improve language package URLs

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
anchore · Jan 18, 2022 · ea7cd47 · ea7cd47
1 parent 05d74a3
commit ea7cd47
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 6 deletions.
diff --git a/syft/pkg/java_metadata.go b/syft/pkg/java_metadata.go
@@ -3,10 +3,14 @@ package pkg
 import (
 	"strings"
 
+	"github.com/anchore/syft/syft/linux"
+
 	"github.com/anchore/packageurl-go"
 	"github.com/anchore/syft/internal"
 )
 
+var _ urlIdentifier = (*JavaMetadata)(nil)
+
 var JenkinsPluginPomPropertiesGroupIDs = []string{
 	"io.jenkins.plugins",
 	"org.jenkins.plugins",
@@ -69,7 +73,7 @@ type JavaManifest struct {
 }
 
 // PackageURL returns the PURL for the specific Alpine package (see https://github.com/package-url/purl-spec)
-func (m JavaMetadata) PackageURL() string {
+func (m JavaMetadata) PackageURL(_ *linux.Release) string {
 	if m.PomProperties != nil {
 		pURL := packageurl.NewPackageURL(
 			packageurl.TypeMaven,

diff --git a/syft/pkg/java_metadata_test.go b/syft/pkg/java_metadata_test.go
@@ -136,7 +136,7 @@ func TestJavaMetadata_pURL(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.expected, func(t *testing.T) {
-			actual := test.metadata.PackageURL()
+			actual := test.metadata.PackageURL(nil)
 			if actual != test.expected {
 				dmp := diffmatchpatch.New()
 				diffs := dmp.DiffMain(test.expected, actual, true)

diff --git a/syft/pkg/python_package_metadata.go b/syft/pkg/python_package_metadata.go
@@ -4,11 +4,16 @@ import (
 	"fmt"
 	"sort"
 
+	"github.com/anchore/syft/syft/linux"
+
 	"github.com/anchore/packageurl-go"
 	"github.com/scylladb/go-set/strset"
 )
 
-var _ FileOwner = (*PythonPackageMetadata)(nil)
+var (
+	_ FileOwner     = (*PythonPackageMetadata)(nil)
+	_ urlIdentifier = (*PythonPackageMetadata)(nil)
+)
 
 // PythonFileDigest represents the file metadata for a single file attributed to a python package.
 type PythonFileDigest struct {
@@ -76,7 +81,7 @@ func (m PythonPackageMetadata) OwnedFiles() (result []string) {
 	return result
 }
 
-func (m PythonPackageMetadata) PackageURL() string {
+func (m PythonPackageMetadata) PackageURL(_ *linux.Release) string {
 	// generate a purl from the package data
 	pURL := packageurl.NewPackageURL(
 		packageurl.TypePyPi,
@@ -101,7 +106,7 @@ func (p PythonDirectURLOriginInfo) vcsURLQualifier() packageurl.Qualifiers {
 	if p.VCS != "" {
 		// Taken from https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst#known-qualifiers-keyvalue-pairs
 		// packageurl-go still doesn't support all qualifier names
-		return packageurl.Qualifiers{{Key: "vcs_url", Value: fmt.Sprintf("%s+%s@%s", p.VCS, p.URL, p.CommitID)}}
+		return packageurl.Qualifiers{{Key: purlVCSURL, Value: fmt.Sprintf("%s+%s@%s", p.VCS, p.URL, p.CommitID)}}
 	}
-	return packageurl.Qualifiers{}
+	return nil
 }
diff --git a/syft/pkg/python_package_metadata_test.go b/syft/pkg/python_package_metadata_test.go
@@ -1,12 +1,60 @@
 package pkg
 
 import (
+	"github.com/anchore/syft/syft/linux"
+	"github.com/sergi/go-diff/diffmatchpatch"
 	"strings"
 	"testing"
 
 	"github.com/go-test/deep"
 )
 
+func TestPythonPackageMetadata_pURL(t *testing.T) {
+	tests := []struct {
+		name     string
+		distro   *linux.Release
+		metadata PythonPackageMetadata
+		expected string
+	}{
+		{
+			name: "with vcs info",
+			metadata: PythonPackageMetadata{
+				Name:    "name",
+				Version: "v0.1.0",
+				DirectURLOrigin: &PythonDirectURLOriginInfo{
+					VCS:      "git",
+					URL:      "https://github.com/test/test.git",
+					CommitID: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+				},
+			},
+			expected: "pkg:pypi/name@v0.1.0?vcs_url=git+https:%2F%2Fgithub.com%2Ftest%2Ftest.git@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+		},
+		{
+			name: "should not respond to release info",
+			distro: &linux.Release{
+				ID:        "rhel",
+				VersionID: "8.4",
+			},
+			metadata: PythonPackageMetadata{
+				Name:    "name",
+				Version: "v0.1.0",
+			},
+			expected: "pkg:pypi/name@v0.1.0",
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			actual := test.metadata.PackageURL(test.distro)
+			if actual != test.expected {
+				dmp := diffmatchpatch.New()
+				diffs := dmp.DiffMain(test.expected, actual, true)
+				t.Errorf("diff: %s", dmp.DiffPrettyText(diffs))
+			}
+		})
+	}
+}
+
 func TestPythonMetadata_FileOwner(t *testing.T) {
 	tests := []struct {
 		metadata PythonPackageMetadata