fix: drop runtime relationship

Signed-off-by: knqyf263 <[email protected]>
aquasecurity · Apr 26, 2024 · 5e620b0 · 5e620b0
1 parent 1e1fe20
commit 5e620b0
Show file tree

Hide file tree

Showing 6 changed files with 68 additions and 29 deletions.
diff --git a/pkg/dependency/parser/golang/binary/parse.go b/pkg/dependency/parser/golang/binary/parse.go
@@ -50,12 +50,6 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency,
 
 	libs := make([]types.Library, 0, len(info.Deps)+2)
 	libs = append(libs, []types.Library{
-		{
-			// Add the Go version used to build this binary.
-			Name:         "stdlib",
-			Version:      strings.TrimPrefix(info.GoVersion, "go"),
-			Relationship: types.RelationshipRuntime,
-		},
 		{
 			// Add main module
 			Name: info.Main.Path,
@@ -65,6 +59,12 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency,
 			Version:      p.checkVersion(info.Main.Path, info.Main.Version),
 			Relationship: types.RelationshipRoot,
 		},
+		{
+			// Add the Go version used to build this binary.
+			Name:         "stdlib",
+			Version:      strings.TrimPrefix(info.GoVersion, "go"),
+			Relationship: types.RelationshipDirect, // Considered a direct dependency as the main module depends on the standard packages.
+		},
 	}...)
 
 	for _, dep := range info.Deps {

diff --git a/pkg/dependency/parser/golang/binary/parse_test.go b/pkg/dependency/parser/golang/binary/parse_test.go
@@ -13,16 +13,16 @@ import (
 
 func TestParse(t *testing.T) {
 	wantLibs := []types.Library{
-		{
-			Name:         "stdlib",
-			Version:      "1.15.2",
-			Relationship: types.RelationshipRuntime,
-		},
 		{
 			Name:         "github.com/aquasecurity/test",
 			Version:      "",
 			Relationship: types.RelationshipRoot,
 		},
+		{
+			Name:         "stdlib",
+			Version:      "1.15.2",
+			Relationship: types.RelationshipDirect,
+		},
 		{
 			Name:    "github.com/aquasecurity/go-pep440-version",
 			Version: "v0.0.0-20210121094942-22b2f8951d46",
@@ -62,16 +62,16 @@ func TestParse(t *testing.T) {
 			name:      "with replace directive",
 			inputFile: "testdata/replace.elf",
 			want: []types.Library{
-				{
-					Name:         "stdlib",
-					Version:      "1.16.4",
-					Relationship: types.RelationshipRuntime,
-				},
 				{
 					Name:         "github.com/ebati/trivy-mod-parse",
 					Version:      "",
 					Relationship: types.RelationshipRoot,
 				},
+				{
+					Name:         "stdlib",
+					Version:      "1.16.4",
+					Relationship: types.RelationshipDirect,
+				},
 				{
 					Name:    "github.com/davecgh/go-spew",
 					Version: "v1.1.1",
@@ -86,16 +86,16 @@ func TestParse(t *testing.T) {
 			name:      "with semver main module version",
 			inputFile: "testdata/semver-main-module-version.macho",
 			want: []types.Library{
-				{
-					Name:         "stdlib",
-					Version:      "1.20.6",
-					Relationship: types.RelationshipRuntime,
-				},
 				{
 					Name:         "go.etcd.io/bbolt",
 					Version:      "v1.3.5",
 					Relationship: types.RelationshipRoot,
 				},
+				{
+					Name:         "stdlib",
+					Version:      "1.20.6",
+					Relationship: types.RelationshipDirect,
+				},
 			},
 		},
 		{

diff --git a/pkg/dependency/types/types.go b/pkg/dependency/types/types.go
@@ -89,15 +89,13 @@ type Relationship int
 
 const (
 	RelationshipUnknown Relationship = iota
-	RelationshipRuntime
 	RelationshipRoot
 	RelationshipDirect
 	RelationshipIndirect
 )
 
 var relationshipNames = [...]string{
 	"unknown",
-	"runtime",
 	"root",
 	"direct",
 	"indirect",

diff --git a/pkg/fanal/analyzer/language/golang/binary/binary_test.go b/pkg/fanal/analyzer/language/golang/binary/binary_test.go
@@ -29,16 +29,16 @@ func Test_gobinaryLibraryAnalyzer_Analyze(t *testing.T) {
 						Type:     types.GoBinary,
 						FilePath: "testdata/executable_gobinary",
 						Libraries: types.Packages{
-							{
-								Name:         "stdlib",
-								Version:      "1.15.2",
-								Relationship: types.RelationshipRuntime,
-							},
 							{
 								Name:         "github.com/aquasecurity/test",
 								Version:      "",
 								Relationship: types.RelationshipRoot,
 							},
+							{
+								Name:         "stdlib",
+								Version:      "1.15.2",
+								Relationship: types.RelationshipDirect,
+							},
 							{
 								Name:    "github.com/aquasecurity/go-pep440-version",
 								Version: "v0.0.0-20210121094942-22b2f8951d46",

diff --git a/pkg/fanal/types/artifact.go b/pkg/fanal/types/artifact.go
@@ -71,7 +71,6 @@ type Relationship = godeptypes.Relationship
 
 const (
 	RelationshipUnknown  = godeptypes.RelationshipUnknown
-	RelationshipRuntime  = godeptypes.RelationshipRuntime
 	RelationshipRoot     = godeptypes.RelationshipRoot
 	RelationshipDirect   = godeptypes.RelationshipDirect
 	RelationshipIndirect = godeptypes.RelationshipIndirect

diff --git a/pkg/sbom/io/encode_test.go b/pkg/sbom/io/encode_test.go
@@ -351,6 +351,19 @@ func TestEncoder_Encode(t *testing.T) {
 								},
 								Relationship: ftypes.RelationshipIndirect,
 							},
+							{
+								ID:      "[email protected]",
+								Name:    "stdlib",
+								Version: "1.22.1",
+								Identifier: ftypes.PkgIdentifier{
+									PURL: &packageurl.PackageURL{
+										Type:    packageurl.TypeGolang,
+										Name:    "stdlib",
+										Version: "1.22.1",
+									},
+								},
+								Relationship: ftypes.RelationshipDirect,
+							},
 						},
 					},
 				},
@@ -460,6 +473,30 @@ func TestEncoder_Encode(t *testing.T) {
 						BOMRef: "pkg:golang/github.com/org/[email protected]",
 					},
 				},
+				uuid.MustParse("3ff14136-e09f-4df9-80ea-000000000006"): {
+					Type:    core.TypeLibrary,
+					Name:    "stdlib",
+					Version: "1.22.1",
+					SrcFile: "test",
+					Properties: []core.Property{
+						{
+							Name:  core.PropertyPkgID,
+							Value: "[email protected]",
+						},
+						{
+							Name:  core.PropertyPkgType,
+							Value: "gobinary",
+						},
+					},
+					PkgID: core.PkgID{
+						PURL: &packageurl.PackageURL{
+							Type:    packageurl.TypeGolang,
+							Name:    "stdlib",
+							Version: "1.22.1",
+						},
+						BOMRef: "pkg:golang/[email protected]",
+					},
+				},
 			},
 			wantRels: map[uuid.UUID][]core.Relationship{
 				uuid.MustParse("3ff14136-e09f-4df9-80ea-000000000001"): {
@@ -479,6 +516,10 @@ func TestEncoder_Encode(t *testing.T) {
 						Dependency: uuid.MustParse("3ff14136-e09f-4df9-80ea-000000000004"),
 						Type:       core.RelationshipDependsOn,
 					},
+					{
+						Dependency: uuid.MustParse("3ff14136-e09f-4df9-80ea-000000000006"),
+						Type:       core.RelationshipDependsOn,
+					},
 				},
 				uuid.MustParse("3ff14136-e09f-4df9-80ea-000000000004"): {
 					{
@@ -487,6 +528,7 @@ func TestEncoder_Encode(t *testing.T) {
 					},
 				},
 				uuid.MustParse("3ff14136-e09f-4df9-80ea-000000000005"): nil,
+				uuid.MustParse("3ff14136-e09f-4df9-80ea-000000000006"): nil,
 			},
 			wantVulns: map[uuid.UUID][]core.Vulnerability{},
 		},