feat: add license field to ELF binary package metadata

Signed-off-by: Brian Ebarb <ebarb.brian@gmail.com> feat: add License component to elf binary packages Signed-off-by: Brian Ebarb <ebarb.brian@gmail.com> feat: fix elf_package_cataloger test feat: elf package cataloger unit test updates
anchore · Jun 6, 2024 · 95447c5 · 95447c5
1 parent 2d318cf
commit 95447c5
Show file tree

Hide file tree

Showing 5 changed files with 76 additions and 5 deletions.
diff --git a/schema/json/schema-latest.json b/schema/json/schema-latest.json
@@ -1,6 +1,6 @@
 {
   "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "anchore.io/schema/syft/json/16.0.9/document",
+  "$id": "anchore.io/schema/syft/json/16.0.12/document",
   "$ref": "#/$defs/Document",
   "$defs": {
     "AlpmDbEntry": {
@@ -870,6 +870,12 @@
             "type": "string"
           },
           "type": "array"
+        },
+        "goExperiments": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object",
@@ -1342,6 +1348,46 @@
         "accessPath"
       ]
     },
+    "LuarocksPackage": {
+      "properties": {
+        "name": {
+          "type": "string"
+        },
+        "version": {
+          "type": "string"
+        },
+        "license": {
+          "type": "string"
+        },
+        "homepage": {
+          "type": "string"
+        },
+        "description": {
+          "type": "string"
+        },
+        "url": {
+          "type": "string"
+        },
+        "dependencies": {
+          "patternProperties": {
+            ".*": {
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object",
+      "required": [
+        "name",
+        "version",
+        "license",
+        "homepage",
+        "description",
+        "url",
+        "dependencies"
+      ]
+    },
     "MicrosoftKbPatch": {
       "properties": {
         "product_id": {
@@ -1496,6 +1542,9 @@
             {
               "$ref": "#/$defs/LinuxKernelModule"
             },
+            {
+              "$ref": "#/$defs/LuarocksPackage"
+            },
             {
               "$ref": "#/$defs/MicrosoftKbPatch"
             },
@@ -1930,6 +1979,21 @@
         },
         "directUrlOrigin": {
           "$ref": "#/$defs/PythonDirectURLOriginInfo"
+        },
+        "requiresPython": {
+          "type": "string"
+        },
+        "requiresDist": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "providesExtra": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object",

diff --git a/syft/pkg/cataloger/binary/elf_package.go b/syft/pkg/cataloger/binary/elf_package.go
@@ -6,11 +6,11 @@ import (
 	"github.com/anchore/syft/syft/pkg"
 )
 
-func newELFPackage(metadata elfBinaryPackageNotes, locations file.LocationSet, licenses []pkg.License) pkg.Package {
+func newELFPackage(metadata elfBinaryPackageNotes, locations file.LocationSet) pkg.Package {
 	p := pkg.Package{
 		Name:      metadata.Name,
 		Version:   metadata.Version,
-		Licenses:  pkg.NewLicenseSet(licenses...),
+		Licenses:  pkg.NewLicenseSet(pkg.NewLicense(metadata.License)),
 		PURL:      packageURL(metadata),
 		Type:      pkg.BinaryPkg,
 		Locations: locations,

diff --git a/syft/pkg/cataloger/binary/elf_package_cataloger.go b/syft/pkg/cataloger/binary/elf_package_cataloger.go
@@ -79,7 +79,7 @@ func (c *elfPackageCataloger) Catalog(_ context.Context, resolver file.Resolver)
 		}
 
 		// create a package for each unique name/version pair (based on the first note found)
-		pkgs = append(pkgs, newELFPackage(notes[0], noteLocations, nil))
+		pkgs = append(pkgs, newELFPackage(notes[0], noteLocations))
 	}
 
 	// why not return relationships? We have an executable cataloger that will note the dynamic libraries imported by

diff --git a/syft/pkg/cataloger/binary/elf_package_cataloger_test.go b/syft/pkg/cataloger/binary/elf_package_cataloger_test.go
@@ -20,6 +20,10 @@ func Test_ELF_Package_Cataloger(t *testing.T) {
 				file.NewVirtualLocation("/usr/local/bin/elftests/elfbinwithsisterlib/lib/libhello_world.so", "/usr/local/bin/elftests/elfbinwithsisterlib/lib/libhello_world.so"),
 				file.NewVirtualLocation("/usr/local/bin/elftests/elfbinwithsisterlib/lib/libhello_world2.so", "/usr/local/bin/elftests/elfbinwithsisterlib/lib/libhello_world2.so"),
 			),
+			Licenses: pkg.NewLicenseSet(
+				pkg.License{Value: "MIT", SPDXExpression: "MIT", Type: "declared"},
+			),
+
 			Language: "",
 			Type:     pkg.BinaryPkg,
 			Metadata: pkg.ELFBinaryPackageNoteJSONPayload{
@@ -40,6 +44,9 @@ func Test_ELF_Package_Cataloger(t *testing.T) {
 				file.NewLocation("/usr/local/bin/elftests/elfbinwithsisterlib/bin/elfwithparallellibbin1").WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
 				file.NewLocation("/usr/local/bin/elftests/elfbinwithsisterlib/bin/elfwithparallellibbin2").WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
 			),
+			Licenses: pkg.NewLicenseSet(
+				pkg.License{Value: "MIT", SPDXExpression: "MIT", Type: "declared"},
+			),
 			Language: "",
 			Type:     pkg.BinaryPkg,
 			Metadata: pkg.ELFBinaryPackageNoteJSONPayload{

diff --git a/syft/pkg/cataloger/binary/elf_package_test.go b/syft/pkg/cataloger/binary/elf_package_test.go
@@ -82,7 +82,7 @@ func Test_newELFPackage(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			actual := newELFPackage(test.metadata, file.NewLocationSet(), nil)
+			actual := newELFPackage(test.metadata, file.NewLocationSet())
 			if diff := cmp.Diff(test.expected, actual, cmpopts.IgnoreFields(pkg.Package{}, "id"), cmpopts.IgnoreUnexported(pkg.Package{}, file.LocationSet{}, pkg.LicenseSet{})); diff != "" {
 				t.Errorf("newELFPackage() mismatch (-want +got):\n%s", diff)
 			}