github.com/anchore/syft@v1.4.2-0.20240516191711-1bec1fc5d397/syft/pkg/url.go (about) 1 package pkg 2 3 import ( 4 "sort" 5 "strings" 6 7 "github.com/anchore/packageurl-go" 8 "github.com/anchore/syft/syft/linux" 9 ) 10 11 const ( 12 PURLQualifierArch = "arch" 13 PURLQualifierDistro = "distro" 14 PURLQualifierEpoch = "epoch" 15 PURLQualifierVCSURL = "vcs_url" 16 17 // PURLQualifierUpstream this qualifier is not in the pURL spec, but is used by grype to perform indirect matching based on source information 18 PURLQualifierUpstream = "upstream" 19 20 purlCargoPkgType = "cargo" 21 purlGradlePkgType = "gradle" 22 ) 23 24 func PURLQualifiers(vars map[string]string, release *linux.Release) (q packageurl.Qualifiers) { 25 keys := make([]string, 0, len(vars)) 26 for k := range vars { 27 keys = append(keys, k) 28 } 29 sort.Strings(keys) 30 31 for _, k := range keys { 32 val := vars[k] 33 if val == "" { 34 continue 35 } 36 q = append(q, packageurl.Qualifier{ 37 Key: k, 38 Value: vars[k], 39 }) 40 } 41 42 distroQualifiers := []string{} 43 44 if release == nil { 45 return q 46 } 47 48 if release.ID != "" { 49 distroQualifiers = append(distroQualifiers, release.ID) 50 } 51 52 if release.VersionID != "" { 53 distroQualifiers = append(distroQualifiers, release.VersionID) 54 } else if release.BuildID != "" { 55 distroQualifiers = append(distroQualifiers, release.BuildID) 56 } 57 58 q = append(q, packageurl.Qualifier{ 59 Key: PURLQualifierDistro, 60 Value: strings.Join(distroQualifiers, "-"), 61 }) 62 63 return q 64 }