Drop identifiersFromDigests

The generation of identifiers is now handled by the openvex discovery module so we drop it from the vex processor implementation and also delete the test file. Signed-off-by: Adolfo Garcia Veytia (puerco) <puerco@chainguard.dev>
anchore · Nov 29, 2023 · ba27a98 · ba27a98
1 parent bcb8e2a
commit ba27a98
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 89 deletions.
diff --git a/grype/vex/openvex/implementation.go b/grype/vex/openvex/implementation.go
@@ -3,17 +3,14 @@ package openvex
 import (
  "errors"
  "fmt"
- "net/url"
  "strings"
 
- "github.com/google/go-containerregistry/pkg/name"
  "github.com/openvex/discovery/pkg/discovery"
  "github.com/openvex/discovery/pkg/oci"
  openvex "github.com/openvex/go-vex/pkg/vex"
 
  "github.com/anchore/grype/grype/match"
  "github.com/anchore/grype/grype/pkg"
- "github.com/anchore/packageurl-go"
  "github.com/anchore/syft/syft/source"
 )
 
@@ -81,53 +78,6 @@ func productIdentifiersFromContext(pkgContext *pkg.Context) ([]string, error) {
  }
 }
 
-func identifiersFromDigests(digests []string) []string {
- identifiers := []string{}
-
- for _, d := range digests {
- // The first identifier is the original image reference:
- identifiers = append(identifiers, d)
-
- // Not an image reference, skip
- ref, err := name.ParseReference(d)
- if err != nil {
- continue
- }
-
- var digestString, repoURL string
- shaString := ref.Identifier()
-
- // If not a digest, we can't form a purl, so skip it
- if !strings.HasPrefix(shaString, "sha256:") {
- continue
- }
-
- digestString = url.QueryEscape(shaString)
-
- pts := strings.Split(ref.Context().RepositoryStr(), "/")
- name := pts[len(pts)-1]
- repoURL = strings.TrimSuffix(
- ref.Context().RegistryStr()+"/"+ref.Context().RepositoryStr(),
- fmt.Sprintf("/%s", name),
- )
-
- qMap := map[string]string{}
-
- if repoURL != "" {
- qMap["repository_url"] = repoURL
- }
- qs := packageurl.QualifiersFromMap(qMap)
- identifiers = append(identifiers, packageurl.NewPackageURL(
- "oci", "", name, digestString, qs, "",
- ).String())
-
- // Add a hash to the identifier list in case people want to vex
- // using the value of the image digest
- identifiers = append(identifiers, strings.TrimPrefix(shaString, "sha256:"))
- }
- return identifiers
-}
-
 // subcomponentIdentifiersFromMatch returns the list of identifiers from the
 // package where grype did the match.
 func subcomponentIdentifiersFromMatch(m *match.Match) []string {

diff --git a/grype/vex/openvex/implementation_test.go b/grype/vex/openvex/implementation_test.go
diff --git a/grype/vex/processor.go b/grype/vex/processor.go
@@ -79,7 +79,7 @@ type ProcessorOptions struct {
 func (vm *Processor) ApplyVEX(pkgContext *pkg.Context, remainingMatches *match.Matches, ignoredMatches []match.IgnoredMatch) (*match.Matches, []match.IgnoredMatch, error) {
  var err error
 
- // If no VEX documents are loaded, just pass through the matches, effectivly NOOP
+ // If no VEX documents are loaded, just pass through the matches, effectively a NOOP
  if len(vm.Options.Documents) == 0 && !vm.Options.Autodiscover {
  return remainingMatches, ignoredMatches, nil
  }