From e95bd5bd13f36be51bdc498b9c1074a132dd49bb Mon Sep 17 00:00:00 2001 From: Christopher Phillips Date: Tue, 25 Oct 2022 14:29:35 -0400 Subject: [PATCH] tests: add correct fixtures for utils_test Signed-off-by: Christopher Phillips --- syft/rekor/test-fixtures/sboms/sbom-4.json | 1122 +++++++++++++++++ .../test-fixtures/sboms/sbom-invalid.json | 1122 +++++++++++++++++ syft/rekor/utils_test.go | 7 +- 3 files changed, 2247 insertions(+), 4 deletions(-) create mode 100644 syft/rekor/test-fixtures/sboms/sbom-4.json create mode 100644 syft/rekor/test-fixtures/sboms/sbom-invalid.json diff --git a/syft/rekor/test-fixtures/sboms/sbom-4.json b/syft/rekor/test-fixtures/sboms/sbom-4.json new file mode 100644 index 00000000000..fc0ac7bdbd5 --- /dev/null +++ b/syft/rekor/test-fixtures/sboms/sbom-4.json @@ -0,0 +1,1122 @@ +{ + "SPDXID": "SPDXRef-DOCUMENT", + "name": ".", + "spdxVersion": "SPDX-2.2", + "creationInfo": { + "created": "2022-10-07T17:09:00.583332Z", + "creators": [ + "Organization: Anchore, Inc", + "Tool: syft-0.58.0" + ], + "licenseListVersion": "3.18" + }, + "dataLicense": "CC0-1.0", + "documentNamespace": "https://anchore.com/syft/dir/786c3cae-82d6-4b85-9188-4f11f15afd80", + "packages": [ + { + "SPDXID": "SPDXRef-4ff015380aad9ed", + "name": "bitflags", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitflags:bitflags:1.3.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/bitflags@1.3.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.3.2" + }, + { + "SPDXID": "SPDXRef-14ee25e287b03a0c", + "name": "byteorder", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:byteorder:byteorder:1.4.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/byteorder@1.4.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.4.3" + }, + { + "SPDXID": "SPDXRef-5730669ce43f252e", + "name": "cfg-if", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cfg-if:cfg-if:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cfg-if:cfg_if:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cfg_if:cfg-if:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cfg_if:cfg_if:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cfg:cfg-if:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cfg:cfg_if:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/cfg-if@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-92843e0ff2dc5d77", + "name": "diesel", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel:diesel:1.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/diesel@1.4.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-4947787b3a6ae19b", + "name": "diesel_demo", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel-demo:diesel-demo:0.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel-demo:diesel_demo:0.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel_demo:diesel-demo:0.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel_demo:diesel_demo:0.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel:diesel-demo:0.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel:diesel_demo:0.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/diesel_demo@0.1.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.1.0" + }, + { + "SPDXID": "SPDXRef-9de67238f1270b21", + "name": "diesel_derives", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel-derives:diesel-derives:1.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel-derives:diesel_derives:1.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel_derives:diesel-derives:1.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel_derives:diesel_derives:1.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel:diesel-derives:1.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel:diesel_derives:1.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/diesel_derives@1.4.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.4.1" + }, + { + "SPDXID": "SPDXRef-d1072806b396727", + "name": "dirs", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dirs:dirs:4.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/dirs@4.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "4.0.0" + }, + { + "SPDXID": "SPDXRef-eca1106d6ba59b54", + "name": "dirs-sys", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dirs-sys:dirs-sys:0.3.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dirs-sys:dirs_sys:0.3.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dirs_sys:dirs-sys:0.3.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dirs_sys:dirs_sys:0.3.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dirs:dirs-sys:0.3.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dirs:dirs_sys:0.3.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/dirs-sys@0.3.7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.3.7" + }, + { + "SPDXID": "SPDXRef-a8b959a679a20507", + "name": "dotenvy", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dotenvy:dotenvy:0.15.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/dotenvy@0.15.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.15.5" + }, + { + "SPDXID": "SPDXRef-599002fa33c2e338", + "name": "getrandom", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:getrandom:getrandom:0.2.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/getrandom@0.2.7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.2.7" + }, + { + "SPDXID": "SPDXRef-12de41130e0452f4", + "name": "libc", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libc:libc:0.2.134:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/libc@0.2.134", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.2.134" + }, + { + "SPDXID": "SPDXRef-e937549a2fe8283c", + "name": "pq-sys", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pq-sys:pq-sys:0.4.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pq-sys:pq_sys:0.4.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pq_sys:pq-sys:0.4.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pq_sys:pq_sys:0.4.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pq:pq-sys:0.4.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pq:pq_sys:0.4.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/pq-sys@0.4.7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.4.7" + }, + { + "SPDXID": "SPDXRef-9e271bcbb2eb4f86", + "name": "proc-macro2", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proc-macro2:proc-macro2:1.0.46:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proc-macro2:proc_macro2:1.0.46:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proc_macro2:proc-macro2:1.0.46:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proc_macro2:proc_macro2:1.0.46:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proc:proc-macro2:1.0.46:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proc:proc_macro2:1.0.46:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/proc-macro2@1.0.46", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.0.46" + }, + { + "SPDXID": "SPDXRef-3f79a5711506e146", + "name": "quote", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:quote:quote:1.0.21:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/quote@1.0.21", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.0.21" + }, + { + "SPDXID": "SPDXRef-b42044e0be946d2", + "name": "redox_syscall", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox-syscall:redox-syscall:0.2.16:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox-syscall:redox_syscall:0.2.16:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox_syscall:redox-syscall:0.2.16:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox_syscall:redox_syscall:0.2.16:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox:redox-syscall:0.2.16:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox:redox_syscall:0.2.16:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/redox_syscall@0.2.16", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.2.16" + }, + { + "SPDXID": "SPDXRef-52687c8ef791c28a", + "name": "redox_users", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox-users:redox-users:0.4.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox-users:redox_users:0.4.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox_users:redox-users:0.4.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox_users:redox_users:0.4.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox:redox-users:0.4.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox:redox_users:0.4.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/redox_users@0.4.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.4.3" + }, + { + "SPDXID": "SPDXRef-3ff9b5f469b2818a", + "name": "syn", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:syn:syn:1.0.102:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/syn@1.0.102", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.0.102" + }, + { + "SPDXID": "SPDXRef-b5ef2cd92c2274d1", + "name": "thiserror", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:thiserror:thiserror:1.0.37:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/thiserror@1.0.37", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.0.37" + }, + { + "SPDXID": "SPDXRef-26f7a26f217fe590", + "name": "thiserror-impl", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:thiserror-impl:thiserror-impl:1.0.37:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:thiserror-impl:thiserror_impl:1.0.37:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:thiserror_impl:thiserror-impl:1.0.37:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:thiserror_impl:thiserror_impl:1.0.37:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:thiserror:thiserror-impl:1.0.37:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:thiserror:thiserror_impl:1.0.37:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/thiserror-impl@1.0.37", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.0.37" + }, + { + "SPDXID": "SPDXRef-3a275e4342a218e9", + "name": "unicode-ident", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:unicode-ident:unicode-ident:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:unicode-ident:unicode_ident:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:unicode_ident:unicode-ident:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:unicode_ident:unicode_ident:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:unicode:unicode-ident:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:unicode:unicode_ident:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/unicode-ident@1.0.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.0.4" + }, + { + "SPDXID": "SPDXRef-5837dfd8ed83cc58", + "name": "vcpkg", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:vcpkg:vcpkg:0.2.15:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/vcpkg@0.2.15", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.2.15" + }, + { + "SPDXID": "SPDXRef-193d1933a58d416d", + "name": "wasi", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:wasi:wasi:0.11.0\\+wasi-snapshot-preview1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/wasi@0.11.0+wasi-snapshot-preview1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.11.0+wasi-snapshot-preview1" + }, + { + "SPDXID": "SPDXRef-d793b9aaa62fcb09", + "name": "winapi", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi:winapi:0.3.9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/winapi@0.3.9", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.3.9" + }, + { + "SPDXID": "SPDXRef-967fa5a61b10c237", + "name": "winapi-i686-pc-windows-gnu", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-i686-pc-windows-gnu:winapi-i686-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-i686-pc-windows-gnu:winapi_i686_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_i686_pc_windows_gnu:winapi-i686-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_i686_pc_windows_gnu:winapi_i686_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-i686-pc-windows:winapi-i686-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-i686-pc-windows:winapi_i686_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_i686_pc_windows:winapi-i686-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_i686_pc_windows:winapi_i686_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-i686-pc:winapi-i686-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-i686-pc:winapi_i686_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_i686_pc:winapi-i686-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_i686_pc:winapi_i686_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-i686:winapi-i686-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-i686:winapi_i686_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_i686:winapi-i686-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_i686:winapi_i686_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi:winapi-i686-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi:winapi_i686_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/winapi-i686-pc-windows-gnu@0.4.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.4.0" + }, + { + "SPDXID": "SPDXRef-949a3beb5140777e", + "name": "winapi-x86_64-pc-windows-gnu", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64-pc-windows-gnu:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64-pc-windows-gnu:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64-pc-windows-gnu:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64-pc-windows-gnu:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64-pc-windows-gnu:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64-pc-windows-gnu:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64_pc_windows_gnu:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64_pc_windows_gnu:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64_pc_windows_gnu:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64-pc-windows:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64-pc-windows:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64-pc-windows:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64-pc-windows:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64-pc-windows:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64-pc-windows:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64_pc_windows:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64_pc_windows:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64_pc_windows:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64-pc:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64-pc:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64-pc:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64-pc:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64-pc:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64-pc:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64_pc:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64_pc:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64_pc:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/winapi-x86_64-pc-windows-gnu@0.4.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.4.0" + } + ] +} diff --git a/syft/rekor/test-fixtures/sboms/sbom-invalid.json b/syft/rekor/test-fixtures/sboms/sbom-invalid.json new file mode 100644 index 00000000000..786de50cc04 --- /dev/null +++ b/syft/rekor/test-fixtures/sboms/sbom-invalid.json @@ -0,0 +1,1122 @@ +{ + "SPDXID": "SPDXRef-DOCUMENT", + "name": ".", + "spdxVersion": "SPDX-2.2", + "creationInfo": { + "created": "2022-10-07T17:09:00.583332Z", + "creators": [ + "Organization: Anchore, Inc", + "Tool: syft-0.58.0" + ], + "licenseListVersion": "3.18" + } + dataLicense": CC0-1.0", + "documentNamespace": https://anchore.com/syft/dir/786c3cae-82d6-4b85-9188-4f11f15afd80", + "packages": [ + { + "SPDXID": "SPDXRef-4ff015380aad9ed", + "name": "bitflags", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:bitflags:bitflags:1.3.2:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/bitflags@1.3.2", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.3.2" + }, + { + "SPDXID": "SPDXRef-14ee25e287b03a0c", + "name": "byteorder", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:byteorder:byteorder:1.4.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/byteorder@1.4.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.4.3" + }, + { + "SPDXID": "SPDXRef-5730669ce43f252e", + "name": "cfg-if", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cfg-if:cfg-if:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cfg-if:cfg_if:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cfg_if:cfg-if:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cfg_if:cfg_if:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cfg:cfg-if:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:cfg:cfg_if:1.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/cfg-if@1.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-92843e0ff2dc5d77", + "name": "diesel", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel:diesel:1.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/diesel@1.4.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.0.0" + }, + { + "SPDXID": "SPDXRef-4947787b3a6ae19b", + "name": "diesel_demo", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel-demo:diesel-demo:0.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel-demo:diesel_demo:0.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel_demo:diesel-demo:0.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel_demo:diesel_demo:0.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel:diesel-demo:0.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel:diesel_demo:0.1.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/diesel_demo@0.1.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.1.0" + }, + { + "SPDXID": "SPDXRef-9de67238f1270b21", + "name": "diesel_derives", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel-derives:diesel-derives:1.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel-derives:diesel_derives:1.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel_derives:diesel-derives:1.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel_derives:diesel_derives:1.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel:diesel-derives:1.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:diesel:diesel_derives:1.4.1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/diesel_derives@1.4.1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.4.1" + }, + { + "SPDXID": "SPDXRef-d1072806b396727", + "name": "dirs", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dirs:dirs:4.0.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/dirs@4.0.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "4.0.0" + }, + { + "SPDXID": "SPDXRef-eca1106d6ba59b54", + "name": "dirs-sys", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dirs-sys:dirs-sys:0.3.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dirs-sys:dirs_sys:0.3.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dirs_sys:dirs-sys:0.3.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dirs_sys:dirs_sys:0.3.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dirs:dirs-sys:0.3.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dirs:dirs_sys:0.3.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/dirs-sys@0.3.7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.3.7" + }, + { + "SPDXID": "SPDXRef-a8b959a679a20507", + "name": "dotenvy", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:dotenvy:dotenvy:0.15.5:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/dotenvy@0.15.5", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.15.5" + }, + { + "SPDXID": "SPDXRef-599002fa33c2e338", + "name": "getrandom", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:getrandom:getrandom:0.2.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/getrandom@0.2.7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.2.7" + }, + { + "SPDXID": "SPDXRef-12de41130e0452f4", + "name": "libc", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:libc:libc:0.2.134:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/libc@0.2.134", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.2.134" + }, + { + "SPDXID": "SPDXRef-e937549a2fe8283c", + "name": "pq-sys", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pq-sys:pq-sys:0.4.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pq-sys:pq_sys:0.4.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pq_sys:pq-sys:0.4.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pq_sys:pq_sys:0.4.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pq:pq-sys:0.4.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:pq:pq_sys:0.4.7:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/pq-sys@0.4.7", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.4.7" + }, + { + "SPDXID": "SPDXRef-9e271bcbb2eb4f86", + "name": "proc-macro2", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proc-macro2:proc-macro2:1.0.46:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proc-macro2:proc_macro2:1.0.46:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proc_macro2:proc-macro2:1.0.46:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proc_macro2:proc_macro2:1.0.46:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proc:proc-macro2:1.0.46:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:proc:proc_macro2:1.0.46:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/proc-macro2@1.0.46", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.0.46" + }, + { + "SPDXID": "SPDXRef-3f79a5711506e146", + "name": "quote", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:quote:quote:1.0.21:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/quote@1.0.21", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.0.21" + }, + { + "SPDXID": "SPDXRef-b42044e0be946d2", + "name": "redox_syscall", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox-syscall:redox-syscall:0.2.16:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox-syscall:redox_syscall:0.2.16:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox_syscall:redox-syscall:0.2.16:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox_syscall:redox_syscall:0.2.16:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox:redox-syscall:0.2.16:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox:redox_syscall:0.2.16:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/redox_syscall@0.2.16", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.2.16" + }, + { + "SPDXID": "SPDXRef-52687c8ef791c28a", + "name": "redox_users", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox-users:redox-users:0.4.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox-users:redox_users:0.4.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox_users:redox-users:0.4.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox_users:redox_users:0.4.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox:redox-users:0.4.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:redox:redox_users:0.4.3:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/redox_users@0.4.3", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.4.3" + }, + { + "SPDXID": "SPDXRef-3ff9b5f469b2818a", + "name": "syn", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:syn:syn:1.0.102:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/syn@1.0.102", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.0.102" + }, + { + "SPDXID": "SPDXRef-b5ef2cd92c2274d1", + "name": "thiserror", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:thiserror:thiserror:1.0.37:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/thiserror@1.0.37", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.0.37" + }, + { + "SPDXID": "SPDXRef-26f7a26f217fe590", + "name": "thiserror-impl", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:thiserror-impl:thiserror-impl:1.0.37:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:thiserror-impl:thiserror_impl:1.0.37:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:thiserror_impl:thiserror-impl:1.0.37:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:thiserror_impl:thiserror_impl:1.0.37:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:thiserror:thiserror-impl:1.0.37:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:thiserror:thiserror_impl:1.0.37:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/thiserror-impl@1.0.37", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.0.37" + }, + { + "SPDXID": "SPDXRef-3a275e4342a218e9", + "name": "unicode-ident", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:unicode-ident:unicode-ident:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:unicode-ident:unicode_ident:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:unicode_ident:unicode-ident:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:unicode_ident:unicode_ident:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:unicode:unicode-ident:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:unicode:unicode_ident:1.0.4:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/unicode-ident@1.0.4", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "1.0.4" + }, + { + "SPDXID": "SPDXRef-5837dfd8ed83cc58", + "name": "vcpkg", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:vcpkg:vcpkg:0.2.15:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/vcpkg@0.2.15", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.2.15" + }, + { + "SPDXID": "SPDXRef-193d1933a58d416d", + "name": "wasi", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:wasi:wasi:0.11.0\\+wasi-snapshot-preview1:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/wasi@0.11.0+wasi-snapshot-preview1", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.11.0+wasi-snapshot-preview1" + }, + { + "SPDXID": "SPDXRef-d793b9aaa62fcb09", + "name": "winapi", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi:winapi:0.3.9:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/winapi@0.3.9", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.3.9" + }, + { + "SPDXID": "SPDXRef-967fa5a61b10c237", + "name": "winapi-i686-pc-windows-gnu", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-i686-pc-windows-gnu:winapi-i686-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-i686-pc-windows-gnu:winapi_i686_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_i686_pc_windows_gnu:winapi-i686-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_i686_pc_windows_gnu:winapi_i686_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-i686-pc-windows:winapi-i686-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-i686-pc-windows:winapi_i686_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_i686_pc_windows:winapi-i686-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_i686_pc_windows:winapi_i686_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-i686-pc:winapi-i686-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-i686-pc:winapi_i686_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_i686_pc:winapi-i686-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_i686_pc:winapi_i686_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-i686:winapi-i686-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-i686:winapi_i686_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_i686:winapi-i686-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_i686:winapi_i686_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi:winapi-i686-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi:winapi_i686_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/winapi-i686-pc-windows-gnu@0.4.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.4.0" + }, + { + "SPDXID": "SPDXRef-949a3beb5140777e", + "name": "winapi-x86_64-pc-windows-gnu", + "licenseConcluded": "NONE", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64-pc-windows-gnu:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64-pc-windows-gnu:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64-pc-windows-gnu:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64-pc-windows-gnu:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64-pc-windows-gnu:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64-pc-windows-gnu:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64_pc_windows_gnu:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64_pc_windows_gnu:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64_pc_windows_gnu:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64-pc-windows:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64-pc-windows:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64-pc-windows:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64-pc-windows:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64-pc-windows:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64-pc-windows:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64_pc_windows:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64_pc_windows:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64_pc_windows:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64-pc:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64-pc:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64-pc:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64-pc:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64-pc:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64-pc:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64_pc:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64_pc:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64_pc:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86-64:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86_64:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86_64:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi-x86:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi_x86:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi:winapi-x86-64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi:winapi-x86_64-pc-windows-gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "SECURITY", + "referenceLocator": "cpe:2.3:a:winapi:winapi_x86_64_pc_windows_gnu:0.4.0:*:*:*:*:*:*:*", + "referenceType": "cpe23Type" + }, + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:cargo/winapi-x86_64-pc-windows-gnu@0.4.0", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseDeclared": "NONE", + "sourceInfo": "acquired package info from rust cargo manifest: Cargo.lock", + "versionInfo": "0.4.0" + } + ] +} diff --git a/syft/rekor/utils_test.go b/syft/rekor/utils_test.go index f47374805bf..2aa6cf868fa 100644 --- a/syft/rekor/utils_test.go +++ b/syft/rekor/utils_test.go @@ -2,7 +2,6 @@ package rekor import ( "fmt" - "io/ioutil" "os" "testing" @@ -117,15 +116,15 @@ func Test_getSbom(t *testing.T) { }, { name: "invalid SPDX file", - sbomFile: "test-fixtures/sboms/sbom-invalid.txt", + sbomFile: "test-fixtures/sboms/sbom-invalid.json", expectErr: true, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - b, err := ioutil.ReadFile(tt.sbomFile) + b, err := os.ReadFile(tt.sbomFile) if err != nil { - assert.FailNow(t, "error reading test data") + assert.FailNowf(t, "error reading test data; err:", err.Error()) } _, err = parseSbom(&b)