From 5843ff89a75c0e20d12917b6edb3ec827eb1d5e0 Mon Sep 17 00:00:00 2001 From: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Date: Thu, 1 May 2025 20:39:02 -0400 Subject: [PATCH] feat: update namespace onto name for golang purl decoder Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> --- grype/pkg/purl_provider.go | 9 ++++-- grype/pkg/purl_provider_test.go | 56 +++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+), 2 deletions(-) diff --git a/grype/pkg/purl_provider.go b/grype/pkg/purl_provider.go index 2b8f14f7496..2aab4ffa2e3 100644 --- a/grype/pkg/purl_provider.go +++ b/grype/pkg/purl_provider.go @@ -193,8 +193,13 @@ func purlToPackage(rawLine string) (*Package, *pkg.Package, string, string, erro version = fmt.Sprintf("%s:%s", epoch, purl.Version) } + name := purl.Name + if pkgType == pkg.GoModulePkg { + name = purl.Namespace + "/" + name + } + syftPkg := pkg.Package{ - Name: purl.Name, + Name: name, Version: version, Type: pkgType, CPEs: cpes, @@ -206,7 +211,7 @@ func purlToPackage(rawLine string) (*Package, *pkg.Package, string, string, erro return &Package{ ID: ID(purl.String()), CPEs: cpes, - Name: purl.Name, + Name: name, Version: version, Type: pkgType, Language: pkg.LanguageByName(purl.Type), diff --git a/grype/pkg/purl_provider_test.go b/grype/pkg/purl_provider_test.go index ca909402b8b..ff0aa574836 100644 --- a/grype/pkg/purl_provider_test.go +++ b/grype/pkg/purl_provider_test.go @@ -375,6 +375,62 @@ func Test_PurlProvider(t *testing.T) { }, }, }, + { + name: "include namespace in name when purl is type Golang", + userInput: "pkg:golang/k8s.io/ingress-nginx@v1.11.2", + context: Context{ + Source: &source.Description{ + Metadata: PURLLiteralMetadata{PURL: "pkg:golang/k8s.io/ingress-nginx@v1.11.2"}, + }, + }, + pkgs: []Package{ + { + Name: "k8s.io/ingress-nginx", + Version: "v1.11.2", + Type: pkg.GoModulePkg, + PURL: "pkg:golang/k8s.io/ingress-nginx@v1.11.2", + }, + }, + sbom: &sbom.SBOM{ + Artifacts: sbom.Artifacts{ + Packages: pkg.NewCollection(pkg.Package{ + Name: "k8s.io/ingress-nginx", + Version: "v1.11.2", + Type: pkg.GoModulePkg, + Language: pkg.Go, + PURL: "pkg:golang/k8s.io/ingress-nginx@v1.11.2", + }), + }, + }, + }, + { + name: "include complex namespace in name when purl is type Golang", + userInput: "pkg:golang/github.com/wazuh/wazuh@v4.5.0", + context: Context{ + Source: &source.Description{ + Metadata: PURLLiteralMetadata{PURL: "pkg:golang/github.com/wazuh/wazuh@v4.5.0"}, + }, + }, + pkgs: []Package{ + { + Name: "github.com/wazuh/wazuh", + Version: "v4.5.0", + Type: pkg.GoModulePkg, + PURL: "pkg:golang/github.com/wazuh/wazuh@v4.5.0", + }, + }, + sbom: &sbom.SBOM{ + Artifacts: sbom.Artifacts{ + Packages: pkg.NewCollection(pkg.Package{ + Name: "github.com/wazuh/wazuh", + Version: "v4.5.0", + Type: pkg.GoModulePkg, + PURL: "pkg:golang/github.com/wazuh/wazuh@v4.5.0", + Language: pkg.Go, + }), + }, + }, + }, { name: "infer context when distro is present for multiple similar purls", userInput: "purl:test-fixtures/purl/homogeneous-os.txt",