Add latest changes from gitlab-org/gitlab@16-2-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2023-08-10 20:41:15 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2023-08-10 20:41:15 +0300
commit: 3abfe4afb90054d7b8af276775e528551a4a5a32 (patch)
tree: ef93a2a7711da0e3666b84a8c2e6ae11301c569e
parent: 26dd7eec86080ea304eae663500455b96bbcfa1b (diff)
4 files changed, 91 insertions, 2 deletions
diff --git a/app/models/concerns/enums/sbom.rb b/app/models/concerns/enums/sbom.rb
index 3ba911dbcc5..59aafc32d94 100644
--- a/app/models/concerns/enums/sbom.rb
+++ b/app/models/concerns/enums/sbom.rb
@@ -26,7 +26,9 @@ module Enums
     end
 
     def self.purl_types
-      PURL_TYPES
+      # return 0 by default if the purl_type is not found, to prevent
+      # consumers from producing invalid SQL caused by null entries
+      @_purl_types ||= PURL_TYPES.dup.tap { |h| h.default = 0 }
     end
   end
 end
diff --git a/lib/sbom/purl_type/converter.rb b/lib/sbom/purl_type/converter.rb
index e02d6932167..bfcfb414180 100644
--- a/lib/sbom/purl_type/converter.rb
+++ b/lib/sbom/purl_type/converter.rb
@@ -14,15 +14,24 @@ module Sbom
         'composer' => 'composer',
         'conan' => 'conan',
         'go' => 'golang',
+        'gobinary' => 'golang', # this package manager is generated by trivy
         'nuget' => 'nuget',
         'pip' => 'pypi',
         'pipenv' => 'pypi',
-        'setuptools' => 'pypi'
+        'setuptools' => 'pypi',
+        'python-pkg' => 'pypi'  # this package manager is generated by trivy
       }.with_indifferent_access.freeze
 
       def self.purl_type_for_pkg_manager(package_manager)
+        matches = package_manager.match(TRIVY_PACKAGE_MANAGER_REGEX)
+
+        package_manager = matches['trivy-package-manager-type'] if matches
+
         PACKAGE_MANAGER_TO_PURL_TYPE_MAP[package_manager]
       end
+
+      TRIVY_PACKAGE_MANAGER_REGEX = /\((?<trivy-package-manager-type>.*?)\)/
+      private_constant :TRIVY_PACKAGE_MANAGER_REGEX
     end
   end
 end
diff --git a/spec/lib/sbom/purl_type/converter_spec.rb b/spec/lib/sbom/purl_type/converter_spec.rb
new file mode 100644
index 00000000000..2eb35c4d079
--- /dev/null
+++ b/spec/lib/sbom/purl_type/converter_spec.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require "spec_helper"
+
+RSpec.describe Sbom::PurlType::Converter, feature_category: :dependency_management do
+  describe '.purl_type_for_pkg_manager' do
+    using RSpec::Parameterized::TableSyntax
+
+    subject(:actual_purl_type) { described_class.purl_type_for_pkg_manager(package_manager) }
+
+    where(:given_package_manager, :expected_purl_type) do
+      'bundler'             | 'gem'
+      'yarn'                | 'npm'
+      'npm'                 | 'npm'
+      'pnpm'                | 'npm'
+      'maven'               | 'maven'
+      'sbt'                 | 'maven'
+      'gradle'              | 'maven'
+      'composer'            | 'composer'
+      'conan'               | 'conan'
+      'go'                  | 'golang'
+      'nuget'               | 'nuget'
+      'pip'                 | 'pypi'
+      'pipenv'              | 'pypi'
+      'setuptools'          | 'pypi'
+      'Python (python-pkg)' | 'pypi'
+      'analyzer (gobinary)' | 'golang'
+      'unknown-pkg-manager' | nil
+      'Python (unknown)'    | nil
+    end
+
+    with_them do
+      let(:package_manager) { given_package_manager }
+
+      it 'returns the expected purl_type' do
+        expect(actual_purl_type).to eql(expected_purl_type)
+      end
+    end
+  end
+end
diff --git a/spec/models/concerns/enums/sbom_spec.rb b/spec/models/concerns/enums/sbom_spec.rb
new file mode 100644
index 00000000000..41670880630
--- /dev/null
+++ b/spec/models/concerns/enums/sbom_spec.rb
@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require "spec_helper"
+
+RSpec.describe Enums::Sbom, feature_category: :dependency_management do
+  describe '.purl_types' do
+    using RSpec::Parameterized::TableSyntax
+
+    subject(:actual_purl_type) { described_class.purl_types[package_manager] }
+
+    where(:given_package_manager, :expected_purl_type) do
+      :composer             | 1
+      'composer'            | 1
+      :conan                | 2
+      'conan'               | 2
+      :gem                  | 3
+      :golang               | 4
+      :maven                | 5
+      :npm                  | 6
+      :nuget                | 7
+      :pypi                 | 8
+      :apk                  | 9
+      :rpm                  | 10
+      :deb                  | 11
+      :cbl_mariner          | 12
+      'unknown-pkg-manager' | 0
+      'Python (unknown)'    | 0
+    end
+
+    with_them do
+      let(:package_manager) { given_package_manager }
+
+      it 'returns the expected purl_type' do
+        expect(actual_purl_type).to eql(expected_purl_type)
+      end
+    end
+  end
+end
author	GitLab Bot <gitlab-bot@gitlab.com>	2023-08-10 20:41:15 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2023-08-10 20:41:15 +0300
commit	3abfe4afb90054d7b8af276775e528551a4a5a32 (patch)
tree	ef93a2a7711da0e3666b84a8c2e6ae11301c569e
parent	26dd7eec86080ea304eae663500455b96bbcfa1b (diff)