more refactoring and tests

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
anchore · Feb 24, 2023 · b32ff2e · b32ff2e
1 parent b01a95e
commit b32ff2e
Show file tree

Hide file tree

Showing 2 changed files with 90 additions and 75 deletions.
diff --git a/syft/pkg/cataloger/common/cpe/apk.go b/syft/pkg/cataloger/common/cpe/apk.go
@@ -13,21 +13,12 @@ var (
 
 func pythonCandidateVendorsFromName(v string) fieldCandidateSet {
 	vendors := newFieldCandidateSet()
-	vendors.add(fieldCandidate{
-		value:                       v,
-		disallowSubSelections:       true,
-		disallowDelimiterVariations: true,
-	})
-
+	vendors.addValue(v)
 	vendors.addValue(findAdditionalVendors(defaultCandidateAdditions, pkg.PythonPkg, v, v)...)
 	vendors.removeByValue(findVendorsToRemove(defaultCandidateRemovals, pkg.PythonPkg, v)...)
 
 	for _, av := range additionalVendorsForPython(v) {
-		vendors.add(fieldCandidate{
-			value:                       av,
-			disallowSubSelections:       true,
-			disallowDelimiterVariations: true,
-		})
+		vendors.addValue(av)
 		vendors.addValue(findAdditionalVendors(defaultCandidateAdditions, pkg.PythonPkg, av, av)...)
 		vendors.removeByValue(findVendorsToRemove(defaultCandidateRemovals, pkg.PythonPkg, av)...)
 	}
@@ -37,15 +28,16 @@ func pythonCandidateVendorsFromName(v string) fieldCandidateSet {
 
 func pythonCandidateVendorsFromAPK(m pkg.ApkMetadata) fieldCandidateSet {
 	vendors := newFieldCandidateSet()
+	upstream := m.Upstream()
 
 	for _, p := range pythonPrefixes {
 		if strings.HasPrefix(m.Package, p) {
 			t := strings.ToLower(strings.TrimPrefix(m.Package, p))
 			vendors.union(pythonCandidateVendorsFromName(t))
 		}
 
-		if m.OriginPackage != m.Package && strings.HasPrefix(m.OriginPackage, p) {
-			t := strings.ToLower(strings.TrimPrefix(m.OriginPackage, p))
+		if upstream != m.Package && strings.HasPrefix(upstream, p) {
+			t := strings.ToLower(strings.TrimPrefix(upstream, p))
 			vendors.union(pythonCandidateVendorsFromName(t))
 		}
 	}
@@ -55,28 +47,24 @@ func pythonCandidateVendorsFromAPK(m pkg.ApkMetadata) fieldCandidateSet {
 
 func pythonCandidateProductsFromName(p string) fieldCandidateSet {
 	products := newFieldCandidateSet()
-	products.add(fieldCandidate{
-		value:                       p,
-		disallowSubSelections:       true,
-		disallowDelimiterVariations: true,
-	})
-
+	products.addValue(p)
 	products.addValue(findAdditionalProducts(defaultCandidateAdditions, pkg.PythonPkg, p)...)
 	products.removeByValue(findProductsToRemove(defaultCandidateRemovals, pkg.PythonPkg, p)...)
 	return products
 }
 
 func pythonCandidateProductsFromAPK(m pkg.ApkMetadata) fieldCandidateSet {
 	products := newFieldCandidateSet()
+	upstream := m.Upstream()
 
 	for _, p := range pythonPrefixes {
 		if strings.HasPrefix(m.Package, p) {
 			t := strings.ToLower(strings.TrimPrefix(m.Package, p))
 			products.union(pythonCandidateProductsFromName(t))
 		}
 
-		if m.OriginPackage != m.Package && strings.HasPrefix(m.OriginPackage, p) {
-			t := strings.ToLower(strings.TrimPrefix(m.OriginPackage, p))
+		if upstream != m.Package && strings.HasPrefix(upstream, p) {
+			t := strings.ToLower(strings.TrimPrefix(upstream, p))
 			products.union(pythonCandidateProductsFromName(t))
 		}
 	}
@@ -86,29 +74,27 @@ func pythonCandidateProductsFromAPK(m pkg.ApkMetadata) fieldCandidateSet {
 
 func rubyCandidateVendorsFromName(v string) fieldCandidateSet {
 	vendors := newFieldCandidateSet()
-	vendors.add(fieldCandidate{
-		value:                       v,
-		disallowSubSelections:       true,
-		disallowDelimiterVariations: true,
-	})
-
+	vendors.addValue(v)
 	vendors.addValue(findAdditionalVendors(defaultCandidateAdditions, pkg.GemPkg, v, v)...)
 	vendors.removeByValue(findVendorsToRemove(defaultCandidateRemovals, pkg.GemPkg, v)...)
 	return vendors
 }
 
 func rubyCandidateVendorsFromAPK(m pkg.ApkMetadata) fieldCandidateSet {
 	vendors := newFieldCandidateSet()
+	upstream := m.Upstream()
 
-	for _, p := range rubyPrefixes {
-		if strings.HasPrefix(m.Package, p) {
-			t := strings.ToLower(strings.TrimPrefix(m.Package, p))
-			vendors.union(rubyCandidateVendorsFromName(t))
-		}
-
-		if m.OriginPackage != m.Package && strings.HasPrefix(m.OriginPackage, p) {
-			t := strings.ToLower(strings.TrimPrefix(m.OriginPackage, p))
-			vendors.union(rubyCandidateVendorsFromName(t))
+	if upstream != "ruby" {
+		for _, p := range rubyPrefixes {
+			if strings.HasPrefix(m.Package, p) {
+				t := strings.ToLower(strings.TrimPrefix(m.Package, p))
+				vendors.union(rubyCandidateVendorsFromName(t))
+			}
+
+			if upstream != "" && upstream != m.Package && strings.HasPrefix(upstream, p) {
+				t := strings.ToLower(strings.TrimPrefix(upstream, p))
+				vendors.union(rubyCandidateVendorsFromName(t))
+			}
 		}
 	}
 
@@ -117,29 +103,27 @@ func rubyCandidateVendorsFromAPK(m pkg.ApkMetadata) fieldCandidateSet {
 
 func rubyCandidateProductsFromName(p string) fieldCandidateSet {
 	products := newFieldCandidateSet()
-	products.add(fieldCandidate{
-		value:                       p,
-		disallowSubSelections:       true,
-		disallowDelimiterVariations: true,
-	})
-
+	products.addValue(p)
 	products.addValue(findAdditionalProducts(defaultCandidateAdditions, pkg.GemPkg, p)...)
 	products.removeByValue(findProductsToRemove(defaultCandidateRemovals, pkg.GemPkg, p)...)
 	return products
 }
 
 func rubyCandidateProductsFromAPK(m pkg.ApkMetadata) fieldCandidateSet {
 	products := newFieldCandidateSet()
+	upstream := m.Upstream()
 
-	for _, p := range rubyPrefixes {
-		if strings.HasPrefix(m.Package, p) {
-			t := strings.ToLower(strings.TrimPrefix(m.Package, p))
-			products.union(rubyCandidateProductsFromName(t))
-		}
-
-		if m.OriginPackage != m.Package && strings.HasPrefix(m.OriginPackage, p) {
-			t := strings.ToLower(strings.TrimPrefix(m.OriginPackage, p))
-			products.union(rubyCandidateProductsFromName(t))
+	if upstream != "ruby" {
+		for _, p := range rubyPrefixes {
+			if strings.HasPrefix(m.Package, p) {
+				t := strings.ToLower(strings.TrimPrefix(m.Package, p))
+				products.union(rubyCandidateProductsFromName(t))
+			}
+
+			if upstream != "" && upstream != m.Package && strings.HasPrefix(upstream, p) {
+				t := strings.ToLower(strings.TrimPrefix(upstream, p))
+				products.union(rubyCandidateProductsFromName(t))
+			}
 		}
 	}
 
@@ -149,13 +133,8 @@ func rubyCandidateProductsFromAPK(m pkg.ApkMetadata) fieldCandidateSet {
 func candidateVendorsFromAPKUpstream(m pkg.ApkMetadata) fieldCandidateSet {
 	vendors := newFieldCandidateSet()
 	upstream := m.Upstream()
-	if upstream != "" {
-		vendors.add(fieldCandidate{
-			value:                       upstream,
-			disallowSubSelections:       true,
-			disallowDelimiterVariations: true,
-		})
-
+	if upstream != "" && upstream != m.Package {
+		vendors.addValue(upstream)
 		vendors.addValue(findAdditionalVendors(defaultCandidateAdditions, pkg.ApkPkg, upstream, upstream)...)
 		vendors.removeByValue(findVendorsToRemove(defaultCandidateRemovals, pkg.ApkPkg, upstream)...)
 	}
@@ -167,12 +146,7 @@ func candidateProductsFromAPKUpstream(m pkg.ApkMetadata) fieldCandidateSet {
 	products := newFieldCandidateSet()
 	upstream := m.Upstream()
 	if upstream != "" {
-		products.add(fieldCandidate{
-			value:                       upstream,
-			disallowSubSelections:       true,
-			disallowDelimiterVariations: true,
-		})
-
+		products.addValue(upstream)
 		products.addValue(findAdditionalProducts(defaultCandidateAdditions, pkg.ApkPkg, upstream)...)
 		products.removeByValue(findProductsToRemove(defaultCandidateRemovals, pkg.ApkPkg, upstream)...)
 	}
@@ -192,6 +166,11 @@ func candidateVendorsForAPK(p pkg.Package) fieldCandidateSet {
 	vendors.union(candidateVendorsFromAPKUpstream(metadata))
 	vendors.union(candidateVendorsFromURL(metadata.URL))
 
+	for v := range vendors {
+		v.disallowDelimiterVariations = true
+		v.disallowSubSelections = true
+	}
+
 	return vendors
 }
 
@@ -206,5 +185,10 @@ func candidateProductsForAPK(p pkg.Package) fieldCandidateSet {
 	products.union(rubyCandidateProductsFromAPK(metadata))
 	products.union(candidateProductsFromAPKUpstream(metadata))
 
+	for p := range products {
+		p.disallowDelimiterVariations = true
+		p.disallowSubSelections = true
+	}
+
 	return products
 }
diff --git a/syft/pkg/cataloger/common/cpe/apk_test.go b/syft/pkg/cataloger/common/cpe/apk_test.go
@@ -24,13 +24,14 @@ func Test_candidateVendorsForAPK(t *testing.T) {
 			expected: []string{"python-cryptography_project", "cryptography", "cryptographyproject", "cryptography_project"},
 		},
 		{
-			name: "py2-pypdf OriginPackage",
+			name: "py2-pypdf with explicit different origin",
 			pkg: pkg.Package{
 				Metadata: pkg.ApkMetadata{
-					OriginPackage: "py2-pypdf",
+					Package:       "py2-pypdf",
+					OriginPackage: "abcdefg",
 				},
 			},
-			expected: []string{"pypdf", "pypdfproject", "pypdf_project"},
+			expected: []string{"pypdf", "pypdfproject", "pypdf_project", "abcdefg"},
 		},
 		{
 			name: "ruby-armadillo Package",
@@ -48,7 +49,7 @@ func Test_candidateVendorsForAPK(t *testing.T) {
 					Package: "python-3.6",
 				},
 			},
-			expected: []string{"python-3.6", "python"},
+			expected: []string{"python", "python_software_foundation"},
 		},
 		{
 			name: "ruby-3.6",
@@ -58,7 +59,7 @@ func Test_candidateVendorsForAPK(t *testing.T) {
 					URL:     "https://www.ruby-lang.org/",
 				},
 			},
-			expected: []string{"ruby-3.6", "ruby", "ruby-lang"},
+			expected: []string{"ruby", "ruby-lang"},
 		},
 		{
 			name: "make",
@@ -68,12 +69,12 @@ func Test_candidateVendorsForAPK(t *testing.T) {
 					URL:     "https://www.gnu.org/software/make",
 				},
 			},
-			expected: []string{"make", "gnu"},
+			expected: []string{"gnu"},
 		},
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			assert.ElementsMatch(t, test.expected, candidateVendorsForAPK(test.pkg).values(), "different vendors")
+			assert.ElementsMatch(t, test.expected, candidateVendorsForAPK(test.pkg).uniqueValues(), "different vendors")
 		})
 	}
 }
@@ -94,13 +95,14 @@ func Test_candidateProductsForAPK(t *testing.T) {
 			expected: []string{"cryptography", "python-cryptography"},
 		},
 		{
-			name: "py2-pypdf OriginPackage",
+			name: "py2-pypdf with explicit different origin",
 			pkg: pkg.Package{
 				Metadata: pkg.ApkMetadata{
-					OriginPackage: "py2-pypdf",
+					Package:       "py2-pypdf",
+					OriginPackage: "abcdefg",
 				},
 			},
-			expected: []string{"pypdf"},
+			expected: []string{"pypdf", "abcdefg"},
 		},
 		{
 			name: "ruby-armadillo Package",
@@ -111,10 +113,39 @@ func Test_candidateProductsForAPK(t *testing.T) {
 			},
 			expected: []string{"armadillo"},
 		},
+		{
+			name: "python-3.6",
+			pkg: pkg.Package{
+				Metadata: pkg.ApkMetadata{
+					Package: "python-3.6",
+				},
+			},
+			expected: []string{"python"},
+		},
+		{
+			name: "ruby-3.6",
+			pkg: pkg.Package{
+				Metadata: pkg.ApkMetadata{
+					Package: "ruby-3.6",
+					URL:     "https://www.ruby-lang.org/",
+				},
+			},
+			expected: []string{"ruby"},
+		},
+		{
+			name: "make",
+			pkg: pkg.Package{
+				Metadata: pkg.ApkMetadata{
+					Package: "make",
+					URL:     "https://www.gnu.org/software/make",
+				},
+			},
+			expected: []string{"make"},
+		},
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			assert.ElementsMatch(t, test.expected, candidateProductsForAPK(test.pkg).values(), "different products")
+			assert.ElementsMatch(t, test.expected, candidateProductsForAPK(test.pkg).uniqueValues(), "different products")
 		})
 	}
 }