Skip to content

Commit

Permalink
Fix: don't validate pom declared group (anchore#2054)
Browse files Browse the repository at this point in the history
Signed-off-by: Will Murphy <will.murphy@anchore.com>
  • Loading branch information
willmurphyscode authored Aug 24, 2023
1 parent a3d6555 commit 5a90af1
Show file tree
Hide file tree
Showing 2 changed files with 89 additions and 3 deletions.
6 changes: 3 additions & 3 deletions syft/pkg/cataloger/java/package_url.go
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ func groupIDFromPomProperties(properties *pkg.PomProperties) (groupID string) {
return groupID
}

if looksLikeGroupID(properties.GroupID) {
if properties.GroupID != "" {
return cleanGroupID(properties.GroupID)
}

Expand All @@ -103,7 +103,7 @@ func groupIDFromPomProject(project *pkg.PomProject) (groupID string) {
}

// check the project details
if looksLikeGroupID(project.GroupID) {
if project.GroupID != "" {
return cleanGroupID(project.GroupID)
}

Expand All @@ -116,7 +116,7 @@ func groupIDFromPomProject(project *pkg.PomProject) (groupID string) {
// let's check the parent details
// if the current project does not have a group ID, but the parent does, we'll use the parent's group ID
if project.Parent != nil {
if looksLikeGroupID(project.Parent.GroupID) {
if project.Parent.GroupID != "" {
return cleanGroupID(project.Parent.GroupID)
}

Expand Down
86 changes: 86 additions & 0 deletions syft/pkg/cataloger/java/package_url_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,12 @@ import (

func Test_packageURL(t *testing.T) {
tests := []struct {
name string
pkg pkg.Package
expect string
}{
{
name: "maven",
pkg: pkg.Package{
Name: "example-java-app-maven",
Version: "0.1.0",
Expand All @@ -38,6 +40,90 @@ func Test_packageURL(t *testing.T) {
},
expect: "pkg:maven/org.anchore/example-java-app-maven@0.1.0",
},
{
name: "POM properties have explicit group ID without . in it",
pkg: pkg.Package{
Name: "example-java-app-maven",
Version: "0.1.0",
Language: pkg.Java,
Type: pkg.JavaPkg,
MetadataType: pkg.JavaMetadataType,
Metadata: pkg.JavaMetadata{
VirtualPath: "test-fixtures/java-builds/packages/example-java-app-maven-0.1.0.jar",
Manifest: &pkg.JavaManifest{
Main: map[string]string{
"Manifest-Version": "1.0",
},
},
PomProperties: &pkg.PomProperties{
Path: "META-INF/maven/org.anchore/example-java-app-maven/pom.properties",
GroupID: "commons",
ArtifactID: "example-java-app-maven",
Version: "0.1.0",
Extra: make(map[string]string),
},
},
},
expect: "pkg:maven/commons/example-java-app-maven@0.1.0",
},
{
name: "POM project has explicit group ID without . in it",
pkg: pkg.Package{
Name: "example-java-app-maven",
Version: "0.1.0",
Language: pkg.Java,
Type: pkg.JavaPkg,
MetadataType: pkg.JavaMetadataType,
Metadata: pkg.JavaMetadata{
VirtualPath: "test-fixtures/java-builds/packages/example-java-app-maven-0.1.0.jar",
Manifest: &pkg.JavaManifest{
Main: map[string]string{
"Manifest-Version": "1.0",
},
},
PomProperties: &pkg.PomProperties{
Path: "META-INF/maven/org.anchore/example-java-app-maven/pom.properties",
ArtifactID: "example-java-app-maven",
Version: "0.1.0",
Extra: make(map[string]string),
},
PomProject: &pkg.PomProject{
GroupID: "commons",
},
},
},
expect: "pkg:maven/commons/example-java-app-maven@0.1.0",
},
{
name: "POM project has explicit group ID without . in it",
pkg: pkg.Package{
Name: "example-java-app-maven",
Version: "0.1.0",
Language: pkg.Java,
Type: pkg.JavaPkg,
MetadataType: pkg.JavaMetadataType,
Metadata: pkg.JavaMetadata{
VirtualPath: "test-fixtures/java-builds/packages/example-java-app-maven-0.1.0.jar",
Manifest: &pkg.JavaManifest{
Main: map[string]string{
"Manifest-Version": "1.0",
},
},
PomProperties: &pkg.PomProperties{
Path: "META-INF/maven/org.anchore/example-java-app-maven/pom.properties",
ArtifactID: "example-java-app-maven",
Version: "0.1.0",
Extra: make(map[string]string),
},
PomProject: &pkg.PomProject{
Parent: &pkg.PomParent{
GroupID: "parent",
},
},
},
},
expect: "pkg:maven/parent/example-java-app-maven@0.1.0",
},
}
for _, tt := range tests {
t.Run(tt.expect, func(t *testing.T) {
Expand Down

0 comments on commit 5a90af1

Please sign in to comment.