Add CPE to cargo dependency metadata

paketo-buildpacks · Jun 7, 2021 · eea8806 · eea8806
1 parent 6c02d65
commit eea8806
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 4 deletions.
diff --git a/cargo/config.go b/cargo/config.go
@@ -40,6 +40,7 @@ type ConfigMetadata struct {
 }
 
 type ConfigMetadataDependency struct {
+	CPE             string     `toml:"cpe"              json:"cpe,omitempty"`
 	DeprecationDate *time.Time `toml:"deprecation_date" json:"deprecation_date,omitempty"`
 	ID              string     `toml:"id"               json:"id,omitempty"`
 	Name            string     `toml:"name"             json:"name,omitempty"`

diff --git a/cargo/config_test.go b/cargo/config_test.go
@@ -56,6 +56,7 @@ func testConfig(t *testing.T, context spec.G, it spec.S) {
 					PrePackage:   "some-pre-package-script.sh",
 					Dependencies: []cargo.ConfigMetadataDependency{
 						{
+							CPE:             "some-cpe",
 							DeprecationDate: &deprecationDate,
 							ID:              "some-dependency",
 							Name:            "Some Dependency",
@@ -109,6 +110,7 @@ pre-package = "some-pre-package-script.sh"
 some-dependency = "1.2.x"
 
 [[metadata.dependencies]]
+  cpe = "some-cpe"
   deprecation_date = "2020-06-01T00:00:00Z"
   id = "some-dependency"
   name = "Some Dependency"
@@ -200,6 +202,7 @@ some-dependency = "1.2.x"
   key = "value"
 
 [[metadata.dependencies]]
+  cpe = "some-cpe"
   id = "some-dependency"
   name = "Some Dependency"
   sha256 = "shasum"
@@ -260,6 +263,7 @@ some-dependency = "1.2.x"
 					PrePackage: "some-pre-package-script.sh",
 					Dependencies: []cargo.ConfigMetadataDependency{
 						{
+							CPE:          "some-cpe",
 							ID:           "some-dependency",
 							Name:         "Some Dependency",
 							SHA256:       "shasum",

diff --git a/cargo/jam/internal/dependency.go b/cargo/jam/internal/dependency.go
@@ -127,6 +127,7 @@ func convertToCargoDependency(dependency Dependency, dependencyName string) carg
 		cargoDependency.DeprecationDate = &deprecationDate
 	}
 
+	cargoDependency.CPE = dependency.CPE
 	cargoDependency.ID = dependency.ID
 	cargoDependency.Name = dependencyName
 	cargoDependency.SHA256 = dependency.SHA256

diff --git a/cargo/jam/internal/dependency_test.go b/cargo/jam/internal/dependency_test.go
@@ -276,6 +276,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) {
 				Expect(err).NotTo(HaveOccurred())
 				Expect(dependencies).To(Equal([]cargo.ConfigMetadataDependency{
 					{
+						CPE:          "cpe-notation",
 						ID:           "some-dep",
 						Version:      "1.0.0",
 						Stacks:       []string{"some-stack"},
@@ -285,6 +286,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) {
 						SourceSHA256: "some-source-sha",
 					},
 					{
+						CPE:          "cpe-notation",
 						ID:           "some-dep",
 						Version:      "1.1.2",
 						Stacks:       []string{"some-stack-two"},
@@ -294,6 +296,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) {
 						SourceSHA256: "some-source-sha-two",
 					},
 					{
+						CPE:          "cpe-notation",
 						ID:           "some-dep",
 						Version:      "1.5.6",
 						Stacks:       []string{"some-stack-three"},

diff --git a/cargo/jam/update_dependencies_test.go b/cargo/jam/update_dependencies_test.go
@@ -54,7 +54,8 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) {
       }
     ],
     "source": "some-source",
-    "source_sha256": "some-source-sha"
+    "source_sha256": "some-source-sha",
+		"cpe": "node-cpe"
 	},
   {
     "name": "node",
@@ -67,7 +68,8 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) {
       }
     ],
     "source": "some-source",
-    "source_sha256": "some-source-sha"
+    "source_sha256": "some-source-sha",
+		"cpe": "node-cpe"
 	},
   {
     "name": "node",
@@ -80,7 +82,8 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) {
       }
     ],
     "source": "some-source",
-    "source_sha256": "some-source-sha"
+    "source_sha256": "some-source-sha",
+		"cpe": "node-cpe"
 	},
   {
     "name": "node",
@@ -93,7 +96,8 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) {
       }
     ],
     "source": "some-source",
-    "source_sha256": "some-source-sha"
+    "source_sha256": "some-source-sha",
+		"cpe": "node-cpe"
 	}]`)
 				}
 
@@ -122,6 +126,7 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) {
 					include-files = ["buildpack.toml"]
 
 					[[metadata.dependencies]]
+					  cpe = "node-cpe"
 						id = "node"
 						name = "Node Engine"
 						sha256 = "some-sha"
@@ -132,6 +137,7 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) {
 						version = "1.2.3"
 
 					[[metadata.dependencies]]
+					  cpe = "node-cpe"
 						id = "node"
 						name = "Node Engine"
 						sha256 = "some-sha"
@@ -142,6 +148,7 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) {
 						version = "2.1.1"
 
 					[[metadata.dependencies]]
+					  cpe = "node-cpe"
 						id = "node"
 						name = "Node Engine"
 						sha256 = "some-sha"
@@ -200,6 +207,7 @@ api = "0.2"
 	include-files = ["buildpack.toml"]
 
 [[metadata.dependencies]]
+	cpe = "node-cpe"
 	id = "node"
 	name = "Node Engine"
 	sha256 = "some-sha"
@@ -210,6 +218,7 @@ api = "0.2"
 	version = "1.3.5"
 
 [[metadata.dependencies]]
+	cpe = "node-cpe"
 	id = "node"
 	name = "Node Engine"
 	sha256 = "some-sha"
@@ -220,6 +229,7 @@ api = "0.2"
 	version = "2.1.9"
 
 [[metadata.dependencies]]
+	cpe = "node-cpe"
 	id = "node"
 	name = "Node Engine"
 	sha256 = "some-sha"
@@ -258,6 +268,7 @@ api = "0.2"
 					include-files = ["buildpack.toml"]
 
 				[[metadata.dependencies]]
+	        cpe = "node-cpe"
 					id = "node"
 					name = "Node Engine"
 					sha256 = "some-sha"
@@ -310,6 +321,7 @@ api = "0.2"
 	include-files = ["buildpack.toml"]
 
 [[metadata.dependencies]]
+	cpe = "node-cpe"
 	id = "node"
 	name = "Node Engine"
 	sha256 = "some-sha"
@@ -344,6 +356,7 @@ api = "0.2"
 					include-files = ["buildpack.toml"]
 
 				[[metadata.dependencies]]
+	        cpe = "node-cpe"
 					id = "node"
 					name = "Node Engine"
 					sha256 = "some-sha"
@@ -396,6 +409,7 @@ api = "0.2"
 	include-files = ["buildpack.toml"]
 
 [[metadata.dependencies]]
+	cpe = "node-cpe"
 	id = "node"
 	name = "Node Engine"
 	sha256 = "some-sha"
@@ -484,6 +498,7 @@ api = "0.2"
 					include-files = ["buildpack.toml"]
 
 					[[metadata.dependencies]]
+	          cpe = "non-existent-cpe"
 						id = "non-existent"
 						sha256 = "some-sha"
 						source = "some-source"