Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

feat: index known CPEs for go modules #2816

Merged
merged 1 commit into from
Apr 26, 2024
Merged

feat: index known CPEs for go modules #2816

merged 1 commit into from
Apr 26, 2024

Conversation

westonsteimel
Copy link
Contributor

No description provided.

@westonsteimel westonsteimel added the enhancement New feature or request label Apr 25, 2024
@westonsteimel
feat: index known CPEs for go modules
7c34ff9 
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
@westonsteimel westonsteimel force-pushed the index-known-go-module-cpes branch from 7549ccf to 7c34ff9 Compare April 25, 2024 21:07
@westonsteimel westonsteimel requested a review from a team April 25, 2024 21:15
@westonsteimel westonsteimel enabled auto-merge (squash) April 25, 2024 21:15
spiffcs
spiffcs reviewed Apr 26, 2024
View reviewed changes
Copy link
Contributor

@spiffcs spiffcs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 looks awesome just one ? about how the ref is parsed

syft/pkg/cataloger/internal/cpegenerate/dictionary/index-generator/generate.go

func addEntryForGoModulePackage(indexed *dictionary.Indexed, ref string, cpeItemName string) {
// Prune off the non-package-name parts of the URL
ref = strings.Split(ref, "?")[0]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is ref here always a valid URL?

If it is and we're trying to split off the Query parameters is it safer to do something like the following?

u, err := url.Parse(ref)
if err != nil {
    // handle error and resort to split method
}
ref = u.Scheme + "://" + u.Host + u.Path

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was taken from how this is done in the functions for the other ecosystems

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm sure there is potential for refactoring this entire CPE index building element, but I probably do not have the capacity for that currently

@westonsteimel westonsteimel disabled auto-merge April 26, 2024 12:48
@spiffcs spiffcs merged commit 8640f97 into main Apr 26, 2024
11 checks passed
@spiffcs spiffcs deleted the index-known-go-module-cpes branch April 26, 2024 13:55
@BrewTestBot BrewTestBot mentioned this pull request Apr 26, 2024
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@spiffcs spiffcs spiffcs approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@westonsteimel @spiffcs