ensure package overlap is enabled for sensitive use cases

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

cmd/syft/internal/options/catalog.go

@@ -241,5 +241,10 @@ func (cfg *Catalog) PostLoad() error {
 		return fmt.Errorf("bad scope value %q", cfg.Scope)
 	}
 
+	// the binary package exclusion code depends on the file overlap relationships being created upstream in processing
+	if !cfg.Relationships.PackageFileOwnershipOverlap && cfg.Package.ExcludeBinaryOverlapByOwnership {
+		return fmt.Errorf("cannot enable exclude-binary-overlap-by-ownership without enabling package-file-ownership-overlap")
+	}
+
 	return nil
 }

cmd/syft/internal/options/catalog_test.go

@@ -57,6 +57,14 @@ func TestCatalog_PostLoad(t *testing.T) {
 				assert.Empty(t, options.Catalogers)
 			},
 		},
+		{
+			name: "must have package overlap flag when pruning binaries by overlap",
+			options: Catalog{
+				Package:       packageConfig{ExcludeBinaryOverlapByOwnership: true},
+				Relationships: relationshipsConfig{PackageFileOwnershipOverlap: false},
+			},
+			wantErr: assert.Error,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {