add relationships configuration

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

cmd/syft/cli/options/catalog.go

@@ -23,24 +23,25 @@ import (
 
 type Catalog struct {
 	// high-level cataloger configuration
-	Catalogers  []string `yaml:"catalogers" json:"catalogers" mapstructure:"catalogers"`
-	Package     pkg      `yaml:"package" json:"package" mapstructure:"package"`
-	File        fileCfg  `yaml:"file" json:"file" mapstructure:"file"`
-	Scope       string   `yaml:"scope" json:"scope" mapstructure:"scope"`
-	Parallelism int      `yaml:"parallelism" json:"parallelism" mapstructure:"parallelism"` // the number of catalog workers to run in parallel
+	Catalogers    []string            `yaml:"catalogers" json:"catalogers" mapstructure:"catalogers"`
+	Package       pkg                 `yaml:"package" json:"package" mapstructure:"package"`
+	File          fileConfig          `yaml:"file" json:"file" mapstructure:"file"`
+	Scope         string              `yaml:"scope" json:"scope" mapstructure:"scope"`
+	Parallelism   int                 `yaml:"parallelism" json:"parallelism" mapstructure:"parallelism"` // the number of catalog workers to run in parallel
+	Relationships relationshipsConfig `yaml:"relationships" json:"relationships" mapstructure:"relationships"`
 
 	// ecosystem-specific cataloger configuration
-	Golang      golangConfig `yaml:"golang" json:"golang" mapstructure:"golang"`
-	Java        javaConfig   `yaml:"java" json:"java" mapstructure:"java"`
-	LinuxKernel linuxKernel  `yaml:"linux-kernel" json:"linux-kernel" mapstructure:"linux-kernel"`
-	Python      pythonConfig `yaml:"python" json:"python" mapstructure:"python"`
+	Golang      golangConfig      `yaml:"golang" json:"golang" mapstructure:"golang"`
+	Java        javaConfig        `yaml:"java" json:"java" mapstructure:"java"`
+	LinuxKernel linuxKernelConfig `yaml:"linux-kernel" json:"linux-kernel" mapstructure:"linux-kernel"`
+	Python      pythonConfig      `yaml:"python" json:"python" mapstructure:"python"`
 
 	// configuration for the source (the subject being analyzed)
-	Registry   registry     `yaml:"registry" json:"registry" mapstructure:"registry"`
-	Platform   string       `yaml:"platform" json:"platform" mapstructure:"platform"`
-	Name       string       `yaml:"name" json:"name" mapstructure:"name"` // deprecated
-	Source     sourceConfig `yaml:"source" json:"source" mapstructure:"source"`
-	Exclusions []string     `yaml:"exclude" json:"exclude" mapstructure:"exclude"`
+	Registry   registryConfig `yaml:"registry" json:"registry" mapstructure:"registry"`
+	Platform   string         `yaml:"platform" json:"platform" mapstructure:"platform"`
+	Name       string         `yaml:"name" json:"name" mapstructure:"name"` // deprecated
+	Source     sourceConfig   `yaml:"source" json:"source" mapstructure:"source"`
+	Exclusions []string       `yaml:"exclude" json:"exclude" mapstructure:"exclude"`
 }
 
 var _ interface {
@@ -50,12 +51,13 @@ var _ interface {
 
 func DefaultCatalog() Catalog {
 	return Catalog{
-		Scope:       source.SquashedScope.String(),
-		Package:     defaultPkg(),
-		LinuxKernel: defaultLinuxKernel(),
-		File:        defaultFile(),
-		Source:      defaultSourceCfg(),
-		Parallelism: 1,
+		Scope:         source.SquashedScope.String(),
+		Package:       defaultPkg(),
+		LinuxKernel:   defaultLinuxKernel(),
+		File:          defaultFile(),
+		Relationships: defaultRelationships(),
+		Source:        defaultSourceCfg(),
+		Parallelism:   1,
 	}
 }
 
@@ -65,8 +67,8 @@ func (cfg Catalog) ToCatalogerConfig() cataloging.Config {
 			Scope: source.ParseScope(cfg.Scope),
 		},
 		Relationships: cataloging.RelationshipsConfig{
-			FileOwnership:        true,  // TODO: tie to app config
-			FileOwnershipOverlap: false, // TODO: tie to app config
+			FileOwnership:        cfg.Relationships.FileOwnership,
+			FileOwnershipOverlap: cfg.Relationships.FileOwnershipOverlap,
 			ExcludeBinaryPackagesWithFileOwnershipOverlap: cfg.Package.ExcludeBinaryOverlapByOwnership,
 		},
 		DataGeneration: cataloging.DataGenerationConfig{

cmd/syft/cli/options/file.go

@@ -7,7 +7,7 @@ import (
 	"github.com/anchore/syft/syft/file"
 )
 
-type fileCfg struct {
+type fileConfig struct {
 	Metadata fileMetadata `yaml:"metadata" json:"metadata" mapstructure:"metadata"`
 	Content  fileContent  `yaml:"content" json:"content" mapstructure:"content"`
 }
@@ -22,8 +22,8 @@ type fileContent struct {
 	Globs              []string `yaml:"globs" json:"globs" mapstructure:"globs"`
 }
 
-func defaultFile() fileCfg {
-	return fileCfg{
+func defaultFile() fileConfig {
+	return fileConfig{
 		Metadata: fileMetadata{
 			Selection: file.OwnedFilesSelection,
 			Digests:   []string{"sha1", "sha256"},
@@ -34,7 +34,7 @@ func defaultFile() fileCfg {
 	}
 }
 
-func (c *fileCfg) PostLoad() error {
+func (c *fileConfig) PostLoad() error {
 	switch c.Metadata.Selection {
 	case file.NoFilesSelection, file.OwnedFilesSelection, file.AllFilesSelection:
 		return nil

cmd/syft/cli/options/linux_kernel.go

@@ -1,11 +1,11 @@
 package options
 
-type linuxKernel struct {
+type linuxKernelConfig struct {
 	CatalogModules bool `json:"catalog-modules" yaml:"catalog-modules" mapstructure:"catalog-modules"`
 }
 
-func defaultLinuxKernel() linuxKernel {
-	return linuxKernel{
+func defaultLinuxKernel() linuxKernelConfig {
+	return linuxKernelConfig{
 		CatalogModules: true,
 	}
 }

cmd/syft/cli/options/registry.go

@@ -18,16 +18,16 @@ type RegistryCredentials struct {
 	TLSKey  string `yaml:"tls-key,omitempty" json:"tls-key,omitempty" mapstructure:"tls-key"`
 }
 
-type registry struct {
+type registryConfig struct {
 	InsecureSkipTLSVerify bool                  `yaml:"insecure-skip-tls-verify" json:"insecure-skip-tls-verify" mapstructure:"insecure-skip-tls-verify"`
 	InsecureUseHTTP       bool                  `yaml:"insecure-use-http" json:"insecure-use-http" mapstructure:"insecure-use-http"`
 	Auth                  []RegistryCredentials `yaml:"auth" json:"auth" mapstructure:"auth"`
 	CACert                string                `yaml:"ca-cert" json:"ca-cert" mapstructure:"ca-cert"`
 }
 
-var _ clio.PostLoader = (*registry)(nil)
+var _ clio.PostLoader = (*registryConfig)(nil)
 
-func (cfg *registry) PostLoad() error {
+func (cfg *registryConfig) PostLoad() error {
 	// there may be additional credentials provided by env var that should be appended to the set of credentials
 	authority, username, password, token, tlsCert, tlsKey :=
 		os.Getenv("SYFT_REGISTRY_AUTH_AUTHORITY"),
@@ -62,7 +62,7 @@ func hasNonEmptyCredentials(username, password, token, tlsCert, tlsKey string) b
 	return hasUserPass || hasToken || hasTLSMaterial
 }
 
-func (cfg *registry) ToOptions() *image.RegistryOptions {
+func (cfg *registryConfig) ToOptions() *image.RegistryOptions {
 	var auth = make([]image.RegistryCredentials, len(cfg.Auth))
 	for i, a := range cfg.Auth {
 		auth[i] = image.RegistryCredentials{

cmd/syft/cli/options/registry_test.go

@@ -72,19 +72,19 @@ func TestHasNonEmptyCredentials(t *testing.T) {
 func Test_registry_ToOptions(t *testing.T) {
 	tests := []struct {
 		name     string
-		input    registry
+		input    registryConfig
 		expected image.RegistryOptions
 	}{
 		{
 			name:  "no registry options",
-			input: registry{},
+			input: registryConfig{},
 			expected: image.RegistryOptions{
 				Credentials: []image.RegistryCredentials{},
 			},
 		},
 		{
 			name: "set InsecureSkipTLSVerify",
-			input: registry{
+			input: registryConfig{
 				InsecureSkipTLSVerify: true,
 			},
 			expected: image.RegistryOptions{
@@ -94,7 +94,7 @@ func Test_registry_ToOptions(t *testing.T) {
 		},
 		{
 			name: "set InsecureUseHTTP",
-			input: registry{
+			input: registryConfig{
 				InsecureUseHTTP: true,
 			},
 			expected: image.RegistryOptions{
@@ -104,7 +104,7 @@ func Test_registry_ToOptions(t *testing.T) {
 		},
 		{
 			name: "set all bool options",
-			input: registry{
+			input: registryConfig{
 				InsecureSkipTLSVerify: true,
 				InsecureUseHTTP:       true,
 			},
@@ -116,7 +116,7 @@ func Test_registry_ToOptions(t *testing.T) {
 		},
 		{
 			name: "provide all tls configuration",
-			input: registry{
+			input: registryConfig{
 				CACert:                "ca.crt",
 				InsecureSkipTLSVerify: true,
 				Auth: []RegistryCredentials{

cmd/syft/cli/options/relationships.go

@@ -0,0 +1,13 @@
+package options
+
+type relationshipsConfig struct {
+	FileOwnership        bool `mapstructure:"file-ownership" json:"file-ownership" yaml:"file-ownership"`
+	FileOwnershipOverlap bool `mapstructure:"file-ownership-overlap" json:"file-ownership-overlap" yaml:"file-ownership-overlap"`
+}
+
+func defaultRelationships() relationshipsConfig {
+	return relationshipsConfig{
+		FileOwnership:        true,
+		FileOwnershipOverlap: true,
+	}
+}

syft/create_sbom.go

@@ -24,6 +24,10 @@ func CreateSBOM(src source.Source, cfg *CreateSBOMConfig) (*sbom.SBOM, error) {
 		return nil, fmt.Errorf("cataloger config must be specified")
 	}
 
+	if err := cfg.validate(); err != nil {
+		return nil, fmt.Errorf("invalid configuration: %w", err)
+	}
+
 	srcMetadata := src.Describe()
 
 	taskGroups, audit, err := cfg.finalTaskGroups(srcMetadata)

syft/create_sbom_config.go

@@ -197,6 +197,15 @@ func (c *CreateSBOMConfig) packageTasks(src source.Description) ([]task.Task, []
 	return task.Select(pkgTasks, basis, c.CatalogerSelectionExpressions...)
 }
 
+func (c *CreateSBOMConfig) validate() error {
+	if c.CatalogerConfig.Relationships.ExcludeBinaryPackagesWithFileOwnershipOverlap {
+		if !c.CatalogerConfig.Relationships.FileOwnershipOverlap {
+			return fmt.Errorf("invalid configuration: to exclude binary packages based on file ownership overlap relationships, cataloging file ownership overlap relationships must be enabled")
+		}
+	}
+	return nil
+}
+
 func (c *CreateSBOMConfig) Create(src source.Source) (*sbom.SBOM, error) {
 	return CreateSBOM(src, c)
 }