update package lock tests

Signed-off-by: Benji Visser <benji@093b.org>
noqcks · Oct 11, 2023 · 996e6fe · 996e6fe
1 parent 294cf5d
commit 996e6fe
Show file tree

Hide file tree

Showing 4 changed files with 326 additions and 322 deletions.
diff --git a/syft/pkg/cataloger/javascript/cataloger_test.go b/syft/pkg/cataloger/javascript/cataloger_test.go
@@ -33,15 +33,16 @@ func expectedPackagesAndRelationshipsLockV1(locationSet file.LocationSet, metada
 		},
 	}
 	rxjs := pkg.Package{
-		Name:         "rxjs",
-		Version:      "7.5.7",
-		FoundBy:      "javascript-cataloger",
-		PURL:         "pkg:npm/rxjs@7.5.7",
-		Locations:    locationSet,
-		Language:     pkg.JavaScript,
-		Type:         pkg.NpmPkg,
-		MetadataType: pkg.NpmPackageLockJSONMetadataType,
-		Metadata:     pkg.NpmPackageLockJSONMetadata{},
+		Name:          "rxjs",
+		Version:       "7.5.7",
+		FoundBy:       "javascript-cataloger",
+		PURL:          "pkg:npm/rxjs@7.5.7",
+		Locations:     locationSet,
+		Language:      pkg.JavaScript,
+		Type:          pkg.NpmPkg,
+		MetadataType:  pkg.NpmPackageLockJSONMetadataType,
+		ComponentType: pkg.ComponentTypeLibrary,
+		Metadata:      pkg.NpmPackageLockJSONMetadata{},
 	}
 	testApp := pkg.Package{
 		Name:          "test-app",
@@ -56,37 +57,40 @@ func expectedPackagesAndRelationshipsLockV1(locationSet file.LocationSet, metada
 		Metadata:      pkg.NpmPackageLockJSONMetadata{},
 	}
 	tslib := pkg.Package{
-		Name:         "tslib",
-		Version:      "2.6.2",
-		FoundBy:      "javascript-cataloger",
-		PURL:         "pkg:npm/tslib@2.6.2",
-		Locations:    locationSet,
-		Language:     pkg.JavaScript,
-		Type:         pkg.NpmPkg,
-		MetadataType: pkg.NpmPackageLockJSONMetadataType,
-		Metadata:     pkg.NpmPackageLockJSONMetadata{},
+		Name:          "tslib",
+		Version:       "2.6.2",
+		FoundBy:       "javascript-cataloger",
+		PURL:          "pkg:npm/tslib@2.6.2",
+		Locations:     locationSet,
+		Language:      pkg.JavaScript,
+		Type:          pkg.NpmPkg,
+		MetadataType:  pkg.NpmPackageLockJSONMetadataType,
+		ComponentType: pkg.ComponentTypeLibrary,
+		Metadata:      pkg.NpmPackageLockJSONMetadata{},
 	}
 	typescript := pkg.Package{
-		Name:         "typescript",
-		Version:      "4.7.4",
-		FoundBy:      "javascript-cataloger",
-		PURL:         "pkg:npm/typescript@4.7.4",
-		Locations:    locationSet,
-		Language:     pkg.JavaScript,
-		Type:         pkg.NpmPkg,
-		MetadataType: pkg.NpmPackageLockJSONMetadataType,
-		Metadata:     pkg.NpmPackageLockJSONMetadata{},
+		Name:          "typescript",
+		Version:       "4.7.4",
+		FoundBy:       "javascript-cataloger",
+		PURL:          "pkg:npm/typescript@4.7.4",
+		Locations:     locationSet,
+		Language:      pkg.JavaScript,
+		Type:          pkg.NpmPkg,
+		MetadataType:  pkg.NpmPackageLockJSONMetadataType,
+		ComponentType: pkg.ComponentTypeLibrary,
+		Metadata:      pkg.NpmPackageLockJSONMetadata{},
 	}
 	zonejs := pkg.Package{
-		Name:         "zone.js",
-		Version:      "0.11.8",
-		FoundBy:      "javascript-cataloger",
-		PURL:         "pkg:npm/zone.js@0.11.8",
-		Locations:    locationSet,
-		Language:     pkg.JavaScript,
-		Type:         pkg.NpmPkg,
-		MetadataType: pkg.NpmPackageLockJSONMetadataType,
-		Metadata:     pkg.NpmPackageLockJSONMetadata{},
+		Name:          "zone.js",
+		Version:       "0.11.8",
+		FoundBy:       "javascript-cataloger",
+		PURL:          "pkg:npm/zone.js@0.11.8",
+		Locations:     locationSet,
+		Language:      pkg.JavaScript,
+		Type:          pkg.NpmPkg,
+		MetadataType:  pkg.NpmPackageLockJSONMetadataType,
+		ComponentType: pkg.ComponentTypeLibrary,
+		Metadata:      pkg.NpmPackageLockJSONMetadata{},
 	}
 
 	l := []*pkg.Package{
@@ -754,7 +758,7 @@ func Test_JavaScriptCataloger_PnpmLock(t *testing.T) {
 // 		expected []string
 // 	}{
 // 		{
-// 			name:    "obtain package lock files",
+// 			name:    "obtain package lock files",pcomponent_test.go
 // 			fixture: "test-fixtures/pkg-json-and-lock/v1",
 // 			expected: []string{
 // 				"package-lock.json",

diff --git a/syft/pkg/cataloger/javascript/package.go b/syft/pkg/cataloger/javascript/package.go
@@ -123,7 +123,7 @@ func packageURL(name, version string) string {
 	).ToString()
 }
 
-func newPackageLockV1Package(resolver file.Resolver, location file.Location, name string, u packageLockDependency) pkg.Package {
+func newPackageLockV1Package(resolver file.Resolver, location file.Location, name string, componentType pkg.ComponentType, u packageLockDependency) pkg.Package {
 	version := u.Version
 
 	const aliasPrefixPackageLockV1 = "npm:"
@@ -143,14 +143,15 @@ func newPackageLockV1Package(resolver file.Resolver, location file.Location, nam
 		resolver,
 		location,
 		pkg.Package{
-			Name:         name,
-			Version:      version,
-			Locations:    file.NewLocationSet(location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)),
-			PURL:         packageURL(name, version),
-			Language:     pkg.JavaScript,
-			Type:         pkg.NpmPkg,
-			MetadataType: pkg.NpmPackageLockJSONMetadataType,
-			Metadata:     pkg.NpmPackageLockJSONMetadata{Resolved: u.Resolved, Integrity: u.Integrity},
+			Name:          name,
+			Version:       version,
+			Locations:     file.NewLocationSet(location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation)),
+			PURL:          packageURL(name, version),
+			Language:      pkg.JavaScript,
+			Type:          pkg.NpmPkg,
+			ComponentType: componentType,
+			MetadataType:  pkg.NpmPackageLockJSONMetadataType,
+			Metadata:      pkg.NpmPackageLockJSONMetadata{Resolved: u.Resolved, Integrity: u.Integrity},
 		},
 	)
 }

diff --git a/syft/pkg/cataloger/javascript/parse_package_lock.go b/syft/pkg/cataloger/javascript/parse_package_lock.go
@@ -14,6 +14,7 @@ import (
 	"github.com/anchore/syft/internal/log"
 	"github.com/anchore/syft/syft/artifact"
 	"github.com/anchore/syft/syft/file"
+	"github.com/anchore/syft/syft/pkg"
 	syftPkg "github.com/anchore/syft/syft/pkg"
 	"github.com/anchore/syft/syft/pkg/cataloger/generic"
 )
@@ -117,6 +118,13 @@ func finalizePackageLockWithoutPackageJSON(resolver file.Resolver, pkglock *pack
 	}
 
 	if pkglock.LockfileVersion == 3 || pkglock.LockfileVersion == 2 {
+		root = newPackageLockV2Package(
+			resolver,
+			indexLocation,
+			pkglock.Name,
+			syftPkg.ComponentTypeApplication,
+			*pkglock.Packages[""],
+		)
 		return finalizePackageLockV2(resolver, pkglock, indexLocation, root)
 	}
 
@@ -163,7 +171,13 @@ func finalizePackageLockWithoutPackageJSONV1(resolver file.Resolver, pkglock *pa
 	// create packages
 	for name, lockDep := range pkglock.Dependencies {
 		lockDep.name = name
-		pkg := newPackageLockV1Package(resolver, indexLocation, name, *lockDep)
+		pkg := newPackageLockV1Package(
+			resolver,
+			indexLocation,
+			name,
+			pkg.ComponentTypeLibrary,
+			*lockDep,
+		)
 		pkgs = append(pkgs, pkg)
 	}
 	syftPkg.Sort(pkgs)
@@ -183,7 +197,13 @@ func finalizePackageLockWithPackageJSONV1(resolver file.Resolver, pkgjson *packa
 	// create packages
 	for name, lockDep := range pkglock.Dependencies {
 		lockDep.name = name
-		pkg := newPackageLockV1Package(resolver, indexLocation, name, *lockDep)
+		pkg := newPackageLockV1Package(
+			resolver,
+			indexLocation,
+			name,
+			pkg.ComponentTypeLibrary,
+			*lockDep,
+		)
 		pkgs = append(pkgs, pkg)
 		depnameMap[name] = pkg
 	}