Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: correct group IDs for commons-codec, okhttp, okio, and add integration tests for Java PURL generation #2075

Merged
merged 6 commits into from
Aug 31, 2023
Merged

fix: correct group IDs for commons-codec, okhttp, okio, and add integration tests for Java PURL generation #2075

merged 6 commits into from
Aug 31, 2023

Conversation

willmurphyscode
Copy link
Contributor

Future commits can hand fix PURLs made for particular packages, and then the map literal here can be edited.

willmurphyscode
willmurphyscode commented Aug 29, 2023
View reviewed changes
test/integration/java_purl_test.go Outdated
}
}

func getCatalog(t *testing.T, image string) sbom.SBOM {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO: this should be converted to use the normal test fixture mechanism.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Dockerfile in question is here: https://github.com/anchore/test-images/blob/main/containers/java/Dockerfile

I can probably just copy it into a test fixture.

willmurphyscode
willmurphyscode commented Aug 29, 2023
View reviewed changes
test/integration/java_purl_test.go Outdated
"classworlds@1.1": "pkg:maven/org.codehaus.classworlds/classworlds@1.1",
"cli@1.390": "pkg:maven/org.jvnet.hudson.main/cli@1.390",
"commons-beanutils@1.8.0": "pkg:maven/commons-beanutils/commons-beanutils@1.8.0",
"commons-codec@1.2": "pkg:maven/org.apache.commons.codec.*/commons-codec@1.2",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO: pkg:maven/org.apache.commons.codec.*/commons-codec@1.2 is wrong.

@github-actions
Copy link

github-actions bot commented Aug 29, 2023
edited

Benchmark Test Results

Benchmark results from the latest changes vs base branch 
goos: linux%0Agoarch: amd64%0Apkg: github.com/anchore/syft/test/integration%0Acpu: Intel(R) Xeon(R) Platinum 8171M CPU @ 2.60GHz%0A                                                              │ ./.tmp/benchmark-fea5675.txt │%0A                                                              │            sec/op            │%0AImagePackageCatalogers/alpmdb-cataloger-2                                       16.04m ±  2%25%0AImagePackageCatalogers/apkdb-cataloger-2                                        917.0µ ±  3%25%0AImagePackageCatalogers/binary-cataloger-2                                       260.3µ ±  4%25%0AImagePackageCatalogers/dpkgdb-cataloger-2                                       746.7µ ±  3%25%0AImagePackageCatalogers/dotnet-portable-executable-cataloger-2                   26.93µ ±  2%25%0AImagePackageCatalogers/go-module-binary-cataloger-2                             114.3µ ±  2%25%0AImagePackageCatalogers/java-cataloger-2                                         27.08m ±  5%25%0AImagePackageCatalogers/graalvm-native-image-cataloger-2                         114.1µ ± 14%25%0AImagePackageCatalogers/javascript-package-cataloger-2                           479.6µ ±  2%25%0AImagePackageCatalogers/nix-store-cataloger-2                                    345.3µ ±  1%25%0AImagePackageCatalogers/php-composer-installed-cataloger-2                       966.2µ ±  5%25%0AImagePackageCatalogers/portage-cataloger-2                                      608.4µ ±  2%25%0AImagePackageCatalogers/python-package-cataloger-2                               4.257m ±  7%25%0AImagePackageCatalogers/r-package-cataloger-2                                    250.5µ ±  4%25%0AImagePackageCatalogers/rpm-db-cataloger-2                                       678.3µ ±  2%25%0AImagePackageCatalogers/ruby-gemspec-cataloger-2                                 1.166m ±  3%25%0AImagePackageCatalogers/sbom-cataloger-2                                         147.0µ ±  1%25%0Ageomean                                                                         623.8µ%0A%0A                                                              │ ./.tmp/benchmark-fea5675.txt │%0A                                                              │             B/op             │%0AImagePackageCatalogers/alpmdb-cataloger-2                                       5.133Mi ± 0%25%0AImagePackageCatalogers/apkdb-cataloger-2                                        184.5Ki ± 0%25%0AImagePackageCatalogers/binary-cataloger-2                                       30.78Ki ± 0%25%0AImagePackageCatalogers/dpkgdb-cataloger-2                                       141.4Ki ± 0%25%0AImagePackageCatalogers/dotnet-portable-executable-cataloger-2                   3.695Ki ± 0%25%0AImagePackageCatalogers/go-module-binary-cataloger-2                             9.891Ki ± 0%25%0AImagePackageCatalogers/java-cataloger-2                                         3.388Mi ± 0%25%0AImagePackageCatalogers/graalvm-native-image-cataloger-2                         8.594Ki ± 0%25%0AImagePackageCatalogers/javascript-package-cataloger-2                           83.81Ki ± 0%25%0AImagePackageCatalogers/nix-store-cataloger-2                                    38.94Ki ± 0%25%0AImagePackageCatalogers/php-composer-installed-cataloger-2                       155.4Ki ± 0%25%0AImagePackageCatalogers/portage-cataloger-2                                      109.8Ki ± 0%25%0AImagePackageCatalogers/python-package-cataloger-2                               986.1Ki ± 0%25%0AImagePackageCatalogers/r-package-cataloger-2                                    42.90Ki ± 0%25%0AImagePackageCatalogers/rpm-db-cataloger-2                                       170.9Ki ± 0%25%0AImagePackageCatalogers/ruby-gemspec-cataloger-2                                 123.3Ki ± 0%25%0AImagePackageCatalogers/sbom-cataloger-2                                         14.20Ki ± 0%25%0Ageomean                                                                         93.58Ki%0A%0A                                                              │ ./.tmp/benchmark-fea5675.txt │%0A                                                              │          allocs/op           │%0AImagePackageCatalogers/alpmdb-cataloger-2                                        88.06k ± 0%25%0AImagePackageCatalogers/apkdb-cataloger-2                                         4.034k ± 0%25%0AImagePackageCatalogers/binary-cataloger-2                                         866.0 ± 0%25%0AImagePackageCatalogers/dpkgdb-cataloger-2                                        2.911k ± 0%25%0AImagePackageCatalogers/dotnet-portable-executable-cataloger-2                     132.0 ± 0%25%0AImagePackageCatalogers/go-module-binary-cataloger-2                               280.0 ± 0%25%0AImagePackageCatalogers/java-cataloger-2                                          44.28k ± 0%25%0AImagePackageCatalogers/graalvm-native-image-cataloger-2                           228.0 ± 0%25%0AImagePackageCatalogers/javascript-package-cataloger-2                            1.264k ± 0%25%0AImagePackageCatalogers/nix-store-cataloger-2                                      820.0 ± 0%25%0AImagePackageCatalogers/php-composer-installed-cataloger-2                        3.845k ± 0%25%0AImagePackageCatalogers/portage-cataloger-2                                       2.194k ± 0%25%0AImagePackageCatalogers/python-package-cataloger-2                                16.13k ± 0%25%0AImagePackageCatalogers/r-package-cataloger-2                                      851.0 ± 0%25%0AImagePackageCatalogers/rpm-db-cataloger-2                                        3.914k ± 0%25%0AImagePackageCatalogers/ruby-gemspec-cataloger-2                                  2.291k ± 0%25%0AImagePackageCatalogers/sbom-cataloger-2                                           394.0 ± 0%25%0Ageomean                                                                          2.009k

@willmurphyscode willmurphyscode changed the title Commit java purl generation test as is fix: correct group IDs for commons-codec, okhttp, okio, and add integration tests for Java PURL generation Aug 29, 2023
@willmurphyscode willmurphyscode marked this pull request as ready for review August 29, 2023 17:17
willmurphyscode
willmurphyscode commented Aug 29, 2023
View reviewed changes
test/integration/test-fixtures/image-test-java-purls/Dockerfile Outdated
@@ -0,0 +1 @@
FROM anchore/test_images:java-56d52bc
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a bit of a hacky way to bring the test fixture into syft. Let me know if it's better to do something else, but I like that this pins the artifact.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is the right approach, but should we also use a digest too?

@willmurphyscode
Commit java purl generation test as is
9d21552 
Future commits can hand fix PURLs made for particular packages, and then
the map literal here can be edited.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
@willmurphyscode
switch to admittedly hacky test fixture
e056368 
Signed-off-by: Will Murphy <will.murphy@anchore.com>
@willmurphyscode
add failing cases from weston
8dd1227 
Signed-off-by: Will Murphy <will.murphy@anchore.com>
@willmurphyscode
Fix some of the bad group IDs.
06de2a1 
Signed-off-by: Will Murphy <will.murphy@anchore.com>
@willmurphyscode
remove spurious hudson purl
cb76675 
Signed-off-by: Will Murphy <will.murphy@anchore.com>
@willmurphyscode
pin test image to manifest
86e6941 
Signed-off-by: Will Murphy <will.murphy@anchore.com>
@willmurphyscode willmurphyscode added the bug Something isn't working label Aug 31, 2023
@willmurphyscode willmurphyscode merged commit 007b034 into main Aug 31, 2023
9 checks passed
@willmurphyscode willmurphyscode deleted the fix-purl-tests branch August 31, 2023 20:57
@willmurphyscode willmurphyscode mentioned this pull request Sep 5, 2023
Closed
@chenrui333 chenrui333 mentioned this pull request Sep 11, 2023
Merged
This was referenced Sep 12, 2023
Closed
Closed
Open
@spiffcs spiffcs mentioned this pull request Sep 12, 2023
Closed
This was referenced Sep 18, 2023
Open
Closed
Closed
@dependabot dependabot bot mentioned this pull request Sep 25, 2023
Open
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@willmurphyscode
fix: correct group IDs for commons-codec, okhttp, okio, and add integ…
d9645f2 
…ration tests for Java PURL generation (anchore#2075)

Add overall integration test for java PURL detection.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@willmurphyscode @wagoodman