Strip leading slash before sbom ownership check

I didn't catch this in testing because newer versions of melange don't emit filenames with the leading slash, and I used a newer version of melange to generate the testdata. Everything seemed to work except for APKs that haven't been rebuilt since melange was updated. Signed-off-by: Jon Johnson <jon.johnson@chainguard.dev>
chainguard-dev · Dec 20, 2023 · 79511f1 · 79511f1
1 parent e5f7af4
commit 79511f1
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/pkg/sbom/generator/spdx/spdx.go b/pkg/sbom/generator/spdx/spdx.go
@@ -322,12 +322,12 @@ func copySBOMElements(sourceDoc, targetDoc *Document, todo map[string]struct{},
 
 		done[f.ID] = struct{}{}
 
+		f.Name = strings.TrimPrefix(f.Name, "/") // Strip leading slashes, which SPDX doesn't like.
+
 		if _, ok := ownedFiles[f.Name]; !ok {
 			continue
 		}
 
-		f.Name = strings.TrimPrefix(f.Name, "/") // Strip leading slashes, which SPDX doesn't like.
-
 		targetDoc.Files = append(targetDoc.Files, f)
 	}