Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

fix: Better test for group ID in filename #2565

Merged
merged 3 commits into from
Jan 31, 2024
Merged

fix: Better test for group ID in filename #2565

merged 3 commits into from
Jan 31, 2024

Conversation

willmurphyscode
Copy link
Contributor

This fixes an issue where filenames containing a period that aren't a group ID, such as some-jar.12.jar, would be mistakenly be reported as having the name "12" by syft, instead of the name "some-jar.12".

Fixes #2563.

@willmurphyscode
fix: Better test for group ID in filename
86275bf 
This fixes an issue where filenames containing a period that aren't a
group ID, such as some-jar.12.jar, would be mistakenly be reported as
having the name "12" by syft, instead of the name "some-jar.12".

Signed-off-by: Will Murphy <will.murphy@anchore.com>
@willmurphyscode
chore: linter fix
cf4bc58 
Signed-off-by: Will Murphy <will.murphy@anchore.com>
@westonsteimel
Copy link
Contributor

westonsteimel commented Jan 31, 2024
edited
Loading

Oh does this also fix #2385? Seems like it probably does. I can give it a check later

@willmurphyscode
Copy link
Contributor Author

@westonsteimel it looks like this fixes the artifact ID but not the group ID for #2385:

❯ go run cmd/syft/main.go willtmp/kafka_2.13-3.2.2.jar -o json | jq '.artifacts[0].purl'
"pkg:maven/kafka_2.13/kafka_2.13@3.2.2"

I think it's still worth getting in, and we can try to figure out the group ID issue in another PR. I'll push a unit test that prevents regression on that particular kafka jar's artifact ID.

@willmurphyscode
test: specific test for kafka jar from related issue
884b8bd 
Signed-off-by: Will Murphy <will.murphy@anchore.com>
@willmurphyscode willmurphyscode merged commit 31e0fc3 into main Jan 31, 2024
11 checks passed
@willmurphyscode willmurphyscode deleted the fix/only-valid-group-id-in-jar-path branch January 31, 2024 13:21
@westonsteimel
Copy link
Contributor

Yeah, I didn't bother updating the groupid mapping for those since the name was too broken before. Thanks for figuring the name bit out!

@Porkepix Porkepix mentioned this pull request Jan 31, 2024
Merged
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@willmurphyscode
fix: Better test for group ID in filename (anchore#2565)
05ef514 
This fixes an issue where filenames containing a period that aren't a
group ID, such as some-jar.12.jar, would be mistakenly be reported as
having the name "12" by syft, instead of the name "some-jar.12".

It works by testing whether the parts of the filename split on "."
are all valid Java identifiers.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@spiffcs spiffcs spiffcs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

java archive parser incorrectly splitting filenames
3 participants
@willmurphyscode @westonsteimel @spiffcs