From f89393333601148c212700898a973dcdb602ac82 Mon Sep 17 00:00:00 2001 From: Alex Goodman Date: Fri, 26 Jan 2024 12:16:26 -0500 Subject: [PATCH] internalize format helpers (#2543) Signed-off-by: Alex Goodman --- internal/{ => mimetype}/mimetype_helper.go | 2 +- .../{ => mimetype}/mimetype_helper_test.go | 2 +- .../{format.go => to_format_model.go} | 11 ++- ...format_test.go => to_format_model_test.go} | 11 ++- .../common/spdxhelpers/to_format_model.go | 88 ++++++++--------- .../spdxhelpers/to_format_model_test.go | 98 ++++++++++++++++--- .../common/spdxhelpers/to_syft_model.go | 48 ++++----- syft/format/cyclonedxjson/decoder.go | 4 +- syft/format/cyclonedxxml/decoder.go | 4 +- .../cyclonedxutil/helpers}/author.go | 2 +- .../cyclonedxutil/helpers}/author_test.go | 2 +- .../cyclonedxutil/helpers}/component.go | 23 +++-- .../cyclonedxutil/helpers}/component_test.go | 8 +- .../cyclonedxutil/helpers}/cpe.go | 2 +- .../cyclonedxutil/helpers}/cpe_test.go | 2 +- .../cyclonedxutil/helpers}/decoder.go | 9 +- .../cyclonedxutil/helpers}/decoder_test.go | 2 +- .../cyclonedxutil/helpers}/description.go | 2 +- .../helpers}/description_test.go | 2 +- .../helpers}/external_references.go | 2 +- .../helpers}/external_references_test.go | 2 +- .../cyclonedxutil/helpers}/group.go | 2 +- .../cyclonedxutil/helpers}/group_test.go | 2 +- .../cyclonedxutil/helpers}/licenses.go | 2 +- .../cyclonedxutil/helpers}/licenses_test.go | 2 +- .../cyclonedxutil/helpers}/properties.go | 10 +- .../helpers}/property_encoder.go | 2 +- .../helpers}/property_encoder_test.go | 2 +- .../cyclonedxutil/helpers}/publisher.go | 2 +- .../cyclonedxutil/helpers}/publisher_test.go | 2 +- .../spdxutil/helpers}/description.go | 2 +- .../spdxutil/helpers}/description_test.go | 2 +- .../spdxutil/helpers}/document_name.go | 2 +- .../spdxutil/helpers}/document_name_test.go | 2 +- .../spdxutil/helpers}/document_namespace.go | 14 +-- .../helpers}/document_namespace_test.go | 2 +- .../spdxutil/helpers}/download_location.go | 2 +- .../helpers}/download_location_test.go | 2 +- .../spdxutil/helpers}/external_ref.go | 2 +- .../spdxutil/helpers}/external_refs.go | 2 +- .../spdxutil/helpers}/external_refs_test.go | 2 +- .../spdxutil/helpers}/file_type.go | 2 +- .../spdxutil/helpers}/h_digest.go | 2 +- .../spdxutil/helpers}/h_digest_test.go | 2 +- .../spdxutil/helpers}/homepage.go | 2 +- .../spdxutil/helpers}/homepage_test.go | 2 +- .../spdxutil/helpers}/license.go | 26 ++--- .../spdxutil/helpers}/license_test.go | 82 +--------------- .../spdxutil/helpers}/none_if_empty.go | 2 +- .../spdxutil/helpers}/none_if_empty_test.go | 2 +- .../spdxutil/helpers}/originator_test.go | 2 +- .../spdxutil/helpers}/origintor.go | 2 +- .../spdxutil/helpers}/relationship_type.go | 2 +- .../spdxutil/helpers}/source_info.go | 2 +- .../spdxutil/helpers}/source_info_test.go | 2 +- .../spdxutil/helpers}/spdxid.go | 2 +- .../spdxutil/helpers}/spdxid_test.go | 2 +- syft/pkg/cataloger/golang/cataloger.go | 3 +- .../java/graalvm_native_image_cataloger.go | 3 +- syft/pkg/cataloger/rust/cataloger.go | 4 +- 60 files changed, 265 insertions(+), 267 deletions(-) rename internal/{ => mimetype}/mimetype_helper.go (99%) rename internal/{ => mimetype}/mimetype_helper_test.go (98%) rename syft/format/common/cyclonedxhelpers/{format.go => to_format_model.go} (95%) rename syft/format/common/cyclonedxhelpers/{format_test.go => to_format_model_test.go} (95%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/author.go (97%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/author_test.go (98%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/component.go (83%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/component_test.go (98%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/cpe.go (97%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/cpe_test.go (97%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/decoder.go (95%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/decoder_test.go (99%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/description.go (95%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/description_test.go (97%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/external_references.go (99%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/external_references_test.go (99%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/group.go (95%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/group_test.go (97%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/licenses.go (99%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/licenses_test.go (99%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/properties.go (65%) rename syft/format/{common => internal/cyclonedxutil/helpers}/property_encoder.go (99%) rename syft/format/{common => internal/cyclonedxutil/helpers}/property_encoder_test.go (99%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/publisher.go (95%) rename syft/format/{common/cyclonedxhelpers => internal/cyclonedxutil/helpers}/publisher_test.go (97%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/description.go (94%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/description_test.go (98%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/document_name.go (95%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/document_name_test.go (98%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/document_namespace.go (89%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/document_namespace_test.go (98%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/download_location.go (97%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/download_location_test.go (98%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/external_ref.go (98%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/external_refs.go (96%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/external_refs_test.go (97%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/file_type.go (98%) rename syft/format/{common/util => internal/spdxutil/helpers}/h_digest.go (98%) rename syft/format/{common/util => internal/spdxutil/helpers}/h_digest_test.go (99%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/homepage.go (93%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/homepage_test.go (98%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/license.go (82%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/license_test.go (63%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/none_if_empty.go (87%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/none_if_empty_test.go (96%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/originator_test.go (99%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/origintor.go (98%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/relationship_type.go (99%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/source_info.go (99%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/source_info_test.go (99%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/spdxid.go (93%) rename syft/format/{common/spdxhelpers => internal/spdxutil/helpers}/spdxid_test.go (97%) diff --git a/internal/mimetype_helper.go b/internal/mimetype/mimetype_helper.go similarity index 99% rename from internal/mimetype_helper.go rename to internal/mimetype/mimetype_helper.go index 8ddf29fb3..3362a3d0f 100644 --- a/internal/mimetype_helper.go +++ b/internal/mimetype/mimetype_helper.go @@ -1,4 +1,4 @@ -package internal +package mimetype import "github.com/scylladb/go-set/strset" diff --git a/internal/mimetype_helper_test.go b/internal/mimetype/mimetype_helper_test.go similarity index 98% rename from internal/mimetype_helper_test.go rename to internal/mimetype/mimetype_helper_test.go index 9a3f245e8..8c6da33d8 100644 --- a/internal/mimetype_helper_test.go +++ b/internal/mimetype/mimetype_helper_test.go @@ -1,4 +1,4 @@ -package internal +package mimetype import ( "testing" diff --git a/syft/format/common/cyclonedxhelpers/format.go b/syft/format/common/cyclonedxhelpers/to_format_model.go similarity index 95% rename from syft/format/common/cyclonedxhelpers/format.go rename to syft/format/common/cyclonedxhelpers/to_format_model.go index ab942e571..d408b6b45 100644 --- a/syft/format/common/cyclonedxhelpers/format.go +++ b/syft/format/common/cyclonedxhelpers/to_format_model.go @@ -11,6 +11,7 @@ import ( "github.com/anchore/syft/internal/log" "github.com/anchore/syft/syft/artifact" "github.com/anchore/syft/syft/cpe" + "github.com/anchore/syft/syft/format/internal/cyclonedxutil/helpers" "github.com/anchore/syft/syft/linux" "github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/sbom" @@ -29,7 +30,7 @@ func ToFormatModel(s sbom.SBOM) *cyclonedx.BOM { packages := s.Artifacts.Packages.Sorted() components := make([]cyclonedx.Component, len(packages)) for i, p := range packages { - components[i] = encodeComponent(p) + components[i] = helpers.EncodeComponent(p) } components = append(components, toOSComponent(s.Artifacts.LinuxDistribution)...) cdxBOM.Components = &components @@ -76,7 +77,7 @@ func toOSComponent(distro *linux.Release) []cyclonedx.Component { if len(*eRefs) == 0 { eRefs = nil } - props := encodeProperties(distro, "syft:distro") + props := helpers.EncodeProperties(distro, "syft:distro") var properties *[]cyclonedx.Property if len(props) > 0 { properties = &props @@ -165,7 +166,7 @@ func toDependencies(relationships []artifact.Relationship) []cyclonedx.Dependenc continue } - toRef := deriveBomRef(toPkg) + toRef := helpers.DeriveBomRef(toPkg) dep := dependencies[toRef] if dep == nil { dep = &cyclonedx.Dependency{ @@ -175,7 +176,7 @@ func toDependencies(relationships []artifact.Relationship) []cyclonedx.Dependenc dependencies[toRef] = dep } - fromRef := deriveBomRef(fromPkg) + fromRef := helpers.DeriveBomRef(fromPkg) if !slices.Contains(*dep.Dependencies, fromRef) { *dep.Dependencies = append(*dep.Dependencies, fromRef) } @@ -197,7 +198,7 @@ func toDependencies(relationships []artifact.Relationship) []cyclonedx.Dependenc func toBomProperties(srcMetadata source.Description) *[]cyclonedx.Property { metadata, ok := srcMetadata.Metadata.(source.StereoscopeImageSourceMetadata) if ok { - props := encodeProperties(metadata.Labels, "syft:image:labels") + props := helpers.EncodeProperties(metadata.Labels, "syft:image:labels") return &props } return nil diff --git a/syft/format/common/cyclonedxhelpers/format_test.go b/syft/format/common/cyclonedxhelpers/to_format_model_test.go similarity index 95% rename from syft/format/common/cyclonedxhelpers/format_test.go rename to syft/format/common/cyclonedxhelpers/to_format_model_test.go index 25428823b..432643804 100644 --- a/syft/format/common/cyclonedxhelpers/format_test.go +++ b/syft/format/common/cyclonedxhelpers/to_format_model_test.go @@ -10,6 +10,7 @@ import ( "github.com/stretchr/testify/require" "github.com/anchore/syft/syft/artifact" + "github.com/anchore/syft/syft/format/internal/cyclonedxutil/helpers" "github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/sbom" "github.com/anchore/syft/syft/source" @@ -95,16 +96,16 @@ func Test_relationships(t *testing.T) { }, expected: &[]cyclonedx.Dependency{ { - Ref: deriveBomRef(p1), + Ref: helpers.DeriveBomRef(p1), Dependencies: &[]string{ - deriveBomRef(p2), - deriveBomRef(p3), + helpers.DeriveBomRef(p2), + helpers.DeriveBomRef(p3), }, }, { - Ref: deriveBomRef(p2), + Ref: helpers.DeriveBomRef(p2), Dependencies: &[]string{ - deriveBomRef(p4), + helpers.DeriveBomRef(p4), }, }, }, diff --git a/syft/format/common/spdxhelpers/to_format_model.go b/syft/format/common/spdxhelpers/to_format_model.go index adc28f649..86a9498f6 100644 --- a/syft/format/common/spdxhelpers/to_format_model.go +++ b/syft/format/common/spdxhelpers/to_format_model.go @@ -14,12 +14,12 @@ import ( "github.com/spdx/tools-golang/spdx" "github.com/anchore/packageurl-go" - "github.com/anchore/syft/internal" "github.com/anchore/syft/internal/log" + "github.com/anchore/syft/internal/mimetype" "github.com/anchore/syft/internal/spdxlicense" "github.com/anchore/syft/syft/artifact" "github.com/anchore/syft/syft/file" - "github.com/anchore/syft/syft/format/common/util" + "github.com/anchore/syft/syft/format/internal/spdxutil/helpers" "github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/sbom" "github.com/anchore/syft/syft/source" @@ -43,7 +43,7 @@ const ( // //nolint:funlen func ToFormatModel(s sbom.SBOM) *spdx.Document { - name, namespace := DocumentNameAndNamespace(s.Source, s.Descriptor) + name, namespace := helpers.DocumentNameAndNamespace(s.Source, s.Descriptor) packages := toPackages(s.Artifacts.Packages, s) @@ -68,7 +68,7 @@ func ToFormatModel(s sbom.SBOM) *spdx.Document { RefA: spdx.DocElementID{ ElementRefID: "DOCUMENT", }, - Relationship: string(DescribesRelationship), + Relationship: string(helpers.DescribesRelationship), RefB: spdx.DocElementID{ ElementRefID: describesID, }, @@ -161,7 +161,7 @@ func toRootRelationships(rootPackage *spdx.Package, packages []*spdx.Package) (o RefA: spdx.DocElementID{ ElementRefID: rootPackage.PackageSPDXIdentifier, }, - Relationship: string(ContainsRelationship), + Relationship: string(helpers.ContainsRelationship), RefB: spdx.DocElementID{ ElementRefID: p.PackageSPDXIdentifier, }, @@ -236,22 +236,22 @@ func toRootPackage(s source.Description) *spdx.Package { p := &spdx.Package{ PackageName: name, - PackageSPDXIdentifier: spdx.ElementID(SanitizeElementID(fmt.Sprintf("DocumentRoot-%s-%s", prefix, name))), + PackageSPDXIdentifier: spdx.ElementID(helpers.SanitizeElementID(fmt.Sprintf("DocumentRoot-%s-%s", prefix, name))), PackageVersion: version, PackageChecksums: checksums, PackageExternalReferences: nil, PrimaryPackagePurpose: purpose, PackageSupplier: &spdx.Supplier{ - Supplier: NOASSERTION, + Supplier: helpers.NOASSERTION, }, - PackageDownloadLocation: NOASSERTION, + PackageDownloadLocation: helpers.NOASSERTION, } if purl != nil { p.PackageExternalReferences = []*spdx.PackageExternalReference{ { - Category: string(PackageManagerReferenceCategory), - RefType: string(PurlExternalRefType), + Category: string(helpers.PackageManagerReferenceCategory), + RefType: string(helpers.PurlExternalRefType), Locator: purl.String(), }, } @@ -294,7 +294,7 @@ func toSPDXID(identifiable artifact.Identifiable) spdx.ElementID { id = string(identifiable.ID()) } // NOTE: the spdx library prepend SPDXRef-, so we don't do it here - return spdx.ElementID(SanitizeElementID(id)) + return spdx.ElementID(helpers.SanitizeElementID(id)) } // packages populates all Package Information from the package Collection (see https://spdx.github.io/spdx-spec/3-package-information/) @@ -309,7 +309,7 @@ func toPackages(catalog *pkg.Collection, sbom sbom.SBOM) (results []*spdx.Packag // in the Comments on License field (section 7.16). With respect to NOASSERTION, a written explanation in // the Comments on License field (section 7.16) is preferred. // extract these correctly to the spdx license format - concluded, declared := License(p) + concluded, declared := helpers.License(p) // two ways to get filesAnalyzed == true: // 1. syft has generated a sha1 digest for the package itself - usually in the java cataloger @@ -370,7 +370,7 @@ func toPackages(catalog *pkg.Collection, sbom sbom.SBOM) (results []*spdx.Packag // (i) the SPDX file creator has attempted to but cannot reach a reasonable objective determination; // (ii) the SPDX file creator has made no attempt to determine this field; or // (iii) the SPDX file creator has intentionally provided no information (no meaning should be implied by doing so). - PackageDownloadLocation: DownloadLocation(p), + PackageDownloadLocation: helpers.DownloadLocation(p), // 7.8: FilesAnalyzed // Cardinality: optional, one; default value is "true" if omitted @@ -403,11 +403,11 @@ func toPackages(catalog *pkg.Collection, sbom sbom.SBOM) (results []*spdx.Packag // 7.11: Package Home Page // Cardinality: optional, one - PackageHomePage: Homepage(p), + PackageHomePage: helpers.Homepage(p), // 7.12: Source Information // Cardinality: optional, one - PackageSourceInfo: SourceInfo(p), + PackageSourceInfo: helpers.SourceInfo(p), // 7.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" // Cardinality: mandatory, one @@ -449,7 +449,7 @@ func toPackages(catalog *pkg.Collection, sbom sbom.SBOM) (results []*spdx.Packag // 7.19: Package Detailed Description // Cardinality: optional, one - PackageDescription: Description(p), + PackageDescription: helpers.Description(p), // 7.20: Package Comment // Cardinality: optional, one @@ -491,7 +491,7 @@ func toPackageChecksums(p pkg.Package) ([]spdx.Checksum, bool) { } case pkg.GolangBinaryBuildinfoEntry: // because the H1 digest is found in the Golang metadata we cannot claim that the files were analyzed - algo, hexStr, err := util.HDigestToSHA(meta.H1Digest) + algo, hexStr, err := helpers.HDigestToSHA(meta.H1Digest) if err != nil { log.Debugf("invalid h1digest: %s: %v", meta.H1Digest, err) break @@ -506,7 +506,7 @@ func toPackageChecksums(p pkg.Package) ([]spdx.Checksum, bool) { } func toPackageOriginator(p pkg.Package) *spdx.Originator { - kind, originator := Originator(p) + kind, originator := helpers.Originator(p) if kind == "" || originator == "" { return nil } @@ -519,10 +519,10 @@ func toPackageOriginator(p pkg.Package) *spdx.Originator { func toPackageSupplier(p pkg.Package) *spdx.Supplier { // this uses the Originator function for now until // a better distinction can be made for supplier - kind, supplier := Originator(p) + kind, supplier := helpers.Originator(p) if kind == "" || supplier == "" { return &spdx.Supplier{ - Supplier: NOASSERTION, + Supplier: helpers.NOASSERTION, } } return &spdx.Supplier{ @@ -532,7 +532,7 @@ func toPackageSupplier(p pkg.Package) *spdx.Supplier { } func formatSPDXExternalRefs(p pkg.Package) (refs []*spdx.PackageExternalReference) { - for _, ref := range ExternalRefs(p) { + for _, ref := range helpers.ExternalRefs(p) { refs = append(refs, &spdx.PackageExternalReference{ Category: string(ref.ReferenceCategory), RefType: string(ref.ReferenceType), @@ -572,16 +572,16 @@ func toRelationships(relationships []artifact.Relationship) (result []*spdx.Rela return result } -func lookupRelationship(ty artifact.RelationshipType) (bool, RelationshipType, string) { +func lookupRelationship(ty artifact.RelationshipType) (bool, helpers.RelationshipType, string) { switch ty { case artifact.ContainsRelationship: - return true, ContainsRelationship, "" + return true, helpers.ContainsRelationship, "" case artifact.DependencyOfRelationship: - return true, DependencyOfRelationship, "" + return true, helpers.DependencyOfRelationship, "" case artifact.OwnershipByFileOverlapRelationship: - return true, OtherRelationship, fmt.Sprintf("%s: indicates that the parent package claims ownership of a child package since the parent metadata indicates overlap with a location that a cataloger found the child package by", ty) + return true, helpers.OtherRelationship, fmt.Sprintf("%s: indicates that the parent package claims ownership of a child package since the parent metadata indicates overlap with a location that a cataloger found the child package by", ty) case artifact.EvidentByRelationship: - return true, OtherRelationship, fmt.Sprintf("%s: indicates the package's existence is evident by the given file", ty) + return true, helpers.OtherRelationship, fmt.Sprintf("%s: indicates the package's existence is evident by the given file", ty) } return false, "", "" } @@ -673,28 +673,28 @@ func toFileTypes(metadata *file.Metadata) (ty []string) { mimeTypePrefix := strings.Split(metadata.MIMEType, "/")[0] switch mimeTypePrefix { case "image": - ty = append(ty, string(ImageFileType)) + ty = append(ty, string(helpers.ImageFileType)) case "video": - ty = append(ty, string(VideoFileType)) + ty = append(ty, string(helpers.VideoFileType)) case "application": - ty = append(ty, string(ApplicationFileType)) + ty = append(ty, string(helpers.ApplicationFileType)) case "text": - ty = append(ty, string(TextFileType)) + ty = append(ty, string(helpers.TextFileType)) case "audio": - ty = append(ty, string(AudioFileType)) + ty = append(ty, string(helpers.AudioFileType)) } - if internal.IsExecutable(metadata.MIMEType) { - ty = append(ty, string(BinaryFileType)) + if mimetype.IsExecutable(metadata.MIMEType) { + ty = append(ty, string(helpers.BinaryFileType)) } - if internal.IsArchive(metadata.MIMEType) { - ty = append(ty, string(ArchiveFileType)) + if mimetype.IsArchive(metadata.MIMEType) { + ty = append(ty, string(helpers.ArchiveFileType)) } // TODO: add support for source, spdx, and documentation file types if len(ty) == 0 { - ty = append(ty, string(OtherFileType)) + ty = append(ty, string(helpers.OtherFileType)) } return ty @@ -703,18 +703,18 @@ func toFileTypes(metadata *file.Metadata) (ty []string) { // other licenses are for licenses from the pkg.Package that do not have an SPDXExpression // field. The spdxexpression field is only filled given a validated Value field. func toOtherLicenses(catalog *pkg.Collection) []*spdx.OtherLicense { - licenses := map[string]spdxLicense{} + licenses := map[string]helpers.SPDXLicense{} for p := range catalog.Enumerate() { - declaredLicenses, concludedLicenses := parseLicenses(p.Licenses.ToSlice()) + declaredLicenses, concludedLicenses := helpers.ParseLicenses(p.Licenses.ToSlice()) for _, l := range declaredLicenses { - if l.value != "" { - licenses[l.id] = l + if l.Value != "" { + licenses[l.ID] = l } } for _, l := range concludedLicenses { - if l.value != "" { - licenses[l.id] = l + if l.Value != "" { + licenses[l.ID] = l } } } @@ -730,8 +730,8 @@ func toOtherLicenses(catalog *pkg.Collection) []*spdx.OtherLicense { for _, id := range ids { license := licenses[id] result = append(result, &spdx.OtherLicense{ - LicenseIdentifier: license.id, - ExtractedText: license.value, + LicenseIdentifier: license.ID, + ExtractedText: license.Value, }) } return result diff --git a/syft/format/common/spdxhelpers/to_format_model_test.go b/syft/format/common/spdxhelpers/to_format_model_test.go index 3071709bb..9ec557816 100644 --- a/syft/format/common/spdxhelpers/to_format_model_test.go +++ b/syft/format/common/spdxhelpers/to_format_model_test.go @@ -14,6 +14,7 @@ import ( "github.com/anchore/syft/syft/artifact" "github.com/anchore/syft/syft/file" + "github.com/anchore/syft/syft/format/internal/spdxutil/helpers" "github.com/anchore/syft/syft/internal/sourcemetadata" "github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/sbom" @@ -368,7 +369,7 @@ func Test_toFileTypes(t *testing.T) { MIMEType: "application/vnd.unknown", }, expected: []string{ - string(ApplicationFileType), + string(helpers.ApplicationFileType), }, }, { @@ -377,8 +378,8 @@ func Test_toFileTypes(t *testing.T) { MIMEType: "application/zip", }, expected: []string{ - string(ApplicationFileType), - string(ArchiveFileType), + string(helpers.ApplicationFileType), + string(helpers.ArchiveFileType), }, }, { @@ -387,7 +388,7 @@ func Test_toFileTypes(t *testing.T) { MIMEType: "audio/ogg", }, expected: []string{ - string(AudioFileType), + string(helpers.AudioFileType), }, }, { @@ -396,7 +397,7 @@ func Test_toFileTypes(t *testing.T) { MIMEType: "video/3gpp", }, expected: []string{ - string(VideoFileType), + string(helpers.VideoFileType), }, }, { @@ -405,7 +406,7 @@ func Test_toFileTypes(t *testing.T) { MIMEType: "text/html", }, expected: []string{ - string(TextFileType), + string(helpers.TextFileType), }, }, { @@ -414,7 +415,7 @@ func Test_toFileTypes(t *testing.T) { MIMEType: "image/png", }, expected: []string{ - string(ImageFileType), + string(helpers.ImageFileType), }, }, { @@ -423,8 +424,8 @@ func Test_toFileTypes(t *testing.T) { MIMEType: "application/x-sharedlib", }, expected: []string{ - string(ApplicationFileType), - string(BinaryFileType), + string(helpers.ApplicationFileType), + string(helpers.BinaryFileType), }, }, } @@ -440,24 +441,24 @@ func Test_lookupRelationship(t *testing.T) { tests := []struct { input artifact.RelationshipType exists bool - ty RelationshipType + ty helpers.RelationshipType comment string }{ { input: artifact.ContainsRelationship, exists: true, - ty: ContainsRelationship, + ty: helpers.ContainsRelationship, }, { input: artifact.OwnershipByFileOverlapRelationship, exists: true, - ty: OtherRelationship, + ty: helpers.OtherRelationship, comment: "ownership-by-file-overlap: indicates that the parent package claims ownership of a child package since the parent metadata indicates overlap with a location that a cataloger found the child package by", }, { input: artifact.EvidentByRelationship, exists: true, - ty: OtherRelationship, + ty: helpers.OtherRelationship, comment: "evident-by: indicates the package's existence is evident by the given file", }, { @@ -777,3 +778,74 @@ func Test_toSPDXID(t *testing.T) { }) } } + +func Test_otherLicenses(t *testing.T) { + pkg1 := pkg.Package{ + Name: "first-pkg", + Version: "1.1", + Licenses: pkg.NewLicenseSet( + pkg.NewLicense("MIT"), + ), + } + pkg2 := pkg.Package{ + Name: "second-pkg", + Version: "2.2", + Licenses: pkg.NewLicenseSet( + pkg.NewLicense("non spdx license"), + ), + } + bigText := ` + Apache License + Version 2.0, January 2004` + pkg3 := pkg.Package{ + Name: "third-pkg", + Version: "3.3", + Licenses: pkg.NewLicenseSet( + pkg.NewLicense(bigText), + ), + } + + tests := []struct { + name string + packages []pkg.Package + expected []*spdx.OtherLicense + }{ + { + name: "no other licenses when all valid spdx expressions", + packages: []pkg.Package{pkg1}, + expected: nil, + }, + { + name: "other licenses includes original text", + packages: []pkg.Package{pkg2}, + expected: []*spdx.OtherLicense{ + { + LicenseIdentifier: "LicenseRef-non-spdx-license", + ExtractedText: "non spdx license", + }, + }, + }, + { + name: "big licenses get hashed", + packages: []pkg.Package{pkg3}, + expected: []*spdx.OtherLicense{ + { + LicenseIdentifier: "LicenseRef-e9a1e42833d3e456f147052f4d312101bd171a0798893169fe596ca6b55c049e", + ExtractedText: bigText, + }, + }, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + s := sbom.SBOM{ + Artifacts: sbom.Artifacts{ + Packages: pkg.NewCollection(test.packages...), + }, + } + got := ToFormatModel(s) + require.Equal(t, test.expected, got.OtherLicenses) + }) + } +} diff --git a/syft/format/common/spdxhelpers/to_syft_model.go b/syft/format/common/spdxhelpers/to_syft_model.go index 3fb47740a..3a59ca7ac 100644 --- a/syft/format/common/spdxhelpers/to_syft_model.go +++ b/syft/format/common/spdxhelpers/to_syft_model.go @@ -18,7 +18,7 @@ import ( "github.com/anchore/syft/syft/artifact" "github.com/anchore/syft/syft/cpe" "github.com/anchore/syft/syft/file" - "github.com/anchore/syft/syft/format/common/util" + "github.com/anchore/syft/syft/format/internal/spdxutil/helpers" "github.com/anchore/syft/syft/license" "github.com/anchore/syft/syft/linux" "github.com/anchore/syft/syft/pkg" @@ -227,15 +227,15 @@ func extractSourceFromNamespace(ns string) source.Description { parts := strings.Split(u.Path, "/") for _, p := range parts { switch p { - case inputFile: + case helpers.InputFile: return source.Description{ Metadata: source.FileSourceMetadata{}, } - case inputImage: + case helpers.InputImage: return source.Description{ Metadata: source.StereoscopeImageSourceMetadata{}, } - case inputDirectory: + case helpers.InputDirectory: return source.Description{ Metadata: source.DirectorySourceMetadata{}, } @@ -322,20 +322,20 @@ func fromChecksumAlgorithm(algorithm common.ChecksumAlgorithm) string { func toFileMetadata(f *spdx.File) (meta file.Metadata) { // FIXME Syft is currently lossy due to the SPDX 2.2.1 spec not supporting arbitrary mimetypes for _, typ := range f.FileTypes { - switch FileType(typ) { - case ImageFileType: + switch helpers.FileType(typ) { + case helpers.ImageFileType: meta.MIMEType = "image/" - case VideoFileType: + case helpers.VideoFileType: meta.MIMEType = "video/" - case ApplicationFileType: + case helpers.ApplicationFileType: meta.MIMEType = "application/" - case TextFileType: + case helpers.TextFileType: meta.MIMEType = "text/" - case AudioFileType: + case helpers.AudioFileType: meta.MIMEType = "audio/" - case BinaryFileType: - case ArchiveFileType: - case OtherFileType: + case helpers.BinaryFileType: + case helpers.ArchiveFileType: + case helpers.OtherFileType: } } return meta @@ -368,11 +368,11 @@ func collectDocRelationships(spdxIDMap map[string]any, doc *spdx.Document) (out var to artifact.Identifiable var typ artifact.RelationshipType if toLocationOk { - switch RelationshipType(r.Relationship) { - case ContainsRelationship: + switch helpers.RelationshipType(r.Relationship) { + case helpers.ContainsRelationship: typ = artifact.ContainsRelationship to = toLocation - case OtherRelationship: + case helpers.OtherRelationship: // Encoding uses a specifically formatted comment... if strings.Index(r.RelationshipComment, string(artifact.EvidentByRelationship)) == 0 { typ = artifact.EvidentByRelationship @@ -380,11 +380,11 @@ func collectDocRelationships(spdxIDMap map[string]any, doc *spdx.Document) (out } } } else { - switch RelationshipType(r.Relationship) { - case ContainsRelationship: + switch helpers.RelationshipType(r.Relationship) { + case helpers.ContainsRelationship: typ = artifact.ContainsRelationship to = toPackage - case OtherRelationship: + case helpers.OtherRelationship: // Encoding uses a specifically formatted comment... if strings.Index(r.RelationshipComment, string(artifact.OwnershipByFileOverlapRelationship)) == 0 { typ = artifact.OwnershipByFileOverlapRelationship @@ -518,14 +518,14 @@ func parseSPDXLicenses(p *spdx.Package) []pkg.License { licenses := make([]pkg.License, 0) // concluded - if p.PackageLicenseConcluded != NOASSERTION && p.PackageLicenseConcluded != NONE && p.PackageLicenseConcluded != "" { + if p.PackageLicenseConcluded != helpers.NOASSERTION && p.PackageLicenseConcluded != helpers.NONE && p.PackageLicenseConcluded != "" { l := pkg.NewLicense(cleanSPDXID(p.PackageLicenseConcluded)) l.Type = license.Concluded licenses = append(licenses, l) } // declared - if p.PackageLicenseDeclared != NOASSERTION && p.PackageLicenseDeclared != NONE && p.PackageLicenseDeclared != "" { + if p.PackageLicenseDeclared != helpers.NOASSERTION && p.PackageLicenseDeclared != helpers.NONE && p.PackageLicenseDeclared != "" { l := pkg.NewLicense(cleanSPDXID(p.PackageLicenseDeclared)) l.Type = license.Declared licenses = append(licenses, l) @@ -603,7 +603,7 @@ func extractMetadata(p *spdx.Package, info pkgInfo) any { case pkg.GoModulePkg: var h1Digest string for _, value := range p.PackageChecksums { - digest, err := util.HDigestFromSHA(fromChecksumAlgorithm(value.Algorithm), value.Value) + digest, err := helpers.HDigestFromSHA(fromChecksumAlgorithm(value.Algorithm), value.Value) if err != nil { log.Debugf("invalid h1digest: %v %v", value, err) continue @@ -620,7 +620,7 @@ func extractMetadata(p *spdx.Package, info pkgInfo) any { func findPURLValue(p *spdx.Package) string { for _, r := range p.PackageExternalReferences { - if r.RefType == string(PurlExternalRefType) { + if r.RefType == string(helpers.PurlExternalRefType) { return r.Locator } } @@ -629,7 +629,7 @@ func findPURLValue(p *spdx.Package) string { func extractCPEs(p *spdx.Package) (cpes []cpe.CPE) { for _, r := range p.PackageExternalReferences { - if r.RefType == string(Cpe23ExternalRefType) { + if r.RefType == string(helpers.Cpe23ExternalRefType) { c, err := cpe.New(r.Locator) if err != nil { log.Warnf("unable to extract SPDX CPE=%q: %+v", r.Locator, err) diff --git a/syft/format/cyclonedxjson/decoder.go b/syft/format/cyclonedxjson/decoder.go index 0f8665a37..4a6279c7a 100644 --- a/syft/format/cyclonedxjson/decoder.go +++ b/syft/format/cyclonedxjson/decoder.go @@ -8,8 +8,8 @@ import ( "github.com/CycloneDX/cyclonedx-go" "github.com/anchore/syft/internal/log" - "github.com/anchore/syft/syft/format/common/cyclonedxhelpers" "github.com/anchore/syft/syft/format/internal/cyclonedxutil" + "github.com/anchore/syft/syft/format/internal/cyclonedxutil/helpers" "github.com/anchore/syft/syft/format/internal/stream" "github.com/anchore/syft/syft/sbom" ) @@ -45,7 +45,7 @@ func (d decoder) Decode(r io.Reader) (*sbom.SBOM, sbom.FormatID, string, error) return nil, id, version, fmt.Errorf("unable to decode cyclonedx json document: %w", err) } - s, err := cyclonedxhelpers.ToSyftModel(doc) + s, err := helpers.ToSyftModel(doc) if err != nil { return nil, id, version, err } diff --git a/syft/format/cyclonedxxml/decoder.go b/syft/format/cyclonedxxml/decoder.go index b6f026421..411d237bd 100644 --- a/syft/format/cyclonedxxml/decoder.go +++ b/syft/format/cyclonedxxml/decoder.go @@ -9,8 +9,8 @@ import ( "github.com/CycloneDX/cyclonedx-go" "github.com/anchore/syft/internal/log" - "github.com/anchore/syft/syft/format/common/cyclonedxhelpers" "github.com/anchore/syft/syft/format/internal/cyclonedxutil" + "github.com/anchore/syft/syft/format/internal/cyclonedxutil/helpers" "github.com/anchore/syft/syft/format/internal/stream" "github.com/anchore/syft/syft/sbom" ) @@ -46,7 +46,7 @@ func (d decoder) Decode(r io.Reader) (*sbom.SBOM, sbom.FormatID, string, error) return nil, id, version, fmt.Errorf("unable to decode cyclonedx xml document: %w", err) } - s, err := cyclonedxhelpers.ToSyftModel(doc) + s, err := helpers.ToSyftModel(doc) if err != nil { return nil, id, version, err } diff --git a/syft/format/common/cyclonedxhelpers/author.go b/syft/format/internal/cyclonedxutil/helpers/author.go similarity index 97% rename from syft/format/common/cyclonedxhelpers/author.go rename to syft/format/internal/cyclonedxutil/helpers/author.go index 778268648..3b6de7726 100644 --- a/syft/format/common/cyclonedxhelpers/author.go +++ b/syft/format/internal/cyclonedxutil/helpers/author.go @@ -1,4 +1,4 @@ -package cyclonedxhelpers +package helpers import ( "fmt" diff --git a/syft/format/common/cyclonedxhelpers/author_test.go b/syft/format/internal/cyclonedxutil/helpers/author_test.go similarity index 98% rename from syft/format/common/cyclonedxhelpers/author_test.go rename to syft/format/internal/cyclonedxutil/helpers/author_test.go index d7d22d391..24d43b707 100644 --- a/syft/format/common/cyclonedxhelpers/author_test.go +++ b/syft/format/internal/cyclonedxutil/helpers/author_test.go @@ -1,4 +1,4 @@ -package cyclonedxhelpers +package helpers import ( "testing" diff --git a/syft/format/common/cyclonedxhelpers/component.go b/syft/format/internal/cyclonedxutil/helpers/component.go similarity index 83% rename from syft/format/common/cyclonedxhelpers/component.go rename to syft/format/internal/cyclonedxutil/helpers/component.go index 6cef878aa..fa6dd75fa 100644 --- a/syft/format/common/cyclonedxhelpers/component.go +++ b/syft/format/internal/cyclonedxutil/helpers/component.go @@ -1,4 +1,4 @@ -package cyclonedxhelpers +package helpers import ( "reflect" @@ -7,13 +7,12 @@ import ( "github.com/anchore/packageurl-go" "github.com/anchore/syft/syft/file" - "github.com/anchore/syft/syft/format/common" "github.com/anchore/syft/syft/internal/packagemetadata" "github.com/anchore/syft/syft/pkg" ) -func encodeComponent(p pkg.Package) cyclonedx.Component { - props := encodeProperties(p, "syft:package") +func EncodeComponent(p pkg.Package) cyclonedx.Component { + props := EncodeProperties(p, "syft:package") if p.Metadata != nil { // encode the metadataType as a property, something that doesn't exist on the core model @@ -26,10 +25,10 @@ func encodeComponent(p pkg.Package) cyclonedx.Component { props = append(props, encodeCPEs(p)...) locations := p.Locations.ToSlice() if len(locations) > 0 { - props = append(props, encodeProperties(locations, "syft:location")...) + props = append(props, EncodeProperties(locations, "syft:location")...) } if hasMetadata(p) { - props = append(props, encodeProperties(p.Metadata, "syft:metadata")...) + props = append(props, EncodeProperties(p.Metadata, "syft:metadata")...) } var properties *[]cyclonedx.Property @@ -55,11 +54,11 @@ func encodeComponent(p pkg.Package) cyclonedx.Component { Description: encodeDescription(p), ExternalReferences: encodeExternalReferences(p), Properties: properties, - BOMRef: deriveBomRef(p), + BOMRef: DeriveBomRef(p), } } -func deriveBomRef(p pkg.Package) string { +func DeriveBomRef(p pkg.Package) string { // try and parse the PURL if possible and append syft id to it, to make // the purl unique in the BOM. // TODO: In the future we may want to dedupe by PURL and combine components with @@ -93,7 +92,7 @@ func decodeComponent(c *cyclonedx.Component) *pkg.Package { PURL: c.PackageURL, } - common.DecodeInto(p, values, "syft:package", CycloneDXFields) + DecodeInto(p, values, "syft:package", CycloneDXFields) metadataType := values["syft:package:metadataType"] @@ -111,7 +110,7 @@ func decodeComponent(c *cyclonedx.Component) *pkg.Package { } func decodeLocations(vals map[string]string) file.LocationSet { - v := common.Decode(reflect.TypeOf([]file.Location{}), vals, "syft:location", CycloneDXFields) + v := Decode(reflect.TypeOf([]file.Location{}), vals, "syft:location", CycloneDXFields) out, ok := v.([]file.Location) if !ok { out = nil @@ -126,7 +125,7 @@ func decodePackageMetadata(vals map[string]string, c *cyclonedx.Component, typeN return nil } metaPtrTyp := reflect.PtrTo(metadataType) - metaPtr := common.Decode(metaPtrTyp, vals, "syft:metadata", CycloneDXFields) + metaPtr := Decode(metaPtrTyp, vals, "syft:metadata", CycloneDXFields) // Map all explicit metadata properties decodeAuthor(c.Author, metaPtr) @@ -136,7 +135,7 @@ func decodePackageMetadata(vals map[string]string, c *cyclonedx.Component, typeN decodeExternalReferences(c, metaPtr) // return the actual interface{} -> struct ... not interface{} -> *struct - return common.PtrToStruct(metaPtr) + return PtrToStruct(metaPtr) } return nil diff --git a/syft/format/common/cyclonedxhelpers/component_test.go b/syft/format/internal/cyclonedxutil/helpers/component_test.go similarity index 98% rename from syft/format/common/cyclonedxhelpers/component_test.go rename to syft/format/internal/cyclonedxutil/helpers/component_test.go index 74aec5684..7f2b9d245 100644 --- a/syft/format/common/cyclonedxhelpers/component_test.go +++ b/syft/format/internal/cyclonedxutil/helpers/component_test.go @@ -1,4 +1,4 @@ -package cyclonedxhelpers +package helpers import ( "fmt" @@ -152,7 +152,7 @@ func Test_encodeComponentProperties(t *testing.T) { } for _, test := range tests { t.Run(test.name, func(t *testing.T) { - c := encodeComponent(test.input) + c := EncodeComponent(test.input) if test.expected == nil { if c.Properties != nil { t.Fatalf("expected no properties, got: %+v", *c.Properties) @@ -212,7 +212,7 @@ func Test_encodeCompomentType(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { tt.pkg.ID() - p := encodeComponent(tt.pkg) + p := EncodeComponent(tt.pkg) assert.Equal(t, tt.want, p) }) } @@ -264,7 +264,7 @@ func Test_deriveBomRef(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { tt.pkg.ID() - assert.Equal(t, tt.want, deriveBomRef(tt.pkg)) + assert.Equal(t, tt.want, DeriveBomRef(tt.pkg)) }) } } diff --git a/syft/format/common/cyclonedxhelpers/cpe.go b/syft/format/internal/cyclonedxutil/helpers/cpe.go similarity index 97% rename from syft/format/common/cyclonedxhelpers/cpe.go rename to syft/format/internal/cyclonedxutil/helpers/cpe.go index cbe19f6b6..439aeb39f 100644 --- a/syft/format/common/cyclonedxhelpers/cpe.go +++ b/syft/format/internal/cyclonedxutil/helpers/cpe.go @@ -1,4 +1,4 @@ -package cyclonedxhelpers +package helpers import ( "github.com/CycloneDX/cyclonedx-go" diff --git a/syft/format/common/cyclonedxhelpers/cpe_test.go b/syft/format/internal/cyclonedxutil/helpers/cpe_test.go similarity index 97% rename from syft/format/common/cyclonedxhelpers/cpe_test.go rename to syft/format/internal/cyclonedxutil/helpers/cpe_test.go index 7f5f53745..192508de5 100644 --- a/syft/format/common/cyclonedxhelpers/cpe_test.go +++ b/syft/format/internal/cyclonedxutil/helpers/cpe_test.go @@ -1,4 +1,4 @@ -package cyclonedxhelpers +package helpers import ( "testing" diff --git a/syft/format/common/cyclonedxhelpers/decoder.go b/syft/format/internal/cyclonedxutil/helpers/decoder.go similarity index 95% rename from syft/format/common/cyclonedxhelpers/decoder.go rename to syft/format/internal/cyclonedxutil/helpers/decoder.go index 6af03df16..e8a84aa63 100644 --- a/syft/format/common/cyclonedxhelpers/decoder.go +++ b/syft/format/internal/cyclonedxutil/helpers/decoder.go @@ -1,4 +1,4 @@ -package cyclonedxhelpers +package helpers import ( "fmt" @@ -7,7 +7,6 @@ import ( "github.com/anchore/packageurl-go" "github.com/anchore/syft/syft/artifact" - "github.com/anchore/syft/syft/format/common" "github.com/anchore/syft/syft/linux" "github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/sbom" @@ -151,7 +150,7 @@ func linuxReleaseFromOSComponent(component *cyclonedx.Component) *linux.Release for _, p := range *component.Properties { values[p.Name] = p.Value } - common.DecodeInto(&rel, values, "syft:distro", CycloneDXFields) + DecodeInto(&rel, values, "syft:distro", CycloneDXFields) } return rel @@ -181,7 +180,7 @@ func collectRelationships(bom *cyclonedx.BOM, s *sbom.SBOM, idMap map[string]int if !toExists { continue } - to, ok := common.PtrToStruct(toPtr).(artifact.Identifiable) + to, ok := PtrToStruct(toPtr).(artifact.Identifiable) if !ok { continue } @@ -191,7 +190,7 @@ func collectRelationships(bom *cyclonedx.BOM, s *sbom.SBOM, idMap map[string]int if !fromExists { continue } - from, ok := common.PtrToStruct(fromPtr).(artifact.Identifiable) + from, ok := PtrToStruct(fromPtr).(artifact.Identifiable) if !ok { continue } diff --git a/syft/format/common/cyclonedxhelpers/decoder_test.go b/syft/format/internal/cyclonedxutil/helpers/decoder_test.go similarity index 99% rename from syft/format/common/cyclonedxhelpers/decoder_test.go rename to syft/format/internal/cyclonedxutil/helpers/decoder_test.go index 411b98b6e..c13198c79 100644 --- a/syft/format/common/cyclonedxhelpers/decoder_test.go +++ b/syft/format/internal/cyclonedxutil/helpers/decoder_test.go @@ -1,4 +1,4 @@ -package cyclonedxhelpers +package helpers import ( "fmt" diff --git a/syft/format/common/cyclonedxhelpers/description.go b/syft/format/internal/cyclonedxutil/helpers/description.go similarity index 95% rename from syft/format/common/cyclonedxhelpers/description.go rename to syft/format/internal/cyclonedxutil/helpers/description.go index daca390c8..976bbbc1e 100644 --- a/syft/format/common/cyclonedxhelpers/description.go +++ b/syft/format/internal/cyclonedxutil/helpers/description.go @@ -1,4 +1,4 @@ -package cyclonedxhelpers +package helpers import "github.com/anchore/syft/syft/pkg" diff --git a/syft/format/common/cyclonedxhelpers/description_test.go b/syft/format/internal/cyclonedxutil/helpers/description_test.go similarity index 97% rename from syft/format/common/cyclonedxhelpers/description_test.go rename to syft/format/internal/cyclonedxutil/helpers/description_test.go index 5408c6f88..63cde337d 100644 --- a/syft/format/common/cyclonedxhelpers/description_test.go +++ b/syft/format/internal/cyclonedxutil/helpers/description_test.go @@ -1,4 +1,4 @@ -package cyclonedxhelpers +package helpers import ( "testing" diff --git a/syft/format/common/cyclonedxhelpers/external_references.go b/syft/format/internal/cyclonedxutil/helpers/external_references.go similarity index 99% rename from syft/format/common/cyclonedxhelpers/external_references.go rename to syft/format/internal/cyclonedxutil/helpers/external_references.go index fcee61b68..349d966a8 100644 --- a/syft/format/common/cyclonedxhelpers/external_references.go +++ b/syft/format/internal/cyclonedxutil/helpers/external_references.go @@ -1,4 +1,4 @@ -package cyclonedxhelpers +package helpers import ( "fmt" diff --git a/syft/format/common/cyclonedxhelpers/external_references_test.go b/syft/format/internal/cyclonedxutil/helpers/external_references_test.go similarity index 99% rename from syft/format/common/cyclonedxhelpers/external_references_test.go rename to syft/format/internal/cyclonedxutil/helpers/external_references_test.go index f5724aa39..6da98024e 100644 --- a/syft/format/common/cyclonedxhelpers/external_references_test.go +++ b/syft/format/internal/cyclonedxutil/helpers/external_references_test.go @@ -1,4 +1,4 @@ -package cyclonedxhelpers +package helpers import ( "testing" diff --git a/syft/format/common/cyclonedxhelpers/group.go b/syft/format/internal/cyclonedxutil/helpers/group.go similarity index 95% rename from syft/format/common/cyclonedxhelpers/group.go rename to syft/format/internal/cyclonedxutil/helpers/group.go index b3dd1cddd..65b993707 100644 --- a/syft/format/common/cyclonedxhelpers/group.go +++ b/syft/format/internal/cyclonedxutil/helpers/group.go @@ -1,4 +1,4 @@ -package cyclonedxhelpers +package helpers import "github.com/anchore/syft/syft/pkg" diff --git a/syft/format/common/cyclonedxhelpers/group_test.go b/syft/format/internal/cyclonedxutil/helpers/group_test.go similarity index 97% rename from syft/format/common/cyclonedxhelpers/group_test.go rename to syft/format/internal/cyclonedxutil/helpers/group_test.go index 1824db67c..bc8c192f8 100644 --- a/syft/format/common/cyclonedxhelpers/group_test.go +++ b/syft/format/internal/cyclonedxutil/helpers/group_test.go @@ -1,4 +1,4 @@ -package cyclonedxhelpers +package helpers import ( "testing" diff --git a/syft/format/common/cyclonedxhelpers/licenses.go b/syft/format/internal/cyclonedxutil/helpers/licenses.go similarity index 99% rename from syft/format/common/cyclonedxhelpers/licenses.go rename to syft/format/internal/cyclonedxutil/helpers/licenses.go index 2917e8108..fb63b6510 100644 --- a/syft/format/common/cyclonedxhelpers/licenses.go +++ b/syft/format/internal/cyclonedxutil/helpers/licenses.go @@ -1,4 +1,4 @@ -package cyclonedxhelpers +package helpers import ( "fmt" diff --git a/syft/format/common/cyclonedxhelpers/licenses_test.go b/syft/format/internal/cyclonedxutil/helpers/licenses_test.go similarity index 99% rename from syft/format/common/cyclonedxhelpers/licenses_test.go rename to syft/format/internal/cyclonedxutil/helpers/licenses_test.go index 010708e89..e2532f607 100644 --- a/syft/format/common/cyclonedxhelpers/licenses_test.go +++ b/syft/format/internal/cyclonedxutil/helpers/licenses_test.go @@ -1,4 +1,4 @@ -package cyclonedxhelpers +package helpers import ( "testing" diff --git a/syft/format/common/cyclonedxhelpers/properties.go b/syft/format/internal/cyclonedxutil/helpers/properties.go similarity index 65% rename from syft/format/common/cyclonedxhelpers/properties.go rename to syft/format/internal/cyclonedxutil/helpers/properties.go index b89d6d1be..3ef1acd0d 100644 --- a/syft/format/common/cyclonedxhelpers/properties.go +++ b/syft/format/internal/cyclonedxutil/helpers/properties.go @@ -1,19 +1,17 @@ -package cyclonedxhelpers +package helpers import ( "strings" "github.com/CycloneDX/cyclonedx-go" - - "github.com/anchore/syft/syft/format/common" ) var ( - CycloneDXFields = common.RequiredTag("cyclonedx") + CycloneDXFields = RequiredTag("cyclonedx") ) -func encodeProperties(obj interface{}, prefix string) (out []cyclonedx.Property) { - for _, p := range common.Sorted(common.Encode(obj, prefix, CycloneDXFields)) { +func EncodeProperties(obj interface{}, prefix string) (out []cyclonedx.Property) { + for _, p := range Sorted(Encode(obj, prefix, CycloneDXFields)) { out = append(out, cyclonedx.Property{ Name: p.Name, Value: p.Value, diff --git a/syft/format/common/property_encoder.go b/syft/format/internal/cyclonedxutil/helpers/property_encoder.go similarity index 99% rename from syft/format/common/property_encoder.go rename to syft/format/internal/cyclonedxutil/helpers/property_encoder.go index a7d2511f9..fb9a201d1 100644 --- a/syft/format/common/property_encoder.go +++ b/syft/format/internal/cyclonedxutil/helpers/property_encoder.go @@ -1,4 +1,4 @@ -package common +package helpers import ( "fmt" diff --git a/syft/format/common/property_encoder_test.go b/syft/format/internal/cyclonedxutil/helpers/property_encoder_test.go similarity index 99% rename from syft/format/common/property_encoder_test.go rename to syft/format/internal/cyclonedxutil/helpers/property_encoder_test.go index 5a008cd0d..19f87d1ae 100644 --- a/syft/format/common/property_encoder_test.go +++ b/syft/format/internal/cyclonedxutil/helpers/property_encoder_test.go @@ -1,4 +1,4 @@ -package common +package helpers import ( "reflect" diff --git a/syft/format/common/cyclonedxhelpers/publisher.go b/syft/format/internal/cyclonedxutil/helpers/publisher.go similarity index 95% rename from syft/format/common/cyclonedxhelpers/publisher.go rename to syft/format/internal/cyclonedxutil/helpers/publisher.go index 96012dc93..ed4441d5c 100644 --- a/syft/format/common/cyclonedxhelpers/publisher.go +++ b/syft/format/internal/cyclonedxutil/helpers/publisher.go @@ -1,4 +1,4 @@ -package cyclonedxhelpers +package helpers import ( "github.com/anchore/syft/syft/pkg" diff --git a/syft/format/common/cyclonedxhelpers/publisher_test.go b/syft/format/internal/cyclonedxutil/helpers/publisher_test.go similarity index 97% rename from syft/format/common/cyclonedxhelpers/publisher_test.go rename to syft/format/internal/cyclonedxutil/helpers/publisher_test.go index e926f1b04..16f3c59de 100644 --- a/syft/format/common/cyclonedxhelpers/publisher_test.go +++ b/syft/format/internal/cyclonedxutil/helpers/publisher_test.go @@ -1,4 +1,4 @@ -package cyclonedxhelpers +package helpers import ( "testing" diff --git a/syft/format/common/spdxhelpers/description.go b/syft/format/internal/spdxutil/helpers/description.go similarity index 94% rename from syft/format/common/spdxhelpers/description.go rename to syft/format/internal/spdxutil/helpers/description.go index 088d71515..2749d1162 100644 --- a/syft/format/common/spdxhelpers/description.go +++ b/syft/format/internal/spdxutil/helpers/description.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import "github.com/anchore/syft/syft/pkg" diff --git a/syft/format/common/spdxhelpers/description_test.go b/syft/format/internal/spdxutil/helpers/description_test.go similarity index 98% rename from syft/format/common/spdxhelpers/description_test.go rename to syft/format/internal/spdxutil/helpers/description_test.go index 44d0d02e3..277990079 100644 --- a/syft/format/common/spdxhelpers/description_test.go +++ b/syft/format/internal/spdxutil/helpers/description_test.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import ( "testing" diff --git a/syft/format/common/spdxhelpers/document_name.go b/syft/format/internal/spdxutil/helpers/document_name.go similarity index 95% rename from syft/format/common/spdxhelpers/document_name.go rename to syft/format/internal/spdxutil/helpers/document_name.go index 10d2e2dca..af36cc363 100644 --- a/syft/format/common/spdxhelpers/document_name.go +++ b/syft/format/internal/spdxutil/helpers/document_name.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import ( "github.com/anchore/syft/syft/source" diff --git a/syft/format/common/spdxhelpers/document_name_test.go b/syft/format/internal/spdxutil/helpers/document_name_test.go similarity index 98% rename from syft/format/common/spdxhelpers/document_name_test.go rename to syft/format/internal/spdxutil/helpers/document_name_test.go index c93b4750f..3a6f94b1f 100644 --- a/syft/format/common/spdxhelpers/document_name_test.go +++ b/syft/format/internal/spdxutil/helpers/document_name_test.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import ( "fmt" diff --git a/syft/format/common/spdxhelpers/document_namespace.go b/syft/format/internal/spdxutil/helpers/document_namespace.go similarity index 89% rename from syft/format/common/spdxhelpers/document_namespace.go rename to syft/format/internal/spdxutil/helpers/document_namespace.go index 74801653d..7bd6ad044 100644 --- a/syft/format/common/spdxhelpers/document_namespace.go +++ b/syft/format/internal/spdxutil/helpers/document_namespace.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import ( "fmt" @@ -13,9 +13,9 @@ import ( ) const ( - inputImage = "image" - inputDirectory = "dir" - inputFile = "file" + InputImage = "image" + InputDirectory = "dir" + InputFile = "file" ) func DocumentNameAndNamespace(src source.Description, desc sbom.Descriptor) (string, string) { @@ -28,11 +28,11 @@ func DocumentNamespace(name string, src source.Description, desc sbom.Descriptor input := "unknown-source-type" switch src.Metadata.(type) { case source.StereoscopeImageSourceMetadata: - input = inputImage + input = InputImage case source.DirectorySourceMetadata: - input = inputDirectory + input = InputDirectory case source.FileSourceMetadata: - input = inputFile + input = InputFile } uniqueID := uuid.Must(uuid.NewRandom()) diff --git a/syft/format/common/spdxhelpers/document_namespace_test.go b/syft/format/internal/spdxutil/helpers/document_namespace_test.go similarity index 98% rename from syft/format/common/spdxhelpers/document_namespace_test.go rename to syft/format/internal/spdxutil/helpers/document_namespace_test.go index 9fa2ccb33..506252b71 100644 --- a/syft/format/common/spdxhelpers/document_namespace_test.go +++ b/syft/format/internal/spdxutil/helpers/document_namespace_test.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import ( "fmt" diff --git a/syft/format/common/spdxhelpers/download_location.go b/syft/format/internal/spdxutil/helpers/download_location.go similarity index 97% rename from syft/format/common/spdxhelpers/download_location.go rename to syft/format/internal/spdxutil/helpers/download_location.go index ea1ebab7c..894306dea 100644 --- a/syft/format/common/spdxhelpers/download_location.go +++ b/syft/format/internal/spdxutil/helpers/download_location.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import "github.com/anchore/syft/syft/pkg" diff --git a/syft/format/common/spdxhelpers/download_location_test.go b/syft/format/internal/spdxutil/helpers/download_location_test.go similarity index 98% rename from syft/format/common/spdxhelpers/download_location_test.go rename to syft/format/internal/spdxutil/helpers/download_location_test.go index 1420603db..7ccbed44c 100644 --- a/syft/format/common/spdxhelpers/download_location_test.go +++ b/syft/format/internal/spdxutil/helpers/download_location_test.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import ( "testing" diff --git a/syft/format/common/spdxhelpers/external_ref.go b/syft/format/internal/spdxutil/helpers/external_ref.go similarity index 98% rename from syft/format/common/spdxhelpers/external_ref.go rename to syft/format/internal/spdxutil/helpers/external_ref.go index df7415166..99c8b6594 100644 --- a/syft/format/common/spdxhelpers/external_ref.go +++ b/syft/format/internal/spdxutil/helpers/external_ref.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers type ReferenceCategory string diff --git a/syft/format/common/spdxhelpers/external_refs.go b/syft/format/internal/spdxutil/helpers/external_refs.go similarity index 96% rename from syft/format/common/spdxhelpers/external_refs.go rename to syft/format/internal/spdxutil/helpers/external_refs.go index fa3fbc7b5..0c41f3e2c 100644 --- a/syft/format/common/spdxhelpers/external_refs.go +++ b/syft/format/internal/spdxutil/helpers/external_refs.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import ( "github.com/anchore/syft/syft/pkg" diff --git a/syft/format/common/spdxhelpers/external_refs_test.go b/syft/format/internal/spdxutil/helpers/external_refs_test.go similarity index 97% rename from syft/format/common/spdxhelpers/external_refs_test.go rename to syft/format/internal/spdxutil/helpers/external_refs_test.go index 68a950e84..c3aa900a8 100644 --- a/syft/format/common/spdxhelpers/external_refs_test.go +++ b/syft/format/internal/spdxutil/helpers/external_refs_test.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import ( "testing" diff --git a/syft/format/common/spdxhelpers/file_type.go b/syft/format/internal/spdxutil/helpers/file_type.go similarity index 98% rename from syft/format/common/spdxhelpers/file_type.go rename to syft/format/internal/spdxutil/helpers/file_type.go index 97e4ab478..4958a577d 100644 --- a/syft/format/common/spdxhelpers/file_type.go +++ b/syft/format/internal/spdxutil/helpers/file_type.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers type FileType string diff --git a/syft/format/common/util/h_digest.go b/syft/format/internal/spdxutil/helpers/h_digest.go similarity index 98% rename from syft/format/common/util/h_digest.go rename to syft/format/internal/spdxutil/helpers/h_digest.go index a3c5d2048..2b7a10903 100644 --- a/syft/format/common/util/h_digest.go +++ b/syft/format/internal/spdxutil/helpers/h_digest.go @@ -1,4 +1,4 @@ -package util +package helpers import ( "encoding/base64" diff --git a/syft/format/common/util/h_digest_test.go b/syft/format/internal/spdxutil/helpers/h_digest_test.go similarity index 99% rename from syft/format/common/util/h_digest_test.go rename to syft/format/internal/spdxutil/helpers/h_digest_test.go index 329fef372..60b6b8b8d 100644 --- a/syft/format/common/util/h_digest_test.go +++ b/syft/format/internal/spdxutil/helpers/h_digest_test.go @@ -1,4 +1,4 @@ -package util +package helpers import ( "fmt" diff --git a/syft/format/common/spdxhelpers/homepage.go b/syft/format/internal/spdxutil/helpers/homepage.go similarity index 93% rename from syft/format/common/spdxhelpers/homepage.go rename to syft/format/internal/spdxutil/helpers/homepage.go index 4974a9e3f..61a43e108 100644 --- a/syft/format/common/spdxhelpers/homepage.go +++ b/syft/format/internal/spdxutil/helpers/homepage.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import "github.com/anchore/syft/syft/pkg" diff --git a/syft/format/common/spdxhelpers/homepage_test.go b/syft/format/internal/spdxutil/helpers/homepage_test.go similarity index 98% rename from syft/format/common/spdxhelpers/homepage_test.go rename to syft/format/internal/spdxutil/helpers/homepage_test.go index 2f54fd89b..cccf5aca6 100644 --- a/syft/format/common/spdxhelpers/homepage_test.go +++ b/syft/format/internal/spdxutil/helpers/homepage_test.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import ( "testing" diff --git a/syft/format/common/spdxhelpers/license.go b/syft/format/internal/spdxutil/helpers/license.go similarity index 82% rename from syft/format/common/spdxhelpers/license.go rename to syft/format/internal/spdxutil/helpers/license.go index e3352f27c..92087e08d 100644 --- a/syft/format/common/spdxhelpers/license.go +++ b/syft/format/internal/spdxutil/helpers/license.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import ( "crypto/sha256" @@ -27,12 +27,12 @@ func License(p pkg.Package) (concluded, declared string) { // take all licenses and assume an AND expression; // for information about license expressions see: // https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/ - pc, pd := parseLicenses(p.Licenses.ToSlice()) + pc, pd := ParseLicenses(p.Licenses.ToSlice()) return joinLicenses(pc), joinLicenses(pd) } -func joinLicenses(licenses []spdxLicense) string { +func joinLicenses(licenses []SPDXLicense) string { if len(licenses) == 0 { return NOASSERTION } @@ -40,7 +40,7 @@ func joinLicenses(licenses []spdxLicense) string { var newLicenses []string for _, l := range licenses { - v := l.id + v := l.ID // check if license does not start or end with parens if !strings.HasPrefix(v, "(") && !strings.HasSuffix(v, ")") { // if license contains AND, OR, or WITH, then wrap in parens @@ -57,31 +57,31 @@ func joinLicenses(licenses []spdxLicense) string { return strings.Join(newLicenses, " AND ") } -type spdxLicense struct { - id string - value string +type SPDXLicense struct { + ID string + Value string } -func parseLicenses(raw []pkg.License) (concluded, declared []spdxLicense) { +func ParseLicenses(raw []pkg.License) (concluded, declared []SPDXLicense) { for _, l := range raw { if l.Value == "" { continue } - candidate := spdxLicense{} + candidate := SPDXLicense{} if l.SPDXExpression != "" { - candidate.id = l.SPDXExpression + candidate.ID = l.SPDXExpression } else { // we did not find a valid SPDX license ID so treat as separate license if len(l.Value) <= 64 { // if the license text is less than the size of the hash, // just use it directly so the id is more readable - candidate.id = spdxlicense.LicenseRefPrefix + SanitizeElementID(l.Value) + candidate.ID = spdxlicense.LicenseRefPrefix + SanitizeElementID(l.Value) } else { hash := sha256.Sum256([]byte(l.Value)) - candidate.id = fmt.Sprintf("%s%x", spdxlicense.LicenseRefPrefix, hash) + candidate.ID = fmt.Sprintf("%s%x", spdxlicense.LicenseRefPrefix, hash) } - candidate.value = l.Value + candidate.Value = l.Value } switch l.Type { diff --git a/syft/format/common/spdxhelpers/license_test.go b/syft/format/internal/spdxutil/helpers/license_test.go similarity index 63% rename from syft/format/common/spdxhelpers/license_test.go rename to syft/format/internal/spdxutil/helpers/license_test.go index 623f43aee..b89b5e853 100644 --- a/syft/format/common/spdxhelpers/license_test.go +++ b/syft/format/internal/spdxutil/helpers/license_test.go @@ -1,16 +1,13 @@ -package spdxhelpers +package helpers import ( "strings" "testing" - "github.com/spdx/tools-golang/spdx" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "github.com/anchore/syft/internal/spdxlicense" "github.com/anchore/syft/syft/pkg" - "github.com/anchore/syft/syft/sbom" ) func Test_License(t *testing.T) { @@ -108,77 +105,6 @@ func Test_License(t *testing.T) { } } -func Test_otherLicenses(t *testing.T) { - pkg1 := pkg.Package{ - Name: "first-pkg", - Version: "1.1", - Licenses: pkg.NewLicenseSet( - pkg.NewLicense("MIT"), - ), - } - pkg2 := pkg.Package{ - Name: "second-pkg", - Version: "2.2", - Licenses: pkg.NewLicenseSet( - pkg.NewLicense("non spdx license"), - ), - } - bigText := ` - Apache License - Version 2.0, January 2004` - pkg3 := pkg.Package{ - Name: "third-pkg", - Version: "3.3", - Licenses: pkg.NewLicenseSet( - pkg.NewLicense(bigText), - ), - } - - tests := []struct { - name string - packages []pkg.Package - expected []*spdx.OtherLicense - }{ - { - name: "no other licenses when all valid spdx expressions", - packages: []pkg.Package{pkg1}, - expected: nil, - }, - { - name: "other licenses includes original text", - packages: []pkg.Package{pkg2}, - expected: []*spdx.OtherLicense{ - { - LicenseIdentifier: "LicenseRef-non-spdx-license", - ExtractedText: "non spdx license", - }, - }, - }, - { - name: "big licenses get hashed", - packages: []pkg.Package{pkg3}, - expected: []*spdx.OtherLicense{ - { - LicenseIdentifier: "LicenseRef-e9a1e42833d3e456f147052f4d312101bd171a0798893169fe596ca6b55c049e", - ExtractedText: bigText, - }, - }, - }, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - s := sbom.SBOM{ - Artifacts: sbom.Artifacts{ - Packages: pkg.NewCollection(test.packages...), - }, - } - got := ToFormatModel(s) - require.Equal(t, test.expected, got.OtherLicenses) - }) - } -} - func Test_joinLicenses(t *testing.T) { tests := []struct { name string @@ -203,11 +129,11 @@ func Test_joinLicenses(t *testing.T) { } } -func toSpdxLicenses(ids []string) (licenses []spdxLicense) { +func toSpdxLicenses(ids []string) (licenses []SPDXLicense) { for _, l := range ids { - license := spdxLicense{id: l} + license := SPDXLicense{ID: l} if strings.HasPrefix(l, spdxlicense.LicenseRefPrefix) { - license.value = l + license.Value = l } licenses = append(licenses, license) } diff --git a/syft/format/common/spdxhelpers/none_if_empty.go b/syft/format/internal/spdxutil/helpers/none_if_empty.go similarity index 87% rename from syft/format/common/spdxhelpers/none_if_empty.go rename to syft/format/internal/spdxutil/helpers/none_if_empty.go index 6cc272f1f..4c037c4ad 100644 --- a/syft/format/common/spdxhelpers/none_if_empty.go +++ b/syft/format/internal/spdxutil/helpers/none_if_empty.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import ( "strings" diff --git a/syft/format/common/spdxhelpers/none_if_empty_test.go b/syft/format/internal/spdxutil/helpers/none_if_empty_test.go similarity index 96% rename from syft/format/common/spdxhelpers/none_if_empty_test.go rename to syft/format/internal/spdxutil/helpers/none_if_empty_test.go index 3fc958934..44e5d50e5 100644 --- a/syft/format/common/spdxhelpers/none_if_empty_test.go +++ b/syft/format/internal/spdxutil/helpers/none_if_empty_test.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import ( "testing" diff --git a/syft/format/common/spdxhelpers/originator_test.go b/syft/format/internal/spdxutil/helpers/originator_test.go similarity index 99% rename from syft/format/common/spdxhelpers/originator_test.go rename to syft/format/internal/spdxutil/helpers/originator_test.go index e856d0ec6..50ea8296f 100644 --- a/syft/format/common/spdxhelpers/originator_test.go +++ b/syft/format/internal/spdxutil/helpers/originator_test.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import ( "testing" diff --git a/syft/format/common/spdxhelpers/origintor.go b/syft/format/internal/spdxutil/helpers/origintor.go similarity index 98% rename from syft/format/common/spdxhelpers/origintor.go rename to syft/format/internal/spdxutil/helpers/origintor.go index 810c6a592..e1ac4c6a9 100644 --- a/syft/format/common/spdxhelpers/origintor.go +++ b/syft/format/internal/spdxutil/helpers/origintor.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import ( "fmt" diff --git a/syft/format/common/spdxhelpers/relationship_type.go b/syft/format/internal/spdxutil/helpers/relationship_type.go similarity index 99% rename from syft/format/common/spdxhelpers/relationship_type.go rename to syft/format/internal/spdxutil/helpers/relationship_type.go index a3234c873..3d3e3c686 100644 --- a/syft/format/common/spdxhelpers/relationship_type.go +++ b/syft/format/internal/spdxutil/helpers/relationship_type.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers // source: https://spdx.github.io/spdx-spec/7-relationships-between-SPDX-elements/ type RelationshipType string diff --git a/syft/format/common/spdxhelpers/source_info.go b/syft/format/internal/spdxutil/helpers/source_info.go similarity index 99% rename from syft/format/common/spdxhelpers/source_info.go rename to syft/format/internal/spdxutil/helpers/source_info.go index c4942aeca..04af05eb3 100644 --- a/syft/format/common/spdxhelpers/source_info.go +++ b/syft/format/internal/spdxutil/helpers/source_info.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import ( "strings" diff --git a/syft/format/common/spdxhelpers/source_info_test.go b/syft/format/internal/spdxutil/helpers/source_info_test.go similarity index 99% rename from syft/format/common/spdxhelpers/source_info_test.go rename to syft/format/internal/spdxutil/helpers/source_info_test.go index 4fd221a9f..98f877916 100644 --- a/syft/format/common/spdxhelpers/source_info_test.go +++ b/syft/format/internal/spdxutil/helpers/source_info_test.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import ( "testing" diff --git a/syft/format/common/spdxhelpers/spdxid.go b/syft/format/internal/spdxutil/helpers/spdxid.go similarity index 93% rename from syft/format/common/spdxhelpers/spdxid.go rename to syft/format/internal/spdxutil/helpers/spdxid.go index f7a2180c9..d7477190d 100644 --- a/syft/format/common/spdxhelpers/spdxid.go +++ b/syft/format/internal/spdxutil/helpers/spdxid.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import ( "regexp" diff --git a/syft/format/common/spdxhelpers/spdxid_test.go b/syft/format/internal/spdxutil/helpers/spdxid_test.go similarity index 97% rename from syft/format/common/spdxhelpers/spdxid_test.go rename to syft/format/internal/spdxutil/helpers/spdxid_test.go index b66ccd45e..c3050eecd 100644 --- a/syft/format/common/spdxhelpers/spdxid_test.go +++ b/syft/format/internal/spdxutil/helpers/spdxid_test.go @@ -1,4 +1,4 @@ -package spdxhelpers +package helpers import ( "testing" diff --git a/syft/pkg/cataloger/golang/cataloger.go b/syft/pkg/cataloger/golang/cataloger.go index 78898a4f2..9b1131a1a 100644 --- a/syft/pkg/cataloger/golang/cataloger.go +++ b/syft/pkg/cataloger/golang/cataloger.go @@ -10,6 +10,7 @@ import ( "strings" "github.com/anchore/syft/internal" + "github.com/anchore/syft/internal/mimetype" "github.com/anchore/syft/syft/artifact" "github.com/anchore/syft/syft/cpe" "github.com/anchore/syft/syft/file" @@ -42,7 +43,7 @@ func NewGoModuleBinaryCataloger(opts CatalogerConfig) pkg.Cataloger { } return &progressingCataloger{ cataloger: generic.NewCataloger(binaryCatalogerName). - WithParserByMimeTypes(c.parseGoBinary, internal.ExecutableMIMETypeSet.List()...), + WithParserByMimeTypes(c.parseGoBinary, mimetype.ExecutableMIMETypeSet.List()...), } } diff --git a/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go b/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go index de2a0bfe3..c21650252 100644 --- a/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go +++ b/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go @@ -16,6 +16,7 @@ import ( "github.com/anchore/syft/internal" "github.com/anchore/syft/internal/log" + "github.com/anchore/syft/internal/mimetype" "github.com/anchore/syft/syft/artifact" "github.com/anchore/syft/syft/cpe" "github.com/anchore/syft/syft/file" @@ -573,7 +574,7 @@ func fetchPkgs(reader unionreader.UnionReader, filename string) []pkg.Package { // Catalog attempts to find any native image executables reachable from a resolver. func (c *nativeImageCataloger) Catalog(_ context.Context, resolver file.Resolver) ([]pkg.Package, []artifact.Relationship, error) { var pkgs []pkg.Package - fileMatches, err := resolver.FilesByMIMEType(internal.ExecutableMIMETypeSet.List()...) + fileMatches, err := resolver.FilesByMIMEType(mimetype.ExecutableMIMETypeSet.List()...) if err != nil { return pkgs, nil, fmt.Errorf("failed to find binaries by mime types: %w", err) } diff --git a/syft/pkg/cataloger/rust/cataloger.go b/syft/pkg/cataloger/rust/cataloger.go index f4b9cd166..8951f1b28 100644 --- a/syft/pkg/cataloger/rust/cataloger.go +++ b/syft/pkg/cataloger/rust/cataloger.go @@ -4,7 +4,7 @@ Package rust provides a concrete Cataloger implementation relating to packages w package rust import ( - "github.com/anchore/syft/internal" + "github.com/anchore/syft/internal/mimetype" "github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/pkg/cataloger/generic" ) @@ -19,5 +19,5 @@ func NewCargoLockCataloger() pkg.Cataloger { // in binaries produced with https://github.com/Shnatsel/rust-audit func NewAuditBinaryCataloger() pkg.Cataloger { return generic.NewCataloger("cargo-auditable-binary-cataloger"). - WithParserByMimeTypes(parseAuditBinary, internal.ExecutableMIMETypeSet.List()...) + WithParserByMimeTypes(parseAuditBinary, mimetype.ExecutableMIMETypeSet.List()...) }