Skip to content

Commit

Permalink
fix: sort invalid PURLs so they're properly compacted
Browse files Browse the repository at this point in the history
  • Loading branch information
@G-Rath
G-Rath committed Sep 30, 2024
1 parent 46a370c commit 462044a
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 4 deletions.
6 changes: 2 additions & 4 deletions cmd/osv-scanner/__snapshots__/main_test.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -542,9 +542,8 @@ Scanning dir ./fixtures/sbom-insecure/
Scanned <rootdir>/fixtures/sbom-insecure/alpine.cdx.xml as CycloneDX SBOM and found 14 packages
Scanned <rootdir>/fixtures/sbom-insecure/bad-purls.cdx.xml as CycloneDX SBOM and found 8 packages
Ignored 6 packages with invalid PURLs
Ignored invalid PURL "pkg:pypi/"
Ignored invalid PURL "pkg:///"
Ignored invalid PURL "/"
Ignored invalid PURL "pkg:///"
Ignored invalid PURL "pkg:apk/alpine/@1.36.1-r27?arch=x86_64&upstream=busybox&distro=alpine-3.17.2"
Ignored invalid PURL "pkg:pypi/"
Scanned <rootdir>/fixtures/sbom-insecure/postgres-stretch.cdx.xml as CycloneDX SBOM and found 136 packages
Expand Down Expand Up @@ -698,9 +697,8 @@ No issues found
[TestRun/one_specific_supported_sbom_with_invalid_PURLs - 1]
Scanned <rootdir>/fixtures/sbom-insecure/bad-purls.cdx.xml as CycloneDX SBOM and found 8 packages
Ignored 6 packages with invalid PURLs
Ignored invalid PURL "pkg:pypi/"
Ignored invalid PURL "pkg:///"
Ignored invalid PURL "/"
Ignored invalid PURL "pkg:///"
Ignored invalid PURL "pkg:apk/alpine/@1.36.1-r27?arch=x86_64&upstream=busybox&distro=alpine-3.17.2"
Ignored invalid PURL "pkg:pypi/"
No issues found
Expand Down
1 change: 1 addition & 0 deletions pkg/osvscanner/osvscanner.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -506,6 +506,7 @@ func scanSBOMFile(r reporter.Reporter, path string, fromFSScan bool) ([]scannedP
len(ignoredPURLs),
output.Form(len(ignoredPURLs), "package", "packages"),
)
slices.Sort(ignoredPURLs)
for _, purl := range slices.Compact(ignoredPURLs) {
r.Warnf(
"Ignored invalid PURL \"%s\"\n",
Expand Down

0 comments on commit 462044a

Please sign in to comment.