.golden differ diff --git a/syft/formats/common/cyclonedxhelpers/decoder_test.go b/syft/formats/common/cyclonedxhelpers/decoder_test.go index 70f648e78a2..ffb0504dd86 100644 --- a/syft/formats/common/cyclonedxhelpers/decoder_test.go +++ b/syft/formats/common/cyclonedxhelpers/decoder_test.go @@ -280,7 +280,7 @@ func Test_missingDataDecode(t *testing.T) { }, }) - assert.Len(t, pkg.Licenses, 0) + assert.Equal(t, pkg.Licenses.Size(), 0) } func Test_missingComponentsDecode(t *testing.T) { diff --git a/syft/formats/common/spdxhelpers/license.go b/syft/formats/common/spdxhelpers/license.go index 8abccebd746..a3198a869aa 100644 --- a/syft/formats/common/spdxhelpers/license.go +++ b/syft/formats/common/spdxhelpers/license.go @@ -1,10 +1,16 @@ package spdxhelpers import ( + "regexp" + "github.com/anchore/syft/internal/spdxlicense" "github.com/anchore/syft/syft/pkg" ) +var ( + invalidLicenseReg = regexp.MustCompile(`[^0-9A-Za-z\.-]`) +) + func License(p pkg.Package) string { // source: https://spdx.github.io/spdx-spec/3-package-information/#313-concluded-license // The options to populate this field are limited to: @@ -24,12 +30,18 @@ func License(p pkg.Package) string { if value, other, exists := spdxlicense.ID(s); exists { parsed := value if other != "" { - parsed = spdxlicense.LicenseRefPrefix + other + parsed = spdxlicense.LicenseRefPrefix + licenseScrubber(other) } return parsed } return "" + }) return parsedLicenses.String() } + +func licenseScrubber(s string) string { + // replace any characters that are *not* valid: alphanumeric, . - + return invalidLicenseReg.ReplaceAllString(s, "-") +} diff --git a/syft/formats/common/spdxhelpers/license_test.go b/syft/formats/common/spdxhelpers/license_test.go index 76d42eaee83..a051622cdac 100644 --- a/syft/formats/common/spdxhelpers/license_test.go +++ b/syft/formats/common/spdxhelpers/license_test.go @@ -83,3 +83,18 @@ func Test_License(t *testing.T) { }) } } + +func TestLicenseScrubber(t *testing.T) { + tests := []struct { + in string + out string + }{ + {"A", "A"}, + {"A-B", "A-B"}, + {"A.B", "A.B"}, + {"A.B:foo", "A.B-foo"}, + } + for _, test := range tests { + assert.Equal(t, test.out, licenseScrubber(test.in)) + } +} diff --git a/syft/formats/common/spdxhelpers/to_format_model.go b/syft/formats/common/spdxhelpers/to_format_model.go index 2bcf257cc4b..6382bd8cfbb 100644 --- a/syft/formats/common/spdxhelpers/to_format_model.go +++ b/syft/formats/common/spdxhelpers/to_format_model.go @@ -516,18 +516,19 @@ func toOtherLicenses(catalog *pkg.Catalog) []*spdx.OtherLicense { licenses := map[string]bool{} for _, pkg := range catalog.Sorted() { for _, license := range pkg.Licenses.Elements() { - if strings.HasPrefix(license, spdxlicense.LicenseRefPrefix) { - licenses[license] = true + value, other, exists := spdxlicense.ID(license) + if !exists || value != "" || other == "" { + continue } + + licenses[other] = true } } var result []*spdx.OtherLicense for license := range licenses { - // separate the actual ID from the prefix - name := strings.TrimPrefix(license, spdxlicense.LicenseRefPrefix) result = append(result, &spdx.OtherLicense{ - LicenseIdentifier: license, - LicenseName: name, + LicenseIdentifier: fmt.Sprintf("%s%s", spdxlicense.LicenseRefPrefix, licenseScrubber(license)), + LicenseName: license, ExtractedText: NONE, // we probably should have some extracted text here, but this is good enough for now }) } diff --git a/syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden b/syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden index 7e7a3cdfe14..6e8f3b98e51 100644 --- a/syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden +++ b/syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden @@ -1,10 +1,10 @@ { "bomFormat": "CycloneDX", "specVersion": "1.4", - "serialNumber": "urn:uuid:0b628da1-274e-4c24-821c-f9452f37db54", + "serialNumber": "urn:uuid:11f78f35-2ea9-4785-90da-7e073c02ecfc", "version": 1, "metadata": { - "timestamp": "2022-12-22T18:33:51-05:00", + "timestamp": "2023-02-13T10:59:09-08:00", "tools": [ { "vendor": "anchore", @@ -20,7 +20,7 @@ }, "components": [ { - "bom-ref": "1b1d0be59ac59d2c", + "bom-ref": "9f56614c62f539e9", "type": "library", "name": "package-1", "version": "1.0.1", @@ -57,7 +57,7 @@ ] }, { - "bom-ref": "pkg:deb/debian/package-2@2.0.1?package-id=db4abfe497c180d3", + "bom-ref": "pkg:deb/debian/package-2@2.0.1?package-id=342b18b33e30ed0", "type": "library", "name": "package-2", "version": "2.0.1", diff --git a/syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden b/syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden index de3018170ed..1b92f61df4e 100644 --- a/syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden +++ b/syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden @@ -1,10 +1,10 @@ { "bomFormat": "CycloneDX", "specVersion": "1.4", - "serialNumber": "urn:uuid:542fc1a1-81ac-4b76-b9e2-8e6b9d8c840a", + "serialNumber": "urn:uuid:d383da54-a35f-4bd5-a85d-688b35e92c31", "version": 1, "metadata": { - "timestamp": "2022-12-22T18:33:51-05:00", + "timestamp": "2023-02-13T10:59:09-08:00", "tools": [ { "vendor": "anchore", @@ -13,7 +13,7 @@ } ], "component": { - "bom-ref": "ffd645a093c0fe70", + "bom-ref": "b83149da0a7fd6c5", "type": "container", "name": "user-image-input", "version": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368" @@ -21,7 +21,7 @@ }, "components": [ { - "bom-ref": "66ba429119b8bec6", + "bom-ref": "de34d3845e98e85f", "type": "library", "name": "package-1", "version": "1.0.1", @@ -53,7 +53,7 @@ }, { "name": "syft:location:0:layerID", - "value": "sha256:62058900d4ce269c900160b8dd255fe310c3a459dda236d041102fa070f84406" + "value": "sha256:626044c9c04b634ddb1659b81debbeebf312c5e3f2e6e8a693813866aa38a381" }, { "name": "syft:location:0:path", @@ -62,7 +62,7 @@ ] }, { - "bom-ref": "pkg:deb/debian/package-2@2.0.1?package-id=958443e2d9304af4", + "bom-ref": "pkg:deb/debian/package-2@2.0.1?package-id=bad230a934158ee5", "type": "library", "name": "package-2", "version": "2.0.1", @@ -83,7 +83,7 @@ }, { "name": "syft:location:0:layerID", - "value": "sha256:623ad97366f39ae279f1925673cdacb4851ddf2e3266f04e63010ec080a098c1" + "value": "sha256:2e0a2ae163675ae98403ca109fdee95bed2fea62f94e7d013146ac710d77de49" }, { "name": "syft:location:0:path", diff --git a/syft/formats/cyclonedxjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden b/syft/formats/cyclonedxjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden index 11a1958c893..fc4e17e4f51 100644 Binary files a/syft/formats/cyclonedxjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden and b/syft/formats/cyclonedxjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden differ diff --git a/syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden b/syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden index 095d2c3b88a..13f3b6834ac 100644 --- a/syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden +++ b/syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden @@ -1,7 +1,7 @@ - + - 2022-11-07T09:11:06-05:00 + 2023-02-13T10:59:09-08:00 anchore @@ -14,7 +14,7 @@ - + package-1 1.0.1 @@ -32,7 +32,7 @@ /some/path/pkg1 - + package-2 2.0.1 cpe:2.3:*:some:package:2:*:*:*:*:*:*:* diff --git a/syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden b/syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden index 814962bedb3..ae516010815 100644 --- a/syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden +++ b/syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden @@ -1,7 +1,7 @@ - + - 2022-11-07T09:11:06-05:00 + 2023-02-13T10:59:09-08:00 anchore @@ -9,13 +9,13 @@ v0.42.0-bogus - + user-image-input sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368 - + package-1 1.0.1 @@ -30,11 +30,11 @@ python PythonPackageMetadata python - sha256:fb6beecb75b39f4bb813dbf177e501edd5ddb3e69bb45cedeb78c676ee1b7a59 + sha256:626044c9c04b634ddb1659b81debbeebf312c5e3f2e6e8a693813866aa38a381 /somefile-1.txt - + package-2 2.0.1 cpe:2.3:*:some:package:2:*:*:*:*:*:*:* @@ -43,7 +43,7 @@ the-cataloger-2 DpkgMetadata deb - sha256:319b588ce64253a87b533c8ed01cf0025e0eac98e7b516e12532957e1244fdec + sha256:2e0a2ae163675ae98403ca109fdee95bed2fea62f94e7d013146ac710d77de49 /somefile-2.txt 0 diff --git a/syft/formats/cyclonedxxml/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden b/syft/formats/cyclonedxxml/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden index 11a1958c893..fc4e17e4f51 100644 Binary files a/syft/formats/cyclonedxxml/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden and b/syft/formats/cyclonedxxml/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden differ diff --git a/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden b/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden index 4ef14120dfe..851eeb73099 100644 --- a/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden +++ b/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden @@ -3,19 +3,19 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "/some/path", - "documentNamespace": "https://anchore.com/syft/dir/some/path-1fe34646-a616-48c7-974b-3d1e27d406e3", + "documentNamespace": "https://anchore.com/syft/dir/some/path-c5a351d0-f803-453a-a599-1b388bb321cf", "creationInfo": { "licenseListVersion": "3.19", "creators": [ "Organization: Anchore, Inc", "Tool: syft-v0.42.0-bogus" ], - "created": "2023-01-20T21:41:03Z" + "created": "2023-02-13T18:59:09Z" }, "packages": [ { "name": "package-1", - "SPDXID": "SPDXRef-Package-python-package-1-1b1d0be59ac59d2c", + "SPDXID": "SPDXRef-Package-python-package-1-9f56614c62f539e9", "versionInfo": "1.0.1", "downloadLocation": "NOASSERTION", "sourceInfo": "acquired package info from installed python package manifest file: /some/path/pkg1", @@ -37,7 +37,7 @@ }, { "name": "package-2", - "SPDXID": "SPDXRef-Package-deb-package-2-db4abfe497c180d3", + "SPDXID": "SPDXRef-Package-deb-package-2-342b18b33e30ed0", "versionInfo": "2.0.1", "downloadLocation": "NOASSERTION", "sourceInfo": "acquired package info from DPKG DB: /some/path/pkg1", diff --git a/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden b/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden index 8a5214f293f..fa96ae4af07 100644 --- a/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden +++ b/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden @@ -3,19 +3,19 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "user-image-input", - "documentNamespace": "https://anchore.com/syft/image/user-image-input-33759ac3-6006-4f2c-bdc4-f40b9287a7f0", + "documentNamespace": "https://anchore.com/syft/image/user-image-input-2ddd36be-7a79-4bdb-9619-8cf35e0e223d", "creationInfo": { "licenseListVersion": "3.19", "creators": [ "Organization: Anchore, Inc", "Tool: syft-v0.42.0-bogus" ], - "created": "2023-01-20T21:41:03Z" + "created": "2023-02-13T18:59:09Z" }, "packages": [ { "name": "package-1", - "SPDXID": "SPDXRef-Package-python-package-1-66ba429119b8bec6", + "SPDXID": "SPDXRef-Package-python-package-1-de34d3845e98e85f", "versionInfo": "1.0.1", "downloadLocation": "NOASSERTION", "sourceInfo": "acquired package info from installed python package manifest file: /somefile-1.txt", @@ -37,7 +37,7 @@ }, { "name": "package-2", - "SPDXID": "SPDXRef-Package-deb-package-2-958443e2d9304af4", + "SPDXID": "SPDXRef-Package-deb-package-2-bad230a934158ee5", "versionInfo": "2.0.1", "downloadLocation": "NOASSERTION", "sourceInfo": "acquired package info from DPKG DB: /somefile-2.txt", diff --git a/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden b/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden index 9e8e1453cc1..f7c80e70b78 100644 --- a/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden +++ b/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden @@ -3,19 +3,19 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "user-image-input", - "documentNamespace": "https://anchore.com/syft/image/user-image-input-ce98f51f-b483-4e93-9a15-5a8a16d35de6", + "documentNamespace": "https://anchore.com/syft/image/user-image-input-f006ebea-b878-40d7-8733-4d2c3e0f6e34", "creationInfo": { "licenseListVersion": "3.19", "creators": [ "Organization: Anchore, Inc", "Tool: syft-v0.42.0-bogus" ], - "created": "2023-01-20T21:41:03Z" + "created": "2023-02-13T18:59:10Z" }, "packages": [ { "name": "package-1", - "SPDXID": "SPDXRef-Package-python-package-1-66ba429119b8bec6", + "SPDXID": "SPDXRef-Package-python-package-1-de34d3845e98e85f", "versionInfo": "1.0.1", "downloadLocation": "NOASSERTION", "sourceInfo": "acquired package info from installed python package manifest file: /somefile-1.txt", @@ -37,7 +37,7 @@ }, { "name": "package-2", - "SPDXID": "SPDXRef-Package-deb-package-2-958443e2d9304af4", + "SPDXID": "SPDXRef-Package-deb-package-2-bad230a934158ee5", "versionInfo": "2.0.1", "downloadLocation": "NOASSERTION", "sourceInfo": "acquired package info from DPKG DB: /somefile-2.txt", @@ -152,32 +152,32 @@ ], "relationships": [ { - "spdxElementId": "SPDXRef-Package-python-package-1-66ba429119b8bec6", + "spdxElementId": "SPDXRef-Package-python-package-1-de34d3845e98e85f", "relatedSpdxElement": "SPDXRef-5265a4dde3edbf7c", "relationshipType": "CONTAINS" }, { - "spdxElementId": "SPDXRef-Package-python-package-1-66ba429119b8bec6", + "spdxElementId": "SPDXRef-Package-python-package-1-de34d3845e98e85f", "relatedSpdxElement": "SPDXRef-839d99ee67d9d174", "relationshipType": "CONTAINS" }, { - "spdxElementId": "SPDXRef-Package-python-package-1-66ba429119b8bec6", + "spdxElementId": "SPDXRef-Package-python-package-1-de34d3845e98e85f", "relatedSpdxElement": "SPDXRef-9c2f7510199b17f6", "relationshipType": "CONTAINS" }, { - "spdxElementId": "SPDXRef-Package-python-package-1-66ba429119b8bec6", + "spdxElementId": "SPDXRef-Package-python-package-1-de34d3845e98e85f", "relatedSpdxElement": "SPDXRef-c641caa71518099f", "relationshipType": "CONTAINS" }, { - "spdxElementId": "SPDXRef-Package-python-package-1-66ba429119b8bec6", + "spdxElementId": "SPDXRef-Package-python-package-1-de34d3845e98e85f", "relatedSpdxElement": "SPDXRef-c6f5b29dca12661f", "relationshipType": "CONTAINS" }, { - "spdxElementId": "SPDXRef-Package-python-package-1-66ba429119b8bec6", + "spdxElementId": "SPDXRef-Package-python-package-1-de34d3845e98e85f", "relatedSpdxElement": "SPDXRef-f9e49132a4b96ccd", "relationshipType": "CONTAINS" }, diff --git a/syft/formats/spdxjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden b/syft/formats/spdxjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden index b9ddf6e3339..fc4e17e4f51 100644 Binary files a/syft/formats/spdxjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden and b/syft/formats/spdxjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden differ diff --git a/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXJSONSPDXIDs.golden b/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXJSONSPDXIDs.golden index c017916c28f..97ba72f334f 100644 --- a/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXJSONSPDXIDs.golden +++ b/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXJSONSPDXIDs.golden @@ -2,16 +2,16 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: foobar/baz -DocumentNamespace: https://anchore.com/syft/dir/foobar/baz-478e410d-7fad-472c-b4e9-a4068ef28160 +DocumentNamespace: https://anchore.com/syft/dir/foobar/baz-0cf4b09e-0f7b-486f-a84d-d0d91620476b LicenseListVersion: 3.19 Creator: Organization: Anchore, Inc Creator: Tool: syft-v0.42.0-bogus -Created: 2022-12-21T03:39:05Z +Created: 2023-02-13T18:59:10Z ##### Package: @at-sign PackageName: @at-sign -SPDXID: SPDXRef-Package---at-sign-3732f7a5679bdec4 +SPDXID: SPDXRef-Package---at-sign-14c1788ed9aa0270 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false PackageSourceInfo: acquired package info from the following paths: @@ -22,7 +22,7 @@ PackageCopyrightText: NOASSERTION ##### Package: some/slashes PackageName: some/slashes -SPDXID: SPDXRef-Package--some-slashes-1345166d4801153b +SPDXID: SPDXRef-Package--some-slashes-5b91aeb05a1fea5e PackageDownloadLocation: NOASSERTION FilesAnalyzed: false PackageSourceInfo: acquired package info from the following paths: @@ -33,7 +33,7 @@ PackageCopyrightText: NOASSERTION ##### Package: under_scores PackageName: under_scores -SPDXID: SPDXRef-Package--under-scores-290d5c77210978c1 +SPDXID: SPDXRef-Package--under-scores-111cadb6afff78d4 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false PackageSourceInfo: acquired package info from the following paths: diff --git a/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden b/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden index 94cd399de23..ad391e928c4 100644 --- a/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden +++ b/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden @@ -2,11 +2,11 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: user-image-input -DocumentNamespace: https://anchore.com/syft/image/user-image-input-73433e8c-364f-42b6-b5b7-9a4da8799868 +DocumentNamespace: https://anchore.com/syft/image/user-image-input-279e1d70-8051-447c-a64f-bbf2f291e9e3 LicenseListVersion: 3.19 Creator: Organization: Anchore, Inc Creator: Tool: syft-v0.42.0-bogus -Created: 2022-12-21T03:39:05Z +Created: 2023-02-13T18:59:10Z ##### Unpackaged files @@ -49,7 +49,7 @@ LicenseConcluded: NOASSERTION ##### Package: package-2 PackageName: package-2 -SPDXID: SPDXRef-Package-deb-package-2-958443e2d9304af4 +SPDXID: SPDXRef-Package-deb-package-2-bad230a934158ee5 PackageVersion: 2.0.1 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false @@ -63,7 +63,7 @@ ExternalRef: PACKAGE-MANAGER purl pkg:deb/debian/package-2@2.0.1 ##### Package: package-1 PackageName: package-1 -SPDXID: SPDXRef-Package-python-package-1-66ba429119b8bec6 +SPDXID: SPDXRef-Package-python-package-1-de34d3845e98e85f PackageVersion: 1.0.1 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false @@ -76,11 +76,11 @@ ExternalRef: PACKAGE-MANAGER purl a-purl-1 ##### Relationships -Relationship: SPDXRef-Package-python-package-1-66ba429119b8bec6 CONTAINS SPDXRef-5265a4dde3edbf7c -Relationship: SPDXRef-Package-python-package-1-66ba429119b8bec6 CONTAINS SPDXRef-839d99ee67d9d174 -Relationship: SPDXRef-Package-python-package-1-66ba429119b8bec6 CONTAINS SPDXRef-9c2f7510199b17f6 -Relationship: SPDXRef-Package-python-package-1-66ba429119b8bec6 CONTAINS SPDXRef-c641caa71518099f -Relationship: SPDXRef-Package-python-package-1-66ba429119b8bec6 CONTAINS SPDXRef-c6f5b29dca12661f -Relationship: SPDXRef-Package-python-package-1-66ba429119b8bec6 CONTAINS SPDXRef-f9e49132a4b96ccd +Relationship: SPDXRef-Package-python-package-1-de34d3845e98e85f CONTAINS SPDXRef-5265a4dde3edbf7c +Relationship: SPDXRef-Package-python-package-1-de34d3845e98e85f CONTAINS SPDXRef-839d99ee67d9d174 +Relationship: SPDXRef-Package-python-package-1-de34d3845e98e85f CONTAINS SPDXRef-9c2f7510199b17f6 +Relationship: SPDXRef-Package-python-package-1-de34d3845e98e85f CONTAINS SPDXRef-c641caa71518099f +Relationship: SPDXRef-Package-python-package-1-de34d3845e98e85f CONTAINS SPDXRef-c6f5b29dca12661f +Relationship: SPDXRef-Package-python-package-1-de34d3845e98e85f CONTAINS SPDXRef-f9e49132a4b96ccd Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-DOCUMENT diff --git a/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueDirectoryEncoder.golden b/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueDirectoryEncoder.golden index 7bd71f05f05..d0c6e12313e 100644 --- a/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueDirectoryEncoder.golden +++ b/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueDirectoryEncoder.golden @@ -2,16 +2,16 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: /some/path -DocumentNamespace: https://anchore.com/syft/dir/some/path-1d303762-46d2-47b5-9c81-defa91387275 +DocumentNamespace: https://anchore.com/syft/dir/some/path-63e04b9b-c306-41a2-b2fd-1e5d376abf88 LicenseListVersion: 3.19 Creator: Organization: Anchore, Inc Creator: Tool: syft-v0.42.0-bogus -Created: 2022-12-21T03:39:05Z +Created: 2023-02-13T18:59:10Z ##### Package: package-2 PackageName: package-2 -SPDXID: SPDXRef-Package-deb-package-2-db4abfe497c180d3 +SPDXID: SPDXRef-Package-deb-package-2-342b18b33e30ed0 PackageVersion: 2.0.1 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false @@ -25,7 +25,7 @@ ExternalRef: PACKAGE-MANAGER purl pkg:deb/debian/package-2@2.0.1 ##### Package: package-1 PackageName: package-1 -SPDXID: SPDXRef-Package-python-package-1-1b1d0be59ac59d2c +SPDXID: SPDXRef-Package-python-package-1-9f56614c62f539e9 PackageVersion: 1.0.1 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false diff --git a/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueImageEncoder.golden b/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueImageEncoder.golden index df1cb1467d3..5c9bdee6bec 100644 --- a/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueImageEncoder.golden +++ b/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueImageEncoder.golden @@ -2,16 +2,16 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: user-image-input -DocumentNamespace: https://anchore.com/syft/image/user-image-input-559af225-63af-4bc0-94fb-bce94913bcfa +DocumentNamespace: https://anchore.com/syft/image/user-image-input-972cb3d7-7347-4acc-afcc-dff755139b4e LicenseListVersion: 3.19 Creator: Organization: Anchore, Inc Creator: Tool: syft-v0.42.0-bogus -Created: 2022-12-21T03:39:05Z +Created: 2023-02-13T18:59:10Z ##### Package: package-2 PackageName: package-2 -SPDXID: SPDXRef-Package-deb-package-2-958443e2d9304af4 +SPDXID: SPDXRef-Package-deb-package-2-bad230a934158ee5 PackageVersion: 2.0.1 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false @@ -25,7 +25,7 @@ ExternalRef: PACKAGE-MANAGER purl pkg:deb/debian/package-2@2.0.1 ##### Package: package-1 PackageName: package-1 -SPDXID: SPDXRef-Package-python-package-1-66ba429119b8bec6 +SPDXID: SPDXRef-Package-python-package-1-de34d3845e98e85f PackageVersion: 1.0.1 PackageDownloadLocation: NOASSERTION FilesAnalyzed: false diff --git a/syft/formats/spdxtagvalue/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden b/syft/formats/spdxtagvalue/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden index b9ddf6e3339..fc4e17e4f51 100644 Binary files a/syft/formats/spdxtagvalue/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden and b/syft/formats/spdxtagvalue/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden differ diff --git a/syft/formats/syftjson/format.go b/syft/formats/syftjson/format.go index fe5ffca2167..ea81812e283 100644 --- a/syft/formats/syftjson/format.go +++ b/syft/formats/syftjson/format.go @@ -8,7 +8,7 @@ const ID sbom.FormatID = "syft-json" func Format() sbom.Format { return sbom.NewFormat( - "6", + "7", encoder, decoder, validator, diff --git a/syft/formats/syftjson/model/package_test.go b/syft/formats/syftjson/model/package_test.go index 2aa2cda0515..32f1958c01e 100644 --- a/syft/formats/syftjson/model/package_test.go +++ b/syft/formats/syftjson/model/package_test.go @@ -30,7 +30,7 @@ func TestUnmarshalPackageGolang(t *testing.T) { "path": "/Users/hal/go/bin/syft" } ], - "licenses": [], + "licenses": "", "language": "go", "cpes": [], "purl": "pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0", @@ -61,7 +61,7 @@ func TestUnmarshalPackageGolang(t *testing.T) { "path": "/Users/hal/go/bin/syft" } ], - "licenses": [], + "licenses": "", "language": "go", "cpes": [], "purl": "pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0" @@ -105,7 +105,7 @@ func Test_unpackMetadata(t *testing.T) { "path": "/Users/hal/go/bin/syft" } ], - "licenses": [], + "licenses": "", "language": "go", "cpes": [], "purl": "pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0", @@ -131,7 +131,7 @@ func Test_unpackMetadata(t *testing.T) { "path": "/Users/hal/go/bin/syft" } ], - "licenses": [], + "licenses": "", "language": "go", "cpes": [], "purl": "pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0" @@ -152,9 +152,7 @@ func Test_unpackMetadata(t *testing.T) { "layerID": "sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59" } ], - "licenses": [ - "GPLv2+" - ], + "licenses": "GPLv2+", "language": "", "cpes": [ "cpe:2.3:a:centos:acl:2.2.53-1.el8:*:*:*:*:*:*:*", @@ -191,7 +189,7 @@ func Test_unpackMetadata(t *testing.T) { "path": "/Users/hal/go/bin/syft" } ], - "licenses": [], + "licenses": "", "language": "go", "cpes": [], "purl": "pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0", diff --git a/syft/formats/syftjson/test-fixtures/snapshot/TestDirectoryEncoder.golden b/syft/formats/syftjson/test-fixtures/snapshot/TestDirectoryEncoder.golden index 6a051331a0e..9d3273b861a 100644 --- a/syft/formats/syftjson/test-fixtures/snapshot/TestDirectoryEncoder.golden +++ b/syft/formats/syftjson/test-fixtures/snapshot/TestDirectoryEncoder.golden @@ -1,7 +1,7 @@ { "artifacts": [ { - "id": "1b1d0be59ac59d2c", + "id": "9f56614c62f539e9", "name": "package-1", "version": "1.0.1", "type": "python", @@ -11,9 +11,7 @@ "path": "/some/path/pkg1" } ], - "licenses": [ - "MIT" - ], + "licenses": "MIT", "language": "python", "cpes": [ "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*" @@ -36,7 +34,7 @@ } }, { - "id": "db4abfe497c180d3", + "id": "342b18b33e30ed0", "name": "package-2", "version": "2.0.1", "type": "deb", @@ -46,7 +44,7 @@ "path": "/some/path/pkg1" } ], - "licenses": [], + "licenses": "", "language": "", "cpes": [ "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*" @@ -89,7 +87,7 @@ } }, "schema": { - "version": "6.2.0", - "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-6.2.0.json" + "version": "7.0.0", + "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-7.0.0.json" } } diff --git a/syft/formats/syftjson/test-fixtures/snapshot/TestEncodeFullJSONDocument.golden b/syft/formats/syftjson/test-fixtures/snapshot/TestEncodeFullJSONDocument.golden index 3b638f94106..554966ade29 100644 --- a/syft/formats/syftjson/test-fixtures/snapshot/TestEncodeFullJSONDocument.golden +++ b/syft/formats/syftjson/test-fixtures/snapshot/TestEncodeFullJSONDocument.golden @@ -1,7 +1,7 @@ { "artifacts": [ { - "id": "304a5a8e5958a49d", + "id": "63a4be05cd4c2eec", "name": "package-1", "version": "1.0.1", "type": "python", @@ -11,9 +11,7 @@ "path": "/a/place/a" } ], - "licenses": [ - "MIT" - ], + "licenses": "MIT", "language": "python", "cpes": [ "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*" @@ -31,7 +29,7 @@ } }, { - "id": "9fd0b9f41034991d", + "id": "72e7b9a70006ab6b", "name": "package-2", "version": "2.0.1", "type": "deb", @@ -41,7 +39,7 @@ "path": "/b/place/b" } ], - "licenses": [], + "licenses": "", "language": "", "cpes": [ "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*" @@ -185,7 +183,7 @@ } }, "schema": { - "version": "6.2.0", - "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-6.2.0.json" + "version": "7.0.0", + "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-7.0.0.json" } } diff --git a/syft/formats/syftjson/test-fixtures/snapshot/TestImageEncoder.golden b/syft/formats/syftjson/test-fixtures/snapshot/TestImageEncoder.golden index a72adb10c60..c178bf43f7f 100644 --- a/syft/formats/syftjson/test-fixtures/snapshot/TestImageEncoder.golden +++ b/syft/formats/syftjson/test-fixtures/snapshot/TestImageEncoder.golden @@ -1,7 +1,7 @@ { "artifacts": [ { - "id": "66ba429119b8bec6", + "id": "de34d3845e98e85f", "name": "package-1", "version": "1.0.1", "type": "python", @@ -12,9 +12,7 @@ "layerID": "sha256:fb6beecb75b39f4bb813dbf177e501edd5ddb3e69bb45cedeb78c676ee1b7a59" } ], - "licenses": [ - "MIT" - ], + "licenses": "MIT", "language": "python", "cpes": [ "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*" @@ -32,7 +30,7 @@ } }, { - "id": "958443e2d9304af4", + "id": "bad230a934158ee5", "name": "package-2", "version": "2.0.1", "type": "deb", @@ -43,7 +41,7 @@ "layerID": "sha256:319b588ce64253a87b533c8ed01cf0025e0eac98e7b516e12532957e1244fdec" } ], - "licenses": [], + "licenses": "", "language": "", "cpes": [ "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*" @@ -112,7 +110,7 @@ } }, "schema": { - "version": "6.2.0", - "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-6.2.0.json" + "version": "7.0.0", + "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-7.0.0.json" } } diff --git a/syft/formats/syftjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden b/syft/formats/syftjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden index 11a1958c893..fc4e17e4f51 100644 Binary files a/syft/formats/syftjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden and b/syft/formats/syftjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden differ diff --git a/syft/formats/test-fixtures/alpine-syft.json b/syft/formats/test-fixtures/alpine-syft.json index ba8e0269349..1af906cb9ac 100644 --- a/syft/formats/test-fixtures/alpine-syft.json +++ b/syft/formats/test-fixtures/alpine-syft.json @@ -12,9 +12,7 @@ "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68" } ], - "licenses": [ - "GPL-2.0-only" - ], + "licenses": "GPL-2.0-only", "language": "", "cpes": [ "cpe:2.3:a:alpine-baselayout:alpine-baselayout:3.2.0-r16:*:*:*:*:*:*:*", @@ -492,9 +490,7 @@ "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68" } ], - "licenses": [ - "MIT" - ], + "licenses": "MIT", "language": "", "cpes": [ "cpe:2.3:a:alpine-keys:alpine-keys:2.3-r1:*:*:*:*:*:*:*", @@ -778,9 +774,7 @@ "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68" } ], - "licenses": [ - "GPL-2.0-only" - ], + "licenses": "GPL-2.0-only", "language": "", "cpes": [ "cpe:2.3:a:apk-tools:apk-tools:2.12.7-r0:*:*:*:*:*:*:*", @@ -875,9 +869,7 @@ "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68" } ], - "licenses": [ - "GPL-2.0-only" - ], + "licenses": "GPL-2.0-only", "language": "", "cpes": [ "cpe:2.3:a:busybox:busybox:1.33.1-r3:*:*:*:*:*:*:*" @@ -1041,11 +1033,7 @@ "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68" } ], - "licenses": [ - "MPL-2.0", - "AND", - "MIT" - ], + "licenses": "MPL-2.0 AND MIT", "language": "", "cpes": [ "cpe:2.3:a:ca-certificates-bundle:ca-certificates-bundle:20191127-r5:*:*:*:*:*:*:*", @@ -1117,11 +1105,7 @@ "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68" } ], - "licenses": [ - "BSD-2-Clause", - "AND", - "BSD-3-Clause" - ], + "licenses": "BSD-2-Clause AND BSD-3-Clause", "language": "", "cpes": [ "cpe:2.3:a:libc-utils:libc-utils:0.7.2-r3:*:*:*:*:*:*:*", @@ -1162,9 +1146,7 @@ "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68" } ], - "licenses": [ - "OpenSSL" - ], + "licenses": "OpenSSL", "language": "", "cpes": [ "cpe:2.3:a:libcrypto1.1:libcrypto1.1:1.1.1l-r0:*:*:*:*:*:*:*" @@ -1336,13 +1318,7 @@ "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68" } ], - "licenses": [ - "ISC", - "AND", - "(BSD-3-Clause", - "OR", - "MIT)" - ], + "licenses": "ISC AND (BSD-3-Clause OR MIT)", "language": "", "cpes": [ "cpe:2.3:a:libretls:libretls:3.3.3p1-r2:*:*:*:*:*:*:*" @@ -1405,9 +1381,7 @@ "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68" } ], - "licenses": [ - "OpenSSL" - ], + "licenses": "OpenSSL", "language": "", "cpes": [ "cpe:2.3:a:libssl1.1:libssl1.1:1.1.1l-r0:*:*:*:*:*:*:*" @@ -1473,9 +1447,7 @@ "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68" } ], - "licenses": [ - "MIT" - ], + "licenses": "MIT", "language": "", "cpes": [ "cpe:2.3:a:musl:musl:1.2.2-r3:*:*:*:*:*:*:*" @@ -1535,11 +1507,7 @@ "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68" } ], - "licenses": [ - "MIT", - "BSD", - "GPL2+" - ], + "licenses": "MIT AND BSD AND GPL2+", "language": "", "cpes": [ "cpe:2.3:a:musl-utils:musl-utils:1.2.2-r3:*:*:*:*:*:*:*", @@ -1640,9 +1608,7 @@ "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68" } ], - "licenses": [ - "GPL-2.0-only" - ], + "licenses": "GPL-2.0-only", "language": "", "cpes": [ "cpe:2.3:a:scanelf:scanelf:1.3.2-r0:*:*:*:*:*:*:*" @@ -1695,9 +1661,7 @@ "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68" } ], - "licenses": [ - "GPL-2.0-only" - ], + "licenses": "GPL-2.0-only", "language": "", "cpes": [ "cpe:2.3:a:ssl-client:ssl-client:1.33.1-r3:*:*:*:*:*:*:*", @@ -1755,9 +1719,7 @@ "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68" } ], - "licenses": [ - "Zlib" - ], + "licenses": "Zlib", "language": "", "cpes": [ "cpe:2.3:a:zlib:zlib:1.2.11-r3:*:*:*:*:*:*:*" diff --git a/syft/formats/text/test-fixtures/snapshot/TestTextImageEncoder.golden b/syft/formats/text/test-fixtures/snapshot/TestTextImageEncoder.golden index 4ab3a446e0c..ff810403935 100644 --- a/syft/formats/text/test-fixtures/snapshot/TestTextImageEncoder.golden +++ b/syft/formats/text/test-fixtures/snapshot/TestTextImageEncoder.golden @@ -1,11 +1,11 @@ [Image] Layer: 0 - Digest: sha256:fb6beecb75b39f4bb813dbf177e501edd5ddb3e69bb45cedeb78c676ee1b7a59 + Digest: sha256:626044c9c04b634ddb1659b81debbeebf312c5e3f2e6e8a693813866aa38a381 Size: 22 MediaType: application/vnd.docker.image.rootfs.diff.tar.gzip Layer: 1 - Digest: sha256:319b588ce64253a87b533c8ed01cf0025e0eac98e7b516e12532957e1244fdec + Digest: sha256:2e0a2ae163675ae98403ca109fdee95bed2fea62f94e7d013146ac710d77de49 Size: 16 MediaType: application/vnd.docker.image.rootfs.diff.tar.gzip diff --git a/syft/formats/text/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden b/syft/formats/text/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden index c1b1d2b797e..fc4e17e4f51 100644 Binary files a/syft/formats/text/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden and b/syft/formats/text/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden differ diff --git a/syft/pkg/cataloger/java/archive_parser.go b/syft/pkg/cataloger/java/archive_parser.go index 626243d8302..2b39cd3c93d 100644 --- a/syft/pkg/cataloger/java/archive_parser.go +++ b/syft/pkg/cataloger/java/archive_parser.go @@ -185,10 +185,14 @@ func (j *archiveParser) discoverMainPackage() (*pkg.Package, error) { log.Warnf("failed to create digest for file=%q: %+v", j.archivePath, err) } + licenses := selectLicense(manifest) + if len(licenses) == 0 { + licenses = nil + } return &pkg.Package{ Name: selectName(manifest, j.fileInfo), Version: selectVersion(manifest, j.fileInfo), - Licenses: internal.LogicalStrings{Simple: selectLicense(manifest)}, + Licenses: internal.LogicalStrings{Simple: licenses}, Language: pkg.Java, Locations: source.NewLocationSet(j.location), Type: j.fileInfo.pkgType(), diff --git a/syft/pkg/cataloger/javascript/package.go b/syft/pkg/cataloger/javascript/package.go index 807c5689ae6..b65b0eb3013 100644 --- a/syft/pkg/cataloger/javascript/package.go +++ b/syft/pkg/cataloger/javascript/package.go @@ -18,11 +18,15 @@ func newPackageJSONPackage(u packageJSON, locations ...source.Location) pkg.Pack if err != nil { log.Warnf("unable to extract licenses from javascript package.json: %+v", err) } + licenseStructure := internal.LogicalStrings{} + if len(licenses) > 0 { + licenseStructure.Simple = licenses + } p := pkg.Package{ Name: u.Name, Version: u.Version, - Licenses: internal.LogicalStrings{Simple: licenses}, + Licenses: licenseStructure, PURL: packageURL(u.Name, u.Version), Locations: source.NewLocationSet(locations...), Language: pkg.JavaScript, diff --git a/syft/pkg/cataloger/portage/parse_portage_contents.go b/syft/pkg/cataloger/portage/parse_portage_contents.go index dba65ace0dd..7870648b81f 100644 --- a/syft/pkg/cataloger/portage/parse_portage_contents.go +++ b/syft/pkg/cataloger/portage/parse_portage_contents.go @@ -116,7 +116,7 @@ func addLicenses(resolver source.FileResolver, dbLocation source.Location, p *pk } licenses := findings.ToSlice() sort.Strings(licenses) - p.Licenses = licenses + p.Licenses = internal.LogicalStrings{Simple: licenses} p.Locations.Add(*location) } diff --git a/syft/pkg/cataloger/sbom/cataloger_test.go b/syft/pkg/cataloger/sbom/cataloger_test.go index f986fa6bd86..7966fc71364 100644 --- a/syft/pkg/cataloger/sbom/cataloger_test.go +++ b/syft/pkg/cataloger/sbom/cataloger_test.go @@ -198,7 +198,7 @@ func Test_parseSBOM(t *testing.T) { Version: "1.2.3-r1", Type: "apk", Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")), - Licenses: internal.LogicalStrings{Simple: []string{"MIT", "BSD", "GPL2+"}}, + Licenses: internal.LogicalStrings{Simple: []string{"MIT", "BSD", "GPL2+"}, Joiner: internal.OR}, FoundBy: "sbom-cataloger", PURL: "pkg:apk/alpine/musl-utils@1.2.3-r1?arch=x86_64&upstream=musl&distro=alpine-3.16.3", CPEs: mustCPEs( diff --git a/syft/pkg/cataloger/sbom/test-fixtures/alpine/syft-json/sbom.syft.json b/syft/pkg/cataloger/sbom/test-fixtures/alpine/syft-json/sbom.syft.json index c9e83d12045..ebe6d6a07cd 100644 --- a/syft/pkg/cataloger/sbom/test-fixtures/alpine/syft-json/sbom.syft.json +++ b/syft/pkg/cataloger/sbom/test-fixtures/alpine/syft-json/sbom.syft.json @@ -12,9 +12,7 @@ "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" } ], - "licenses": [ - "GPL-2.0-only" - ], + "licenses": "GPL-2.0-only", "language": "", "cpes": [ "cpe:2.3:a:alpine-baselayout:alpine-baselayout:3.2.0-r23:*:*:*:*:*:*:*", @@ -395,9 +393,7 @@ "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" } ], - "licenses": [ - "GPL-2.0-only" - ], + "licenses": "GPL-2.0-only", "language": "", "cpes": [ "cpe:2.3:a:alpine-baselayout-data:alpine-baselayout-data:3.2.0-r23:*:*:*:*:*:*:*", @@ -558,9 +554,7 @@ "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" } ], - "licenses": [ - "MIT" - ], + "licenses": "MIT", "language": "", "cpes": [ "cpe:2.3:a:alpine-keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*", @@ -995,9 +989,7 @@ "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" } ], - "licenses": [ - "GPL-2.0-only" - ], + "licenses": "GPL-2.0-only", "language": "", "cpes": [ "cpe:2.3:a:apk-tools:apk-tools:2.12.9-r3:*:*:*:*:*:*:*", @@ -1103,9 +1095,7 @@ "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" } ], - "licenses": [ - "GPL-2.0-only" - ], + "licenses": "GPL-2.0-only", "language": "", "cpes": [ "cpe:2.3:a:busybox:busybox:1.35.0-r17:*:*:*:*:*:*:*" @@ -1276,11 +1266,7 @@ "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" } ], - "licenses": [ - "MPL-2.0", - "AND", - "MIT" - ], + "licenses": "MPL-2.0 AND MIT", "language": "", "cpes": [ "cpe:2.3:a:ca-certificates-bundle:ca-certificates-bundle:20220614-r0:*:*:*:*:*:*:*", @@ -1355,11 +1341,7 @@ "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" } ], - "licenses": [ - "BSD-2-Clause", - "AND", - "BSD-3-Clause" - ], + "licenses": "BSD-2-Clause AND BSD-3-Clause", "language": "", "cpes": [ "cpe:2.3:a:libc-utils:libc-utils:0.7.2-r3:*:*:*:*:*:*:*", @@ -1403,9 +1385,7 @@ "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" } ], - "licenses": [ - "OpenSSL" - ], + "licenses": "OpenSSL", "language": "", "cpes": [ "cpe:2.3:a:libcrypto1.1:libcrypto1.1:1.1.1s-r0:*:*:*:*:*:*:*" @@ -1582,9 +1562,7 @@ "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" } ], - "licenses": [ - "OpenSSL" - ], + "licenses": "OpenSSL", "language": "", "cpes": [ "cpe:2.3:a:libssl1.1:libssl1.1:1.1.1s-r0:*:*:*:*:*:*:*" @@ -1656,9 +1634,7 @@ "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" } ], - "licenses": [ - "MIT" - ], + "licenses": "MIT", "language": "", "cpes": [ "cpe:2.3:a:musl:musl:1.2.3-r1:*:*:*:*:*:*:*" @@ -1721,11 +1697,7 @@ "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" } ], - "licenses": [ - "MIT", - "BSD", - "GPL2+" - ], + "licenses": "MIT OR BSD OR GPL2+", "language": "", "cpes": [ "cpe:2.3:a:musl-utils:musl-utils:1.2.3-r1:*:*:*:*:*:*:*", @@ -1836,9 +1808,7 @@ "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" } ], - "licenses": [ - "GPL-2.0-only" - ], + "licenses": "GPL-2.0-only", "language": "", "cpes": [ "cpe:2.3:a:scanelf:scanelf:1.3.4-r0:*:*:*:*:*:*:*" @@ -1896,9 +1866,7 @@ "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" } ], - "licenses": [ - "GPL-2.0-only" - ], + "licenses": "GPL-2.0-only", "language": "", "cpes": [ "cpe:2.3:a:ssl-client:ssl-client:1.35.0-r17:*:*:*:*:*:*:*", @@ -1963,9 +1931,7 @@ "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd" } ], - "licenses": [ - "Zlib" - ], + "licenses": "Zlib", "language": "", "cpes": [ "cpe:2.3:a:zlib:zlib:1.2.12-r3:*:*:*:*:*:*:*"