fix: #953 Derive language from pURL - https://github.com/anchore/syft… #957
Conversation
Signed-off-by: Jon McEwen <jon_mcewen@hotmail.com>
|
Thanks for the contribution @jonmcewen. Approved and running the checks now |
|
@jonmcewen I'm taking a look at the integration testing here to see what updates have to go in for this PR to be ok to merge |
|
Thanks @spiffcs . Let me know if I need to do more. I had tests failing on master before the change so assumed that was something to do with my laptop setup |
|
Just a quick update on this PR. The reason the tests are failing is because we test an Example: Original encode will not do the PURL language check so properties like below The reason they these properties are included on the second pass is that we decode the original. This decode does the new language check, which then encodes the new property which shows we could not find a language. I'm going to ask our team today on if we want to include ("UnknownLanguage") properties in the original encode OR if we want to redact it and not include it when doing this language from CPE check. |
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
| @@ -69,6 +69,9 @@ func Catalog(resolver source.FileResolver, release *linux.Release, catalogers .. | |||
|
|
|||
| // generate PURL (note: this is excluded from package ID, so is safe to mutate) | |||
| p.PURL = pkg.URL(p, release) | |||
| if p.Language == "" { | |||
There was a problem hiding this comment.
nit: an extra comment explaining why this is here would be good since there is some high-level reasoning for it that isn't apparent.
|
Looks like my changes made the integration tests FAIL. I need to update the assertions so it sees it's ok now to have |
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
|
@jonmcewen I'll make sure to get this over the line today. We really appreciate the contribution and the thought you put into this PR. I'm just trying to get some of the encode/decode patterns for different formats reconciled with this change. |
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
|
@spiffcs many thanks for getting this in and making it a pleasant contribution experience :-) |
* main: (31 commits) reduce noise of log output (#976) add version info and remove double config call (#977) Rename syft-id to package-id (#970) update to cyclonedx-go 0.5.2 (#971) refactor command package to remove globals and add dependency injection fix: #953 Derive language from pURL - https://github.com/anchore/syft… (#957) Fix typo in CPE-parsing error (#966) Preserve syft IDs on SBOM decode (#963) Update GitHub format package_url and correlator (#961) Ensure SPDXIDs are valid (#955) Auto-PR needs to run go mod tidy (#958) Add workflow for automatic PR for new stereoscope updates (#954) Minor readme update to correct format information (#948) Update spdx22json to only take uppercase checksum algorithm (#946) add additional vendors for springframework (#945) Add digest property to parent and nested java package metadata (#941) Update write permissions and log into ghcr.io for release (#942) Retry auth URL lookup without docker credentialhelper workaround (#939) Ensure that all cyclonedx components have bom-refs (#914) Additionally publish docker images to GHCR (#934) ... Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
…re/syft… (anchore#957) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Signed-off-by: rigzba21 <jonathan.velando01@gmail.com>
…re/syft… (anchore#957) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
…/issues/953
Signed-off-by: Jon McEwen jon_mcewen@hotmail.com