diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-10 20:41:15 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-10 20:41:15 +0300 |
commit | 3abfe4afb90054d7b8af276775e528551a4a5a32 (patch) | |
tree | ef93a2a7711da0e3666b84a8c2e6ae11301c569e | |
parent | 26dd7eec86080ea304eae663500455b96bbcfa1b (diff) |
Add latest changes from gitlab-org/gitlab@16-2-stable-ee
-rw-r--r-- | app/models/concerns/enums/sbom.rb | 4 | ||||
-rw-r--r-- | lib/sbom/purl_type/converter.rb | 11 | ||||
-rw-r--r-- | spec/lib/sbom/purl_type/converter_spec.rb | 40 | ||||
-rw-r--r-- | spec/models/concerns/enums/sbom_spec.rb | 38 |
4 files changed, 91 insertions, 2 deletions
diff --git a/app/models/concerns/enums/sbom.rb b/app/models/concerns/enums/sbom.rb index 3ba911dbcc5..59aafc32d94 100644 --- a/app/models/concerns/enums/sbom.rb +++ b/app/models/concerns/enums/sbom.rb @@ -26,7 +26,9 @@ module Enums end def self.purl_types - PURL_TYPES + # return 0 by default if the purl_type is not found, to prevent + # consumers from producing invalid SQL caused by null entries + @_purl_types ||= PURL_TYPES.dup.tap { |h| h.default = 0 } end end end diff --git a/lib/sbom/purl_type/converter.rb b/lib/sbom/purl_type/converter.rb index e02d6932167..bfcfb414180 100644 --- a/lib/sbom/purl_type/converter.rb +++ b/lib/sbom/purl_type/converter.rb @@ -14,15 +14,24 @@ module Sbom 'composer' => 'composer', 'conan' => 'conan', 'go' => 'golang', + 'gobinary' => 'golang', # this package manager is generated by trivy 'nuget' => 'nuget', 'pip' => 'pypi', 'pipenv' => 'pypi', - 'setuptools' => 'pypi' + 'setuptools' => 'pypi', + 'python-pkg' => 'pypi' # this package manager is generated by trivy }.with_indifferent_access.freeze def self.purl_type_for_pkg_manager(package_manager) + matches = package_manager.match(TRIVY_PACKAGE_MANAGER_REGEX) + + package_manager = matches['trivy-package-manager-type'] if matches + PACKAGE_MANAGER_TO_PURL_TYPE_MAP[package_manager] end + + TRIVY_PACKAGE_MANAGER_REGEX = /\((?<trivy-package-manager-type>.*?)\)/ + private_constant :TRIVY_PACKAGE_MANAGER_REGEX end end end diff --git a/spec/lib/sbom/purl_type/converter_spec.rb b/spec/lib/sbom/purl_type/converter_spec.rb new file mode 100644 index 00000000000..2eb35c4d079 --- /dev/null +++ b/spec/lib/sbom/purl_type/converter_spec.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: true + +require "spec_helper" + +RSpec.describe Sbom::PurlType::Converter, feature_category: :dependency_management do + describe '.purl_type_for_pkg_manager' do + using RSpec::Parameterized::TableSyntax + + subject(:actual_purl_type) { described_class.purl_type_for_pkg_manager(package_manager) } + + where(:given_package_manager, :expected_purl_type) do + 'bundler' | 'gem' + 'yarn' | 'npm' + 'npm' | 'npm' + 'pnpm' | 'npm' + 'maven' | 'maven' + 'sbt' | 'maven' + 'gradle' | 'maven' + 'composer' | 'composer' + 'conan' | 'conan' + 'go' | 'golang' + 'nuget' | 'nuget' + 'pip' | 'pypi' + 'pipenv' | 'pypi' + 'setuptools' | 'pypi' + 'Python (python-pkg)' | 'pypi' + 'analyzer (gobinary)' | 'golang' + 'unknown-pkg-manager' | nil + 'Python (unknown)' | nil + end + + with_them do + let(:package_manager) { given_package_manager } + + it 'returns the expected purl_type' do + expect(actual_purl_type).to eql(expected_purl_type) + end + end + end +end diff --git a/spec/models/concerns/enums/sbom_spec.rb b/spec/models/concerns/enums/sbom_spec.rb new file mode 100644 index 00000000000..41670880630 --- /dev/null +++ b/spec/models/concerns/enums/sbom_spec.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: true + +require "spec_helper" + +RSpec.describe Enums::Sbom, feature_category: :dependency_management do + describe '.purl_types' do + using RSpec::Parameterized::TableSyntax + + subject(:actual_purl_type) { described_class.purl_types[package_manager] } + + where(:given_package_manager, :expected_purl_type) do + :composer | 1 + 'composer' | 1 + :conan | 2 + 'conan' | 2 + :gem | 3 + :golang | 4 + :maven | 5 + :npm | 6 + :nuget | 7 + :pypi | 8 + :apk | 9 + :rpm | 10 + :deb | 11 + :cbl_mariner | 12 + 'unknown-pkg-manager' | 0 + 'Python (unknown)' | 0 + end + + with_them do + let(:package_manager) { given_package_manager } + + it 'returns the expected purl_type' do + expect(actual_purl_type).to eql(expected_purl_type) + end + end + end +end |