github.com/lineaje-labs/syft@v0.98.1-0.20231227153149-9e393f60ff1b/syft/format/common/cyclonedxhelpers/cpe.go

github.com/lineaje-labs/syft@v0.98.1-0.20231227153149-9e393f60ff1b/syft/format/common/cyclonedxhelpers/cpe.go (about)

     1  package cyclonedxhelpers
     2  
     3  import (
     4  	"github.com/CycloneDX/cyclonedx-go"
     5  
     6  	"github.com/anchore/syft/syft/cpe"
     7  	"github.com/anchore/syft/syft/pkg"
     8  	"github.com/lineaje-labs/syft/internal/log"
     9  )
    10  
    11  func encodeSingleCPE(p pkg.Package) string {
    12  	// Since the CPEs in a package are sorted by specificity
    13  	// we can extract the first CPE as the one to output in cyclonedx
    14  	if len(p.CPEs) > 0 {
    15  		return cpe.String(p.CPEs[0])
    16  	}
    17  	return ""
    18  }
    19  
    20  func encodeCPEs(p pkg.Package) (out []cyclonedx.Property) {
    21  	for i, c := range p.CPEs {
    22  		// first CPE is "most specific" and already encoded as the component CPE
    23  		if i == 0 {
    24  			continue
    25  		}
    26  		out = append(out, cyclonedx.Property{
    27  			Name:  "syft:cpe23",
    28  			Value: cpe.String(c),
    29  		})
    30  	}
    31  	return
    32  }
    33  
    34  func decodeCPEs(c *cyclonedx.Component) (out []cpe.CPE) {
    35  	if c.CPE != "" {
    36  		cp, err := cpe.New(c.CPE)
    37  		if err != nil {
    38  			log.Warnf("invalid CPE: %s", c.CPE)
    39  		} else {
    40  			out = append(out, cp)
    41  		}
    42  	}
    43  
    44  	if c.Properties != nil {
    45  		for _, p := range *c.Properties {
    46  			if p.Name == "syft:cpe23" {
    47  				cp, err := cpe.New(p.Value)
    48  				if err != nil {
    49  					log.Warnf("invalid CPE: %s", p.Value)
    50  				} else {
    51  					out = append(out, cp)
    52  				}
    53  			}
    54  		}
    55  	}
    56  
    57  	return
    58  }