From ba27a984e338771bcd061ae53c8d5aebedc3d8d7 Mon Sep 17 00:00:00 2001
From: "Adolfo Garcia Veytia (puerco)" <puerco@chainguard.dev>
Date: Tue, 28 Nov 2023 20:57:42 -0800
Subject: [PATCH] Drop identifiersFromDigests

The generation of identifiers is now handled by the openvex discovery module so we
drop it from the vex processor implementation and also delete the test file.

Signed-off-by: Adolfo Garcia Veytia (puerco) <puerco@chainguard.dev>
---
 grype/vex/openvex/implementation.go      | 50 ------------------------
 grype/vex/openvex/implementation_test.go | 38 ------------------
 grype/vex/processor.go                   |  2 +-
 3 files changed, 1 insertion(+), 89 deletions(-)
 delete mode 100644 grype/vex/openvex/implementation_test.go

diff --git a/grype/vex/openvex/implementation.go b/grype/vex/openvex/implementation.go
index 4b59e2af854..811ea389cf0 100644
--- a/grype/vex/openvex/implementation.go
+++ b/grype/vex/openvex/implementation.go
@@ -3,17 +3,14 @@ package openvex
 import (
 	"errors"
 	"fmt"
-	"net/url"
 	"strings"
 
-	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/openvex/discovery/pkg/discovery"
 	"github.com/openvex/discovery/pkg/oci"
 	openvex "github.com/openvex/go-vex/pkg/vex"
 
 	"github.com/anchore/grype/grype/match"
 	"github.com/anchore/grype/grype/pkg"
-	"github.com/anchore/packageurl-go"
 	"github.com/anchore/syft/syft/source"
 )
 
@@ -81,53 +78,6 @@ func productIdentifiersFromContext(pkgContext *pkg.Context) ([]string, error) {
 	}
 }
 
-func identifiersFromDigests(digests []string) []string {
-	identifiers := []string{}
-
-	for _, d := range digests {
-		// The first identifier is the original image reference:
-		identifiers = append(identifiers, d)
-
-		// Not an image reference, skip
-		ref, err := name.ParseReference(d)
-		if err != nil {
-			continue
-		}
-
-		var digestString, repoURL string
-		shaString := ref.Identifier()
-
-		// If not a digest, we can't form a purl, so skip it
-		if !strings.HasPrefix(shaString, "sha256:") {
-			continue
-		}
-
-		digestString = url.QueryEscape(shaString)
-
-		pts := strings.Split(ref.Context().RepositoryStr(), "/")
-		name := pts[len(pts)-1]
-		repoURL = strings.TrimSuffix(
-			ref.Context().RegistryStr()+"/"+ref.Context().RepositoryStr(),
-			fmt.Sprintf("/%s", name),
-		)
-
-		qMap := map[string]string{}
-
-		if repoURL != "" {
-			qMap["repository_url"] = repoURL
-		}
-		qs := packageurl.QualifiersFromMap(qMap)
-		identifiers = append(identifiers, packageurl.NewPackageURL(
-			"oci", "", name, digestString, qs, "",
-		).String())
-
-		// Add a hash to the identifier list in case people want to vex
-		// using the value of the image digest
-		identifiers = append(identifiers, strings.TrimPrefix(shaString, "sha256:"))
-	}
-	return identifiers
-}
-
 // subcomponentIdentifiersFromMatch returns the list of identifiers from the
 // package where grype did the match.
 func subcomponentIdentifiersFromMatch(m *match.Match) []string {
diff --git a/grype/vex/openvex/implementation_test.go b/grype/vex/openvex/implementation_test.go
deleted file mode 100644
index 6407df46e24..00000000000
--- a/grype/vex/openvex/implementation_test.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package openvex
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-)
-
-func TestIdentifiersFromDigests(t *testing.T) {
-	for _, tc := range []struct {
-		sut      string
-		expected []string
-	}{
-		{
-			"alpine@sha256:124c7d2707904eea7431fffe91522a01e5a861a624ee31d03372cc1d138a3126",
-			[]string{
-				"alpine@sha256:124c7d2707904eea7431fffe91522a01e5a861a624ee31d03372cc1d138a3126",
-				"pkg:oci/alpine@sha256%3A124c7d2707904eea7431fffe91522a01e5a861a624ee31d03372cc1d138a3126?repository_url=index.docker.io/library",
-				"124c7d2707904eea7431fffe91522a01e5a861a624ee31d03372cc1d138a3126",
-			},
-		},
-		{
-			"cgr.dev/chainguard/curl@sha256:9543ed09a38605c25c75486573cf530bd886615b993d5e1d1aa58fe5491287bc",
-			[]string{
-				"cgr.dev/chainguard/curl@sha256:9543ed09a38605c25c75486573cf530bd886615b993d5e1d1aa58fe5491287bc",
-				"pkg:oci/curl@sha256%3A9543ed09a38605c25c75486573cf530bd886615b993d5e1d1aa58fe5491287bc?repository_url=cgr.dev/chainguard",
-				"9543ed09a38605c25c75486573cf530bd886615b993d5e1d1aa58fe5491287bc",
-			},
-		},
-		{
-			"alpine",
-			[]string{"alpine"},
-		},
-	} {
-		res := identifiersFromDigests([]string{tc.sut})
-		require.Equal(t, tc.expected, res)
-	}
-}
diff --git a/grype/vex/processor.go b/grype/vex/processor.go
index ff83289b69d..8cee78ad9ac 100644
--- a/grype/vex/processor.go
+++ b/grype/vex/processor.go
@@ -79,7 +79,7 @@ type ProcessorOptions struct {
 func (vm *Processor) ApplyVEX(pkgContext *pkg.Context, remainingMatches *match.Matches, ignoredMatches []match.IgnoredMatch) (*match.Matches, []match.IgnoredMatch, error) {
 	var err error
 
-	// If no VEX documents are loaded, just pass through the matches, effectivly NOOP
+	// If no VEX documents are loaded, just pass through the matches, effectively a NOOP
 	if len(vm.Options.Documents) == 0 && !vm.Options.Autodiscover {
 		return remainingMatches, ignoredMatches, nil
 	}