Skip to content

Commit

Permalink
Update the CPE generation for spring-security-core (#1789)
Browse files Browse the repository at this point in the history 
* Update the CPE generation for spring-security-core
* Add vendor test for spring-security

Signed-off-by: Josh Bressers <josh@bress.net>

---------

Signed-off-by: Josh Bressers <josh@bress.net>
  • Loading branch information
@joshbressers @spiffcs
joshbressers authored and spiffcs committed May 10, 2023
1 parent 54e99ef commit 2d8648b
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 0 deletions.
6 changes: 6 additions & 0 deletions syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,12 @@ var defaultCandidateAdditions = buildCandidateLookup(
candidateKey{PkgName: "spring-core"},
candidateAddition{AdditionalProducts: []string{"spring_framework", "springsource_spring_framework"}, AdditionalVendors: []string{"pivotal_software", "springsource", "vmware"}},
},
{
// example image: docker.io/jenkins/jenkins:latest
pkg.JavaPkg,
candidateKey{PkgName: "spring-security-core"},
candidateAddition{AdditionalProducts: []string{"spring_security"}, AdditionalVendors: []string{"vmware"}},
},
{
// example image: docker.io/nuxeo:latest
pkg.JavaPkg,
Expand Down
16 changes: 16 additions & 0 deletions syft/pkg/cataloger/common/cpe/generate_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -768,6 +768,14 @@ func TestCandidateProducts(t *testing.T) {
},
expected: []string{"spring_framework", "springsource_spring_framework" /* <-- known good names | default guess --> */, "springframework"},
},
{
name: "spring-security-core",
p: pkg.Package{
Name: "spring-security-core",
Type: pkg.JavaPkg,
},
expected: []string{"spring-security-core", "spring_security", "spring_security_core"},
},
{
name: "java",
p: pkg.Package{
Expand Down Expand Up @@ -857,6 +865,14 @@ func TestCandidateVendor(t *testing.T) {
},
expected: []string{"elastic" /* <-- known good names | default guess --> */, "elasticsearch"},
},
{
name: "spring-security",
p: pkg.Package{
Name: "spring-security-core",
Type: pkg.JavaPkg,
},
expected: []string{"vmware" /* <-- known good names | default guess --> */, "spring", "spring-security", "spring-security-core", "spring_security_core", "spring_security"},
},
{
name: "log4j",
p: pkg.Package{
Expand Down

0 comments on commit 2d8648b

Please sign in to comment.