Merge pull request #152 from anchore/fix-json-keys

Change kebab case to camelCase
2024-11-10 06:34:13 +00:00 · 2020-09-21 08:17:32 -07:00 · 2020-09-21 08:17:32 -07:00 · 2c1ddbecc4
commit 2c1ddbecc4
parent ca8ac613e0 cb437b6721
7 changed files with 51 additions and 34 deletions
--- a/.bouncer.yaml
+++ b/.bouncer.yaml
@ -3,4 +3,7 @@ permit:
  - MIT.*
  - Apache.*
  - MPL.*
-  - ISC
+  - ISC
+ignore-packages:
+  # packageurl-go is released under the MIT license located in the root of the repo at /mit.LICENSE
+  - github.com/package-url/packageurl-go
--- a/go.mod
+++ b/go.mod
@ -8,7 +8,7 @@ require (
 	github.com/anchore/go-version v1.2.2-0.20200810141238-330bef18dbca
 	github.com/anchore/grype-db v0.0.0-20200909132108-9474dd8f080f
 	github.com/anchore/stereoscope v0.0.0-20200813152757-548b22c8a0b3
-	github.com/anchore/syft v0.1.0-beta.4.0.20200827121056-d85d0ac418a7
+	github.com/anchore/syft v0.1.0-beta.4.0.20200918175440-45b5cab49a8a
 	github.com/docker/docker v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible
 	github.com/dustin/go-humanize v1.0.0
 	github.com/facebookincubator/nvdtools v0.1.4-0.20200622182922-aed862a62ae6
--- a/go.sum
+++ b/go.sum
@ -129,6 +129,8 @@ github.com/anchore/stereoscope v0.0.0-20200813152757-548b22c8a0b3 h1:pl+txuYlhK8
 github.com/anchore/stereoscope v0.0.0-20200813152757-548b22c8a0b3/go.mod h1:WntReQTI/I27FOQ87UgLVVzWgku6+ZsqfOTLxpIZFCs=
 github.com/anchore/syft v0.1.0-beta.4.0.20200827121056-d85d0ac418a7 h1:mK3orcgTjK1YPWaYKUDbrDq1CFmBT5dQFq0a0w1zq3s=
 github.com/anchore/syft v0.1.0-beta.4.0.20200827121056-d85d0ac418a7/go.mod h1:zy2x5Z9URqzmLdWHENTGxcsap7HoLisEsekOv5lr0Us=
+github.com/anchore/syft v0.1.0-beta.4.0.20200918175440-45b5cab49a8a h1:iuq3OFYmGlkG7/zaNNLD25vnScCe4jLjeSSTFRZYiyA=
+github.com/anchore/syft v0.1.0-beta.4.0.20200918175440-45b5cab49a8a/go.mod h1:Ne9mXL2d8LPldZxB1IQ6zM+VzG53tzwrInw1UMKVKbU=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/cascadia v1.1.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y=
@ -650,6 +652,8 @@ github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5X
 github.com/opencontainers/runc v0.1.1 h1:GlxAyO6x8rfZYN9Tt0Kti5a/cP41iuiO2yYT0IJGY8Y=
 github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/package-url/packageurl-go v0.1.0 h1:efWBc98O/dBZRg1pw2xiDzovnlMjCa9NPnfaiBduh8I=
+github.com/package-url/packageurl-go v0.1.0/go.mod h1:C/ApiuWpmbpni4DIOECf6WCjFUZV7O1Fx7VAzrZHgBw=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
--- a/grype/presenter/json/presenter.go
+++ b/grype/presenter/json/presenter.go
@ -34,15 +34,15 @@ func NewPresenter(results match.Matches, catalog *pkg.Catalog, theScope scope.Sc
 // Finding is a single item for the JSON array reported
 type Finding struct {
 	Vulnerability Vulnerability     `json:"vulnerability"`
-	MatchDetails  MatchDetails      `json:"match-details"`
+	MatchDetails  MatchDetails      `json:"matchDetails"`
 	Artifact      syftJson.Artifact `json:"artifact"`
 }

 // MatchDetails contains all data that indicates how the result match was found
 type MatchDetails struct {
 	Matcher   string                 `json:"matcher"`
-	SearchKey map[string]interface{} `json:"search-key"`
-	MatchInfo map[string]interface{} `json:"matched-on"`
+	SearchKey map[string]interface{} `json:"searchKey"`
+	MatchInfo map[string]interface{} `json:"matchedOn"`
 }

 // Present creates a JSON-based reporting
--- a/grype/presenter/json/test-fixtures/snapshot/TestJsonPresenter.golden
+++ b/grype/presenter/json/test-fixtures/snapshot/TestJsonPresenter.golden
@ -3,21 +3,21 @@
  "vulnerability": {
   "id": "CVE-1999-0001",
   "description": "1999-01 description",
-   "cvss-v3": {
-    "base-score": 4,
+   "cvssV3": {
+    "baseScore": 4,
    "vector": "another vector"
   },
-   "fixed-in-version": "the-next-version"
+   "fixedInVersion": "the-next-version"
  },
-  "match-details": {
+  "matchDetails": {
   "matcher": "dpkg-matcher",
-   "search-key": {
+   "searchKey": {
    "distro": {
     "type": "ubuntu",
     "version": "20.04"
    }
   },
-   "matched-on": {
+   "matchedOn": {
    "constraint": ">= 20"
   }
  },
@ -25,13 +25,13 @@
   "name": "package-1",
   "version": "1.0.1",
   "type": "deb",
-   "found-by": [
+   "foundBy": [
    "the-cataloger-1"
   ],
   "locations": [
    {
     "path": "/somefile-1.txt",
-     "layer-index": 0
+     "layerIndex": 0
    }
   ]
  }
@ -40,19 +40,19 @@
  "vulnerability": {
   "id": "CVE-1999-0002",
   "description": "1999-02 description",
-   "cvss-v2": {
-    "base-score": 1,
-    "exploitability-score": 2,
-    "impact-score": 3,
+   "cvssV2": {
+    "baseScore": 1,
+    "exploitabilityScore": 2,
+    "impactScore": 3,
    "vector": "vector"
   }
  },
-  "match-details": {
+  "matchDetails": {
   "matcher": "dpkg-matcher",
-   "search-key": {
+   "searchKey": {
    "cpe": "somecpe"
   },
-   "matched-on": {
+   "matchedOn": {
    "constraint": "somecpe"
   }
  },
@ -60,13 +60,13 @@
   "name": "package-1",
   "version": "1.0.1",
   "type": "deb",
-   "found-by": [
+   "foundBy": [
    "the-cataloger-1"
   ],
   "locations": [
    {
     "path": "/somefile-1.txt",
-     "layer-index": 0
+     "layerIndex": 0
    }
   ]
  }
@ -75,14 +75,14 @@
  "vulnerability": {
   "id": "CVE-1999-0003",
   "description": "1999-03 description",
-   "fixed-in-version": "the-other-next-version"
+   "fixedInVersion": "the-other-next-version"
  },
-  "match-details": {
+  "matchDetails": {
   "matcher": "dpkg-matcher",
-   "search-key": {
+   "searchKey": {
    "language": "java"
   },
-   "matched-on": {
+   "matchedOn": {
    "constraint": "< 2.0.0"
   }
  },
@ -90,13 +90,13 @@
   "name": "package-1",
   "version": "1.0.1",
   "type": "deb",
-   "found-by": [
+   "foundBy": [
    "the-cataloger-1"
   ],
   "locations": [
    {
     "path": "/somefile-1.txt",
-     "layer-index": 0
+     "layerIndex": 0
    }
   ]
  }
--- a/grype/presenter/json/vulnerability.go
+++ b/grype/presenter/json/vulnerability.go
@ -6,9 +6,9 @@ import (
 )

 type Cvss struct {
-	BaseScore           float64  `json:"base-score"`
-	ExploitabilityScore *float64 `json:"exploitability-score,omitempty"`
-	ImpactScore         *float64 `json:"impact-score,omitempty"`
+	BaseScore           float64  `json:"baseScore"`
+	ExploitabilityScore *float64 `json:"exploitabilityScore,omitempty"`
+	ImpactScore         *float64 `json:"impactScore,omitempty"`
 	Vector              string   `json:"vector"`
 }

@ -17,9 +17,9 @@ type Vulnerability struct {
 	Severity       string   `json:"severity,omitempty"`
 	Links          []string `json:"links,omitempty"`
 	Description    string   `json:"description,omitempty"`
-	CvssV2         *Cvss    `json:"cvss-v2,omitempty"`
-	CvssV3         *Cvss    `json:"cvss-v3,omitempty"`
-	FixedInVersion string   `json:"fixed-in-version,omitempty"`
+	CvssV2         *Cvss    `json:"cvssV2,omitempty"`
+	CvssV3         *Cvss    `json:"cvssV3,omitempty"`
+	FixedInVersion string   `json:"fixedInVersion,omitempty"`
 }

 func NewVulnerability(m match.Match, metadata *vulnerability.Metadata) Vulnerability {
--- a/grype/vulnerability/namespace_test.go
+++ b/grype/vulnerability/namespace_test.go
@ -59,6 +59,16 @@ func TestDistroNamespace_AllDistros(t *testing.T) {
 			version:  "18.04",
 			expected: "ubuntu:18.04",
 		},
+		{
+			dist:     distro.ArchLinux,
+			version:  "", // ArchLinux doesn't expose a version
+			expected: "archlinux:",
+		},
+		{
+			dist:     distro.OpenSuseLeap,
+			version:  "15.2",
+			expected: "opensuse-leap:15.2",
+		},
 	}

 	for _, test := range tests {