feat: Add Wordpress cataloger (#2218)

* Closes #1911 Wordpress cataloger

Signed-off-by: disc <a.hacicheant@gmail.com>

* Fixed a few unit tests and static analizer notices

Signed-off-by: disc <a.hacicheant@gmail.com>

* Updated `README.md`

Signed-off-by: disc <a.hacicheant@gmail.com>

* Fixed `golangci-lint` notices
Added integration test for `wordpress-plugin`

Signed-off-by: disc <a.hacicheant@gmail.com>

* Fixed `gosimports` notices

Signed-off-by: disc <a.hacicheant@gmail.com>

* Updated `json schema` version

Signed-off-by: disc <a.hacicheant@gmail.com>

* Fixed CLI tests, increased expected package count

Signed-off-by: disc <a.hacicheant@gmail.com>

* Read first 4Kb of a plugins file's content

Signed-off-by: disc <a.hacicheant@gmail.com>

* replace JSON schema version

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* change wording on source info for wordpress packages

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* Minor changes after a huge refactoring

Signed-off-by: disc <a.hacicheant@gmail.com>

* Removed unused files

Signed-off-by: disc <a.hacicheant@gmail.com>

* Updated schema

Signed-off-by: disc <a.hacicheant@gmail.com>

* Fixed integration tests

Signed-off-by: disc <a.hacicheant@gmail.com>

* fix integration tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* Renamed `metadata.Name` to `metadata.PluginInstallDirectory`

Signed-off-by: disc <a.hacicheant@gmail.com>

* rename fields to be compliant with json conventions

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: disc <a.hacicheant@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>

README.md

@@ -54,6 +54,7 @@ For commercial support options with Syft or Grype, please [contact Anchore](http
 - Ruby (gem)
 - Rust (cargo.lock)
 - Swift (cocoapods, swift-package-manager)
+- Wordpress plugins
 
 ## Installation
 

cmd/syft/internal/test/integration/catalog_packages_cases_test.go

@@ -452,4 +452,12 @@ var commonTestCases = []testCase{
 			"glibc": "2.34-210",
 		},
 	},
+	{
+		name:        "find wordpress plugins",
+		pkgType:     pkg.WordpressPluginPkg,
+		pkgLanguage: pkg.PHP,
+		pkgInfo: map[string]string{
+			"Akismet Anti-spam: Spam Protection": "5.3",
+		},
+	},
 }

cmd/syft/internal/test/integration/catalog_packages_test.go

@@ -123,7 +123,6 @@ func TestPkgCoverageImage(t *testing.T) {
 				}
 				t.Fatalf("unexpected package count: %d!=%d", pkgCount, len(c.pkgInfo))
 			}
-
 		})
 	}
 
@@ -211,7 +210,6 @@ func TestPkgCoverageDirectory(t *testing.T) {
 				}
 				t.Fatalf("unexpected package count: %d!=%d", actualPkgCount, len(test.pkgInfo))
 			}
-
 		})
 	}
 
@@ -249,7 +247,6 @@ func TestPkgCoverageImage_HasEvidence(t *testing.T) {
 
 	for _, c := range cases {
 		t.Run(c.name, func(t *testing.T) {
-
 			for a := range sbom.Artifacts.Packages.Enumerate(c.pkgType) {
 				assert.NotEmpty(t, a.Locations.ToSlice(), "package %q has no locations (type=%q)", a.Name, a.Type)
 				for _, l := range a.Locations.ToSlice() {
@@ -259,7 +256,6 @@ func TestPkgCoverageImage_HasEvidence(t *testing.T) {
 					}
 				}
 			}
-
 		})
 	}
 
@@ -279,7 +275,6 @@ func TestPkgCoverageDirectory_HasEvidence(t *testing.T) {
 
 	for _, c := range cases {
 		t.Run(c.name, func(t *testing.T) {
-
 			for a := range sbom.Artifacts.Packages.Enumerate(c.pkgType) {
 				assert.NotEmpty(t, a.Locations.ToSlice(), "package %q has no locations (type=%q)", a.Name, a.Type)
 				for _, l := range a.Locations.ToSlice() {
@@ -289,7 +284,6 @@ func TestPkgCoverageDirectory_HasEvidence(t *testing.T) {
 					}
 				}
 			}
-
 		})
 	}
 

cmd/syft/internal/test/integration/test-fixtures/image-pkg-coverage/pkgs/wordpress/wp-content/plugins/akismet/akismet.php

@@ -0,0 +1,17 @@
+<?php
+/**
+ * @package Akismet
+ */
+/*
+Plugin Name:Akismet Anti-spam: Spam Protection
+Plugin URI: https://akismet.com/
+Description: Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from spam</strong>. Akismet Anti-spam keeps your site protected even while you sleep. To get started: activate the Akismet plugin and then go to your Akismet Settings page to set up your API key.
+Version: 5.3
+Requires at least: 5.8
+Requires PHP: 5.6.20
+Author: Automattic - Anti-spam Team
+Author URI: https://automattic.com/wordpress-plugins/
+License: GPLv2 or later
+Text Domain: akismet
+*/
+// rest of plugin's code ...

internal/constants.go

@@ -3,5 +3,5 @@ package internal
 const (
 	// JSONSchemaVersion is the current schema version output by the JSON encoder
 	// This is roughly following the "SchemaVer" guidelines for versioning the JSON schema. Please see schema/json/README.md for details on how to increment.
-	JSONSchemaVersion = "16.0.3"
+	JSONSchemaVersion = "16.0.4"
 )

internal/task/package_tasks.go

@@ -28,6 +28,7 @@ import (
 	"github.com/anchore/syft/syft/pkg/cataloger/rust"
 	sbomCataloger "github.com/anchore/syft/syft/pkg/cataloger/sbom"
 	"github.com/anchore/syft/syft/pkg/cataloger/swift"
+	"github.com/anchore/syft/syft/pkg/cataloger/wordpress"
 )
 
 //nolint:funlen
@@ -125,5 +126,6 @@ func DefaultPackageTaskFactories() PackageTaskFactories {
 			pkgcataloging.DeclaredTag, pkgcataloging.DirectoryTag, pkgcataloging.InstalledTag, pkgcataloging.ImageTag, "linux", "kernel",
 		),
 		newSimplePackageTaskFactory(sbomCataloger.NewCataloger, "sbom"), // note: not evidence of installed packages
+		newSimplePackageTaskFactory(wordpress.NewWordpressPluginCataloger, pkgcataloging.DirectoryTag, pkgcataloging.ImageTag, "wordpress"),
 	}
 }