add_image_reference: detect more "virtual roots"

When scanning a directory, Syft (and perhaps cachi2 as well - to be
determined) uses the directory name for the root element. The element
may look e.g. like this

    {
        "SPDXID": "SPDXRef-DocumentRoot-Directory-.-some-directory",
        "name": "./some-directory"
    }

Consider such elements to be "virtual roots" as well.

Signed-off-by: Adam Cmiel <[email protected]>

sbom-utility-scripts/scripts/add-image-reference-script/add_image_reference.py

@@ -243,15 +243,30 @@ def describes_the_document(relationship_element: dict, doc_spdx_id: str) -> bool
 
 def is_virtual_root(package: dict) -> bool:
     """
-    Check if the package is a virtual - usually a package with empty values.
+    Check if the package is a virtual root - usually a package with empty values.
+
+    For example:
+
+        {
+            "SPDXID": "SPDXRef-DocumentRoot-Unknown",
+            "name": "",
+            "versionInfo": ""
+        }
+
+        {
+            "SPDXID": "SPDXRef-DocumentRoot-Directory-.-some-directory",
+            "name": "./some-directory",
+            "versionInfo": ""
+        }
 
     Args:
         package (dict): A package element from the SBOM.
 
     Returns:
         bool: A boolean indicating if the package is a virtual root.
     """
-    return not package.get("name")
+    name = package.get("name")
+    return not name or name.startswith(".")
 
 
 def redirect_current_roots_to_new_root(sbom: dict, new_root: str) -> dict:

sbom-utility-scripts/scripts/add-image-reference-script/test_add_image_reference.py

@@ -115,8 +115,10 @@ def test_is_virtual_root() -> None:
 
     assert add_image_reference.is_virtual_root(package) is True
 
-    package["name"] = "bar"
+    package["name"] = "./some-dir"
+    assert add_image_reference.is_virtual_root(package) is True
 
+    package["name"] = "bar"
     assert add_image_reference.is_virtual_root(package) is False
 
 
@@ -125,7 +127,7 @@ def test_redirect_current_roots_to_new_root() -> None:
     sbom = {
         "packages": [
             {"SPDXID": "virtual", "name": ""},
-            {"SPDXID": "virtual2", "name": ""},
+            {"SPDXID": "virtual2", "name": "./some-dir"},
             {"SPDXID": "bar", "name": "bar"},
             {"SPDXID": "baz", "name": "baz"},
             {"SPDXID": "spam", "name": "spam"},