From c57ad3793a5f725c44c03a09b429139178fe1cbb Mon Sep 17 00:00:00 2001 From: Keith Zantow Date: Thu, 3 Aug 2023 18:42:55 -0400 Subject: [PATCH] fix: gradle lockfile parser groupId handling Signed-off-by: Keith Zantow --- .../cataloger/java/parse_gradle_lockfile.go | 9 +++++++++ .../java/parse_gradle_lockfile_test.go | 19 +++++++++++++++++++ .../java/test-fixtures/gradle/gradle.lockfile | 1 + 3 files changed, 29 insertions(+) diff --git a/syft/pkg/cataloger/java/parse_gradle_lockfile.go b/syft/pkg/cataloger/java/parse_gradle_lockfile.go index 65adf7aebb2..3506b44be3a 100644 --- a/syft/pkg/cataloger/java/parse_gradle_lockfile.go +++ b/syft/pkg/cataloger/java/parse_gradle_lockfile.go @@ -57,7 +57,16 @@ func parseGradleLockfile(_ file.Resolver, _ *generic.Environment, reader file.Lo Language: pkg.Java, Type: pkg.JavaPkg, MetadataType: pkg.JavaMetadataType, + Metadata: pkg.JavaMetadata{ + PomProject: &pkg.PomProject{ + GroupID: dep.Group, + ArtifactID: dep.Name, + Version: dep.Version, + Name: dep.Name, + }, + }, } + mappedPkg.SetID() pkgs = append(pkgs, mappedPkg) } diff --git a/syft/pkg/cataloger/java/parse_gradle_lockfile_test.go b/syft/pkg/cataloger/java/parse_gradle_lockfile_test.go index babc3d3e558..f73dbc70aee 100644 --- a/syft/pkg/cataloger/java/parse_gradle_lockfile_test.go +++ b/syft/pkg/cataloger/java/parse_gradle_lockfile_test.go @@ -16,12 +16,25 @@ func Test_parserGradleLockfile(t *testing.T) { { input: "test-fixtures/gradle/gradle.lockfile", expected: []pkg.Package{ + { + Name: "commons-text", + Version: "1.8", + Language: pkg.Java, + Type: pkg.JavaPkg, + MetadataType: pkg.JavaMetadataType, + Metadata: pkg.JavaMetadata{ + PomProject: &pkg.PomProject{GroupID: "org.apache.commons", ArtifactID: "commons-text", Version: "1.8", Name: "commons-text"}, + }, + }, { Name: "hamcrest-core", Version: "1.3", Language: pkg.Java, Type: pkg.JavaPkg, MetadataType: pkg.JavaMetadataType, + Metadata: pkg.JavaMetadata{ + PomProject: &pkg.PomProject{GroupID: "org.hamcrest", ArtifactID: "hamcrest-core", Version: "1.3", Name: "hamcrest-core"}, + }, }, { Name: "joda-time", @@ -29,6 +42,9 @@ func Test_parserGradleLockfile(t *testing.T) { Language: pkg.Java, Type: pkg.JavaPkg, MetadataType: pkg.JavaMetadataType, + Metadata: pkg.JavaMetadata{ + PomProject: &pkg.PomProject{GroupID: "joda-time", ArtifactID: "joda-time", Version: "2.2", Name: "joda-time"}, + }, }, { Name: "junit", @@ -36,6 +52,9 @@ func Test_parserGradleLockfile(t *testing.T) { Language: pkg.Java, Type: pkg.JavaPkg, MetadataType: pkg.JavaMetadataType, + Metadata: pkg.JavaMetadata{ + PomProject: &pkg.PomProject{GroupID: "junit", ArtifactID: "junit", Version: "4.12", Name: "junit"}, + }, }, }, }, diff --git a/syft/pkg/cataloger/java/test-fixtures/gradle/gradle.lockfile b/syft/pkg/cataloger/java/test-fixtures/gradle/gradle.lockfile index b6edb43b980..34f88f36234 100644 --- a/syft/pkg/cataloger/java/test-fixtures/gradle/gradle.lockfile +++ b/syft/pkg/cataloger/java/test-fixtures/gradle/gradle.lockfile @@ -5,3 +5,4 @@ joda-time:joda-time:2.2=compileClasspath,runtimeClasspath,testCompileClasspath,t junit:junit:4.12=testCompileClasspath,testRuntimeClasspath org.hamcrest:hamcrest-core:1.3=testCompileClasspath,testRuntimeClasspath empty=annotationProcessor,testAnnotationProcessor +org.apache.commons:commons-text:1.8=compileClasspath \ No newline at end of file