From 6a4d0362aafa2b86576e4946c9bef42c6031cafa Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Thu, 11 Jul 2024 17:09:58 -0400 Subject: [PATCH] don't SCA-generate so: provides for libs not directly in lib dirs Signed-off-by: Jason Hall --- pkg/sca/e2e_test.go | 186 +++++++++++++++--- pkg/sca/generated/x86_64/APKINDEX.json | 34 ++++ pkg/sca/generated/x86_64/APKINDEX.tar.gz | Bin 0 -> 276 bytes pkg/sca/generated/x86_64/shbang-test-1-r1.apk | Bin 0 -> 4519 bytes pkg/sca/sca.go | 2 +- pkg/sca/sca_test.go | 50 ++++- .../testdata/generated/x86_64/APKINDEX.json | 43 ++++ .../testdata/generated/x86_64/APKINDEX.tar.gz | Bin 276 -> 493 bytes pkg/sca/testdata/py3-seaborn.yaml | 43 ++++ pkg/sca/testdata/systemd.yaml | 77 ++++++++ 10 files changed, 406 insertions(+), 29 deletions(-) create mode 100644 pkg/sca/generated/x86_64/APKINDEX.json create mode 100644 pkg/sca/generated/x86_64/APKINDEX.tar.gz create mode 100644 pkg/sca/generated/x86_64/shbang-test-1-r1.apk create mode 100644 pkg/sca/testdata/py3-seaborn.yaml create mode 100644 pkg/sca/testdata/systemd.yaml diff --git a/pkg/sca/e2e_test.go b/pkg/sca/e2e_test.go index 95b360014..946cd3343 100644 --- a/pkg/sca/e2e_test.go +++ b/pkg/sca/e2e_test.go @@ -15,11 +15,10 @@ //go:build e2e // +build e2e -//go:generate go run ./../../ build --out-dir=./generated ./testdata/shbang-test.yaml --arch=x86_64 - package sca import ( + "context" "fmt" "runtime" "testing" @@ -34,6 +33,7 @@ import ( // Chainguard go-fips toolchain generates binaries like these // which at runtime require openssl and fips provider func TestGoFipsBinDeps(t *testing.T) { + t.Skip() ctx := slogtest.TestContextWithLogger(t) var ldso, archdir string @@ -46,7 +46,8 @@ func TestGoFipsBinDeps(t *testing.T) { archdir = "x86_64" } - th := handleFromApk(ctx, t, fmt.Sprintf("go-fips-bin/packages/%s/go-fips-bin-v0.0.1-r0.apk", archdir), "go-fips-bin/go-fips-bin.yaml") + th := handleFromApk(ctx, t, fmt.Sprintf("go-fips-bin/packages/%s/go-fips-bin-v0.0.1-r0.apk", archdir), + "go-fips-bin/go-fips-bin.yaml") defer th.exp.Close() got := config.Dependencies{} @@ -69,28 +70,163 @@ func TestGoFipsBinDeps(t *testing.T) { } } -func TestShbangDeps(t *testing.T) { - ctx := slogtest.TestContextWithLogger(t) - // Generated with `go generate ./...` - th := handleFromApk(ctx, t, "generated/x86_64/shbang-test-1-r1.apk", "shbang-test.yaml") - defer th.exp.Close() +func TestAnalyze(t *testing.T) { + for _, c := range []struct { + apk string + cfgpath string + want config.Dependencies + }{{ + apk: "py3-seaborn-0.13.2-r0.apk", + cfgpath: "py3-seaborn.yaml", + want: config.Dependencies{ + Runtime: []string{ + "so:ld-linux-x86-64.so.2", + "so:libXau-154567c4.so.6.0.0", + "so:libbrotlicommon-3ecfe81c.so.1", + "so:libbrotlidec-ba690955.so.1", + "so:libc.so.6", + "so:libdl.so.2", + "so:libfreetype-f154df84.so.6.20.1", + "so:libgcc_s.so.1", + "so:libgfortran-040039e1.so.5.0.0", + "so:libharfbuzz-2093a78b.so.0.60830.0", + "so:libjpeg-e44fd0cd.so.62.4.0", + "so:liblcms2-e69eef39.so.2.0.16", + "so:liblzma-13fa198c.so.5.4.5", + "so:libm.so.6", + "so:libopenjp2-eca49203.so.2.5.0", + "so:libpng16-78d422d5.so.16.40.0", + "so:libpthread.so.0", + "so:libquadmath-96973f99.so.0.0.0", + "so:libsharpyuv-20f78091.so.0.0.1", + "so:libstdc++.so.6", + "so:libtiff-91af027d.so.6.0.2", + "so:libwebp-850e2bec.so.7.1.8", + "so:libwebpdemux-df9b36c7.so.2.0.14", + "so:libwebpmux-9fe05867.so.3.0.13", + "so:libxcb-f0538cc0.so.1.1.0", + "so:libz.so.1", + }, + Provides: []string{ + "cmd:f2py=0.13.2-r0", + "cmd:fonttools=0.13.2-r0", + "cmd:pyftmerge=0.13.2-r0", + "cmd:pyftsubset=0.13.2-r0", + "cmd:ttx=0.13.2-r0", + }, + Vendored: []string{ + "so:libXau-154567c4.so.6.0.0=6.0.0", + "so:libbrotlicommon-3ecfe81c.so.1=1", + "so:libbrotlidec-ba690955.so.1=1", + "so:libfreetype-f154df84.so.6.20.1=6.20.1", + "so:libgfortran-040039e1.so.5.0.0=5.0.0", + "so:libharfbuzz-2093a78b.so.0.60830.0=0.60830.0", + "so:libjpeg-e44fd0cd.so.62.4.0=62.4.0", + "so:liblcms2-e69eef39.so.2.0.16=2.0.16", + "so:liblzma-13fa198c.so.5.4.5=5.4.5", + "so:libopenblas64_p-r0-0cf96a72.3.23.dev.so=0", + "so:libopenjp2-eca49203.so.2.5.0=2.5.0", + "so:libpng16-78d422d5.so.16.40.0=16.40.0", + "so:libquadmath-96973f99.so.0.0.0=0.0.0", + "so:libsharpyuv-20f78091.so.0.0.1=0.0.1", + "so:libtiff-91af027d.so.6.0.2=6.0.2", + "so:libwebp-850e2bec.so.7.1.8=7.1.8", + "so:libwebpdemux-df9b36c7.so.2.0.14=2.0.14", + "so:libwebpmux-9fe05867.so.3.0.13=3.0.13", + "so:libxcb-f0538cc0.so.1.1.0=1.1.0", + }, + }, + }, { + apk: "systemd-256.2-r1.apk", + cfgpath: "systemd.yaml", + want: config.Dependencies{ + Runtime: []string{ + "so:ld-linux-x86-64.so.2", + "so:libblkid.so.1", + "so:libc.so.6", + "so:libcap.so.2", + "so:libcrypt.so.1", + "so:libcrypto.so.3", + "so:libfdisk.so.1", + "so:libm.so.6", + "so:libmount.so.1", + "so:libssl.so.3", + "so:libudev.so.1", + }, + Provides: []string{ + "cmd:bootctl=256.2-r1", + "cmd:busctl=256.2-r1", + "cmd:coredumpctl=256.2-r1", + "cmd:hostnamectl=256.2-r1", + "cmd:journalctl=256.2-r1", + "cmd:kernel-install=256.2-r1", + "cmd:localectl=256.2-r1", + "cmd:loginctl=256.2-r1", + "cmd:machinectl=256.2-r1", + "cmd:networkctl=256.2-r1", + "cmd:oomctl=256.2-r1", + "cmd:portablectl=256.2-r1", + "cmd:resolvectl=256.2-r1", + "cmd:systemctl=256.2-r1", + "cmd:systemd-ac-power=256.2-r1", + "cmd:systemd-analyze=256.2-r1", + "cmd:systemd-ask-password=256.2-r1", + "cmd:systemd-cat=256.2-r1", + "cmd:systemd-cgls=256.2-r1", + "cmd:systemd-cgtop=256.2-r1", + "cmd:systemd-creds=256.2-r1", + "cmd:systemd-delta=256.2-r1", + "cmd:systemd-detect-virt=256.2-r1", + "cmd:systemd-dissect=256.2-r1", + "cmd:systemd-escape=256.2-r1", + "cmd:systemd-firstboot=256.2-r1", + "cmd:systemd-hwdb=256.2-r1", + "cmd:systemd-id128=256.2-r1", + "cmd:systemd-inhibit=256.2-r1", + "cmd:systemd-machine-id-setup=256.2-r1", + "cmd:systemd-mount=256.2-r1", + "cmd:systemd-notify=256.2-r1", + "cmd:systemd-nspawn=256.2-r1", + "cmd:systemd-path=256.2-r1", + "cmd:systemd-repart=256.2-r1", + "cmd:systemd-run=256.2-r1", + "cmd:systemd-socket-activate=256.2-r1", + "cmd:systemd-stdio-bridge=256.2-r1", + "cmd:systemd-sysext=256.2-r1", + "cmd:systemd-sysusers=256.2-r1", + "cmd:systemd-tmpfiles=256.2-r1", + "cmd:systemd-tty-ask-password-agent=256.2-r1", + "cmd:systemd-vmspawn=256.2-r1", + "cmd:systemd-vpick=256.2-r1", + "cmd:timedatectl=256.2-r1", + "cmd:udevadm=256.2-r1", + "cmd:userdbctl=256.2-r1", + "cmd:varlinkctl=256.2-r1", + "so:libnss_myhostname.so.2=2", + "so:libnss_mymachines.so.2=2", + "so:libnss_resolve.so.2=2", + "so:libnss_systemd.so.2=2", + "so:libudev.so.1=1", + }, + Vendored: []string{ + "so:libsystemd-core-256.so=0", + "so:libsystemd-shared-256.so=0", + }, + }, + }} { + t.Run(c.apk, func(t *testing.T) { + ctx := context.Background() + url := "https://packages.wolfi.dev/os/x86_64/" + c.apk + th := handleFromApk(ctx, t, url, c.cfgpath) + defer th.exp.Close() - want := config.Dependencies{ - Runtime: util.Dedup([]string{ - "cmd:bash", - "cmd:envDashSCmd", - "cmd:python3.12", - "so:ld-linux-x86-64.so.2", - "so:libc.so.6", - }), - Provides: nil, - } - - got := config.Dependencies{} - if err := Analyze(ctx, th, &got); err != nil { - t.Fatal(err) - } - if diff := cmp.Diff(want, got); diff != "" { - t.Errorf("Analyze(): (-want, +got):\n%s", diff) + got := config.Dependencies{} + if err := Analyze(ctx, th, &got); err != nil { + t.Fatal(err) + } + if diff := cmp.Diff(c.want, got); diff != "" { + t.Errorf("Analyze(): (-want, +got):\n%s", diff) + } + }) } } diff --git a/pkg/sca/generated/x86_64/APKINDEX.json b/pkg/sca/generated/x86_64/APKINDEX.json new file mode 100644 index 000000000..8847413ec --- /dev/null +++ b/pkg/sca/generated/x86_64/APKINDEX.json @@ -0,0 +1,34 @@ +{ + "Signature": null, + "Description": "", + "Packages": [ + { + "Name": "shbang-test", + "Version": "1-r1", + "Arch": "x86_64", + "Description": "shbang test", + "License": "MIT", + "Origin": "shbang-test", + "Maintainer": "", + "URL": "", + "Checksum": "lh8N8wmjML0PzAr+ocS3r0+SeOQ=", + "Dependencies": [ + "cmd:bash", + "cmd:envDashSCmd", + "cmd:python3.12", + "so:ld-linux-x86-64.so.2", + "so:libc.so.6" + ], + "Provides": null, + "InstallIf": null, + "Size": 4519, + "InstalledSize": 17302, + "ProviderPriority": 0, + "BuildTime": "1970-01-01T00:00:00Z", + "BuildDate": 0, + "RepoCommit": "", + "Replaces": null, + "DataHash": "bd2e7d74e652d107cd67ba2f31c02f8bb489779c881e300c2dddacbbdbace252" + } + ] +} \ No newline at end of file diff --git a/pkg/sca/generated/x86_64/APKINDEX.tar.gz b/pkg/sca/generated/x86_64/APKINDEX.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..024c9a923dcf8bfad59701dc5b0bc396319caef1 GIT binary patch literal 276 zcmV+v0qg!BiwFP!00000|Ll`XOT$1A$8(-fk$Xv)?Z#~!@DP$7f^C|bAl@V|OeGJ= zrW*b9(o_ZO!Gi=T?C&y<9rnLF@OQ#%Kk$}!+Jqn?3daFfk-*;17o)vnnO#$XFWSf*^vV}F-she81S_YTh)ZyC8aei-|kU^0#0{Qo0o axIm`-uTUryQ}P}F0RR7FP-q+g3IG6Seu&fn literal 0 HcmV?d00001 diff --git a/pkg/sca/generated/x86_64/shbang-test-1-r1.apk b/pkg/sca/generated/x86_64/shbang-test-1-r1.apk new file mode 100644 index 0000000000000000000000000000000000000000..f0d9e60cda03549d29fb08296ff73e3accdb8fb3 GIT binary patch literal 4519 zcmY+HX*d-8*T)BUkroQ2BBAWJeM=Zr$ey*x7Lk1)*=7=1YlalbE>XxD4ay{Y>XzML z8pbg8$yjIoJ?{UrT-S46ob&E1-|w5x5lQEQK#l~aK)`6mpzoFgJu%Xp1iFAvJfpHg_W+dLQ~{^ZyDpn42PLrO${woQsT_6Ve%psfg*K8i{y3Of1ly1 zeQfJQR!u~nbAzm1DMj_za<_rsnz6t&;fOb#`_~hmbIXNV+oZB{r&lUE)+oE{*O+)v zLhbogoU$J)Lu60ha`O1~z%*0_i_HNtamOGniLoA#zaS8i|C4YnF2G-?Hwt9%2RJrg z)&hbdha!+BuFLkHv_|5M|!y>akjpH`lBQ3>*(GkTTQ+&CM zf0Y{3rJ315%whI*jkAFx5>nh}mpCsfchHLs}vrO{u4izo22feq(cF8cp9;#yp39wOouA%$)Fm+g{G5TfL{yPqS~_(>b9}QOzhmsR24&`1L{jG&qsR zc*Js*pTyKi^BP~P@3(9LB55dr{g&?XO?*$t7a_@$yACTiTX0iu7|HFm=;=*YwPG;> zkncrs4AjU^UssCoHyE@Ez>U|f3sxo_CrXzmWPG^#n`IWpE`B%=T=l0UEFg>(CNW6c z8(qM?3wReTzehkrR!VI5E-P^7of78#)?hT*@F|(K37(?{E}>uCZ#VjP5*1^Dz0Sbn z_JfvxB_&C&rum#2OAs_D)5D6&jF$MiofqesM#_Ee;)+SV%fMgB5?N!_R`Rd8+GI)) zKn4LS!hQ*TX`zNgKKWLsz_`x0@h@uXC;;c3P%+y}Ep!f|voNKy#$CV}2`V3_mTGAk zSUt%$3Zi*9GzWAJhj-d$c=2{;noDUPOyK(OOLV{u!w#0+4Tl>H5o<;T6(O+_*?@4# zo#UTOUlIY4^5>VZJIzI)s-Y%*A2YCtH|%Rra~`|Tk(*Zj9vR>i$aE5cZ4NzSj7afZ|!0VbNF&2+BYfDsb3lJh8N913AsS`%u4^gU(UiaphoQ=Koh(7Yo!QOU{wf$R={f65Le^fz2tin{yM;E1~9LnLDik?Qa+qPO}X^x zqz0ti4bejHn1;D~58AS8CY!|>;KHAO9pxY*jGs6TfvPll3Z{gJz(f#62j)FIzEJ+! z=PrKRy&OmttU~B}LA4?z9tsI@6meQ6Btsx{t%xYN{2uFJp+!CIh(u%xYcdgjfhZ0A zrX(@JGqU|inZItUI5aCaG*i8o!f$qFSF)bQ&Wy>ZxN{|1O5=Nh7+NW>LTy|jeLm`n zV_B$1?#xdtyYPU`?;`qSQ9rHG7!|Mm_xBIVEU~}y18d2HhzvAc9Xn`Gck&D!sqPTd z;ikMGlO1%8@0L#m#J^|D_n@y=VoI$>jtkMOd6``Iiv;#mU|zF`UIhR37RPLvwbX>rv1z#G}2A7$W)g z8mYWEwg@Y=Yc;T>oL;ZX2ozzVEt#SaJ!z+oAzw+Q+b)6o&5dTxfekZVa7cDef!*gd zDqG-w5U-xbh{bqEzs*sFp9-=9Z%cRJ;sSCCas@81o7e3bnxaF)%TzL2}2K%aN>EQ5m(P6xfe-F5M2s z-4b}g@vdc$D7Z^IOKfTRB}yj^(?1$^Mn6Q{W-uUuz%*lCs(ORYeLslhnFgJ?O0pOK zC+hY#gE$eJ7+(jtvRzCJr9cMKgl{i=TA|_VzzSV)ZarHzg{p*<4T1oHM+wQO`0Xgi z4YL!hKVGlPm$wkMhrZHb%{o-q(>3jT=bNg)?KaBbYPzW;ah1a3H{pf&3u0Up`AG6p+W>zv0tfg?Bdop}3yRur$B?p8rzUxP$v6vLr-LOCvbe+L!+F0uI(s#U%hYx?`cXUD(pHZAXw456 z+MuztO5_r1?04Z8XSUh#OjYxs7N6HFH;T6aq{k(0Z+0%9k(@K4`o*e^roaB(vb?sP z3T>)d-e{>ExD*^BmR;tl)%i%!nCjj>$%kn{TSp2EU?%B@|0 zpJ*L(*EfS#CPucMwy~ShuZKy=Ml3aROfL~SFda27B#QxJdKa)jj5Jrlo-KU;)gluTTR(HxNcUt14q-2_`v-{4hZ7&oSG$>S*{ z6^Uvj_?c~h1co-Y;!ZBf-cpIi@`o3y<5`Wz=9qM?#izC1nB&Ykx>Q z_XedLoiZeOcERo5?CHD-O_x~`b*b|y964kuv9+`4$wJqvv>S2L0at0P@1^h@IQ!Dzcav9-ObqP#tTq{6IbTYJhdkDQGMe*+OQSy& z_e|ZydFZ~-jfWp(I}mMtY=N{B#eWZH>%W~w3ilQh5`Rh@q1En*@S>ER)}BqIYA>t` zYwkZJ>?8cmPzSQn39&I&bw)@9ej@$n7Rjyi6KC|`;=Jl{DhqQpvtqEGb~EFXEV8yv zS5RRRy2pX%q(=R+IRyQq+{oN~41G@?prhc-$RrEhej(6Hr)=xZ?e`wtuKKYX#T@l4 zG{`9G{fR1?j~K6*KLk817MVPvS!154PdNH`djisrtkDR|Yej3WUX2#?H5z}LP80l>PDl7YXZ#Ns5 zwrRF=`a`bOq{;{9hJ*^*g|bt2K#UvnUm$WLBeHJIF%>E$&fjAK#c=?oSAXQKwi-LC za=~4t-FxOTOZMqP`%vR*00Ic;JM(QKa^^8d>*vHg(S_{w?lP^_XH#z1tUN^Ce|JIM zzih==6L||JG{cIVByz@pRf$d4SP-F!N5n1O@hPc_cJC4Q@7a6W)`j@k5rLSMsArNf z;!?js`zjfsk?F1Zt4WT-r;;F@=5ytOlG#sn{_1mS>ta}CGiOcYNth6IALAhbouuRM z9{?6E4ahOX-Mhv8yZ4X>9bazED5RCwf7lO7`45n&$#vVLc)MSlu=0ekIl_OWENDPuy}fA5eNmSX`V?X&2C z2!OM*?NnEtj!#-`J#6dQ8JgiU&^4;v8{fQqZ&2|GN$~z)CJJ2jq9nwDfJQnvpsjxi zaQ`^O{M9B`-lmSn$UffDbj95YnZ-qy-C=pa^W3s^zA_PZXSM(=jwNER*j2tR-RfRt z)vLN=RGFqWa1puScv|T=?s0RlkocM=nn|wf=hT-j8KwdW}pq*3INL_~l2RkVO2<$}+bQy=GatA!-zXOxA8Br^H zH~Hv7h>p|P-`B$Aq=Y)Tt|l2U5En%r;VE=-YyD>4B4>jI^oSG%h!R2Wz9j~@=vqRl zaG~Cvtu1p0$~UXKN7t79*eV%lXja6SRU#|W4p5)|nMrM#uduXzEuVA# zFSEu20@G6FR|0-HB*dMX0LPk}DS?j7k1tXbDdC;l$4u3fY>yjw+9W6S0YhytJ;Ndo z5W|WMKUDbwIwpFKRm)x?Hjd!A&)l=dp)NzSU4nX36W>k-sg9SOhRG8I#GH4tTKSXB z#WL*(ANgo67jD0zbLG*6(TQ*TH{;#@tU?bh6KDvj36K+P8?X;+_U%1bH}k1y2@qYu ztmu9f4d$Uuc!mIPsXfFirh{|axoLNmHlJQaG|SG8kA^?aBsH>rtQR-jMG{SBLLFpl z@wi)oI5j6IPj4NX-=Dze>_ zDR^cdJc}8^Za!6Y?SbpF_d#dRy#} zLj)&ZZ)Sa(w%v$m_+6sDu;|2%!t{X0yb|S?WvNVI$$CDjI(8|$kafB(GI(Qj91feh z3`2Qe+g<%k+7LP(=d`+`E+Tps`Rv)68ZcwN{akkNaB82K?U_1X&@nq_Xcq01>$}+b z)#oGb#I@xg*p@AlWxkW6W=y%Qr?y4@VPtD;#hGmN=C-+o;*4)7esB1bsgxxmvR4ZY)4t%_3&v)t&It2OfJa@m$ zlT!YZsOy)4`?M|k4lW(?I!#)1&Al3RkGegR+ma>u&r4*W%+Qtfy0H8Y>9Q&Z9!_l( znvKtkys3;jX=D)x8yn4uXtMM(_4|Nqc3OXTYbE4!Km1E;QI6JO`%>4iV&@AJOncIr h3l5Z{y#(j{4zsbve~AYi5C}L(XDibtAip4x{{kR$ZX^Hz literal 0 HcmV?d00001 diff --git a/pkg/sca/sca.go b/pkg/sca/sca.go index ff16ec72f..9aa8a8e97 100644 --- a/pkg/sca/sca.go +++ b/pkg/sca/sca.go @@ -360,7 +360,7 @@ func generateSharedObjectNameDeps(ctx context.Context, hdl SCAHandle, generated for _, soname := range sonames { libver := sonameLibver(soname) - if allowedPrefix(path, libDirs) { + if isInDir(path, libDirs) { if !hdl.Options().NoProvides { generated.Provides = append(generated.Provides, fmt.Sprintf("so:%s=%s", soname, libver)) } diff --git a/pkg/sca/sca_test.go b/pkg/sca/sca_test.go index 724b410ef..14ee6ed95 100644 --- a/pkg/sca/sca_test.go +++ b/pkg/sca/sca_test.go @@ -12,13 +12,20 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:generate go run ./../../ build --out-dir=./generated ./testdata/shbang-test.yaml --arch=x86_64 +//go:generate curl -s -o ./testdata/py3-seaborn.yaml https://raw.githubusercontent.com/wolfi-dev/os/7a39ac1d0603a3561790ea2201dd8ad7c2b7e51e/py3-seaborn.yaml +//go:generate curl -s -o ./testdata/systemd.yaml https://raw.githubusercontent.com/wolfi-dev/os/7a39ac1d0603a3561790ea2201dd8ad7c2b7e51e/systemd.yaml + package sca import ( "context" "fmt" + "io" + "net/http" "os" "path/filepath" + "strings" "testing" "time" @@ -76,9 +83,20 @@ func (th *testHandle) BaseDependencies() config.Dependencies { // TODO: Loose coupling. func handleFromApk(ctx context.Context, t *testing.T, apkfile, melangefile string) *testHandle { t.Helper() - file, err := os.Open(filepath.Join("testdata", apkfile)) - if err != nil { - t.Fatal(err) + var file io.Reader + if strings.HasPrefix(apkfile, "https://") { + resp, err := http.Get(apkfile) + if err != nil { + t.Fatal(err) + } + defer resp.Body.Close() + file = resp.Body + } else { + var err error + file, err = os.Open(filepath.Join("testdata", apkfile)) + if err != nil { + t.Fatal(err) + } } exp, err := expandapk.ExpandApk(ctx, file, "") @@ -215,3 +233,29 @@ func TestUnstableSonames(t *testing.T) { t.Errorf("Analyze(): (-want, +got):\n%s", diff) } } + +func TestShbangDeps(t *testing.T) { + ctx := slogtest.TestContextWithLogger(t) + // Generated with `go generate ./...` + th := handleFromApk(ctx, t, "generated/x86_64/shbang-test-1-r1.apk", "shbang-test.yaml") + defer th.exp.Close() + + want := config.Dependencies{ + Runtime: util.Dedup([]string{ + "cmd:bash", + "cmd:envDashSCmd", + "cmd:python3.12", + "so:ld-linux-x86-64.so.2", + "so:libc.so.6", + }), + Provides: nil, + } + + got := config.Dependencies{} + if err := Analyze(ctx, th, &got); err != nil { + t.Fatal(err) + } + if diff := cmp.Diff(want, got); diff != "" { + t.Errorf("Analyze(): (-want, +got):\n%s", diff) + } +} diff --git a/pkg/sca/testdata/generated/x86_64/APKINDEX.json b/pkg/sca/testdata/generated/x86_64/APKINDEX.json index 8847413ec..60aa49463 100644 --- a/pkg/sca/testdata/generated/x86_64/APKINDEX.json +++ b/pkg/sca/testdata/generated/x86_64/APKINDEX.json @@ -29,6 +29,49 @@ "RepoCommit": "", "Replaces": null, "DataHash": "bd2e7d74e652d107cd67ba2f31c02f8bb489779c881e300c2dddacbbdbace252" + }, + { + "Name": "py3-seaborn", + "Version": "0.13.2-r0", + "Arch": "x86_64", + "Description": "Statistical data visualization", + "License": "BSD-3-Clause", + "Origin": "py3-seaborn", + "Maintainer": "", + "URL": "", + "Checksum": "cni9CM1COnur18JkHDh9AS1kj7E=", + "Dependencies": [ + "cmd:python3.12", + "numpy", + "py3-matplotlib", + "py3-pandas", + "python3", + "so:ld-linux-x86-64.so.2", + "so:libc.so.6", + "so:libdl.so.2", + "so:libgcc_s.so.1", + "so:libm.so.6", + "so:libpthread.so.0", + "so:libstdc++.so.6", + "so:libz.so.1" + ], + "Provides": [ + "cmd:f2py=0.13.2-r0", + "cmd:fonttools=0.13.2-r0", + "cmd:numpy-config=0.13.2-r0", + "cmd:pyftmerge=0.13.2-r0", + "cmd:pyftsubset=0.13.2-r0", + "cmd:ttx=0.13.2-r0" + ], + "InstallIf": null, + "Size": 70266593, + "InstalledSize": 214917013, + "ProviderPriority": 0, + "BuildTime": "1970-01-01T00:00:00Z", + "BuildDate": 0, + "RepoCommit": "", + "Replaces": null, + "DataHash": "" } ] } \ No newline at end of file diff --git a/pkg/sca/testdata/generated/x86_64/APKINDEX.tar.gz b/pkg/sca/testdata/generated/x86_64/APKINDEX.tar.gz index 024c9a923dcf8bfad59701dc5b0bc396319caef1..324e129de9512270197504f6d28bc7eef4d5aee5 100644 GIT binary patch literal 493 zcmVnCWsrrD%TnxbhH=f(G&d*J$j?CJV*u=HnNdshSifa^Hz3ILZYwTASie%2}2 zw$(G>nwxq-t&vwf`0H7h;rV zG1W-!7&R+OrfffU?_Gz4%o)-N2^byOV3EzqY_#S%TLc@T-n;-A5TC_G!XmCSqbXAP zcUXirCJYc4zJ)oAM6%&ama#`=q{n#~KXQ0*KSx4_0?T!W6PpCgqRxblfZAlkLgbih z%wsN$gd;bea$R$gA35eqk~#Yj`lfAqg4a4F>dmCruxFWMU6co-u@xLkp-|*eOG_>j zu8ouRkFuXgBF8j_u>5Z1=vk%EQf%PuBjT zt&)gJ34Nir+00nUZN9r`m4_`BX|+p#q3b%*DPA-X_pb^e|N5Z3Q~0yc`x2}-!D@N6 j8Na#zf37KvfOhwPhYlS&Toc~|00960KR~2n01N;CqcZdF literal 276 zcmV+v0qg!BiwFP!00000|Ll`XOT$1A$8(-fk$Xv)?Z#~!@DP$7f^C|bAl@V|OeGJ= zrW*b9(o_ZO!Gi=T?C&y<9rnLF@OQ#%Kk$}!+Jqn?3daFfk-*;17o)vnnO#$XFWSf*^vV}F-she81S_YTh)ZyC8aei-|kU^0#0{Qo0o axIm`-uTUryQ}P}F0RR7FP-q+g3IG6Seu&fn diff --git a/pkg/sca/testdata/py3-seaborn.yaml b/pkg/sca/testdata/py3-seaborn.yaml new file mode 100644 index 000000000..ece1f85ae --- /dev/null +++ b/pkg/sca/testdata/py3-seaborn.yaml @@ -0,0 +1,43 @@ +# Generated from https://pypi.org/project/seaborn/ +package: + name: py3-seaborn + version: 0.13.2 + epoch: 0 + description: Statistical data visualization + copyright: + - license: BSD-3-Clause + dependencies: + runtime: + - numpy + - py3-pandas + - py3-matplotlib + - python3 + +environment: + contents: + packages: + - build-base + - ca-certificates-bundle + - py3-pip + - python3 + - wolfi-base + +pipeline: + - uses: git-checkout + with: + repository: https://github.com/mwaskom/seaborn + expected-commit: 9521ea1f29b5ce1df1aa2ed6f65f3bd1c63884bb + tag: v${{package.version}} + + - name: Python build + runs: | + pip install . --prefix=/usr --root=${{targets.destdir}} + + - uses: strip + +update: + enabled: true + github: + identifier: mwaskom/seaborn + tag-filter: v + strip-prefix: v diff --git a/pkg/sca/testdata/systemd.yaml b/pkg/sca/testdata/systemd.yaml new file mode 100644 index 000000000..d25bb47f7 --- /dev/null +++ b/pkg/sca/testdata/systemd.yaml @@ -0,0 +1,77 @@ +package: + name: systemd + version: "256.2" + epoch: 1 + description: The systemd System and Service Manager + copyright: + - license: LGPL-2.1-or-later AND GPL-2.0-or-later + +environment: + contents: + packages: + - build-base + - busybox-full + - ca-certificates-bundle + - clang-16 + - cmake + - coreutils + - gperf + - kmod-dev + - libbpf + - libcap-dev + - libmount + - libuuid + - llvm16 + - meson + - ninja + - posix-libc-utils + - py3-jinja2 + - py3-pyelftools + - python3 + - util-linux-dev + +pipeline: + - uses: git-checkout + with: + repository: https://github.com/systemd/systemd + tag: v${{package.version}} + expected-commit: c7e144eb4a2ed3838e2d361262d3eee8830d9bf5 + + - uses: meson/configure + + - uses: meson/compile + + - uses: meson/install + + - runs: | + mkdir -p ${{targets.destdir}}/lib + mv ${{targets.destdir}}/usr/lib/libsystemd.so* ${{targets.destdir}}/lib/ + +subpackages: + - name: "systemd-dev" + description: "headers for systemd" + pipeline: + - uses: split/dev + + - name: "libsystemd" + description: "systemd library" + pipeline: + - runs: | + mkdir -p ${{targets.subpkgdir}}/lib + mv ${{targets.destdir}}/lib/libsystemd.so.* ${{targets.subpkgdir}}/lib + + - name: "systemd-init" + description: "Configure systemd for use as an init system" + dependencies: + runtime: + - ${{package.name}} + pipeline: + - runs: | + mkdir -p ${{targets.subpkgdir}}/ + ln -s /usr/lib/systemd/systemd ${{targets.subpkgdir}}/init + +update: + enabled: true + github: + identifier: systemd/systemd + strip-prefix: v