Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cataloger filtering cross matches wrong catalogers #1573

Closed
cdupuis opened this issue Feb 15, 2023 · 2 comments · Fixed by #1582
Closed

Cataloger filtering cross matches wrong catalogers #1573

cdupuis opened this issue Feb 15, 2023 · 2 comments · Fixed by #1582
Assignees
Labels
bug Something isn't working

Comments

@cdupuis
Copy link
Contributor

cdupuis commented Feb 15, 2023

Adding the following test to https://github.com/anchore/syft/blob/main/syft/pkg/cataloger/cataloger_test.go#L27 shows that when requesting only java-cataloger, the javascript-package-cataloger and javascript-lock-cataloger are both enabled, which IMHO is wrong.

                {
			name: "don't cross match",
			patterns: []string{
				"java-cataloger",
			},
			catalogers: []string{
				"javascript-package-cataloger",
				"java-cataloger",
			},
			want: []string{
				"java-cataloger",
			},
		},
@cdupuis cdupuis added the bug Something isn't working label Feb 15, 2023
@wagoodman
Copy link
Contributor

Entirely agreed -- this is not correct behavior. We could change the behavior to require matching exactly (instead of contains) or make hard coded exceptions (not ideal, but could be a fine workaround for now if we wanted something quick that didn't break existing behavior).

Additionally there is a PR that we're looking to get in that would change this behavior for the better #1383 (specifically at https://github.com/anchore/syft/pull/1383/files#diff-e7cb9915335df0e3ab997cf8a7b0574e4a0ecc5dc8db5a9e6ed8ba28eccb325b). The cataloger selection is more explicit and doesn't rely on the contains approach as done now.

@wagoodman
Copy link
Contributor

I've additionally opened up #1578 to capture the fact that this cataloger name is not specific enough for what it does.

@tgerla tgerla added this to OSS Feb 16, 2023
@spiffcs spiffcs moved this to Awaiting Response in OSS Feb 16, 2023
@spiffcs spiffcs moved this from Awaiting Response to Backlog in OSS Feb 16, 2023
@wagoodman wagoodman self-assigned this Feb 17, 2023
@wagoodman wagoodman moved this from Backlog to In Progress in OSS Feb 17, 2023
@wagoodman wagoodman moved this from In Progress to In Review in OSS Feb 17, 2023
@github-project-automation github-project-automation bot moved this from In Review to Done in OSS Feb 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
Archived in project
Development

Successfully merging a pull request may close this issue.

2 participants