fix(java): improve identification for org.eclipse.platform artifacts

Signed-off-by: Weston Steimel <[email protected]>
anchore · Nov 22, 2023 · 9594820 · 9594820
1 parent 8ee209a
commit 9594820
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 7 deletions.
diff --git a/syft/pkg/cataloger/common/cpe/java_groupid_map.go b/syft/pkg/cataloger/common/cpe/java_groupid_map.go
@@ -1199,4 +1199,5 @@ var DefaultArtifactIDToGroupID = map[string]string{
 	"spring-webflow":                                           "org.springframework.webflow",
 	"spring-ws":                                                "org.springframework.ws",
 	"spring-xml":                                               "org.springframework.ws",
+	"org.eclipse.ant.core":                                     "org.eclipse.platform",
 }
diff --git a/syft/pkg/cataloger/java/parse_java_manifest.go b/syft/pkg/cataloger/java/parse_java_manifest.go
@@ -153,20 +153,32 @@ func extractNameFromApacheMavenBundlePlugin(manifest *pkg.JavaManifest) string {
 	return ""
 }
 
+func extractNameFromArchiveFilename(a archiveFilename) string {
+	if strings.Contains(a.name, ".") {
+		// special case: this *might* be a group id + artifact id. By convention artifact ids do not have "." in them;
+		// however, there are some specific exceptions like with the artifacts under
+		// https://repo1.maven.org/maven2/org/eclipse/platform/
+		if strings.HasPrefix(a.name, "org.eclipse.") {
+			return a.name
+		}
+
+		fields := strings.Split(a.name, ".")
+		return fields[len(fields)-1]
+	}
+
+	return a.name
+}
+
 func selectName(manifest *pkg.JavaManifest, filenameObj archiveFilename) string {
 	name := extractNameFromApacheMavenBundlePlugin(manifest)
 	if name != "" {
 		return name
 	}
 
 	// the filename tends to be the next-best reference for the package name
-	if filenameObj.name != "" {
-		if strings.Contains(filenameObj.name, ".") {
-			// special case: this *might* be a group id + artifact id. By convention artifact ids do not have "." in them.
-			fields := strings.Split(filenameObj.name, ".")
-			return fields[len(fields)-1]
-		}
-		return filenameObj.name
+	name = extractNameFromArchiveFilename(filenameObj)
+	if name != "" {
+		return name
 	}
 
 	// remaining fields in the manifest is a bit of a free-for-all depending on the build tooling used and package maintainer preferences

diff --git a/syft/pkg/cataloger/java/parse_java_manifest_test.go b/syft/pkg/cataloger/java/parse_java_manifest_test.go
@@ -209,6 +209,16 @@ func TestSelectName(t *testing.T) {
 			archive:  newJavaArchiveFilename("/something/com.atlassian.gadgets.atlassian-gadgets-api.jar"),
 			expected: "atlassian-gadgets-api",
 		},
+		{
+			desc: "Skip stripping groupId prefix from archive filename for org.eclipse",
+			manifest: pkg.JavaManifest{
+				Main: map[string]string{
+					"Automatic-Module-Name": "org.eclipse.ant.core",
+				},
+			},
+			archive:  newJavaArchiveFilename("/something/org.eclipse.ant.core-3.7.0.jar"),
+			expected: "org.eclipse.ant.core",
+		},
 		{
 			// example: pkg:maven/com.google.oauth-client/[email protected]
 			desc: "skip Apache Maven Bundle Plugin logic if symbolic name is same as vendor id",