Revert "sbom: work around grype matching unrelated packages with CPEs only"

lazka · lazka · commit f3971019c763 · 2025-04-25T20:56:47.000+02:00
This reverts commit 151044c. This was fixed with grype 0.91.2
diff --git a/msys2_devtools/sbom.py b/msys2_devtools/sbom.py
@@ -65,9 +65,7 @@ def generate_components(value) -> list[Component]:
     for cpe in cpes:
         name, version = parse_cpe(cpe)[2:4]
         assert isinstance(version, str) and isinstance(name, str)
-        # https://github.com/anchore/grype/issues/2618
-        cpe_properties = properties + [Property(name="syft:package:type", value="binary")]
-        component = Component(name=name, version=version, cpe=cpe, properties=cpe_properties)
+        component = Component(name=name, version=version, cpe=cpe, properties=properties)
         components.append(component)
 
     for purl in purls:
diff --git a/tests/test_sbom.py b/tests/test_sbom.py
@@ -58,24 +58,3 @@ def test_generate_components():
     assert components[0].version == "1.2.3"
     assert components[0].purl is None
     assert components[0].cpe == "cpe:/a:djangoproject:django:1.2.3"
-
-
-def test_grype_workaround():
-    # https://github.com/anchore/grype/issues/2618
-    srcinfo = {"mingw32": "pkgbase = foo\npkgver = 42"}
-    components = generate_components({"srcinfo": srcinfo, "extra": {"references": [
-        "cpe: cpe:/a:djangoproject:django:1.2.3"
-    ]}})
-    for property in components[0].properties:
-        if property.name == "syft:package:type":
-            assert property.value == "binary"
-            break
-    else:
-        assert False, "syft:package:type property not found"
-
-    components = generate_components({"srcinfo": srcinfo, "extra": {"references": [
-        "purl: pkg:pypi/django"
-    ]}})
-    assert all(
-        property.name != "syft:package:type" for property in components[0].properties
-    ), "syft:package:type property should not be present"
