-
Notifications
You must be signed in to change notification settings - Fork 599
/
Copy pathunknowns_tasks.go
113 lines (96 loc) · 3.46 KB
/
unknowns_tasks.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
package task
import (
"context"
"strings"
"github.com/anchore/archiver/v3"
"github.com/anchore/syft/internal/log"
"github.com/anchore/syft/internal/sbomsync"
"github.com/anchore/syft/syft/cataloging"
"github.com/anchore/syft/syft/file"
"github.com/anchore/syft/syft/pkg"
"github.com/anchore/syft/syft/sbom"
)
const unknownsLabelerTaskName = "unknowns-labeler"
func NewUnknownsLabelerTask(cfg cataloging.UnknownsConfig) Task {
return NewTask(unknownsLabelerTaskName, unknownsLabelerTask{cfg}.processUnknowns)
}
type unknownsLabelerTask struct {
cataloging.UnknownsConfig
}
// processUnknowns removes unknown entries that have valid packages reported for the locations
func (c unknownsLabelerTask) processUnknowns(_ context.Context, resolver file.Resolver, builder sbomsync.Builder) error {
accessor := builder.(sbomsync.Accessor)
accessor.WriteToSBOM(func(s *sbom.SBOM) {
c.finalize(resolver, s)
})
return nil
}
func (c unknownsLabelerTask) finalize(resolver file.Resolver, s *sbom.SBOM) {
hasPackageReference := coordinateReferenceLookup(resolver, s)
if c.RemoveWhenPackagesDefined {
for coords := range s.Artifacts.Unknowns {
if !hasPackageReference(coords) {
continue
}
delete(s.Artifacts.Unknowns, coords)
}
}
if s.Artifacts.Unknowns == nil {
s.Artifacts.Unknowns = map[file.Coordinates][]string{}
}
if c.IncludeExecutablesWithoutPackages {
for coords := range s.Artifacts.Executables {
if !hasPackageReference(coords) {
s.Artifacts.Unknowns[coords] = append(s.Artifacts.Unknowns[coords], formatUnknown("no package identified in executable file", unknownsLabelerTaskName))
}
}
}
if c.IncludeUnexpandedArchives {
for coords := range s.Artifacts.FileMetadata {
unarchiver, notArchiveErr := archiver.ByExtension(coords.RealPath)
if unarchiver != nil && notArchiveErr == nil && !hasPackageReference(coords) {
s.Artifacts.Unknowns[coords] = append(s.Artifacts.Unknowns[coords], "archive not cataloged")
}
}
}
}
func formatUnknown(err string, task ...string) string {
return strings.Join(task, "/") + ": " + err
}
func coordinateReferenceLookup(resolver file.Resolver, s *sbom.SBOM) func(coords file.Coordinates) bool {
allPackageCoords := file.NewCoordinateSet()
// include all directly included locations that result in packages
for p := range s.Artifacts.Packages.Enumerate() {
allPackageCoords.Add(p.Locations.CoordinateSet().ToSlice()...)
}
// include owned files, for example specified by package managers.
// relationships for these owned files may be disabled, but we always want to include them
for p := range s.Artifacts.Packages.Enumerate() {
if f, ok := p.Metadata.(pkg.FileOwner); ok {
for _, ownedFilePath := range f.OwnedFiles() {
// resolve these owned files, as they may have symlinks
// but coordinates we will test against are always absolute paths
locations, err := resolver.FilesByPath(ownedFilePath)
if err != nil {
log.Debugf("unable to resolve owned file '%s': %v", ownedFilePath, err)
}
for _, loc := range locations {
allPackageCoords.Add(loc.Coordinates)
}
}
}
}
// include relationships
for _, r := range s.Relationships {
_, fromPkgOk := r.From.(pkg.Package)
fromFile, fromFileOk := r.From.(file.Coordinates)
_, toPkgOk := r.To.(pkg.Package)
toFile, toFileOk := r.To.(file.Coordinates)
if fromPkgOk && toFileOk {
allPackageCoords.Add(toFile)
} else if fromFileOk && toPkgOk {
allPackageCoords.Add(fromFile)
}
}
return allPackageCoords.Contains
}