Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Follow convention for naming catalogers #2277

Merged
merged 2 commits into from
Nov 2, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/validations.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,8 @@ jobs:
- name: Restore RPM test-fixture cache
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
with:
path: syft/pkg/cataloger/rpm/test-fixtures/rpms
key: ${{ runner.os }}-unit-rpm-cache-${{ hashFiles( 'syft/pkg/cataloger/rpm/test-fixtures/rpms.fingerprint' ) }}
path: syft/pkg/cataloger/redhat/test-fixtures/rpms
key: ${{ runner.os }}-unit-rpm-cache-${{ hashFiles( 'syft/pkg/cataloger/redhat/test-fixtures/rpms.fingerprint' ) }}

- name: Restore go binary test-fixture cache
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
Expand Down
8 changes: 8 additions & 0 deletions DEVELOPING.md
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,14 @@ From a high level catalogers have the following properties:
- _Packages created by the cataloger should not be mutated after they are created_. There is one exception made for adding CPEs to a package after the cataloging phase, but that will most likely be moved back into the cataloger in the future.


Cataloger names should be unique and named with the following rules of thumb in mind:

- Must end with `-cataloger`
- Use lowercase letters, numbers, and hyphens only
- Use hyphens to separate words
- Catalogers for language ecosystems should start with the language name (e.g. `python-` for a cataloger that raises up python packages)
- Distinct between when the cataloger is searching for evidence of installed packages vs declared packages. For example, there are currently two different gemspec-based catalogers, the `ruby-gemspec-cataloger` and `ruby-installed-gemspec-cataloger`, where the latter requires that the gemspec is found within a `specifications` directory (which means it was installed, not just at the root of a source repo).

#### Building a new Cataloger

Catalogers must fulfill the [`pkg.Cataloger` interface](https://github.com/anchore/syft/tree/v0.70.0/syft/pkg/cataloger.go) in order to add packages to the SBOM.
Expand Down
12 changes: 6 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -494,18 +494,18 @@ platform: ""
# set the list of package catalogers to use when generating the SBOM
# default = empty (cataloger set determined automatically by the source type [image or file/directory])
# catalogers:
# - alpmdb-cataloger
# - alpm-db-cataloger
# - apkdb-cataloger
# - binary-cataloger
# - cargo-auditable-binary-cataloger
# - cocoapods-cataloger
# - conan-cataloger
# - dartlang-lock-cataloger
# - dotnet-deps-cataloger
# - dpkgdb-cataloger
# - dpkg-db-cataloger
# - elixir-mix-lock-cataloger
# - erlang-rebar-lock-cataloger
# - go-mod-file-cataloger
# - go-module-file-cataloger
# - go-module-binary-cataloger
# - graalvm-native-image-cataloger
# - haskell-cataloger
Expand All @@ -519,12 +519,12 @@ platform: ""
# - php-composer-installed-cataloger
# - php-composer-lock-cataloger
# - portage-cataloger
# - python-index-cataloger
# - python-package-cataloger
# - python-installed-package-cataloger
# - rpm-db-cataloger
# - rpm-file-cataloger
# - rpm-archive-cataloger
# - ruby-gemfile-cataloger
# - ruby-gemspec-cataloger
# - ruby-installed-gemspec-cataloger
# - rust-cargo-lock-cataloger
# - sbom-cataloger
# - spm-cataloger
Expand Down
10 changes: 6 additions & 4 deletions Taskfile.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,9 @@ tasks:

unit:
desc: Run unit tests
deps: [tmpdir]
deps:
- tmpdir
- fixtures
vars:
TEST_PKGS:
sh: "go list ./... | grep -v {{ .OWNER }}/{{ .PROJECT }}/test | tr '\n' ' '"
Expand Down Expand Up @@ -261,7 +263,7 @@ tasks:
- syft/pkg/cataloger/binary/test-fixtures/cache.fingerprint
- syft/pkg/cataloger/java/test-fixtures/java-builds/cache.fingerprint
- syft/pkg/cataloger/golang/test-fixtures/archs/binaries.fingerprint
- syft/pkg/cataloger/rpm/test-fixtures/rpms.fingerprint
- syft/pkg/cataloger/redhat/test-fixtures/rpms.fingerprint
- syft/pkg/cataloger/kernel/test-fixtures/cache.fingerprint
- test/install/cache.fingerprint
- test/cli/test-fixtures/cache.fingerprint
Expand All @@ -275,7 +277,7 @@ tasks:
# for GO BINARY test fixtures
- "cd syft/pkg/cataloger/golang/test-fixtures/archs && make binaries.fingerprint"
# for RPM test fixtures
- "cd syft/pkg/cataloger/rpm/test-fixtures && make rpms.fingerprint"
- "cd syft/pkg/cataloger/redhat/test-fixtures && make rpms.fingerprint"
# for Kernel test fixtures
- "cd syft/pkg/cataloger/kernel/test-fixtures && make cache.fingerprint"
# for INSTALL integration test fixtures
Expand All @@ -287,7 +289,7 @@ tasks:
desc: Generate test fixtures
cmds:
- "cd syft/pkg/cataloger/java/test-fixtures/java-builds && make"
- "cd syft/pkg/cataloger/rpm/test-fixtures && make"
- "cd syft/pkg/cataloger/redhat/test-fixtures && make"
- "cd syft/pkg/cataloger/binary/test-fixtures && make"

show-test-image-cache:
Expand Down
2 changes: 1 addition & 1 deletion syft/format/cyclonedxjson/test-fixtures/identify/1.3.json
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
"properties": [
{
"name": "syft:package:foundBy",
"value": "go-mod-file-cataloger"
"value": "go-module-file-cataloger"
},
{
"name": "syft:package:language",
Expand Down
2 changes: 1 addition & 1 deletion syft/format/cyclonedxjson/test-fixtures/identify/1.4.json
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
"properties": [
{
"name": "syft:package:foundBy",
"value": "go-mod-file-cataloger"
"value": "go-module-file-cataloger"
},
{
"name": "syft:package:language",
Expand Down
2 changes: 1 addition & 1 deletion syft/format/cyclonedxjson/test-fixtures/identify/1.5.json
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
"properties": [
{
"name": "syft:package:foundBy",
"value": "go-mod-file-cataloger"
"value": "go-module-file-cataloger"
},
{
"name": "syft:package:language",
Expand Down
2 changes: 1 addition & 1 deletion syft/format/cyclonedxxml/test-fixtures/identify/1.3.xml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
<cpe>cpe:2.3:a:wagoodman:go-partybus:v0.0.0-20230516145632-8ccac152c651:*:*:*:*:*:*:*</cpe>
<purl>pkg:golang/github.com/wagoodman/go-partybus@v0.0.0-20230516145632-8ccac152c651</purl>
<properties>
<property name="syft:package:foundBy">go-mod-file-cataloger</property>
<property name="syft:package:foundBy">go-module-file-cataloger</property>
<property name="syft:package:language">go</property>
<property name="syft:package:metadataType">GolangModMetadata</property>
<property name="syft:package:type">go-module</property>
Expand Down
2 changes: 1 addition & 1 deletion syft/format/cyclonedxxml/test-fixtures/identify/1.4.xml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
<cpe>cpe:2.3:a:wagoodman:go-partybus:v0.0.0-20230516145632-8ccac152c651:*:*:*:*:*:*:*</cpe>
<purl>pkg:golang/github.com/wagoodman/go-partybus@v0.0.0-20230516145632-8ccac152c651</purl>
<properties>
<property name="syft:package:foundBy">go-mod-file-cataloger</property>
<property name="syft:package:foundBy">go-module-file-cataloger</property>
<property name="syft:package:language">go</property>
<property name="syft:package:metadataType">GolangModMetadata</property>
<property name="syft:package:type">go-module</property>
Expand Down
2 changes: 1 addition & 1 deletion syft/format/cyclonedxxml/test-fixtures/identify/1.5.xml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
<cpe>cpe:2.3:a:wagoodman:go-partybus:v0.0.0-20230516145632-8ccac152c651:*:*:*:*:*:*:*</cpe>
<purl>pkg:golang/github.com/wagoodman/go-partybus@v0.0.0-20230516145632-8ccac152c651</purl>
<properties>
<property name="syft:package:foundBy">go-mod-file-cataloger</property>
<property name="syft:package:foundBy">go-module-file-cataloger</property>
<property name="syft:package:language">go</property>
<property name="syft:package:metadataType">GolangModMetadata</property>
<property name="syft:package:type">go-module</property>
Expand Down
2 changes: 1 addition & 1 deletion syft/format/syftjson/test-fixtures/identify/11.0.0.json
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"name": "github.com/wagoodman/go-partybus",
"version": "v0.0.0-20230516145632-8ccac152c651",
"type": "go-module",
"foundBy": "go-mod-file-cataloger",
"foundBy": "go-module-file-cataloger",
"locations": [
{
"path": "/go.mod",
Expand Down
15 changes: 15 additions & 0 deletions syft/pkg/cataloger/alpine/cataloger.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
/*
Package alpine provides a concrete Cataloger implementations for packages relating to the Alpine linux distribution.
*/
package alpine

import (
"github.com/anchore/syft/syft/pkg"
"github.com/anchore/syft/syft/pkg/cataloger/generic"
)

// NewDBCataloger returns a new cataloger object initialized for Alpine package DB flat-file stores.
func NewDBCataloger() *generic.Cataloger {
return generic.NewCataloger("apk-db-cataloger").
WithParserByGlobs(parseApkDB, pkg.ApkDBGlob)
}
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package apkdb
package alpine

import (
"testing"
Expand All @@ -25,7 +25,7 @@ func TestCataloger_Globs(t *testing.T) {
FromDirectory(t, test.fixture).
ExpectsResolverContentQueries(test.expected).
IgnoreUnfulfilledPathResponses("etc/apk/repositories").
TestCataloger(t, NewApkdbCataloger())
TestCataloger(t, NewDBCataloger())
})
}
}
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package apkdb
package alpine

import (
"strings"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package apkdb
package alpine

import (
"strings"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package apkdb
package alpine

import (
"bufio"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package apkdb
package alpine

import (
"io"
Expand Down
14 changes: 0 additions & 14 deletions syft/pkg/cataloger/alpm/cataloger.go

This file was deleted.

17 changes: 0 additions & 17 deletions syft/pkg/cataloger/apkdb/cataloger.go

This file was deleted.

15 changes: 15 additions & 0 deletions syft/pkg/cataloger/arch/cataloger.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
/*
Package arch provides a concrete Cataloger implementations for packages relating to the Arch linux distribution.
*/
package arch

import (
"github.com/anchore/syft/syft/pkg"
"github.com/anchore/syft/syft/pkg/cataloger/generic"
)

// NewDBCataloger returns a new cataloger object initialized for arch linux pacman database flat-file stores.
func NewDBCataloger() *generic.Cataloger {
return generic.NewCataloger("alpm-db-cataloger").
WithParserByGlobs(parseAlpmDB, pkg.AlpmDBGlob)
}
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package alpm
package arch

import (
"testing"
Expand All @@ -18,7 +18,7 @@ func TestAlpmCataloger(t *testing.T) {
Name: "gmp",
Version: "6.2.1-2",
Type: pkg.AlpmPkg,
FoundBy: "alpmdb-cataloger",
FoundBy: "alpm-db-cataloger",
Licenses: pkg.NewLicenseSet(
pkg.NewLicenseFromLocations("LGPL3", dbLocation),
pkg.NewLicenseFromLocations("GPL", dbLocation),
Expand Down Expand Up @@ -177,7 +177,7 @@ func TestAlpmCataloger(t *testing.T) {
FromDirectory(t, "test-fixtures/gmp-fixture").
WithCompareOptions(cmpopts.IgnoreFields(pkg.AlpmFileRecord{}, "Time")).
Expects(expectedPkgs, expectedRelationships).
TestCataloger(t, NewAlpmdbCataloger())
TestCataloger(t, NewDBCataloger())

}

Expand All @@ -203,7 +203,7 @@ func TestCataloger_Globs(t *testing.T) {
FromDirectory(t, test.fixture).
ExpectsResolverContentQueries(test.expected).
IgnoreUnfulfilledPathResponses("var/lib/pacman/local/base-1.0/mtree", "var/lib/pacman/local/dive-0.10.0/mtree").
TestCataloger(t, NewAlpmdbCataloger())
TestCataloger(t, NewDBCataloger())
})
}
}
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package alpm
package arch

import (
"strings"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package alpm
package arch

import (
"testing"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package alpm
package arch

import (
"bufio"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package alpm
package arch

import (
"bufio"
Expand Down
3 changes: 3 additions & 0 deletions syft/pkg/cataloger/binary/cataloger.go
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
/*
Package binary provides a concrete Cataloger implementations for surfacing possible packages based on signatures found within binary files.
*/
package binary

import (
Expand Down
Loading
Loading