integrate syft go-module detection with engine (#1361)

* integrate syft go-module detection with engine Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * add functional tests for golang analyzer Signed-off-by: Weston Steimel <weston.steimel@anchore.com> * update README Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
anchore · Feb 1, 2022 · e9382a8 · e9382a8
1 parent 43224af
commit e9382a8
Show file tree

Hide file tree

Showing 9 changed files with 3,310 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -124,3 +124,4 @@ docs/resources/_gen
 
 
 .DS_Store
+.local
diff --git a/README.md b/README.md
@@ -40,6 +40,7 @@ Anchore Engine is also the OSS foundation for [Anchore Enterprise](https://ancho
 - Java Archive (jar, war, ear)
 - NPM
 - Python (PIP)
+- Go Modules
 
 ## Installation
 

diff --git a/anchore_engine/analyzers/syft/handlers/__init__.py b/anchore_engine/analyzers/syft/handlers/__init__.py
@@ -1,4 +1,4 @@
-from . import alpine, debian, gem, java, npm, python, rpm
+from . import alpine, debian, gem, golang, java, npm, python, rpm
 
 # This is a mapping of **syft** artifact types to modules to transform syft output into engine-compliant output.
 # Each module has two functions: translate_and_save_entry & save_entry
@@ -8,6 +8,7 @@
     "npm": npm,
     "java-archive": java,
     "jenkins-plugin": java,
+    "go-module": golang,
     "apk": alpine,
     "rpm": rpm,
     "deb": debian,
@@ -25,6 +26,7 @@
     "java-war": java,
     "java-jpi": java,
     "java-hpi": java,
+    "go": golang,
     "apkg": alpine,
     "rpm": rpm,
     "dpkg": debian,

diff --git a/anchore_engine/analyzers/syft/handlers/golang.py b/anchore_engine/analyzers/syft/handlers/golang.py
@@ -0,0 +1,38 @@
+from anchore_engine.analyzers.syft.handlers.common import save_entry_to_findings
+
+
+def save_entry(findings, engine_entry, pkg_key=None):
+    if not pkg_key:
+        pkg_name = engine_entry.get("name", "")
+        pkg_version = engine_entry.get("version", engine_entry.get("latest", ""))
+        location = engine_entry.get("location", "/virtual/gopkg/")
+        pkg_key = f"{location}:{pkg_name}@{pkg_version}"
+
+    save_entry_to_findings(findings, engine_entry, "pkgs.go", pkg_key)
+
+
+def translate_and_save_entry(findings, artifact):
+    """
+    Handler function to map syft results for the go-module type into the engine "raw" document format.
+    """
+
+    if len(artifact["locations"]) > 0:
+        location = artifact["locations"][0]["path"]
+    else:
+        location = None
+
+    # craft the artifact document
+    pkg_value = {
+        "name": artifact["name"],
+        "version": artifact["version"],
+        "location": location,
+        "type": "go",
+        "files": [],
+        "license": "N/A",
+        "origin": "N/A",
+        "cpes": artifact.get("cpes", []),
+        "metadata": artifact.get("metadata", {}),
+    }
+
+    # inject the artifact document into the "raw" analyzer document
+    save_entry(findings, pkg_value)
diff --git a/tests/functional/clients/conftest.py b/tests/functional/clients/conftest.py
@@ -57,6 +57,14 @@
         "image_source": "registry",
         "schema_version": "v2",
     },
+    "go": {
+        "registry": "docker.io",
+        "repo": "anchore/test_images",
+        "tag": "engine-analyzer-golang-a8b30f2",
+        "digest": "sha256:d7efe8ef45def7a7aa6571de3cc5857281b1d7dc5477e7e0cbff6ccb2d5f5f8c",
+        "image_source": "registry",
+        "schema_version": "v2",
+    },
     "stretch-slim": {
         "registry": "docker.io",
         "repo": "anchore/test_images",

diff --git a/.../test_images@sha256:d7efe8ef45def7a7aa6571de3cc5857281b1d7dc5477e7e0cbff6ccb2d5f5f8c.json b/.../test_images@sha256:d7efe8ef45def7a7aa6571de3cc5857281b1d7dc5477e7e0cbff6ccb2d5f5f8c.json
@@ -0,0 +1,31 @@
+{
+	"schemaVersion": 2,
+	"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
+	"config": {
+		"mediaType": "application/vnd.docker.container.image.v1+json",
+		"size": 2086,
+		"digest": "sha256:66799fd8f271518d88d027e7df08a428e17b205a624b18399f51b5fca60d1155"
+	},
+	"layers": [
+		{
+			"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
+			"size": 1032,
+			"digest": "sha256:50d154fea6c198cc6ef3efbe19990bcdb65fc3335928f90a3f4d6683e05ca273"
+		},
+		{
+			"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
+			"size": 1271,
+			"digest": "sha256:980015ae30c35f67f9d44ff6fbf0057a255791ec336272d2266fa7725ee13f9e"
+		},
+		{
+			"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
+			"size": 9331819,
+			"digest": "sha256:f07027bbe83d08e7432d6587b405a675809eb24e308d45f66a1d02bbec2074fd"
+		},
+		{
+			"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
+			"size": 7580902,
+			"digest": "sha256:88788463780d9bfa8b52f6800eb0862fce614097408d7e6e08b284f02bb54916"
+		}
+	]
+}