github.com/kastenhq/syft@v0.0.0-20230821225854-0710af25cdbe/syft/pkg/cataloger/package_exclusions.go (about) 1 package cataloger 2 3 import ( 4 "golang.org/x/exp/slices" 5 6 "github.com/kastenhq/syft/syft/artifact" 7 "github.com/kastenhq/syft/syft/pkg" 8 "github.com/kastenhq/syft/syft/pkg/cataloger/alpm" 9 "github.com/kastenhq/syft/syft/pkg/cataloger/apkdb" 10 "github.com/kastenhq/syft/syft/pkg/cataloger/binary" 11 "github.com/kastenhq/syft/syft/pkg/cataloger/deb" 12 "github.com/kastenhq/syft/syft/pkg/cataloger/nix" 13 "github.com/kastenhq/syft/syft/pkg/cataloger/rpm" 14 ) 15 16 var ( 17 osCatalogerTypes = []string{ 18 apkdb.CatalogerName, 19 alpm.CatalogerName, 20 deb.CatalogerName, 21 nix.CatalogerName, 22 rpm.DBCatalogerName, 23 rpm.FileCatalogerName, 24 } 25 binaryCatalogerTypes = []string{binary.CatalogerName} 26 ) 27 28 // Exclude will remove packages from a collection given the following properties are true 29 // 1) the relationship between packages is OwnershipByFileOverlap 30 // 2) the parent is an "os" package 31 // 3) the child is a synthetic package generated by the binary cataloger 32 // 4) the package names are identical 33 // This exclude was implemented as a way to help resolve: https://github.com/anchore/syft/issues/931 34 func Exclude(r artifact.Relationship, c *pkg.Collection) bool { 35 if artifact.OwnershipByFileOverlapRelationship != r.Type { 36 return false 37 } 38 39 parent := c.Package(r.From.ID()) 40 if parent == nil { 41 return false 42 } 43 44 parentInExclusion := slices.Contains(osCatalogerTypes, parent.FoundBy) 45 if !parentInExclusion { 46 return false 47 } 48 49 child := c.Package(r.To.ID()) 50 if child == nil { 51 return false 52 } 53 54 return slices.Contains(binaryCatalogerTypes, child.FoundBy) 55 }