fix: gradle lockfile parser groupId handling (anchore#1995)

Signed-off-by: Keith Zantow <kzantow@gmail.com>
GijsCalis · Aug 4, 2023 · 68f5f34 · 68f5f34
1 parent 0248808
commit 68f5f34
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 0 deletions.
diff --git a/syft/pkg/cataloger/java/parse_gradle_lockfile.go b/syft/pkg/cataloger/java/parse_gradle_lockfile.go
@@ -57,7 +57,16 @@ func parseGradleLockfile(_ file.Resolver, _ *generic.Environment, reader file.Lo
 			Language:     pkg.Java,
 			Type:         pkg.JavaPkg,
 			MetadataType: pkg.JavaMetadataType,
+			Metadata: pkg.JavaMetadata{
+				PomProject: &pkg.PomProject{
+					GroupID:    dep.Group,
+					ArtifactID: dep.Name,
+					Version:    dep.Version,
+					Name:       dep.Name,
+				},
+			},
 		}
+		mappedPkg.SetID()
 		pkgs = append(pkgs, mappedPkg)
 	}
 

diff --git a/syft/pkg/cataloger/java/parse_gradle_lockfile_test.go b/syft/pkg/cataloger/java/parse_gradle_lockfile_test.go
@@ -16,26 +16,45 @@ func Test_parserGradleLockfile(t *testing.T) {
 		{
 			input: "test-fixtures/gradle/gradle.lockfile",
 			expected: []pkg.Package{
+				{
+					Name:         "commons-text",
+					Version:      "1.8",
+					Language:     pkg.Java,
+					Type:         pkg.JavaPkg,
+					MetadataType: pkg.JavaMetadataType,
+					Metadata: pkg.JavaMetadata{
+						PomProject: &pkg.PomProject{GroupID: "org.apache.commons", ArtifactID: "commons-text", Version: "1.8", Name: "commons-text"},
+					},
+				},
 				{
 					Name:         "hamcrest-core",
 					Version:      "1.3",
 					Language:     pkg.Java,
 					Type:         pkg.JavaPkg,
 					MetadataType: pkg.JavaMetadataType,
+					Metadata: pkg.JavaMetadata{
+						PomProject: &pkg.PomProject{GroupID: "org.hamcrest", ArtifactID: "hamcrest-core", Version: "1.3", Name: "hamcrest-core"},
+					},
 				},
 				{
 					Name:         "joda-time",
 					Version:      "2.2",
 					Language:     pkg.Java,
 					Type:         pkg.JavaPkg,
 					MetadataType: pkg.JavaMetadataType,
+					Metadata: pkg.JavaMetadata{
+						PomProject: &pkg.PomProject{GroupID: "joda-time", ArtifactID: "joda-time", Version: "2.2", Name: "joda-time"},
+					},
 				},
 				{
 					Name:         "junit",
 					Version:      "4.12",
 					Language:     pkg.Java,
 					Type:         pkg.JavaPkg,
 					MetadataType: pkg.JavaMetadataType,
+					Metadata: pkg.JavaMetadata{
+						PomProject: &pkg.PomProject{GroupID: "junit", ArtifactID: "junit", Version: "4.12", Name: "junit"},
+					},
 				},
 			},
 		},

diff --git a/syft/pkg/cataloger/java/test-fixtures/gradle/gradle.lockfile b/syft/pkg/cataloger/java/test-fixtures/gradle/gradle.lockfile
@@ -5,3 +5,4 @@ joda-time:joda-time:2.2=compileClasspath,runtimeClasspath,testCompileClasspath,t
 junit:junit:4.12=testCompileClasspath,testRuntimeClasspath
 org.hamcrest:hamcrest-core:1.3=testCompileClasspath,testRuntimeClasspath
 empty=annotationProcessor,testAnnotationProcessor
+org.apache.commons:commons-text:1.8=compileClasspath