8000 fix: use namespace with name when purl is ecosystem golang in purl decoder by goatwu1993 · Pull Request #2586 · anchore/grype · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

fix: use namespace with name when purl is ecosystem golang in purl decoder #2586

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
May 2, 2025
Merged

fix: use namespace with name when purl is ecosystem golang in purl decoder #2586

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4e0dfff
fix: fix grype pkg:golang/k8s.io/ingress-nginx@v1.11.2 does not show …
goatwu1993 Apr 9, 2025
a0b5fff
fix: replay new commits onto 2586
spiffcs May 2, 2025
00ad71c
chore: update case and account for blank namespace
spiffcs May 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions grype/pkg/purl_provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -193,8 +193,13 @@ func purlToPackage(rawLine string) (*Package, *pkg.Package, string, string, erro
version = fmt.Sprintf("%s:%s", epoch, purl.Version)
}

name := purl.Name
if pkgType == pkg.GoModulePkg && purl.Namespace != "" {
name = purl.Namespace + "/" + name
}

syftPkg := pkg.Package{
Name: purl.Name,
Name: name,
Version: version,
Type: pkgType,
CPEs: cpes,
Expand All @@ -206,7 +211,7 @@ func purlToPackage(rawLine string) (*Package, *pkg.Package, string, string, erro
return &Package{
ID: ID(purl.String()),
CPEs: cpes,
Name: purl.Name,
Name: name,
Version: version,
Type: pkgType,
Language: pkg.LanguageByName(purl.Type),
Expand Down
84 changes: 84 additions & 0 deletions grype/pkg/purl_provider_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -375,6 +375,90 @@ func Test_PurlProvider(t *testing.T) {
},
},
},
{
name: "include namespace in name when purl is type Golang",
userInput: "pkg:golang/k8s.io/ingress-nginx@v1.11.2",
context: Context{
Source: &source.Description{
Metadata: PURLLiteralMetadata{PURL: "pkg:golang/k8s.io/ingress-nginx@v1.11.2"},
},
},
pkgs: []Package{
{
Name: "k8s.io/ingress-nginx",
Version: "v1.11.2",
Type: pkg.GoModulePkg,
PURL: "pkg:golang/k8s.io/ingress-nginx@v1.11.2",
},
},
sbom: &sbom.SBOM{
Artifacts: sbom.Artifacts{
Packages: pkg.NewCollection(pkg.Package{
Name: "k8s.io/ingress-nginx",
Version: "v1.11.2",
Type: pkg.GoModulePkg,
Language: pkg.Go,
PURL: "pkg:golang/k8s.io/ingress-nginx@v1.11.2",
}),
},
},
},
{
name: "include complex namespace in name when purl is type Golang",
userInput: "pkg:golang/github.com/wazuh/wazuh@v4.5.0",
context: Context{
Source: &source.Description{
Metadata: PURLLiteralMetadata{PURL: "pkg:golang/github.com/wazuh/wazuh@v4.5.0"},
},
},
pkgs: []Package{
{
Name: "github.com/wazuh/wazuh",
Version: "v4.5.0",
Type: pkg.GoModulePkg,
PURL: "pkg:golang/github.com/wazuh/wazuh@v4.5.0",
},
},
sbom: &sbom.SBOM{
Artifacts: sbom.Artifacts{
Packages: pkg.NewCollection(pkg.Package{
Name: "github.com/wazuh/wazuh",
Version: "v4.5.0",
Type: pkg.GoModulePkg,
PURL: "pkg:golang/github.com/wazuh/wazuh@v4.5.0",
Language: pkg.Go,
92F5 }),
},
},
},
{
name: "do not include namespace when given blank input blank",
userInput: "pkg:golang/wazuh@v4.5.0",
context: Context{
Source: &source.Description{
Metadata: PURLLiteralMetadata{PURL: "pkg:golang/wazuh@v4.5.0"},
},
},
pkgs: []Package{
{
Name: "wazuh",
Version: "v4.5.0",
Type: pkg.GoModulePkg,
PURL: "pkg:golang/wazuh@v4.5.0",
},
},
sbom: &sbom.SBOM{
Artifacts: sbom.Artifacts{
Packages: pkg.NewCollection(pkg.Package{
Name: "wazuh",
Version: "v4.5.0",
Type: pkg.GoModulePkg,
PURL: "pkg:golang/wazuh@v4.5.0",
Language: pkg.Go,
}),
},
},
},
{
name: "infer context when distro is present for multiple similar purls",
userInput: "purl:test-fixtures/purl/homogeneous-os.txt",
Expand Down
Loading
0