8000 .NET cataloger should consider compile target paths from deps.json by wagoodman · Pull Request #3821 · anchore/syft · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

.NET cataloger should consider compile target paths from deps.json #3821

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 24, 2025
Merged

.NET cataloger should consider compile target paths from deps.json #3821

merged 3 commits into from
Apr 24, 2025

Conversation

wagoodman
Copy link
Contributor
@wagoodman wagoodman commented Apr 23, 2025
edited
Loading

Today the PE cataloger considers the runtime, resources, and native target types within a deps.json file, however, the compile type is not considered:

If a given dependency is only listed for compilation, then its runtime, resources and native properties is omitted. Similarly if the dependency is only listed for runtime, then its compile property is omitted.

Per the .NET CLI documentation.

This mirrors the same logic applied to the runtime and resources type to the compile type, allowing us to pair up deps.json entries that look like this with the DLLs they reference:

... 
"DotNetNuke.Core/9.9.1": {
  "dependencies": {
    "DotNetNuke.DependencyInjection": "9.9.1"
  },
  "compile": {
    "lib/net45/DotNetNuke.dll": {},
    "lib/net45/Microsoft.ApplicationBlocks.Data.dll": {}
  }
},
...

Type of change

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • I have added unit tests that cover changed behavior
  • I have tested my code in common scenarios and confirmed there are no regressions
  • I have added comments to my code, particularly in hard-to-understand sections

@wagoodman
fix PE compile path processing
6a962a3 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman wagoodman added the bug Something isn't working label Apr 23, 2025
@wagoodman wagoodman self-assigned this Apr 23, 2025
@wagoodman wagoodman added this to OSS Apr 23, 2025
@wagoodman wagoodman moved this to In Review in OSS Apr 23, 2025
@wagoodman wagoodman changed the title Fix PE cataloger to consider compile paths from deps.json PE cataloger should consider compile target paths from deps.json Apr 23, 2025
@wagoodman
fix tests
9757704 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman
adjust fixture comment
b72ac6e 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman wagoodman mentioned this pull request Apr 23, 2025
Merged
4 tasks
@wagoodman wagoodman enabled auto-merge (squash) April 24, 2025 01:18
@wagoodman wagoodman merged commit 2dd9d58 into main Apr 24, 2025
13 checks passed
@wagoodman wagoodman deleted the add-pe-compile-path-processing branch April 24, 2025 13:01
@github-project-automation github-project-automation bot moved this from In Review to Done in OSS Apr 24, 2025
@wagoodman wagoodman changed the title PE cataloger should consider compile target paths from deps.json .NET cataloger should consider compile target paths from deps.json Apr 24, 2025
spiffcs added a commit that referenced this pull request Apr 29, 2025
@spiffcs
Merge branch 'main' into 3088-full-text
b3f335e 
* main: (150 commits)
  fix the fluent-bit regex detection pattern (#3817)
  chore(deps): bump anchore/sbom-action from 0.18.0 to 0.19.0 (#3832)
  chore(deps): update tools to latest versions (#3830)
  Resolve owned file paths when searching for overlaps (#3828)
  chore(deps): update anchore dependencies (#3827)
  fix: Make the fileresolver Support Prefix Match of Files (#3820)
  Add support for detecting javascript assets in .NET projects using libman (#3825)
  chore(deps): update tools to latest versions (#3823)
  (feat): support skipping archive extraction with file source (#3795)
  Consider DLL claims for dependencies of .NET packages from deps.json (#3822)
  PE cataloger should consider compile target paths from deps.json (#3821)
  Perf: skip license scanner injection (#3796)
  chore(deps): bump sigstore/cosign-installer from 3.8.1 to 3.8.2 (#3818)
  chore(deps): bump github/codeql-action from 3.28.15 to 3.28.16 (#3819)
  chore(deps): update tools to latest versions (#3815)
  docs: document test commands (#3816)
  Support detection of Chrome binaries (#3136)
  fix:allow golang tip image detection regex pattern (#3757)
  fix:Make the parse of the replace part in ```go.mod``` more compliant and traceable (#3812)
  (fix): delete collection name/type key entries when empty (#3797)
  ...

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@willmurphyscode willmurphyscode willmurphyscode left review comments

@westonsteimel westonsteimel westonsteimel approved these changes

Assignees

@wagoodman wagoodman

Labels
bug Something isn't working
Projects
OSS
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wagoodman @westonsteimel @willmurphyscode
0