diff --git a/cargo/config.go b/cargo/config.go index f29133e2..4bda3b30 100644 --- a/cargo/config.go +++ b/cargo/config.go @@ -40,6 +40,7 @@ type ConfigMetadata struct { } type ConfigMetadataDependency struct { + CPE string `toml:"cpe" json:"cpe,omitempty"` DeprecationDate *time.Time `toml:"deprecation_date" json:"deprecation_date,omitempty"` ID string `toml:"id" json:"id,omitempty"` Name string `toml:"name" json:"name,omitempty"` diff --git a/cargo/config_test.go b/cargo/config_test.go index ead10812..3a739d53 100644 --- a/cargo/config_test.go +++ b/cargo/config_test.go @@ -56,6 +56,7 @@ func testConfig(t *testing.T, context spec.G, it spec.S) { PrePackage: "some-pre-package-script.sh", Dependencies: []cargo.ConfigMetadataDependency{ { + CPE: "some-cpe", DeprecationDate: &deprecationDate, ID: "some-dependency", Name: "Some Dependency", @@ -109,6 +110,7 @@ pre-package = "some-pre-package-script.sh" some-dependency = "1.2.x" [[metadata.dependencies]] + cpe = "some-cpe" deprecation_date = "2020-06-01T00:00:00Z" id = "some-dependency" name = "Some Dependency" @@ -200,6 +202,7 @@ some-dependency = "1.2.x" key = "value" [[metadata.dependencies]] + cpe = "some-cpe" id = "some-dependency" name = "Some Dependency" sha256 = "shasum" @@ -260,6 +263,7 @@ some-dependency = "1.2.x" PrePackage: "some-pre-package-script.sh", Dependencies: []cargo.ConfigMetadataDependency{ { + CPE: "some-cpe", ID: "some-dependency", Name: "Some Dependency", SHA256: "shasum", diff --git a/cargo/jam/internal/dependency.go b/cargo/jam/internal/dependency.go index 45acfafa..fb1dabb5 100644 --- a/cargo/jam/internal/dependency.go +++ b/cargo/jam/internal/dependency.go @@ -127,6 +127,7 @@ func convertToCargoDependency(dependency Dependency, dependencyName string) carg cargoDependency.DeprecationDate = &deprecationDate } + cargoDependency.CPE = dependency.CPE cargoDependency.ID = dependency.ID cargoDependency.Name = dependencyName cargoDependency.SHA256 = dependency.SHA256 diff --git a/cargo/jam/internal/dependency_test.go b/cargo/jam/internal/dependency_test.go index 17fd1fab..0915dffa 100644 --- a/cargo/jam/internal/dependency_test.go +++ b/cargo/jam/internal/dependency_test.go @@ -276,6 +276,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) { Expect(err).NotTo(HaveOccurred()) Expect(dependencies).To(Equal([]cargo.ConfigMetadataDependency{ { + CPE: "cpe-notation", ID: "some-dep", Version: "1.0.0", Stacks: []string{"some-stack"}, @@ -285,6 +286,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) { SourceSHA256: "some-source-sha", }, { + CPE: "cpe-notation", ID: "some-dep", Version: "1.1.2", Stacks: []string{"some-stack-two"}, @@ -294,6 +296,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) { SourceSHA256: "some-source-sha-two", }, { + CPE: "cpe-notation", ID: "some-dep", Version: "1.5.6", Stacks: []string{"some-stack-three"}, diff --git a/cargo/jam/update_dependencies_test.go b/cargo/jam/update_dependencies_test.go index 5bb33e9a..7430bb29 100644 --- a/cargo/jam/update_dependencies_test.go +++ b/cargo/jam/update_dependencies_test.go @@ -54,7 +54,8 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) { } ], "source": "some-source", - "source_sha256": "some-source-sha" + "source_sha256": "some-source-sha", + "cpe": "node-cpe" }, { "name": "node", @@ -67,7 +68,8 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) { } ], "source": "some-source", - "source_sha256": "some-source-sha" + "source_sha256": "some-source-sha", + "cpe": "node-cpe" }, { "name": "node", @@ -80,7 +82,8 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) { } ], "source": "some-source", - "source_sha256": "some-source-sha" + "source_sha256": "some-source-sha", + "cpe": "node-cpe" }, { "name": "node", @@ -93,7 +96,8 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) { } ], "source": "some-source", - "source_sha256": "some-source-sha" + "source_sha256": "some-source-sha", + "cpe": "node-cpe" }]`) } @@ -122,6 +126,7 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) { include-files = ["buildpack.toml"] [[metadata.dependencies]] + cpe = "node-cpe" id = "node" name = "Node Engine" sha256 = "some-sha" @@ -132,6 +137,7 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) { version = "1.2.3" [[metadata.dependencies]] + cpe = "node-cpe" id = "node" name = "Node Engine" sha256 = "some-sha" @@ -142,6 +148,7 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) { version = "2.1.1" [[metadata.dependencies]] + cpe = "node-cpe" id = "node" name = "Node Engine" sha256 = "some-sha" @@ -200,6 +207,7 @@ api = "0.2" include-files = ["buildpack.toml"] [[metadata.dependencies]] + cpe = "node-cpe" id = "node" name = "Node Engine" sha256 = "some-sha" @@ -210,6 +218,7 @@ api = "0.2" version = "1.3.5" [[metadata.dependencies]] + cpe = "node-cpe" id = "node" name = "Node Engine" sha256 = "some-sha" @@ -220,6 +229,7 @@ api = "0.2" version = "2.1.9" [[metadata.dependencies]] + cpe = "node-cpe" id = "node" name = "Node Engine" sha256 = "some-sha" @@ -258,6 +268,7 @@ api = "0.2" include-files = ["buildpack.toml"] [[metadata.dependencies]] + cpe = "node-cpe" id = "node" name = "Node Engine" sha256 = "some-sha" @@ -310,6 +321,7 @@ api = "0.2" include-files = ["buildpack.toml"] [[metadata.dependencies]] + cpe = "node-cpe" id = "node" name = "Node Engine" sha256 = "some-sha" @@ -344,6 +356,7 @@ api = "0.2" include-files = ["buildpack.toml"] [[metadata.dependencies]] + cpe = "node-cpe" id = "node" name = "Node Engine" sha256 = "some-sha" @@ -396,6 +409,7 @@ api = "0.2" include-files = ["buildpack.toml"] [[metadata.dependencies]] + cpe = "node-cpe" id = "node" name = "Node Engine" sha256 = "some-sha" @@ -484,6 +498,7 @@ api = "0.2" include-files = ["buildpack.toml"] [[metadata.dependencies]] + cpe = "non-existent-cpe" id = "non-existent" sha256 = "some-sha" source = "some-source"