@@ -77,37 +77,23 @@ type CPEFeed struct {
7777 Products []CPEProduct `json:"products"`
7878}
7979
80- // VendorProduct contains a CPE's Vendor and Product strings.
81- type VendorProduct struct {
82- Vendor string
83- Product string
84- }
85-
8680// VendorProducts in this denylist are known non-OSS and/or have generic
8781// product names, which cause undesired and incorrect repository attribution
8882// when resolved via Debian copyright metadata.
89- var DebianCopyrightDenylist = []VendorProduct {
90- {"apple" , "pdfkit" },
91- {"f-secure" , "safe" },
92- {"ibm" , "workflow" },
93- {"inductiveautomation" , "ignition" },
94- {"jetbrains" , "hub" },
95- {"microsoft" , "onedrive" },
96- {"mirametrix" , "glance" },
97- {"nintext" , "workflow" },
98- {"oracle" , "workflow" },
99- {"thrivethemes" , "ignition" },
100- {"vmware" , "horizon" },
83+ var DebianCopyrightDenylist = []cves. VendorProduct {
84+ {Vendor : "apple" , Product : "pdfkit" },
85+ {Vendor : "f-secure" , Product : "safe" },
86+ {Vendor : "ibm" , Product : "workflow" },
87+ {Vendor : "inductiveautomation" , Product : "ignition" },
88+ {Vendor : "jetbrains" , Product : "hub" },
89+ {Vendor : "microsoft" , Product : "onedrive" },
90+ {Vendor : "mirametrix" , Product : "glance" },
91+ {Vendor : "nintext" , Product : "workflow" },
92+ {Vendor : "oracle" , Product : "workflow" },
93+ {Vendor : "thrivethemes" , Product : "ignition" },
94+ {Vendor : "vmware" , Product : "horizon" },
10195}
10296
103- // MarshalText is a helper for JSON rendering of a map with a struct key.
104- func (vp VendorProduct ) MarshalText () ([]byte , error ) { //nolint:unparam
105- return []byte (vp .Vendor + ":" + vp .Product ), nil
106- }
107-
108- // VendorProductToRepoMap maps a VendorProduct to a repo URL.
109- type VendorProductToRepoMap map [VendorProduct ][]string
110-
11197const (
11298 OutputDirDefault = "."
11399 projectID = "oss-vdb"
@@ -158,7 +144,7 @@ func LoadCPEsFromJSONDir(dir string) ([]CPE, error) {
158144}
159145
160146// Outputs a JSON file of the product-to-repo map.
161- func outputProductToRepoMap (prm VendorProductToRepoMap , f io.Writer ) error {
147+ func outputProductToRepoMap (prm cves. VendorProductToRepoMap , f io.Writer ) error {
162148 productsWithoutRepos := 0
163149 for p := range prm {
164150 if len (prm [p ]) == 0 {
@@ -331,10 +317,10 @@ func MaybeGetSourceRepoFromDebian(mdir string, pkg string) string {
331317}
332318
333319// Analyze CPE Dictionary and return a product-to-repo map and a reference description frequency table.
334- func analyzeCPEDictionary (cpes []CPE ) (productToRepo VendorProductToRepoMap , descriptionFrequency map [string ]int ) {
335- productToRepo = make (VendorProductToRepoMap )
320+ func analyzeCPEDictionary (cpes []CPE ) (productToRepo cves. VendorProductToRepoMap , descriptionFrequency map [string ]int ) {
321+ productToRepo = make (cves. VendorProductToRepoMap )
336322 descriptionFrequency = make (map [string ]int )
337- MaybeTryDebian := make (map [VendorProduct ]bool )
323+ MaybeTryDebian := make (map [cves. VendorProduct ]bool )
338324 for _ , c := range cpes {
339325 if c .Deprecated {
340326 logger .Info ("Skipping deprecated" , slog .String ("cpe" , c .Name ))
@@ -360,26 +346,26 @@ func analyzeCPEDictionary(cpes []CPE) (productToRepo VendorProductToRepoMap, des
360346 repo = strings .ToLower (repo )
361347 }
362348 // If we already have an entry for this repo, don't add it again.
363- if slices .Contains (productToRepo [VendorProduct {parsedCPE .Vendor , parsedCPE .Product }], repo ) {
349+ if slices .Contains (productToRepo [cves. VendorProduct {Vendor : parsedCPE .Vendor , Product : parsedCPE .Product }], repo ) {
364350 continue
365351 }
366352 logger .Info ("Liking" , slog .String ("repo" , repo ), slog .String ("vendor" , parsedCPE .Vendor ), slog .String ("product" , parsedCPE .Product ), slog .String ("type" , r .Type ))
367- productToRepo [VendorProduct {parsedCPE .Vendor , parsedCPE .Product }] = append (productToRepo [VendorProduct {parsedCPE .Vendor , parsedCPE .Product }], repo )
353+ productToRepo [cves. VendorProduct {Vendor : parsedCPE .Vendor , Product : parsedCPE .Product }] = append (productToRepo [cves. VendorProduct {Vendor : parsedCPE .Vendor , Product : parsedCPE .Product }], repo )
368354 // If this was queued for trying to find via Debian, and subsequently found, dequeue it.
369355 if * DebianMetadataPath != "" {
370- delete (MaybeTryDebian , VendorProduct {parsedCPE .Vendor , parsedCPE .Product })
356+ delete (MaybeTryDebian , cves. VendorProduct {Vendor : parsedCPE .Vendor , Product : parsedCPE .Product })
371357 }
372358 }
373359 // If we've arrived to this point, we've exhausted the
374360 // references and not calculated any repos for the product,
375361 // flag for trying Debian afterwards.
376362 // We may encounter another CPE item that *does* have a viable reference in the meantime.
377- if len (productToRepo [VendorProduct {parsedCPE .Vendor , parsedCPE .Product }]) == 0 && * DebianMetadataPath != "" {
363+ if len (productToRepo [cves. VendorProduct {Vendor : parsedCPE .Vendor , Product : parsedCPE .Product }]) == 0 && * DebianMetadataPath != "" {
378364 // Check the denylist though.
379- if slices .Contains (DebianCopyrightDenylist , VendorProduct {parsedCPE .Vendor , parsedCPE .Product }) {
365+ if slices .Contains (DebianCopyrightDenylist , cves. VendorProduct {Vendor : parsedCPE .Vendor , Product : parsedCPE .Product }) {
380366 continue
381367 }
382- MaybeTryDebian [VendorProduct {parsedCPE .Vendor , parsedCPE .Product }] = true
368+ MaybeTryDebian [cves. VendorProduct {Vendor : parsedCPE .Vendor , Product : parsedCPE .Product }] = true
383369 }
384370 }
385371 // Try any Debian possible ones as a last resort.
@@ -403,7 +389,7 @@ func analyzeCPEDictionary(cpes []CPE) (productToRepo VendorProductToRepoMap, des
403389 logger .Info ("Disregarding derived repo as unusable" , slog .String ("repo" , repo ), slog .String ("vendor" , vp .Vendor ), slog .String ("product" , vp .Product ))
404390 continue
405391 }
406- productToRepo [VendorProduct {vp .Vendor , vp .Product }] = append (productToRepo [VendorProduct {vp .Vendor , vp .Product }], repo )
392+ productToRepo [cves. VendorProduct {Vendor : vp .Vendor , Product : vp .Product }] = append (productToRepo [cves. VendorProduct {Vendor : vp .Vendor , Product : vp .Product }], repo )
407393 }
408394 }
409395 }
@@ -412,8 +398,8 @@ func analyzeCPEDictionary(cpes []CPE) (productToRepo VendorProductToRepoMap, des
412398}
413399
414400// validateRepos takes a VendorProductToRepoMap and removes any entries where the repository fails remote validation.
415- func validateRepos (prm VendorProductToRepoMap ) (validated VendorProductToRepoMap ) {
416- validated = make (VendorProductToRepoMap )
401+ func validateRepos (prm cves. VendorProductToRepoMap ) (validated cves. VendorProductToRepoMap ) {
402+ validated = make (cves. VendorProductToRepoMap )
417403 logger .Info ("Validating repos" , slog .Int ("products" , len (prm )))
418404 // This is likely to be time consuming, so give an impatient log watcher something to gauge progress by.
419405 entryCount := 0
0 commit comments