-
Notifications
You must be signed in to change notification settings - Fork 567
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
931: binary cataloger exclusion defaults for ownership by overlap (#1948
) Fixes #931 PR #1948 introduces a new implicit exclusion for binary packages that overlap by file ownership and have certain characteristics: 1) the relationship between packages is OwnershipByFileOverlap 2) the parent package is an "os" package - see changelog for included catalogers 3) the child is a synthetic package generated by the binary cataloger - see changelog for included catalogers 4) the package names are identical --------- Signed-off-by: Christopher Phillips <[email protected]>
- Loading branch information
Showing
23 changed files
with
295 additions
and
109 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -24,7 +24,7 @@ func TestCataloger_Catalog(t *testing.T) { | |
Version: "2.34-210", | ||
PURL: "pkg:nix/[email protected]?output=bin&outputhash=h0cnbmfcn93xm5dg2x27ixhag1cwndga", | ||
Locations: file.NewLocationSet(file.NewLocation("nix/store/h0cnbmfcn93xm5dg2x27ixhag1cwndga-glibc-2.34-210-bin")), | ||
FoundBy: catalogerName, | ||
FoundBy: CatalogerName, | ||
Type: pkg.NixPkg, | ||
MetadataType: pkg.NixStoreMetadataType, | ||
Metadata: pkg.NixStoreMetadata{ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
package cataloger | ||
|
||
import ( | ||
"golang.org/x/exp/slices" | ||
|
||
"github.com/anchore/syft/syft/artifact" | ||
"github.com/anchore/syft/syft/pkg" | ||
"github.com/anchore/syft/syft/pkg/cataloger/alpm" | ||
"github.com/anchore/syft/syft/pkg/cataloger/apkdb" | ||
"github.com/anchore/syft/syft/pkg/cataloger/binary" | ||
"github.com/anchore/syft/syft/pkg/cataloger/deb" | ||
"github.com/anchore/syft/syft/pkg/cataloger/nix" | ||
"github.com/anchore/syft/syft/pkg/cataloger/rpm" | ||
) | ||
|
||
var ( | ||
osCatalogerTypes = []string{ | ||
apkdb.CatalogerName, | ||
alpm.CatalogerName, | ||
deb.CatalogerName, | ||
nix.CatalogerName, | ||
rpm.DBCatalogerName, | ||
rpm.FileCatalogerName, | ||
} | ||
binaryCatalogerTypes = []string{binary.CatalogerName} | ||
) | ||
|
||
// Exclude will remove packages from a collection given the following properties are true | ||
// 1) the relationship between packages is OwnershipByFileOverlap | ||
// 2) the parent is an "os" package | ||
// 3) the child is a synthetic package generated by the binary cataloger | ||
// 4) the package names are identical | ||
// This exclude was implemented as a way to help resolve: https://github.com/anchore/syft/issues/931 | ||
func Exclude(r artifact.Relationship, c *pkg.Collection) bool { | ||
if artifact.OwnershipByFileOverlapRelationship != r.Type { | ||
return false | ||
} | ||
|
||
parent := c.Package(r.From.ID()) | ||
if parent == nil { | ||
return false | ||
} | ||
|
||
parentInExclusion := slices.Contains(osCatalogerTypes, parent.FoundBy) | ||
if !parentInExclusion { | ||
return false | ||
} | ||
|
||
child := c.Package(r.To.ID()) | ||
if child == nil { | ||
return false | ||
} | ||
|
||
return slices.Contains(binaryCatalogerTypes, child.FoundBy) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
package cataloger | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/anchore/syft/syft/artifact" | ||
"github.com/anchore/syft/syft/pkg" | ||
"github.com/anchore/syft/syft/pkg/cataloger/apkdb" | ||
"github.com/anchore/syft/syft/pkg/cataloger/binary" | ||
) | ||
|
||
func TestExclude(t *testing.T) { | ||
packageA := pkg.Package{Name: "package-a", Type: pkg.ApkPkg, FoundBy: apkdb.CatalogerName} | ||
packageB := pkg.Package{Name: "package-a", Type: pkg.PythonPkg, FoundBy: "language-cataloger"} | ||
packageC := pkg.Package{Name: "package-a", Type: pkg.BinaryPkg, FoundBy: binary.CatalogerName} | ||
packageD := pkg.Package{Name: "package-d", Type: pkg.BinaryPkg, FoundBy: binary.CatalogerName} | ||
for _, p := range []*pkg.Package{&packageA, &packageB, &packageC, &packageD} { | ||
p := p | ||
p.SetID() | ||
} | ||
|
||
tests := []struct { | ||
name string | ||
relationship artifact.Relationship | ||
packages *pkg.Collection | ||
shouldExclude bool | ||
}{ | ||
{ | ||
name: "no exclusions from os -> python", | ||
relationship: artifact.Relationship{ | ||
Type: artifact.OwnershipByFileOverlapRelationship, | ||
From: packageA, | ||
To: packageB, | ||
}, | ||
packages: pkg.NewCollection(packageA, packageB), | ||
shouldExclude: false, | ||
}, | ||
{ | ||
name: "exclusions from os -> binary", | ||
relationship: artifact.Relationship{ | ||
Type: artifact.OwnershipByFileOverlapRelationship, | ||
From: packageA, | ||
To: packageC, | ||
}, | ||
packages: pkg.NewCollection(packageA, packageC), | ||
shouldExclude: true, | ||
}, | ||
{ | ||
name: "no exclusions from python -> binary", | ||
relationship: artifact.Relationship{ | ||
Type: artifact.OwnershipByFileOverlapRelationship, | ||
From: packageB, | ||
To: packageC, | ||
}, | ||
packages: pkg.NewCollection(packageB, packageC), | ||
shouldExclude: false, | ||
}, | ||
{ | ||
name: "no exclusions for different package names", | ||
relationship: artifact.Relationship{ | ||
Type: artifact.OwnershipByFileOverlapRelationship, | ||
From: packageA, | ||
To: packageD, | ||
}, | ||
packages: pkg.NewCollection(packageA, packageD), | ||
shouldExclude: false, | ||
}, | ||
} | ||
|
||
for _, test := range tests { | ||
t.Run(test.name, func(t *testing.T) { | ||
if !Exclude(test.relationship, test.packages) && test.shouldExclude { | ||
t.Errorf("expected to exclude relationship %+v", test.relationship) | ||
} | ||
}) | ||
|
||
} | ||
} |
Oops, something went wrong.