Skip to content

Commit

Permalink
Where the sbom is describing a container, use the tagging information…
Browse files Browse the repository at this point in the history
… from obom

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
  • Loading branch information
prabhu committed Nov 14, 2024
1 parent 3b4b2fe commit b5fc67d
Show file tree
Hide file tree
Showing 7 changed files with 57 additions and 24 deletions.
42 changes: 30 additions & 12 deletions data/component-tags.json
Original file line number Diff line number Diff line change
Expand Up @@ -231,8 +231,10 @@
},
"name": {
"sbom": [
{ "test": ["(junit|xmlunit|testng|chai|mocha|jest)"] },
{ "security": ["(boringssl|openssl|libressl|gnutls|jose|keyutils)"] },
{ "test": ["(junit|xmlunit|testng|chai|mocha|jest|test4j)"] },
{
"security": ["(boringssl|openssl|libressl|libssl|gnutls|jose|keyutils)"]
},
{ "native": ["(ffi|native)"] },
{ "parse": ["(parser)"] },
{ "transform": ["(transformer)"] }
Expand All @@ -241,7 +243,7 @@
{
"devel": [
"-(dev|devel|headers|sdk|libs|extension|headers+x86|headers+x64|headers+arm64)$",
"^(git)-",
"^(git)[-]?",
"^(sdk|windows+sdk)"
]
},
Expand All @@ -253,7 +255,7 @@
{ "kernel": ["^(linux|kernel|os-image)"] },
{
"security": [
"(selinux|apparmor|security|boringssl|openssl|libressl|gnutls|jose|keyutils|passwd)"
"(selinux|apparmor|security|boringssl|openssl|libressl|gnutls|jose|keyutils|passwd|libssl|libaudit|gcrypt)"
]
},
{
Expand All @@ -262,29 +264,42 @@
]
},
{
"build": ["(cpp|fortran|gcc|make|meson|bazel|maven|gradle|sbt|ant|gdb)"]
"build": [
"(cpp|fortran|gcc|make|meson|bazel|maven|gradle|sbt|ant|gdb|boost|compiler|kotlin|cargo|rustc|llvm)"
]
},
{
"network": [
"(tailscale|wireguard|openvpn|dns|cockpit|cups|dhcp|network|iproute|iptables|mosh|netavark|openssh|rsync|tcpdump)"
]
},
{ "webserver": ["(httpd|http2)"] },
{ "crypto": ["(crypt|gpg|keys|certificates|gnupg|certifi)"] },
{ "webserver": ["(httpd|http2|tomcat|jboss)"] },
{
"crypto": [
"(crypt|gpg|keys|certificates|gnupg|certifi|pubkey|keyutils|nss)"
]
},
{ "repository": ["(-repos|-release|ostree|appstream)"] },
{ "shell": ["(bash|zsh|csh|fish)"] },
{ "shell": ["(bash|zsh|csh|fish|binsh)"] },
{ "bluetooth": ["(bluez|bluetooth)"] },
{ "sound": ["(alsa|pulseaudio|wireplumber|flac|codecs|ldac|sound)"] },
{ "compression": ["(brotli|xz-utils|zstd|lz4)", "(tar|zip|webp)$"] },
{
"compression": [
"(brotli|xz-utils|zstd|lz4|zlib|bz2|lzma5)",
"(tar|zip|webp)$"
]
},
{
"runtime": [
"(perl|lua|php|python|ruby|dotnet|java|swift|runtime|glibc|musl|wasm|.net|asp.net|node.js|node)"
"(perl|lua|php|python|ruby|dotnet|java|swift|runtime|glibc|musl|wasm|.net|asp.net|node.js|node|groovy)"
]
},
{ "editor": ["(vim|emacs|nano|hexedit)"] },
{ "xml": ["(xml|expat)"] },
{ "boot": ["(grub|systemd-boot|syslinux)"] },
{ "gui": ["(wayland|xorg|X11|mesa|vulkan|tk|wkhtmltox|electron)"] },
{
"gui": ["(wayland|xorg|X11|mesa|vulkan|tk|wkhtmltox|electron|Xrender)"]
},
{
"package": [
"(rpm|dnf|yum|apt|zypper|apk|conda)$",
Expand All @@ -298,7 +313,10 @@
"(microsoft+edge|microsoft+edge+webview2|microsoft+html)"
]
},
{ "chat": ["(webex|teams|slack|discord|vesktop|matrix|signal|whatsapp)"] }
{
"chat": ["(webex|teams|slack|discord|vesktop|matrix|signal|whatsapp)"]
},
{ "logging": ["(log4j|logging|slf4j)"] }
]
}
}
1 change: 1 addition & 0 deletions lib/managers/docker.js
Original file line number Diff line number Diff line change
Expand Up @@ -777,6 +777,7 @@ export const extractTar = async (fullImageName, dir) => {
path.includes("usr/share/zoneinfo/") ||
path.includes("usr/share/doc/") ||
path.includes("usr/share/i18n/") ||
path.includes("var/lib/ca-certificates") ||
basename(path).startsWith(".") ||
path.includes("usr/share/licenses/device-mapper-libs") ||
[
Expand Down
28 changes: 20 additions & 8 deletions lib/stages/postgen/annotator.js
Original file line number Diff line number Diff line change
Expand Up @@ -253,28 +253,40 @@ export function textualMetadata(bomJson) {
*
* @param {Object} component CycloneDX component
* @param {String} bomType BOM type
* @param {String} parentComponentType Parent component type
*
* @returns {Array | undefined} Array of string tags
*/
export function extractTags(component, bomType = "all") {
export function extractTags(
component,
bomType = "all",
parentComponentType = "application",
) {
if (
!component ||
(!component.description && !component.properties && !component.name)
) {
return undefined;
}
bomType = bomType?.toLowerCase();
const tags = new Set();
const desc = component?.description?.toLowerCase();
const compProps = component.properties || [];
// Collect both the BOM specific tags and all tags
const compNameTags = (componentTags.name[bomType.toLowerCase()] || []).concat(
let compNameTags = (componentTags.name[bomType] || []).concat(
componentTags.name.all || [],
);
const compDescTags = (
componentTags.description[bomType.toLowerCase()] || []
).concat(componentTags.description.all || []);
const compPropsTags = (
componentTags.properties[bomType.toLowerCase()] || []
).concat(componentTags.properties.all || []);
// For SBOMs with a container component as parent, utilize the tags
// from OBOM
if (bomType === "sbom" && parentComponentType === "container") {
compNameTags = compNameTags.concat(componentTags.name.obom || []);
}
const compDescTags = (componentTags.description[bomType] || []).concat(
componentTags.description.all || [],
);
const compPropsTags = (componentTags.properties[bomType] || []).concat(
componentTags.properties.all || [],
);
if (component?.name) {
// {"devel": ["/-(dev|devel|headers)$/"]}
for (const anameTagObject of compNameTags) {
Expand Down
2 changes: 1 addition & 1 deletion lib/stages/postgen/postgen.js
Original file line number Diff line number Diff line change
Expand Up @@ -355,7 +355,7 @@ export function annotate(bomJson, options) {
}
// Tag the components
for (const comp of bomJson.components) {
const tags = extractTags(comp, bomType);
const tags = extractTags(comp, bomType, bomJson.metadata?.component?.type);
if (tags?.length) {
comp.tags = tags;
}
Expand Down
2 changes: 1 addition & 1 deletion types/lib/managers/docker.d.ts.map

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 3 additions & 1 deletion types/lib/stages/postgen/annotator.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,9 @@ export function textualMetadata(bomJson: any): string | undefined;
*
* @param {Object} component CycloneDX component
* @param {String} bomType BOM type
* @param {String} parentComponentType Parent component type
*
* @returns {Array | undefined} Array of string tags
*/
export function extractTags(component: any, bomType?: string): any[] | undefined;
export function extractTags(component: any, bomType?: string, parentComponentType?: string): any[] | undefined;
//# sourceMappingURL=annotator.d.ts.map
2 changes: 1 addition & 1 deletion types/lib/stages/postgen/annotator.d.ts.map

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit b5fc67d

Please sign in to comment.