Skip to content

Commit c22d175

Browse files
RTannRTann
committed
java: include inner JAR paths in PackageDB
Signed-off-by: RTann <[email protected]> rh-pre-commit.version: 2.3.2 rh-pre-commit.check-secrets: ENABLED
1 parent 6e7a451 commit c22d175

File tree

2 files changed

+44
-39
lines changed

2 files changed

+44
-39
lines changed

java/packagescanner.go

+10-5
Original file line numberDiff line numberDiff line change
@@ -227,20 +227,25 @@ func (s *Scanner) Scan(ctx context.Context, layer *claircore.Layer) ([]*claircor
227227
// claircore.Package mapping code around embedded jars. There's a
228228
// testcase to be written, there.
229229

230+
idx := strings.LastIndex(i.Source, ":")
231+
pkgDB := n
232+
if idx != -1 {
233+
// Use the source as the package DB.
234+
pkgDB = i.Source[:idx]
235+
}
230236
// Only examine the last element of the source list:
231-
js := strings.Split(i.Source, ":")
232-
switch l := js[len(js)-1]; {
237+
switch l := i.Source[idx+1:]; {
233238
case strings.HasSuffix(l, "pom.properties"):
234239
fallthrough
235240
case s.root != nil && i.Source == s.root.String():
236241
// Populate as a maven artifact.
237-
pkg.PackageDB = `maven:` + n
242+
pkg.PackageDB = `maven:` + pkgDB
238243
case l == "META-INF/MANIFEST.MF":
239244
// information pulled from a manifest file
240-
pkg.PackageDB = `jar:` + n
245+
pkg.PackageDB = `jar:` + pkgDB
241246
case l == ".":
242247
// Name guess.
243-
pkg.PackageDB = `file:` + n
248+
pkg.PackageDB = `file:` + pkgDB
244249
default:
245250
return nil, fmt.Errorf("java: martian Info: %+v", i)
246251
}

java/packagescanner_test.go

+34-34
Original file line numberDiff line numberDiff line change
@@ -694,15 +694,15 @@ var jenkins = test.ScannerTestcase{
694694
Name: "bcprov",
695695
Version: "1.68",
696696
Kind: "binary",
697-
PackageDB: "jar:usr/share/jenkins/jenkins.war",
697+
PackageDB: "jar:usr/share/jenkins/jenkins.war:WEB-INF/detached-plugins/bouncycastle-api.hpi:WEB-INF/lib/bcprov-jdk15on-1.68.jar",
698698
RepositoryHint: "sha1:1b22775d6f258b5be61d855d5cedb9cf935e2d1b",
699699
Filepath: "usr/share/jenkins/jenkins.war",
700700
},
701701
{
702702
Name: "bcpkix",
703703
Version: "1.68",
704704
Kind: "binary",
705-
PackageDB: "jar:usr/share/jenkins/jenkins.war",
705+
PackageDB: "jar:usr/share/jenkins/jenkins.war:WEB-INF/detached-plugins/bouncycastle-api.hpi:WEB-INF/lib/bcpkix-jdk15on-1.68.jar",
706706
RepositoryHint: "sha1:1b22775d6f258b5be61d855d5cedb9cf935e2d1b",
707707
Filepath: "usr/share/jenkins/jenkins.war",
708708
},
@@ -766,23 +766,23 @@ var jenkins = test.ScannerTestcase{
766766
Name: "checker-qual",
767767
Version: "3.3.0",
768768
Kind: "binary",
769-
PackageDB: "jar:usr/share/jenkins/jenkins.war",
769+
PackageDB: "jar:usr/share/jenkins/jenkins.war:WEB-INF/detached-plugins/script-security.hpi:WEB-INF/lib/checker-qual-3.3.0.jar",
770770
RepositoryHint: "sha1:346cb1183d04bf076ffcb05ff0663eeda8075182",
771771
Filepath: "usr/share/jenkins/jenkins.war",
772772
},
773773
{
774774
Name: "com.github.ben-manes.caffeine",
775775
Version: "2.8.2",
776776
Kind: "binary",
777-
PackageDB: "jar:usr/share/jenkins/jenkins.war",
777+
PackageDB: "jar:usr/share/jenkins/jenkins.war:WEB-INF/detached-plugins/script-security.hpi:WEB-INF/lib/caffeine-2.8.2.jar",
778778
RepositoryHint: "sha1:346cb1183d04bf076ffcb05ff0663eeda8075182",
779779
Filepath: "usr/share/jenkins/jenkins.war",
780780
},
781781
{
782782
Name: "com.google.errorprone:error_prone_annotations",
783783
Version: "2.3.4",
784784
Kind: "binary",
785-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
785+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/detached-plugins/script-security.hpi:WEB-INF/lib/error_prone_annotations-2.3.4.jar",
786786
RepositoryHint: "sha1:346cb1183d04bf076ffcb05ff0663eeda8075182",
787787
Filepath: "usr/share/jenkins/jenkins.war",
788788
},
@@ -1030,15 +1030,15 @@ var jenkins = test.ScannerTestcase{
10301030
Name: "org.glassfish.jaxb:jaxb-core",
10311031
Version: "2.3.0",
10321032
Kind: "binary",
1033-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1033+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/detached-plugins/jaxb.hpi:WEB-INF/lib/jaxb-core-2.3.0.jar",
10341034
RepositoryHint: "sha1:a3c9925e9eafdcadebaae750c523b7690cc0c890",
10351035
Filepath: "usr/share/jenkins/jenkins.war",
10361036
},
10371037
{
10381038
Name: "com.sun.xml.bind:jaxb-core",
10391039
Version: "2.3.0",
10401040
Kind: "binary",
1041-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1041+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/detached-plugins/jaxb.hpi:WEB-INF/lib/jaxb-core-2.3.0.jar",
10421042
RepositoryHint: "sha1:a3c9925e9eafdcadebaae750c523b7690cc0c890",
10431043
Filepath: "usr/share/jenkins/jenkins.war",
10441044
},
@@ -1062,7 +1062,7 @@ var jenkins = test.ScannerTestcase{
10621062
Name: "com.sun.xml.bind:jaxb-impl",
10631063
Version: "2.3.0",
10641064
Kind: "binary",
1065-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1065+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/detached-plugins/jaxb.hpi:WEB-INF/lib/jaxb-impl-2.3.0.jar",
10661066
RepositoryHint: "sha1:a3c9925e9eafdcadebaae750c523b7690cc0c890",
10671067
Filepath: "usr/share/jenkins/jenkins.war",
10681068
},
@@ -1190,23 +1190,23 @@ var jenkins = test.ScannerTestcase{
11901190
Name: "commons-fileupload:commons-fileupload",
11911191
Version: "1.4",
11921192
Kind: "binary",
1193-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1193+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/commons-fileupload-1.4.jar",
11941194
RepositoryHint: "sha1:f95188e3d372e20e7328706c37ef366e5d7859b0",
11951195
Filepath: "usr/share/jenkins/jenkins.war",
11961196
},
11971197
{
11981198
Name: "com.sun.xml.txw2:txw2",
11991199
Version: "20110809",
12001200
Kind: "binary",
1201-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1201+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/txw2-20110809.jar",
12021202
RepositoryHint: "sha1:46afa3f3c468680875adb8f2a26086a126c89902",
12031203
Filepath: "usr/share/jenkins/jenkins.war",
12041204
},
12051205
{
12061206
Name: "args4j:args4j",
12071207
Version: "2.33",
12081208
Kind: "binary",
1209-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1209+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/args4j-2.33.jar",
12101210
RepositoryHint: "sha1:bd87a75374a6d6523de82fef51fc3cfe9baf9fc9",
12111211
Filepath: "usr/share/jenkins/jenkins.war",
12121212
},
@@ -1230,7 +1230,7 @@ var jenkins = test.ScannerTestcase{
12301230
Name: "com.github.jnr:jnr-a64asm",
12311231
Version: "1.0.0",
12321232
Kind: "binary",
1233-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1233+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/jnr-a64asm-1.0.0.jar",
12341234
RepositoryHint: "sha1:0a1cb8dbe71b5a6a0288043c3ba3ca64545be165",
12351235
Filepath: "usr/share/jenkins/jenkins.war",
12361236
},
@@ -1278,7 +1278,7 @@ var jenkins = test.ScannerTestcase{
12781278
Name: "commons-codec:commons-codec",
12791279
Version: "1.15",
12801280
Kind: "binary",
1281-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1281+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/commons-codec-1.15.jar",
12821282
RepositoryHint: "sha1:49d94806b6e3dc933dacbd8acb0fdbab8ebd1e5d",
12831283
Filepath: "usr/share/jenkins/jenkins.war",
12841284
},
@@ -1302,7 +1302,7 @@ var jenkins = test.ScannerTestcase{
13021302
Name: "com.github.jnr:jnr-x86asm",
13031303
Version: "1.0.2",
13041304
Kind: "binary",
1305-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1305+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/jnr-x86asm-1.0.2.jar",
13061306
RepositoryHint: "sha1:006936bbd6c5b235665d87bd450f5e13b52d4b48",
13071307
Filepath: "usr/share/jenkins/jenkins.war",
13081308
},
@@ -1318,7 +1318,7 @@ var jenkins = test.ScannerTestcase{
13181318
Name: "commons-beanutils:commons-beanutils",
13191319
Version: "1.9.4",
13201320
Kind: "binary",
1321-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1321+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/commons-beanutils-1.9.4.jar",
13221322
RepositoryHint: "sha1:d52b9abcd97f38c81342bb7e7ae1eee9b73cba51",
13231323
Filepath: "usr/share/jenkins/jenkins.war",
13241324
},
@@ -1342,15 +1342,15 @@ var jenkins = test.ScannerTestcase{
13421342
Name: "com.github.jnr.jffi.native:jffi",
13431343
Version: "1.3.5",
13441344
Kind: "binary",
1345-
PackageDB: "jar:usr/share/jenkins/jenkins.war",
1345+
PackageDB: "jar:usr/share/jenkins/jenkins.war:WEB-INF/lib/jffi-1.3.5-native.jar",
13461346
RepositoryHint: "sha1:38602067b8cd1ed3dca6cbfcb3273fb24ab09a3f",
13471347
Filepath: "usr/share/jenkins/jenkins.war",
13481348
},
13491349
{
13501350
Name: "com.google.inject:guice",
13511351
Version: "4.0.0",
13521352
Kind: "binary",
1353-
PackageDB: "jar:usr/share/jenkins/jenkins.war",
1353+
PackageDB: "jar:usr/share/jenkins/jenkins.war:WEB-INF/lib/guice-4.0.jar",
13541354
RepositoryHint: "sha1:0f990a43d3725781b6db7cd0acf0a8b62dfd1649",
13551355
Filepath: "usr/share/jenkins/jenkins.war",
13561356
},
@@ -1406,7 +1406,7 @@ var jenkins = test.ScannerTestcase{
14061406
Name: "com.github.jnr:jffi",
14071407
Version: "1.3.5",
14081408
Kind: "binary",
1409-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1409+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/jffi-1.3.5.jar",
14101410
RepositoryHint: "sha1:1dadd62fc8434d4ba6e3c78ed42e4852d79d3a46",
14111411
Filepath: "usr/share/jenkins/jenkins.war",
14121412
},
@@ -1454,7 +1454,7 @@ var jenkins = test.ScannerTestcase{
14541454
Name: "commons-io:commons-io",
14551455
Version: "2.11.0",
14561456
Kind: "binary",
1457-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1457+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/commons-io-2.11.0.jar",
14581458
RepositoryHint: "sha1:a2503f302b11ebde7ebc3df41daebe0e4eea3689",
14591459
Filepath: "usr/share/jenkins/jenkins.war",
14601460
},
@@ -1534,23 +1534,23 @@ var jenkins = test.ScannerTestcase{
15341534
Name: "com.sun.solaris:embedded_su4j",
15351535
Version: "1.1",
15361536
Kind: "binary",
1537-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1537+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/embedded_su4j-1.1.jar",
15381538
RepositoryHint: "sha1:9404130cc4e60670429f1ab8dbf94d669012725d",
15391539
Filepath: "usr/share/jenkins/jenkins.war",
15401540
},
15411541
{
15421542
Name: "com.github.jnr:jnr-posix",
15431543
Version: "3.1.10",
15441544
Kind: "binary",
1545-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1545+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/jnr-posix-3.1.10.jar",
15461546
RepositoryHint: "sha1:18f1ebd53c4a6d7d23487f8f73c3e6adc4cd6716",
15471547
Filepath: "usr/share/jenkins/jenkins.war",
15481548
},
15491549
{
15501550
Name: "com.github.jnr:jnr-constants",
15511551
Version: "0.10.2",
15521552
Kind: "binary",
1553-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1553+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/jnr-constants-0.10.2.jar",
15541554
RepositoryHint: "sha1:11a081b5482f415443d5e4b860b7a3cb62e319d3",
15551555
Filepath: "usr/share/jenkins/jenkins.war",
15561556
},
@@ -1598,7 +1598,7 @@ var jenkins = test.ScannerTestcase{
15981598
Name: "com.github.jnr:jnr-ffi",
15991599
Version: "2.2.7",
16001600
Kind: "binary",
1601-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1601+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/jnr-ffi-2.2.7.jar",
16021602
RepositoryHint: "sha1:73987a1153030a3f1fd6c304531235ad5a0abc74",
16031603
Filepath: "usr/share/jenkins/jenkins.war",
16041604
},
@@ -1662,7 +1662,7 @@ var jenkins = test.ScannerTestcase{
16621662
Name: "com.sun.jna",
16631663
Version: "5.9.0",
16641664
Kind: "binary",
1665-
PackageDB: "jar:usr/share/jenkins/jenkins.war",
1665+
PackageDB: "jar:usr/share/jenkins/jenkins.war:WEB-INF/lib/jna-5.9.0.jar",
16661666
RepositoryHint: "sha1:8f503e6d9b500ceff299052d6be75b38c7257758",
16671667
Filepath: "usr/share/jenkins/jenkins.war",
16681668
},
@@ -1694,7 +1694,7 @@ var jenkins = test.ScannerTestcase{
16941694
Name: "com.sun.mail:jakarta.mail",
16951695
Version: "1.6.5",
16961696
Kind: "binary",
1697-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1697+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/jakarta.mail-1.6.5.jar",
16981698
RepositoryHint: "sha1:d08124137cf42397d00b71b5985fd1dc248ac07f",
16991699
Filepath: "usr/share/jenkins/jenkins.war",
17001700
},
@@ -1726,7 +1726,7 @@ var jenkins = test.ScannerTestcase{
17261726
Name: "com.jcraft:jzlib",
17271727
Version: "1.1.3-kohsuke-1",
17281728
Kind: "binary",
1729-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1729+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/jzlib-1.1.3-kohsuke-1.jar",
17301730
RepositoryHint: "sha1:af5d27e1de29df05db95da5d76b546d075bc1bc5",
17311731
Filepath: "usr/share/jenkins/jenkins.war",
17321732
},
@@ -1766,7 +1766,7 @@ var jenkins = test.ScannerTestcase{
17661766
Name: "commons-collections:commons-collections",
17671767
Version: "3.2.2",
17681768
Kind: "binary",
1769-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1769+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/commons-collections-3.2.2.jar",
17701770
RepositoryHint: "sha1:8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5",
17711771
Filepath: "usr/share/jenkins/jenkins.war",
17721772
},
@@ -1806,7 +1806,7 @@ var jenkins = test.ScannerTestcase{
18061806
Name: "com.sun.activation:jakarta.activation",
18071807
Version: "1.2.1",
18081808
Kind: "binary",
1809-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1809+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/jakarta.activation-1.2.1.jar",
18101810
RepositoryHint: "sha1:8013606426a73d8ba6b568370877251e91a38b89",
18111811
Filepath: "usr/share/jenkins/jenkins.war",
18121812
},
@@ -1934,7 +1934,7 @@ var jenkins = test.ScannerTestcase{
19341934
Name: "com.infradna.tool:bridge-method-annotation",
19351935
Version: "1.21",
19361936
Kind: "binary",
1937-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1937+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/bridge-method-annotation-1.21.jar",
19381938
RepositoryHint: "sha1:f380b42653f21c503036a31ff87c6970eeaad080",
19391939
Filepath: "usr/share/jenkins/jenkins.war",
19401940
},
@@ -1966,7 +1966,7 @@ var jenkins = test.ScannerTestcase{
19661966
Name: "org.jenkins-ci.main:cli",
19671967
Version: "2.316",
19681968
Kind: "binary",
1969-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
1969+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.316.jar",
19701970
RepositoryHint: "sha1:ec1386735dc81ac7f42a4958e1e980f8f89dee11",
19711971
Filepath: "usr/share/jenkins/jenkins.war",
19721972
},
@@ -2134,15 +2134,15 @@ var jenkins = test.ScannerTestcase{
21342134
Name: "com.google.guava:guava",
21352135
Version: "11.0.1",
21362136
Kind: "binary",
2137-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
2137+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/guava-11.0.1.jar",
21382138
RepositoryHint: "sha1:57b40a943725d43610c898ac0169adf1b2d55742",
21392139
Filepath: "usr/share/jenkins/jenkins.war",
21402140
},
21412141
{
21422142
Name: "com.thoughtworks.xstream:xstream",
21432143
Version: "1.4.18",
21442144
Kind: "binary",
2145-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
2145+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/xstream-1.4.18.jar",
21462146
RepositoryHint: "sha1:12eb80b4c4b83b184b669866f510a0eae13f9475",
21472147
Filepath: "usr/share/jenkins/jenkins.war",
21482148
},
@@ -2174,7 +2174,7 @@ var jenkins = test.ScannerTestcase{
21742174
Name: "commons-httpclient:commons-httpclient",
21752175
Version: "3.1-jenkins-3",
21762176
Kind: "binary",
2177-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
2177+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/commons-httpclient-3.1-jenkins-3.jar",
21782178
RepositoryHint: "sha1:56110dc7f655c56c4e2ae8ae2bb055bf2282ba99",
21792179
Filepath: "usr/share/jenkins/jenkins.war",
21802180
},
@@ -2206,7 +2206,7 @@ var jenkins = test.ScannerTestcase{
22062206
Name: "commons-discovery:commons-discovery",
22072207
Version: "0.5",
22082208
Kind: "binary",
2209-
PackageDB: "maven:usr/share/jenkins/jenkins.war",
2209+
PackageDB: "maven:usr/share/jenkins/jenkins.war:WEB-INF/lib/commons-discovery-0.5.jar",
22102210
RepositoryHint: "sha1:3a8ac816bbe02d2f88523ef22cbf2c4abd71d6a8",
22112211
Filepath: "usr/share/jenkins/jenkins.war",
22122212
},

0 commit comments

Comments
 (0)