feat: add license field to ELF binary package metadata (#2890)

Signed-off-by: Brian Ebarb <ebarb.brian@gmail.com> feat: add License component to elf binary packages Signed-off-by: Brian Ebarb <ebarb.brian@gmail.com> feat: fix elf_package_cataloger test feat: elf package cataloger unit test updates
anchore · Jun 6, 2024 · 5cdc084 · 5cdc084
1 parent baca15f
commit 5cdc084
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 4 deletions.
diff --git a/syft/pkg/cataloger/binary/elf_package.go b/syft/pkg/cataloger/binary/elf_package.go
@@ -6,11 +6,11 @@ import (
 	"github.com/anchore/syft/syft/pkg"
 )
 
-func newELFPackage(metadata elfBinaryPackageNotes, locations file.LocationSet, licenses []pkg.License) pkg.Package {
+func newELFPackage(metadata elfBinaryPackageNotes, locations file.LocationSet) pkg.Package {
 	p := pkg.Package{
 		Name:      metadata.Name,
 		Version:   metadata.Version,
-		Licenses:  pkg.NewLicenseSet(licenses...),
+		Licenses:  pkg.NewLicenseSet(pkg.NewLicense(metadata.License)),
 		PURL:      packageURL(metadata),
 		Type:      pkg.BinaryPkg,
 		Locations: locations,

diff --git a/syft/pkg/cataloger/binary/elf_package_cataloger.go b/syft/pkg/cataloger/binary/elf_package_cataloger.go
@@ -79,7 +79,7 @@ func (c *elfPackageCataloger) Catalog(_ context.Context, resolver file.Resolver)
 		}
 
 		// create a package for each unique name/version pair (based on the first note found)
-		pkgs = append(pkgs, newELFPackage(notes[0], noteLocations, nil))
+		pkgs = append(pkgs, newELFPackage(notes[0], noteLocations))
 	}
 
 	// why not return relationships? We have an executable cataloger that will note the dynamic libraries imported by

diff --git a/syft/pkg/cataloger/binary/elf_package_cataloger_test.go b/syft/pkg/cataloger/binary/elf_package_cataloger_test.go
@@ -20,6 +20,10 @@ func Test_ELF_Package_Cataloger(t *testing.T) {
 				file.NewVirtualLocation("/usr/local/bin/elftests/elfbinwithsisterlib/lib/libhello_world.so", "/usr/local/bin/elftests/elfbinwithsisterlib/lib/libhello_world.so"),
 				file.NewVirtualLocation("/usr/local/bin/elftests/elfbinwithsisterlib/lib/libhello_world2.so", "/usr/local/bin/elftests/elfbinwithsisterlib/lib/libhello_world2.so"),
 			),
+			Licenses: pkg.NewLicenseSet(
+				pkg.License{Value: "MIT", SPDXExpression: "MIT", Type: "declared"},
+			),
+
 			Language: "",
 			Type:     pkg.BinaryPkg,
 			Metadata: pkg.ELFBinaryPackageNoteJSONPayload{
@@ -40,6 +44,9 @@ func Test_ELF_Package_Cataloger(t *testing.T) {
 				file.NewLocation("/usr/local/bin/elftests/elfbinwithsisterlib/bin/elfwithparallellibbin1").WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
 				file.NewLocation("/usr/local/bin/elftests/elfbinwithsisterlib/bin/elfwithparallellibbin2").WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
 			),
+			Licenses: pkg.NewLicenseSet(
+				pkg.License{Value: "MIT", SPDXExpression: "MIT", Type: "declared"},
+			),
 			Language: "",
 			Type:     pkg.BinaryPkg,
 			Metadata: pkg.ELFBinaryPackageNoteJSONPayload{

diff --git a/syft/pkg/cataloger/binary/elf_package_test.go b/syft/pkg/cataloger/binary/elf_package_test.go
@@ -82,7 +82,7 @@ func Test_newELFPackage(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			actual := newELFPackage(test.metadata, file.NewLocationSet(), nil)
+			actual := newELFPackage(test.metadata, file.NewLocationSet())
 			if diff := cmp.Diff(test.expected, actual, cmpopts.IgnoreFields(pkg.Package{}, "id"), cmpopts.IgnoreUnexported(pkg.Package{}, file.LocationSet{}, pkg.LicenseSet{})); diff != "" {
 				t.Errorf("newELFPackage() mismatch (-want +got):\n%s", diff)
 			}