From 156c081d3e144db117cd8b95567788ec7d5faf0c Mon Sep 17 00:00:00 2001
From: Alex Goodman <wagoodman@users.noreply.github.com>
Date: Fri, 20 Oct 2023 13:34:36 -0400
Subject: [PATCH] Incorporate Syft java detection improvements (#1555)

* incorporate anchore/syft#2220

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* incorporate .net core improvements

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---
 go.mod                                  | 2 +-
 go.sum                                  | 4 ++--
 test/integration/match_by_image_test.go | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/go.mod b/go.mod
index 5c693ebbf97..30d4e794c0f 100644
--- a/go.mod
+++ b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4
 	github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501
 	github.com/anchore/stereoscope v0.0.0-20230925132944-bf05af58eb44
-	github.com/anchore/syft v0.93.0
+	github.com/anchore/syft v0.93.1-0.20231012142518-237cffc1b481
 	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
 	github.com/bmatcuk/doublestar/v2 v2.0.4
 	github.com/charmbracelet/bubbletea v0.24.2
diff --git a/go.sum b/go.sum
index 0b3d5d53227..37afddfa650 100644
--- a/go.sum
+++ b/go.sum
@@ -256,8 +256,8 @@ github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501 h1:AV7qjwM
 github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
 github.com/anchore/stereoscope v0.0.0-20230925132944-bf05af58eb44 h1:dKMvcpgqsRrX1ZWyqG53faVW+BahlaAO1RUEc7/rOjA=
 github.com/anchore/stereoscope v0.0.0-20230925132944-bf05af58eb44/go.mod h1:RtbeDCho0pxkPqrB1QNf/Jlxfc9juLmtYZAf2UbpJfk=
-github.com/anchore/syft v0.93.0 h1:0b4+4Ob6Mmbudp4Gid6JZh7402nQ3sSD5PMi5dFOpDY=
-github.com/anchore/syft v0.93.0/go.mod h1:RuSzHMGKBoiJkeR859moBeOTNnfPref3AloEMSYKDL8=
+github.com/anchore/syft v0.93.1-0.20231012142518-237cffc1b481 h1:EX4uyp6L7PejDOLs5VnZWCvVf1PHO8+3/IWtNzZl77g=
+github.com/anchore/syft v0.93.1-0.20231012142518-237cffc1b481/go.mod h1:5KqNa5BL8xDIVRkiBt5ltu27LrrXEBoHlCifrQfUqgA=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
 github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY=
diff --git a/test/integration/match_by_image_test.go b/test/integration/match_by_image_test.go
index 60ef75800de..95592090320 100644
--- a/test/integration/match_by_image_test.go
+++ b/test/integration/match_by_image_test.go
@@ -168,14 +168,14 @@ func addPythonMatches(t *testing.T, theSource source.Source, catalog *syftPkg.Co
 
 func addDotnetMatches(t *testing.T, theSource source.Source, catalog *syftPkg.Collection, theStore *mockStore, theResult *match.Matches) {
 	packages := catalog.PackagesByPath("/dotnet/TestLibrary.deps.json")
-	if len(packages) != 1 {
+	if len(packages) != 2 { // TestLibrary + AWSSDK.Core
 		for _, p := range packages {
 			t.Logf("Dotnet Package: %s %+v", p.ID(), p)
 		}
 
 		t.Fatalf("problem with upstream syft cataloger (dotnet)")
 	}
-	thePkg := pkg.New(packages[0])
+	thePkg := pkg.New(packages[1])
 	normalizedName := theStore.normalizedPackageNames["github:language:dotnet"][thePkg.Name]
 	theVuln := theStore.backend["github:language:dotnet"][normalizedName][0]
 	vulnObj, err := vulnerability.NewVulnerability(theVuln)