address comments

smithy-security · Apr 9, 2024 · 9f3661a · 9f3661a
1 parent b0c80de
commit 9f3661a
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 2 deletions.
diff --git a/components/producers/blackduck/main.go b/components/producers/blackduck/main.go
@@ -55,8 +55,49 @@ func cweIdsToInt(ids []string) []int32 {
 }
 
 func BDTargetToPurl(originName, originID string) string {
+	switch originName {
+	case "anaconda":
+		originName = "conda"
+	case "centos":
+		originName = "rpm"
+	case "debian":
+		originName = "deb"
+	case "fedora":
+		originName = "rpm"
+	case "gradle":
+		originName = "maven"
+	case "npmjs":
+		originName = "npm"
+	case "opensuse":
+		originName = "rpm"
+	case "packagist":
+		originName = "composer"
+	case "redhat":
+		originName = "rpm"
+	}
+	found := false
+	for knownType := range packageurl.KnownTypes {
+		if originName == knownType {
+			found = true
+		}
+	}
+	for knownType := range packageurl.CandidateTypes {
+		if originName == knownType {
+			found = true
+		}
+	}
+	if !found {
+		log.Println("Cannot create package URL from package of type", originName, originID)
+	}
 	splitOrigin := strings.Split(originID, ":")
-	return packageurl.NewPackageURL(originName, splitOrigin[0], splitOrigin[1], splitOrigin[2], packageurl.Qualifiers{}, "").ToString()
+	if len(splitOrigin) == 2 { // no namespace e.g. npm/reactjs
+		return packageurl.NewPackageURL(originName, splitOrigin[0], "", splitOrigin[1], packageurl.Qualifiers{}, "").ToString()
+	} else if len(splitOrigin) == 3 {
+		return packageurl.NewPackageURL(originName, splitOrigin[0], splitOrigin[1], splitOrigin[2], packageurl.Qualifiers{}, "").ToString()
+	} else {
+		log.Println("originID was split into", len(splitOrigin), "parts, this looks like a bug, for reference, original originID was", originID)
+	}
+	return originName + "/" + originID
 }
 
 func parseIssues(out *BlackduckOut) ([]*v1.Issue, error) {

diff --git a/go.mod b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/lib/pq v1.10.5
 	github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5
 	github.com/owenrumney/go-sarif/v2 v2.1.2
-	github.com/package-url/packageurl-go v0.1.0
+	github.com/package-url/packageurl-go v0.1.2
 	github.com/playwright-community/playwright-go v0.3900.1
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/viper v1.11.0

diff --git a/go.sum b/go.sum
@@ -964,6 +964,8 @@ github.com/owenrumney/go-sarif/v2 v2.1.2 h1:PMDK7tXShJ9zsB7bfvlpADH5NEw1dfA9xwU8
 github.com/owenrumney/go-sarif/v2 v2.1.2/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w=
 github.com/package-url/packageurl-go v0.1.0 h1:efWBc98O/dBZRg1pw2xiDzovnlMjCa9NPnfaiBduh8I=
 github.com/package-url/packageurl-go v0.1.0/go.mod h1:C/ApiuWpmbpni4DIOECf6WCjFUZV7O1Fx7VAzrZHgBw=
+github.com/package-url/packageurl-go v0.1.2 h1:0H2DQt6DHd/NeRlVwW4EZ4oEI6Bn40XlNPRqegcxuo4=
+github.com/package-url/packageurl-go v0.1.2/go.mod h1:uQd4a7Rh3ZsVg5j0lNyAfyxIeGde9yrlhjF78GzeW0c=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
 github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=