feat: Add Wordpress cataloger

[disc]

Add a cataloger that detects installed Wordpress plugins by looking files in */wp-content/plugins/* directories
Closes #1911

Related MR to Grype for removing wordpress from known targets and unsuppressing of wordpress plugins vulnerabilities
anchore/grype#1553

[wagoodman]

@disc I've caught up this branch based on the several changes made on main recently. I have a couple of small questions, otherwise I feel this is about the cross the finish line 🙌

[wagoodman]

Thanks for adding this cataloger 🙌 ! (and thanks for your patience on this PR -- it came in the midst of an API refactor so needed to land afterwards).

[wagoodman]

@disc A couple of clarifying questions:

{
  "id": "62595455b80ed7ff",
  "name": "Akismet Anti-spam: Spam Protection",
  "version": "5.3",
  "type": "wordpress-plugin",
  "foundBy": "wordpress-plugin-cataloger",
  ...  
  "metadata": {
    "plugin_name": "akismet",
    "author": "Automattic - Anti-spam Team",
    "author_uri": "https://automattic.com/wordpress-plugins/"
  }
}

1. Should the pkg.Package.Name be what is currently the pkg.WordpressPlugin.PluginName? (I could reason either way, curious for opinions here)
2. (Completely independent from the first question) Should pkg.WordpressPlugin.PluginName really be something like pkg.WordpressPlugin.PluginInstallDirectory (or similar) since it's derived from an installation path?

(I can make the updates if there are any changes needed)

[github-actions]

Warning

Detected modification or removal of existing json schemas:

• schema/json/schema-16.0.2.json

[disc]

@disc A couple of clarifying questions:

{
  "id": "62595455b80ed7ff",
  "name": "Akismet Anti-spam: Spam Protection",
  "version": "5.3",
  "type": "wordpress-plugin",
  "foundBy": "wordpress-plugin-cataloger",
  ...  
  "metadata": {
    "plugin_name": "akismet",
    "author": "Automattic - Anti-spam Team",
    "author_uri": "https://automattic.com/wordpress-plugins/"
  }
}

1. Should the `pkg.Package.Name` be what is currently the `pkg.WordpressPlugin.PluginName`? (I could reason either way, curious for opinions here)

2. (Completely independent from the first question) Should `pkg.WordpressPlugin.PluginName` really be something like `pkg.WordpressPlugin.PluginInstallDirectory` (or similar) since it's derived from an installation path?

(I can make the updates if there are any changes needed)

Hey @wagoodman. Looks like I need to make a few changes after a huge refactor and probably these questions won't be actual further.

[wagoodman]

I can help with restoring/regenerating the JSON schema if needed. Also, is the refactor you're referring to one that happened on main (touching the cataloging API)? Or are you talking about a refactor within the new wordpress plugin cataloger you wrote?

[disc]

is the refactor you're referring to one that happened on main (touching the cataloging API)?

Yes, I meant this one. I've just completed all the needed changes - now need to look into a test run.

rereviewing due to changes

[wagoodman]

Hey, I fixed the failing tests and updated the branch. I still have some questions left (from #2218 (comment))

1. Should the value in pkg.Package.Name really be what is currently in the pkg.WordpressPlugin.PluginName field? Said another way, should the package name be the install directory name instead of the plugin display name?
2. Should pkg.WordpressPlugin.PluginName really be renamed to pkg.WordpressPlugin.PluginInstallDirectory (or similar) since it's derived from an installation path and not actually the Plugin Name: field from the underlying source code?

[disc]

Hey, I fixed the failing tests and updated the branch. I still have some questions left (from #2218 (comment))

1. Should the value in `pkg.Package.Name` really be what is currently in the `pkg.WordpressPlugin.PluginName` field? Said another way, should the package name be the install directory name instead of the plugin display name?

2. Should `pkg.WordpressPlugin.PluginName` really be renamed to `pkg.WordpressPlugin.PluginInstallDirectory` (or similar) since it's derived from an installation path and not actually the `Plugin Name:` field from the underlying source code?

1. I believe yes, it makes the package name short and simple, sometimes it contains long names such as Akismet Anti-spam: Spam Protection
2. Probably yes, it's contains almost the same as a name but uses for building CPEs

[wagoodman]

It sounds like both answers point to making some small updates -- I can take a stab at it if you'd like? (or if you wanted to that's also alright)

[wagoodman]

I force pushed a rebase (there were a few commits from main that didn't belong). I also regenerated the JSON schema after changing the field caps to be consistent with the field convention we use (camel case).

Overall great work -- thanks for taking the time to add this cataloger 🙏 !