fix: update 'guessMainPackageNameAndVersionFromPomInfo' and 'artifact…

…IDMatchesFilename' (#3054) - Correct retrieval of package name when main POM file exists - Address issue where wrong package name was retrieved for certain jars - Example case: 'jansi' jar containing multiple jars like 'jansi-win32' - Ensure true is returned when filename matches the artifact ID, prevent random retrieval by checking prefix and suffix - Use fallback check with suffix and prefix if no POM properties file matches the exact artifact name Signed-off-by: dor-hayun <[email protected]> Co-authored-by: dor-hayun <[email protected]>
anchore · Aug 1, 2024 · 48f1e97 · 48f1e97
1 parent c84cb2c
commit 48f1e97
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 3 deletions.
diff --git a/syft/pkg/cataloger/java/archive_parser.go b/syft/pkg/cataloger/java/archive_parser.go
@@ -301,11 +301,17 @@ func (j *archiveParser) guessMainPackageNameAndVersionFromPomInfo(ctx context.Co
 	properties, _ := pomPropertiesByParentPath(j.archivePath, j.location, pomPropertyMatches)
 	projects, _ := pomProjectByParentPath(j.archivePath, j.location, pomMatches)
 
+	// map of all the artifacts in the pom properties, in order to chek exact match with the filename
+	artifactsMap := make(map[string]bool)
+	for _, propertiesObj := range properties {
+		artifactsMap[propertiesObj.ArtifactID] = true
+	}
+
 	parentPaths := maps.Keys(properties)
 	slices.Sort(parentPaths)
 	for _, parentPath := range parentPaths {
 		propertiesObj := properties[parentPath]
-		if artifactIDMatchesFilename(propertiesObj.ArtifactID, j.fileInfo.name) {
+		if artifactIDMatchesFilename(propertiesObj.ArtifactID, j.fileInfo.name, artifactsMap) {
 			pomPropertiesObject = propertiesObj
 			if proj, exists := projects[parentPath]; exists {
 				pomProjectObject = proj
@@ -343,10 +349,15 @@ func (j *archiveParser) guessMainPackageNameAndVersionFromPomInfo(ctx context.Co
 	return name, version, licenses
 }
 
-func artifactIDMatchesFilename(artifactID, fileName string) bool {
+func artifactIDMatchesFilename(artifactID, fileName string, artifactsMap map[string]bool) bool {
 	if artifactID == "" || fileName == "" {
 		return false
 	}
+	// Ensure true is returned when filename matches the artifact ID, prevent random retrieval by checking prefix and suffix
+	if _, exists := artifactsMap[fileName]; exists {
+		return artifactID == fileName
+	}
+	// Use fallback check with suffix and prefix if no POM properties file matches the exact artifact name
 	return strings.HasPrefix(artifactID, fileName) || strings.HasSuffix(fileName, artifactID)
 }
 

diff --git a/syft/pkg/cataloger/java/archive_parser_test.go b/syft/pkg/cataloger/java/archive_parser_test.go
@@ -1156,7 +1156,7 @@ func Test_artifactIDMatchesFilename(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			assert.Equal(t, tt.want, artifactIDMatchesFilename(tt.artifactID, tt.fileName))
+			assert.Equal(t, tt.want, artifactIDMatchesFilename(tt.artifactID, tt.fileName, nil))
 		})
 	}
 }