Port to new syft source API (#1376)

* port to new syft source API

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix linting

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

go.mod

@@ -53,7 +53,7 @@ require (
 require (
 	github.com/anchore/go-logger v0.0.0-20220728155337-03b66a5207d8
 	github.com/anchore/sqlite v1.4.6-0.20220607210448-bcc6ee5c4963
-	github.com/anchore/syft v0.84.1
+	github.com/anchore/syft v0.84.2-0.20230705174713-cfbb9f703bd7
 	github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b
 	github.com/mitchellh/mapstructure v1.5.0
 )
@@ -170,7 +170,7 @@ require (
 	go.uber.org/goleak v1.2.0 // indirect
 	golang.org/x/crypto v0.10.0 // indirect
 	golang.org/x/exp v0.0.0-20230202163644-54bba9f4231b // indirect
-	golang.org/x/mod v0.11.0 // indirect
+	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/net v0.11.0 // indirect
 	golang.org/x/oauth2 v0.7.0 // indirect
 	golang.org/x/sync v0.1.0 // indirect

go.sum

@@ -243,8 +243,8 @@ github.com/anchore/sqlite v1.4.6-0.20220607210448-bcc6ee5c4963 h1:vrf2PYH77vqVJo
 github.com/anchore/sqlite v1.4.6-0.20220607210448-bcc6ee5c4963/go.mod h1:AVRyXOUP0hTz9Cb8OlD1XnwA8t4lBPfTuwPHmEUuiLc=
 github.com/anchore/stereoscope v0.0.0-20230627195312-cd49355d934e h1:zhk3ZLtomMJ750nNCE+c24PonMzoO/SeL/4uTr1L9kM=
 github.com/anchore/stereoscope v0.0.0-20230627195312-cd49355d934e/go.mod h1:0LsgHgXO4QFnk2hsYwtqd3fR18PIZXlFLIl2qb9tu3g=
-github.com/anchore/syft v0.84.1 h1:O6V1gCSHTVbyfQq6M1qB86ui64qobZRC3h7lvKpVNWw=
-github.com/anchore/syft v0.84.1/go.mod h1:dozEWcwhRawdB3ArPM2BGfZWLslZ+bDNwW+wWUwKySY=
+github.com/anchore/syft v0.84.2-0.20230705174713-cfbb9f703bd7 h1:E8pdc689HTwXaHLRcmMTGi6TBukDa6oD8dQ0bJTSUm0=
+github.com/anchore/syft v0.84.2-0.20230705174713-cfbb9f703bd7/go.mod h1:4ruIUJNJY2IsuUPrvUdYu8kG4ScFjGoiy/PPmgBEuTw=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
 github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY=
@@ -942,8 +942,8 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
-golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=

grype/distro/distro_test.go

@@ -227,7 +227,7 @@ func Test_NewDistroFromRelease_Coverage(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.fixture, func(t *testing.T) {
-			s, err := source.NewFromDirectory(test.fixture)
+			s, err := source.NewFromDirectory(source.DirectoryConfig{Path: test.fixture})
 			require.NoError(t, err)
 
 			resolver, err := s.FileResolver(source.SquashedScope)

grype/match/ignore_test.go

@@ -9,8 +9,8 @@ import (
 	grypeDb "github.com/anchore/grype/grype/db/v5"
 	"github.com/anchore/grype/grype/pkg"
 	"github.com/anchore/grype/grype/vulnerability"
+	"github.com/anchore/syft/syft/file"
 	syftPkg "github.com/anchore/syft/syft/pkg"
-	"github.com/anchore/syft/syft/source"
 )
 
 var (
@@ -28,7 +28,7 @@ var (
 				Name:      "dive",
 				Version:   "0.5.2",
 				Type:      "deb",
-				Locations: source.NewLocationSet(source.NewLocation("/path/that/has/dive")),
+				Locations: file.NewLocationSet(file.NewLocation("/path/that/has/dive")),
 			},
 		},
 		{
@@ -45,7 +45,7 @@ var (
 				Version:  "100.0.50",
 				Language: syftPkg.Ruby,
 				Type:     syftPkg.GemPkg,
-				Locations: source.NewLocationSet(source.NewVirtualLocation("/real/path/with/reach",
+				Locations: file.NewLocationSet(file.NewVirtualLocation("/real/path/with/reach",
 					"/virtual/path/that/has/reach")),
 			},
 		},
@@ -63,7 +63,7 @@ var (
 				Version:  "100.0.51",
 				Language: syftPkg.Ruby,
 				Type:     syftPkg.GemPkg,
-				Locations: source.NewLocationSet(source.NewVirtualLocation("/real/path/with/beach",
+				Locations: file.NewLocationSet(file.NewVirtualLocation("/real/path/with/beach",
 					"/virtual/path/that/has/beach")),
 			},
 		},
@@ -81,7 +81,7 @@ var (
 				Version:  "100.0.52",
 				Language: syftPkg.Ruby,
 				Type:     syftPkg.GemPkg,
-				Locations: source.NewLocationSet(source.NewVirtualLocation("/real/path/with/speach",
+				Locations: file.NewLocationSet(file.NewVirtualLocation("/real/path/with/speach",
 					"/virtual/path/that/has/speach")),
 			},
 		},
@@ -337,9 +337,9 @@ var (
 			ID:      pkg.ID(uuid.NewString()),
 			Name:    "a-pkg",
 			Version: "1.0",
-			Locations: source.NewLocationSet(
-				source.NewLocation("/some/path"),
-				source.NewVirtualLocation("/some/path", "/some/virtual/path"),
+			Locations: file.NewLocationSet(
+				file.NewLocation("/some/path"),
+				file.NewVirtualLocation("/some/path", "/some/virtual/path"),
 			),
 			Type: "rpm",
 		},

grype/pkg/context.go

@@ -6,6 +6,6 @@ import (
 )
 
 type Context struct {
-	Source *source.Metadata
+	Source *source.Description
 	Distro *linux.Release
 }

grype/pkg/package_test.go

@@ -14,7 +14,6 @@ import (
 	"github.com/anchore/syft/syft/file"
 	syftFile "github.com/anchore/syft/syft/file"
 	syftPkg "github.com/anchore/syft/syft/pkg"
-	"github.com/anchore/syft/syft/source"
 )
 
 func TestNew(t *testing.T) {
@@ -550,8 +549,8 @@ func TestFromCollection_DoesNotPanic(t *testing.T) {
 	examplePackage := syftPkg.Package{
 		Name:    "test",
 		Version: "1.2.3",
-		Locations: source.NewLocationSet(
-			source.NewLocation("/test-path"),
+		Locations: file.NewLocationSet(
+			file.NewLocation("/test-path"),
 		),
 		Type: syftPkg.NpmPkg,
 	}

grype/pkg/provider_test.go

@@ -6,8 +6,8 @@ import (
 	"github.com/stretchr/testify/assert"
 
 	"github.com/anchore/stereoscope/pkg/imagetest"
+	"github.com/anchore/syft/syft/file"
 	"github.com/anchore/syft/syft/pkg/cataloger"
-	"github.com/anchore/syft/syft/source"
 )
 
 func TestProviderLocationExcludes(t *testing.T) {
@@ -158,10 +158,10 @@ func Test_filterPackageExclusions(t *testing.T) {
 		t.Run(test.name, func(t *testing.T) {
 			var packages []Package
 			for _, pkg := range test.locations {
-				locations := source.NewLocationSet()
+				locations := file.NewLocationSet()
 				for _, l := range pkg {
 					locations.Add(
-						source.NewVirtualLocation(l, l),
+						file.NewVirtualLocation(l, l),
 					)
 				}
 				packages = append(packages, Package{Locations: locations})
@@ -221,7 +221,7 @@ func Test_matchesLocation(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			matches, err := locationMatches(source.NewVirtualLocation(test.realPath, test.virtualPath), test.match)
+			matches, err := locationMatches(file.NewVirtualLocation(test.realPath, test.virtualPath), test.match)
 			assert.NoError(t, err)
 			assert.Equal(t, test.expected, matches)
 		})

grype/pkg/syft_provider.go

@@ -1,26 +1,19 @@
 package pkg
 
 import (
+	"github.com/anchore/stereoscope/pkg/image"
 	"github.com/anchore/syft/syft"
 	"github.com/anchore/syft/syft/sbom"
 	"github.com/anchore/syft/syft/source"
 )
 
 func syftProvider(userInput string, config ProviderConfig) ([]Package, Context, *sbom.SBOM, error) {
-	if config.CatalogingOptions.Search.Scope == "" {
-		return nil, Context{}, nil, errDoesNotProvide
-	}
-
-	sourceInput, err := source.ParseInputWithName(userInput, config.Platform, config.Name, config.DefaultImagePullSource)
+	src, err := getSource(userInput, config)
 	if err != nil {
 		return nil, Context{}, nil, err
 	}
 
-	src, cleanup, err := source.New(*sourceInput, config.RegistryOptions, config.Exclusions)
-	if err != nil {
-		return nil, Context{}, nil, err
-	}
-	defer cleanup()
+	defer src.Close()
 
 	catalog, relationships, theDistro, err := syft.CatalogPackages(src, config.CatalogingOptions)
 	if err != nil {
@@ -29,14 +22,16 @@ func syftProvider(userInput string, config ProviderConfig) ([]Package, Context,
 
 	catalog = removePackagesByOverlap(catalog, relationships)
 
+	srcDescription := src.Describe()
+
 	packages := FromCollection(catalog, config.SynthesisConfig)
 	context := Context{
-		Source: &src.Metadata,
+		Source: &srcDescription,
 		Distro: theDistro,
 	}
 
 	sbom := &sbom.SBOM{
-		Source:        src.Metadata,
+		Source:        srcDescription,
 		Relationships: relationships,
 		Artifacts: sbom.Artifacts{
 			Packages: catalog,
@@ -45,3 +40,35 @@ func syftProvider(userInput string, config ProviderConfig) ([]Package, Context,
 
 	return packages, context, sbom, nil
 }
+
+func getSource(userInput string, config ProviderConfig) (source.Source, error) {
+	if config.CatalogingOptions.Search.Scope == "" {
+		return nil, errDoesNotProvide
+	}
+
+	detection, err := source.Detect(userInput, source.DetectConfig{
+		DefaultImageSource: config.DefaultImagePullSource,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	var platform *image.Platform
+	if config.Platform != "" {
+		platform, err = image.NewPlatform(config.Platform)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return detection.NewSource(source.DetectionSourceConfig{
+		Alias: source.Alias{
+			Name: config.Name,
+		},
+		RegistryOptions: config.RegistryOptions,
+		Platform:        platform,
+		Exclude: source.ExcludeConfig{
+			Paths: config.Exclusions,
+		},
+	})
+}

grype/pkg/syft_sbom_provider_test.go

@@ -10,6 +10,7 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/anchore/syft/syft/cpe"
+	"github.com/anchore/syft/syft/file"
 	"github.com/anchore/syft/syft/linux"
 	"github.com/anchore/syft/syft/source"
 )
@@ -26,8 +27,8 @@ func TestParseSyftJSON(t *testing.T) {
 				{
 					Name:    "alpine-baselayout",
 					Version: "3.2.0-r6",
-					Locations: source.NewLocationSet(
-						source.NewLocationFromCoordinates(source.Coordinates{
+					Locations: file.NewLocationSet(
+						file.NewLocationFromCoordinates(file.Coordinates{
 							RealPath:     "/lib/apk/db/installed",
 							FileSystemID: "sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759",
 						}),
@@ -50,8 +51,8 @@ func TestParseSyftJSON(t *testing.T) {
 				{
 					Name:    "fake",
 					Version: "1.2.0",
-					Locations: source.NewLocationSet(
-						source.NewLocationFromCoordinates(source.Coordinates{
+					Locations: file.NewLocationSet(
+						file.NewLocationFromCoordinates(file.Coordinates{
 							RealPath:     "/lib/apk/db/installed",
 							FileSystemID: "sha256:93cf4cfb673c7e16a9e74f731d6767b70b92a0b7c9f59d06efd72fbff535371c",
 						}),
@@ -76,8 +77,8 @@ func TestParseSyftJSON(t *testing.T) {
 				{
 					Name:    "gmp",
 					Version: "6.2.0-r0",
-					Locations: source.NewLocationSet(
-						source.NewLocationFromCoordinates(source.Coordinates{
+					Locations: file.NewLocationSet(
+						file.NewLocationFromCoordinates(file.Coordinates{
 							RealPath:     "/lib/apk/db/installed",
 							FileSystemID: "sha256:93cf4cfb673c7e16a9e74f731d6767b70b92a0b7c9f59d06efd72fbff535371c",
 						}),
@@ -101,11 +102,10 @@ func TestParseSyftJSON(t *testing.T) {
 				},
 			},
 			Context: Context{
-				Source: &source.Metadata{
-					Scheme: source.ImageScheme,
-					ImageMetadata: source.ImageMetadata{
+				Source: &source.Description{
+					Metadata: source.StereoscopeImageSourceMetadata{
 						UserInput: "alpine:fake",
-						Layers: []source.LayerMetadata{
+						Layers: []source.StereoscopeLayerMetadata{
 							{
 								MediaType: "application/vnd.docker.image.rootfs.diff.tar.gzip",
 								Digest:    "sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a",
@@ -120,7 +120,6 @@ func TestParseSyftJSON(t *testing.T) {
 							"alpine:fake",
 						},
 					},
-					Path: "",
 				},
 				Distro: &linux.Release{
 					Name:    "alpine",
@@ -138,8 +137,12 @@ func TestParseSyftJSON(t *testing.T) {
 				t.Fatalf("unable to parse: %+v", err)
 			}
 
-			context.Source.ImageMetadata.RawConfig = nil
-			context.Source.ImageMetadata.RawManifest = nil
+			if m, ok := context.Source.Metadata.(source.StereoscopeImageSourceMetadata); ok {
+				m.RawConfig = nil
+				m.RawManifest = nil
+
+				context.Source.Metadata = m
+			}
 
 			for _, d := range deep.Equal(test.Packages, pkgs) {
 				if strings.Contains(d, ".ID: ") {
@@ -179,8 +182,8 @@ var springImageTestCase = struct {
 		{
 			Name:    "charsets",
 			Version: "",
-			Locations: source.NewLocationSet(
-				source.NewLocationFromCoordinates(source.Coordinates{
+			Locations: file.NewLocationSet(
+				file.NewLocationFromCoordinates(file.Coordinates{
 					RealPath:     "/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/charsets.jar",
 					FileSystemID: "sha256:a1a6ceadb701ab4e6c93b243dc2a0daedc8cee23a24203845ecccd5784cd1393",
 				}),
@@ -199,8 +202,8 @@ var springImageTestCase = struct {
 		{
 			Name:    "tomcat-embed-el",
 			Version: "9.0.27",
-			Locations: source.NewLocationSet(
-				source.NewLocationFromCoordinates(source.Coordinates{
+			Locations: file.NewLocationSet(
+				file.NewLocationFromCoordinates(file.Coordinates{
 					RealPath:     "/app/libs/tomcat-embed-el-9.0.27.jar",
 					FileSystemID: "sha256:89504f083d3f15322f97ae240df44650203f24427860db1b3d32e66dd05940e4",
 				}),
@@ -218,11 +221,10 @@ var springImageTestCase = struct {
 		},
 	},
 	Context: Context{
-		Source: &source.Metadata{
-			Scheme: source.ImageScheme,
-			ImageMetadata: source.ImageMetadata{
+		Source: &source.Description{
+			Metadata: source.StereoscopeImageSourceMetadata{
 				UserInput: "springio/gs-spring-boot-docker:latest",
-				Layers: []source.LayerMetadata{
+				Layers: []source.StereoscopeLayerMetadata{
 					{
 						MediaType: "application/vnd.docker.image.rootfs.diff.tar.gzip",
 						Digest:    "sha256:42a3027eaac150d2b8f516100921f4bd83b3dbc20bfe64124f686c072b49c602",
@@ -238,7 +240,6 @@ var springImageTestCase = struct {
 				},
 				RepoDigests: []string{"springio/gs-spring-boot-docker@sha256:39c2ffc784f5f34862e22c1f2ccdbcb62430736114c13f60111eabdb79decb08"},
 			},
-			Path: "",
 		},
 		Distro: &linux.Release{
 			Name:    "debian",