github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/pkg/cataloger/package_exclusions.go

github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/pkg/cataloger/package_exclusions.go (about)

     1  package cataloger
     2  
     3  import (
     4  	"golang.org/x/exp/slices"
     5  
     6  	"github.com/anchore/syft/syft/artifact"
     7  	"github.com/anchore/syft/syft/pkg"
     8  )
     9  
    10  var (
    11  	osCatalogerTypes = []pkg.Type{
    12  		pkg.AlpmPkg,
    13  		pkg.ApkPkg,
    14  		pkg.DebPkg,
    15  		pkg.NixPkg,
    16  		pkg.PortagePkg,
    17  		pkg.RpmPkg,
    18  	}
    19  	binaryCatalogerTypes = []pkg.Type{
    20  		pkg.BinaryPkg,
    21  	}
    22  )
    23  
    24  // ExcludeBinaryByFileOwnershipOverlap will remove packages from a collection given the following properties are true
    25  // 1) the relationship between packages is OwnershipByFileOverlap
    26  // 2) the parent is an "os" package
    27  // 3) the child is a synthetic package generated by the binary cataloger
    28  // 4) the package names are identical
    29  // This was implemented as a way to help resolve: https://github.com/anchore/syft/issues/931
    30  func ExcludeBinaryByFileOwnershipOverlap(r artifact.Relationship, c *pkg.Collection) bool {
    31  	if artifact.OwnershipByFileOverlapRelationship != r.Type {
    32  		return false
    33  	}
    34  
    35  	parent := c.Package(r.From.ID())
    36  	if parent == nil {
    37  		return false
    38  	}
    39  
    40  	parentInExclusion := slices.Contains(osCatalogerTypes, parent.Type)
    41  	if !parentInExclusion {
    42  		return false
    43  	}
    44  
    45  	child := c.Package(r.To.ID())
    46  	if child == nil {
    47  		return false
    48  	}
    49  
    50  	return slices.Contains(binaryCatalogerTypes, child.Type)
    51  }