update python and javascript catalogers

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/anchore/go-version v1.2.2-0.20200810141238-330bef18dbca
 	github.com/anchore/grype-db v0.0.0-20200929200644-6d1c82acc95e
 	github.com/anchore/stereoscope v0.0.0-20200925184903-c82da54e98fe
-	github.com/anchore/syft v0.3.1-0.20201016212214-bb14f3b45b3e
+	github.com/anchore/syft v0.4.0
 	github.com/docker/docker v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible
 	github.com/dustin/go-humanize v1.0.0
 	github.com/facebookincubator/nvdtools v0.1.4-0.20200622182922-aed862a62ae6

go.sum

@@ -121,26 +121,12 @@ github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b h1:e1bmaoJfZV
 github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
 github.com/anchore/go-version v1.2.2-0.20200810141238-330bef18dbca h1:rLyc7Rih769rYABQe4nBPt3jHJd/snBuVvKKGoy5HEc=
 github.com/anchore/go-version v1.2.2-0.20200810141238-330bef18dbca/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
-github.com/anchore/grype-db v0.0.0-20200909132108-9474dd8f080f h1:/6h4PkxPn0VQ3EjvTKfiPHdpI1TYqRMMywatd81HX3Y=
-github.com/anchore/grype-db v0.0.0-20200909132108-9474dd8f080f/go.mod h1:LINmipRzG88vnJEWvgMMDVCFH1qZsj7+bjmpERlSyaA=
 github.com/anchore/grype-db v0.0.0-20200929200644-6d1c82acc95e h1:s0HmxxDuJyvgGBXmNBZwuXLLFSUfBmS9+/Rz1L58Bz0=
 github.com/anchore/grype-db v0.0.0-20200929200644-6d1c82acc95e/go.mod h1:LINmipRzG88vnJEWvgMMDVCFH1qZsj7+bjmpERlSyaA=
 github.com/anchore/stereoscope v0.0.0-20200925184903-c82da54e98fe h1:m4NSyTo2fVUoUHAV/ZVqE/PFMr/y8oz9HRrhWLk9It0=
 github.com/anchore/stereoscope v0.0.0-20200925184903-c82da54e98fe/go.mod h1:2Jja/4l0zYggW52og+nn0rut4i+OYjCf9vTyrM8RT4E=
-github.com/anchore/syft v0.1.0-beta.4.0.20200925202006-03378e976cd4 h1:i7Ev63zLIxJqJm6V8ETGif5Ffogl/Vz2cjk7aK7FPj4=
-github.com/anchore/syft v0.1.0-beta.4.0.20200925202006-03378e976cd4/go.mod h1:kY+T44fgDXAOE15vQtlLo/WUh/cqUms79+gKRFL64bo=
-github.com/anchore/syft v0.1.0-beta.5.0.20200928190221-4b78d9a1c0b9 h1:a5NjGRmB1pVvgglCujk4wOsyNvT85aUSZlSZumPb1WI=
-github.com/anchore/syft v0.1.0-beta.5.0.20200928190221-4b78d9a1c0b9/go.mod h1:kY+T44fgDXAOE15vQtlLo/WUh/cqUms79+gKRFL64bo=
-github.com/anchore/syft v0.1.0-beta.5.0.20200928212217-26855a2a9eb5 h1:VgTX0nArdUxiD8nge0edTtUC8+vpJUVF+mCVbJeYbZM=
-github.com/anchore/syft v0.1.0-beta.5.0.20200928212217-26855a2a9eb5/go.mod h1:kY+T44fgDXAOE15vQtlLo/WUh/cqUms79+gKRFL64bo=
-github.com/anchore/syft v0.1.0-beta.5.0.20200929155319-b6dfdf16b6a8 h1:lK6AEvTEDiKo4+I2NYaEiQVwvIzONH1kDbtaB9RwVhs=
-github.com/anchore/syft v0.1.0-beta.5.0.20200929155319-b6dfdf16b6a8/go.mod h1:fxzECHyEWfAZ06gJVyrKK+DEkLJeJ4PrK7eyPAwqJR0=
-github.com/anchore/syft v0.2.0 h1:GK+41ub8jfZhBD4PbtKMCedJif9FVN/67iGvNtBZbTk=
-github.com/anchore/syft v0.2.0/go.mod h1:fxzECHyEWfAZ06gJVyrKK+DEkLJeJ4PrK7eyPAwqJR0=
-github.com/anchore/syft v0.3.0 h1:AgeMR8e72BqWO2IViIK+ME40GlI8S5XrV1yhlmm0gy0=
-github.com/anchore/syft v0.3.0/go.mod h1:fxzECHyEWfAZ06gJVyrKK+DEkLJeJ4PrK7eyPAwqJR0=
-github.com/anchore/syft v0.3.1-0.20201016212214-bb14f3b45b3e h1:jZQU+1Y4BwV3ImideJVH3HYpT1UhWycJMkUY5W6DEuQ=
-github.com/anchore/syft v0.3.1-0.20201016212214-bb14f3b45b3e/go.mod h1:fxzECHyEWfAZ06gJVyrKK+DEkLJeJ4PrK7eyPAwqJR0=
+github.com/anchore/syft v0.4.0 h1:Qt9il5QBkFeMAkxEnaIV0VjDtnHP1DdTcA39TfSlZWs=
+github.com/anchore/syft v0.4.0/go.mod h1:fxzECHyEWfAZ06gJVyrKK+DEkLJeJ4PrK7eyPAwqJR0=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/cascadia v1.1.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y=

grype/matcher/python/matcher.go

@@ -12,7 +12,7 @@ type Matcher struct {
 }
 
 func (m *Matcher) PackageTypes() []pkg.Type {
-	return []pkg.Type{pkg.EggPkg, pkg.WheelPkg, pkg.PythonRequirementsPkg, pkg.PoetryPkg, pkg.PythonSetupPkg}
+	return []pkg.Type{pkg.PythonPkg}
 }
 
 func (m *Matcher) Type() match.MatcherType {

grype/matcher/rpmdb/matcher.go

@@ -46,7 +46,7 @@ func (m *Matcher) Match(store vulnerability.Provider, d distro.Distro, p *pkg.Pa
 }
 
 func (m *Matcher) matchBySourceIndirection(store vulnerability.ProviderByDistro, d distro.Distro, p *pkg.Package) ([]match.Match, error) {
-	value, ok := p.Metadata.(pkg.RpmMetadata)
+	value, ok := p.Metadata.(pkg.RpmdbMetadata)
 	if !ok {
 		return nil, fmt.Errorf("bad rpmdb metadata type='%T'", value)
 	}

grype/matcher/rpmdb/matcher_test.go

@@ -16,7 +16,7 @@ func TestMatcherDpkg_matchBySourceIndirection(t *testing.T) {
 		Name:    "neutron-libs",
 		Version: "7.1.3-6",
 		Type:    pkg.RpmPkg,
-		Metadata: pkg.RpmMetadata{
+		Metadata: pkg.RpmdbMetadata{
 			SourceRpm: "neutron-7.1.3-6.el8.src.rpm",
 		},
 	}
@@ -76,7 +76,7 @@ func TestMatcherDpkg_matchBySourceIndirection_ignoreSource(t *testing.T) {
 		Name:    "neutron",
 		Version: "7.1.3-6",
 		Type:    pkg.RpmPkg,
-		Metadata: pkg.RpmMetadata{
+		Metadata: pkg.RpmdbMetadata{
 			SourceRpm: "neutron-7.1.3-6.el8.src.rpm",
 		},
 	}

grype/version/format.go

@@ -54,9 +54,7 @@ func FormatFromPkgType(t pkg.Type) Format {
 		format = RpmFormat
 	case pkg.GemPkg:
 		format = SemanticFormat
-	case pkg.EggPkg:
-		format = PythonFormat
-	case pkg.WheelPkg:
+	case pkg.PythonPkg:
 		format = PythonFormat
 	default:
 		format = UnknownFormat

test/inline-compare/Makefile

@@ -2,7 +2,7 @@ ifndef GRYPE_CMD
 	GRYPE_CMD = go run ../../main.go
 endif
 
-IMAGE_CLEAN = $(shell echo $(COMPARE_IMAGE) | tr ":" "_" | tr "/" "_")
+IMAGE_CLEAN = $(shell basename $(COMPARE_IMAGE) | tr ":" "_")
 GRYPE_DIR = grype-reports
 GRYPE_REPORT = $(GRYPE_DIR)/$(IMAGE_CLEAN).json
 INLINE_DIR = inline-reports

test/integration/test-fixtures/image-debian-match-coverage/python/dist-info/top_level.txt

@@ -0,0 +1 @@
+pygments