upgrade syft to v1.10.0 (#385)

Signed-off-by: Benji Visser <[email protected]>
xeol-io · Aug 12, 2024 · fc26694 · fc26694
1 parent d60c12a
commit fc26694
Show file tree

Hide file tree

Showing 43 changed files with 1,523 additions and 1,021 deletions.
diff --git a/cmd/xeol/cli/commands/completion.go b/cmd/xeol/cli/commands/completion.go
@@ -5,8 +5,8 @@ import (
 	"os"
 	"strings"
 
-	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/image"
 	"github.com/docker/docker/client"
 	"github.com/spf13/cobra"
 )
@@ -76,7 +76,7 @@ func listLocalDockerImages(prefix string) ([]string, error) {
 	// Only want to return tagged images
 	imageListArgs := filters.NewArgs()
 	imageListArgs.Add("dangling", "false")
-	images, err := cli.ImageList(ctx, types.ImageListOptions{All: false, Filters: imageListArgs})
+	images, err := cli.ImageList(ctx, image.ListOptions{All: false, Filters: imageListArgs})
 	if err != nil {
 		return repoTags, err
 	}

diff --git a/cmd/xeol/cli/commands/root.go b/cmd/xeol/cli/commands/root.go
@@ -10,7 +10,9 @@ import (
 
 	"github.com/CycloneDX/cyclonedx-go"
 	"github.com/anchore/clio"
-	"github.com/anchore/syft/syft/formats/common/cyclonedxhelpers"
+	"github.com/anchore/syft/syft"
+	"github.com/anchore/syft/syft/cataloging/pkgcataloging"
+	"github.com/anchore/syft/syft/format/common/cyclonedxhelpers"
 	"github.com/anchore/syft/syft/linux"
 	syftPkg "github.com/anchore/syft/syft/pkg"
 	"github.com/anchore/syft/syft/sbom"
@@ -187,7 +189,7 @@ func runXeol(app clio.Application, opts *options.Xeol, userInput string) error {
 		var failScan bool
 		var imageVerified bool
 		var sourceIsImageType bool
-		if _, ok := s.Source.Metadata.(source.StereoscopeImageSourceMetadata); ok {
+		if _, ok := s.Source.Metadata.(source.ImageMetadata); ok {
 			sourceIsImageType = true
 		}
 
@@ -347,10 +349,51 @@ func getMatchers(opts *options.Xeol) []matcher.Matcher {
 }
 
 func getProviderConfig(opts *options.Xeol) pkg.ProviderConfig {
+	cfg := syft.DefaultCreateSBOMConfig().WithCatalogerSelection(
+		pkgcataloging.NewSelectionRequest().WithRemovals(
+			// the dotnet-executable-parser has myriad issues with naming as well as
+			// incorrect versioning, excluding it for now until the quality is better.
+			// https://github.com/xeol-io/xeol/pull/232
+			"dotnet-portable-executable-cataloger",
+		).WithAdditions(
+			"alpm-db-cataloger",
+			"apk-db-cataloger",
+			"cargo-auditable-binary-cataloger",
+			"cocoapods-cataloger",
+			"conan-cataloger",
+			"dart-pubspec-lock-cataloger",
+			"dotnet-deps-cataloger",
+			"dpkg-db-cataloger",
+			"javascript-package-cataloger",
+			"javascript-lock-cataloger",
+			"elixir-mix-lock-cataloger",
+			"erlang-rebar-lock-cataloger",
+			"go-module-file-cataloger",
+			"go-module-binary-cataloger",
+			"graalvm-native-image-cataloger",
+			"haskell-cataloger",
+			"java-archive-cataloger",
+			"java-gradle-lockfile-cataloger",
+			"java-pom-cataloger",
+			"linux-kernel-cataloger",
+			"nix-store-cataloger",
+			"php-composer-installed-cataloger",
+			"php-composer-lock-cataloger",
+			"portage-cataloger",
+			"python-package-cataloger",
+			"python-installed-package-cataloger",
+			"rpm-db-cataloger",
+			"rpm-archive-cataloger",
+			"ruby-gemfile-cataloger",
+			"ruby-installed-gemspec-cataloger",
+			"rust-cargo-lock-cataloger",
+			"sbom-cataloger",
+		))
+
 	return pkg.ProviderConfig{
 		SyftProviderConfig: pkg.SyftProviderConfig{
 			RegistryOptions:        opts.Registry.ToOptions(),
-			CatalogingOptions:      opts.Search.ToConfig(),
+			SBOMOptions:            cfg,
 			Platform:               opts.Platform,
 			Name:                   opts.Name,
 			DefaultImagePullSource: opts.DefaultImagePullSource,

diff --git a/cmd/xeol/cli/options/search.go b/cmd/xeol/cli/options/search.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 
 	"github.com/anchore/clio"
-	"github.com/anchore/syft/syft/pkg/cataloger"
+	"github.com/anchore/syft/syft/cataloging"
 	"github.com/anchore/syft/syft/source"
 )
 
@@ -14,10 +14,13 @@ type search struct {
 	IncludeIndexedArchives   bool   `yaml:"indexed-archives" json:"indexed-archives" mapstructure:"indexed-archives"`
 }
 
-var _ clio.PostLoader = (*search)(nil)
+var _ interface {
+	clio.PostLoader
+	clio.FieldDescriber
+} = (*search)(nil)
 
 func defaultSearch(scope source.Scope) search {
-	c := cataloger.DefaultSearchConfig()
+	c := cataloging.DefaultArchiveSearchConfig()
 	return search{
 		Scope:                    scope.String(),
 		IncludeUnindexedArchives: c.IncludeUnindexedArchives,
@@ -33,52 +36,14 @@ func (cfg *search) PostLoad() error {
 	return nil
 }
 
-func (cfg search) GetScope() source.Scope {
-	return source.ParseScope(cfg.Scope)
+func (cfg *search) DescribeFields(descriptions clio.FieldDescriptionSet) {
+	descriptions.Add(&cfg.IncludeUnindexedArchives, `search within archives that do contain a file index to search against (zip)
+note: for now this only applies to the java package cataloger`)
+	descriptions.Add(&cfg.IncludeIndexedArchives, `search within archives that do not contain a file index to search against (tar, tar.gz, tar.bz2, etc)
+note: enabling this may result in a performance impact since all discovered compressed tars will be decompressed
+note: for now this only applies to the java package cataloger`)
 }
 
-func (cfg search) ToConfig() cataloger.Config {
-	return cataloger.Config{
-		Search: cataloger.SearchConfig{
-			IncludeIndexedArchives:   cfg.IncludeIndexedArchives,
-			IncludeUnindexedArchives: cfg.IncludeUnindexedArchives,
-			Scope:                    cfg.GetScope(),
-		},
-		Catalogers: []string{
-			"alpm-db-cataloger",
-			"apkdb-cataloger",
-			"binary-cataloger",
-			"cargo-auditable-binary-cataloger",
-			"cocoapods-cataloger",
-			"conan-cataloger",
-			"dartlang-lock-cataloger",
-			"dotnet-deps-cataloger",
-			"dpkgdb-cataloger",
-			"javascript-cataloger",
-			"elixir-mix-lock-cataloger",
-			"erlang-rebar-lock-cataloger",
-			"go-module-file-cataloger",
-			"go-module-binary-cataloger",
-			"graalvm-native-image-cataloger",
-			"haskell-cataloger",
-			"java-cataloger",
-			"java-gradle-lockfile-cataloger",
-			"java-pom-cataloger",
-			"linux-kernel-cataloger",
-			"nix-store-cataloger",
-			"php-composer-installed-cataloger",
-			"php-composer-lock-cataloger",
-			"portage-cataloger",
-			"python-package-cataloger",
-			"python-installed-package-cataloger",
-			"rpm-db-cataloger",
-			"rpm-archive-cataloger",
-			"ruby-gemfile-cataloger",
-			"ruby-installed-gemspec-cataloger",
-			"rust-cargo-lock-cataloger",
-			"sbom-cataloger",
-			"spm-cataloger",
-		},
-		ExcludeBinaryOverlapByOwnership: true,
-	}
+func (cfg search) GetScope() source.Scope {
+	return source.ParseScope(cfg.Scope)
 }
diff --git a/cmd/xeol/cli/ui/handle_eol_scanning_started.go b/cmd/xeol/cli/ui/handle_eol_scanning_started.go
@@ -64,11 +64,11 @@ func (p eolScanningAdapter) Stage() string {
 	return fmt.Sprintf("%d eol matches", p.mon.MatchesDiscovered.Current())
 }
 
-func (m *Handler) handleEolScanningStarted(e partybus.Event) []tea.Model {
+func (m *Handler) handleEolScanningStarted(e partybus.Event) ([]tea.Model, tea.Cmd) {
 	mon, err := parsers.ParseEolScanningStarted(e)
 	if err != nil {
 		log.WithFields("error", err).Warn("unable to parse event")
-		return nil
+		return nil, nil
 	}
 
 	tsk := m.newTaskProgress(
@@ -87,7 +87,7 @@ func (m *Handler) handleEolScanningStarted(e partybus.Event) []tea.Model {
 	return []tea.Model{
 		tsk,
 		neweolProgressTree(mon, textStyle),
-	}
+	}, nil
 }
 
 func (l eolProgressTree) Init() tea.Cmd {

diff --git a/cmd/xeol/cli/ui/handle_eol_scanning_started_test.go b/cmd/xeol/cli/ui/handle_eol_scanning_started_test.go
@@ -49,7 +49,7 @@ func TestHandler_handleEolScanningStarted(t *testing.T) {
 				Height: 80,
 			}
 
-			models := handler.Handle(e)
+			models, _ := handler.Handle(e)
 			require.Len(t, models, 2)
 
 			t.Run("task line", func(t *testing.T) {

diff --git a/cmd/xeol/cli/ui/handle_update_eol_database.go b/cmd/xeol/cli/ui/handle_update_eol_database.go
@@ -32,11 +32,11 @@ func (s dbDownloadProgressStager) Stage() string {
 	return stage
 }
 
-func (m *Handler) handleUpdateEolDatabase(e partybus.Event) []tea.Model {
+func (m *Handler) handleUpdateEolDatabase(e partybus.Event) ([]tea.Model, tea.Cmd) {
 	prog, err := parsers.ParseUpdateEolDatabase(e)
 	if err != nil {
 		log.WithFields("error", err).Warn("unable to parse event")
-		return nil
+		return nil, nil
 	}
 
 	tsk := m.newTaskProgress(
@@ -49,5 +49,5 @@ func (m *Handler) handleUpdateEolDatabase(e partybus.Event) []tea.Model {
 
 	tsk.HideStageOnSuccess = false
 
-	return []tea.Model{tsk}
+	return []tea.Model{tsk}, nil
 }
diff --git a/cmd/xeol/cli/ui/handle_update_eol_database_test.go b/cmd/xeol/cli/ui/handle_update_eol_database_test.go
@@ -78,7 +78,7 @@ func TestHandler_handleUpdateEolDatabase(t *testing.T) {
 				Height: 80,
 			}
 
-			models := handler.Handle(e)
+			models, _ := handler.Handle(e)
 			require.Len(t, models, 1)
 			model := models[0]
 

diff --git a/cmd/xeol/internal/ui/ui.go b/cmd/xeol/internal/ui/ui.go
@@ -144,7 +144,11 @@ func (m *UI) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 			return m, nil
 		}
 
-		for _, newModel := range m.handler.Handle(msg) {
+		models, cmd := m.handler.Handle(msg)
+		if cmd != nil {
+			cmds = append(cmds, cmd)
+		}
+		for _, newModel := range models {
 			if newModel == nil {
 				continue
 			}