address pkg spec comments

Signed-off-by: Alex Goodman <[email protected]>
anchore · Jan 14, 2025 · 5357a93 · 5357a93
1 parent 076d1b5
commit 5357a93
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 6 deletions.
diff --git a/cmd/grype/cli/options/database_search_os.go b/cmd/grype/cli/options/database_search_os.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"strings"
+	"unicode"
 
 	"github.com/anchore/clio"
 	v6 "github.com/anchore/grype/grype/db/v6"
@@ -46,7 +47,7 @@ func parseOSString(osValue string) (*v6.OSSpecifier, error) {
 	// version could be a codename, major version, major.minor version, or major.minior.patch version
 	switch strings.Count(osValue, ":") {
 	case 0:
-		// fallthrough
+		// no-op
 	case 1:
 		// be nice to folks that are close...
 		osValue = strings.ReplaceAll(osValue, ":", "@")
@@ -70,8 +71,7 @@ func parseOSString(osValue string) (*v6.OSSpecifier, error) {
 		// parse the version (major.minor.patch, major.minor, major, codename)
 
 		// if starts with a number, then it is a version
-		startVersion := version[0]
-		if startVersion >= '0' && startVersion <= '9' {
+		if unicode.IsDigit(rune(version[0])) {
 			versionParts := strings.Split(parts[1], ".")
 			var major, minor string
 			switch len(versionParts) {

diff --git a/cmd/grype/cli/options/database_search_packages.go b/cmd/grype/cli/options/database_search_packages.go
@@ -39,6 +39,8 @@ func (o *DBSearchPackages) PostLoad() error {
 
 			if c.Version != "" || c.Update != "" {
 				log.Warnf("ignoring version and update values for %q", p)
+				c.Version = ""
+				c.Update = ""
 			}
 
 			s := &v6.PackageSpecifier{CPE: &c}
@@ -59,6 +61,7 @@ func (o *DBSearchPackages) PostLoad() error {
 			}
 
 			o.PkgSpecs = append(o.PkgSpecs, &v6.PackageSpecifier{Name: purl.Name, Ecosystem: purl.Type})
+			o.CPESpecs = append(o.CPESpecs, &v6.PackageSpecifier{CPE: &cpe.Attributes{Part: "a", Product: purl.Name, TargetSW: purl.Type}})
 
 		default:
 			o.PkgSpecs = append(o.PkgSpecs, &v6.PackageSpecifier{Name: p, Ecosystem: o.Ecosystem})

diff --git a/cmd/grype/cli/options/database_search_packages_test.go b/cmd/grype/cli/options/database_search_packages_test.go
@@ -24,10 +24,10 @@ func TestDBSearchPackagesPostLoad(t *testing.T) {
 				Packages: []string{"cpe:2.3:a:vendor:product:1.0:*:*:*:*:*:*:*"},
 			},
 			expectedPkg: v6.PackageSpecifiers{
-				{CPE: &cpe.Attributes{Part: "a", Vendor: "vendor", Product: "product", Version: "1.0"}},
+				{CPE: &cpe.Attributes{Part: "a", Vendor: "vendor", Product: "product"}},
 			},
 			expectedCPE: v6.PackageSpecifiers{
-				{CPE: &cpe.Attributes{Part: "a", Vendor: "vendor", Product: "product", Version: "1.0"}},
+				{CPE: &cpe.Attributes{Part: "a", Vendor: "vendor", Product: "product"}},
 			},
 		},
 		{
@@ -38,7 +38,9 @@ func TestDBSearchPackagesPostLoad(t *testing.T) {
 			expectedPkg: v6.PackageSpecifiers{
 				{Name: "package-name", Ecosystem: "npm"},
 			},
-			expectedCPE: nil,
+			expectedCPE: v6.PackageSpecifiers{
+				{CPE: &cpe.Attributes{Part: "a", Product: "package-name", TargetSW: "npm"}},
+			},
 		},
 		{
 			name: "plain package name",