fix:best effort to get the os info of an ELF binary (#4438)

* fix:the os of an elf binary should be detected even when the os version is empty Signed-off-by: Yuntao Hu <victorhu493@gmail.com> * chore:revoke the update of appCpe Signed-off-by: Yuntao Hu <victorhu493@gmail.com> * chore:resume the testcase Signed-off-by: Yuntao Hu <victorhu493@gmail.com> * fix:revoke the possible compromise to the json schema Signed-off-by: Yuntao Hu <victorhu493@gmail.com> * fix:align with the json schema Signed-off-by: Yuntao Hu <victorhu493@gmail.com> * add a json schema(pre-relase,may be in conflict with others') Signed-off-by: Yuntao Hu <victorhu493@gmail.com> * chore:add a json schema Signed-off-by: Yuntao Hu <victorhu493@gmail.com> * chore:revert the accidental change to 16.1.0 Signed-off-by: Yuntao Hu <victorhu493@gmail.com> * regression/fix:best effort to get the os info Signed-off-by: Yuntao Hu <victorhu493@gmail.com> * chore:resume the previous json file Signed-off-by: Yuntao Hu <victorhu493@gmail.com> * update the schema ver to 16.2.0 Signed-off-by: Yuntao Hu <victorhu493@gmail.com> * chore:no breaking behavior Signed-off-by: Yuntao Hu <victorhu493@gmail.com> * chore: follow the guide of the README.md Signed-off-by: Yuntao Hu <victorhu493@gmail.com> * appCpe is temporarily unused Signed-off-by: Yuntao Hu <victorhu493@gmail.com> * preserve json field for osCPE Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Yuntao Hu <victorhu493@gmail.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-02-12 02:26:42 +01:00 · 2025-12-13 03:13:59 +08:00 · 2025-12-13 03:13:59 +08:00 · 4c38ee1932
commit 4c38ee1932
parent 6be0a9abc4
12 changed files with 4404 additions and 20 deletions
--- a/internal/constants.go
+++ b/internal/constants.go
@ -3,9 +3,10 @@ package internal
 const (
 	// JSONSchemaVersion is the current schema version output by the JSON encoder
 	// This is roughly following the "SchemaVer" guidelines for versioning the JSON schema. Please see schema/json/README.md for details on how to increment.
-	JSONSchemaVersion = "16.1.0"
+	JSONSchemaVersion = "16.1.1"

 	// Changelog
 	// 16.1.0 - reformulated the python pdm fields (added "URL" and removed the unused "path" field).
+	// 16.1.1 - correct elf package osCpe field according to the document of systemd (also add appCpe field)

 )
--- a/schema/json/schema-16.1.1.json
+++ b/schema/json/schema-16.1.1.json
--- a/schema/json/schema-latest.json
+++ b/schema/json/schema-latest.json
@ -1,6 +1,6 @@
 {
  "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "anchore.io/schema/syft/json/16.1.0/document",
+  "$id": "anchore.io/schema/syft/json/16.1.1/document",
  "$ref": "#/$defs/Document",
  "$defs": {
    "AlpmDbEntry": {
@ -1169,7 +1169,11 @@
        },
        "osCPE": {
          "type": "string",
-          "description": "OSCPE is a CPE name for the OS, typically corresponding to CPE_NAME in os-release (e.g. cpe:/o:fedoraproject:fedora:33)"
+          "description": "OSCPE is a CPE name for the OS, typically corresponding to CPE_NAME in os-release (e.g. cpe:/o:fedoraproject:fedora:33)\n\nDeprecated: in Syft 2.0 the struct tag will be corrected to `osCpe` to match the systemd spec casing."
+        },
+        "appCpe": {
+          "type": "string",
+          "description": "AppCpe is a CPE name for the upstream Application, as found in NVD CPE search (e.g. cpe:2.3:a:gnu:coreutils:5.0)"
        },
        "os": {
          "type": "string",
--- a/syft/file/location.go
+++ b/syft/file/location.go
@ -153,11 +153,12 @@ func NewLocationFromImage(accessPath string, ref file.Reference, img *image.Imag
 }

 // NewLocationFromDirectory creates a new Location representing the given path (extracted from the Reference) relative to the given directory.
-func NewLocationFromDirectory(responsePath string, ref file.Reference) Location {
+func NewLocationFromDirectory(responsePath string, fd string, ref file.Reference) Location {
 	return Location{
 		LocationData: LocationData{
 			Coordinates: Coordinates{
-				RealPath: responsePath,
+				RealPath:     responsePath,
+				FileSystemID: fd,
 			},
 			AccessPath: responsePath,
 			ref:        ref,
--- a/syft/internal/fileresolver/filetree_resolver.go
+++ b/syft/internal/fileresolver/filetree_resolver.go
@ -190,7 +190,7 @@ func (r *FiletreeResolver) AllLocations(ctx context.Context) <-chan file.Locatio
 			select {
 			case <-ctx.Done():
 				return
-			case results <- file.NewLocationFromDirectory(r.responsePath(string(ref.RealPath)), ref):
+			case results <- file.NewLocationFromDirectory(r.responsePath(string(ref.RealPath)), "", ref):
 				continue
 			}
 		}
--- a/syft/internal/fileresolver/filetree_resolver_test.go
+++ b/syft/internal/fileresolver/filetree_resolver_test.go
@ -984,12 +984,12 @@ func Test_directoryResolver_FileContentsByLocation(t *testing.T) {
 	}{
 		{
 			name:     "use file reference for content requests",
-			location: file.NewLocationFromDirectory("some/place", *existingPath.Reference),
+			location: file.NewLocationFromDirectory("some/place", "", *existingPath.Reference),
 			expects:  "this file has contents",
 		},
 		{
 			name:     "error on empty file reference",
-			location: file.NewLocationFromDirectory("doesn't matter", stereoscopeFile.Reference{}),
+			location: file.NewLocationFromDirectory("doesn't matter", "", stereoscopeFile.Reference{}),
 			err:      true,
 		},
 	}
@ -1525,12 +1525,12 @@ func Test_fileResolver_FileContentsByLocation(t *testing.T) {
 	}{
 		{
 			name:     "use file reference for content requests",
-			location: file.NewLocationFromDirectory("some/place", *existingPath.Reference),
+			location: file.NewLocationFromDirectory("some/place", "", *existingPath.Reference),
 			expects:  "this file has contents",
 		},
 		{
 			name:     "error on empty file reference",
-			location: file.NewLocationFromDirectory("doesn't matter", stereoscopeFile.Reference{}),
+			location: file.NewLocationFromDirectory("doesn't matter", "", stereoscopeFile.Reference{}),
 			err:      true,
 		},
 	}
--- a/syft/internal/fileresolver/unindexed_directory_test.go
+++ b/syft/internal/fileresolver/unindexed_directory_test.go
@ -950,7 +950,7 @@ func Test_UnindexedDirectoryResolver_FileContentsByLocation(t *testing.T) {
 		},
 		{
 			name:     "error on empty file reference",
-			location: file.NewLocationFromDirectory("doesn't matter", stereoscopeFile.Reference{}),
+			location: file.NewLocationFromDirectory("doesn't matter", "", stereoscopeFile.Reference{}),
 			err:      true,
 		},
 	}
--- a/syft/pkg/binary.go
+++ b/syft/pkg/binary.go
@ -24,8 +24,13 @@ type ELFBinaryPackageNoteJSONPayload struct {
 	Architecture string `json:"architecture,omitempty"`

 	// OSCPE is a CPE name for the OS, typically corresponding to CPE_NAME in os-release (e.g. cpe:/o:fedoraproject:fedora:33)
+	//
+	// Deprecated: in Syft 2.0 the struct tag will be corrected to `osCpe` to match the systemd spec casing.
 	OSCPE string `json:"osCPE,omitempty"`

+	// AppCpe is a CPE name for the upstream Application, as found in NVD CPE search (e.g. cpe:2.3:a:gnu:coreutils:5.0)
+	AppCpe string `json:"appCpe,omitempty"`
+
 	// OS is the OS name, typically corresponding to ID in os-release (e.g. "fedora")
 	OS string `json:"os,omitempty"`

--- a/syft/pkg/cataloger/binary/elf_package.go
+++ b/syft/pkg/cataloger/binary/elf_package.go
@ -68,11 +68,15 @@ func osNameAndVersionFromMetadata(metadata elfBinaryPackageNotes) (string, strin
 		return os, osVersion
 	}

-	if metadata.OSCPE == "" {
+	if metadata.OSCPE == "" { //nolint:staticcheck
+		// best-effort to get the os info
+		if os != "" {
+			return os, ""
+		}
 		return "", ""
 	}

-	attrs, err := cpe.NewAttributes(metadata.OSCPE)
+	attrs, err := cpe.NewAttributes(metadata.OSCPE) //nolint:staticcheck
 	if err != nil {
 		log.WithFields("error", err).Trace("unable to parse cpe attributes for elf binary package")
 		return "", ""
--- a/syft/pkg/cataloger/binary/elf_package_cataloger.go
+++ b/syft/pkg/cataloger/binary/elf_package_cataloger.go
@ -34,7 +34,10 @@ type elfBinaryPackageNotes struct {
 	CPE                                 string `json:"cpe"`
 	License                             string `json:"license"`
 	pkg.ELFBinaryPackageNoteJSONPayload `json:",inline"`
-	Location                            file.Location `json:"-"`
+	// CorrectOSCPE has the corrected casing for the osCPE field relative to the systemd ELF package metadata "spec" https://systemd.io/ELF_PACKAGE_METADATA/ .
+	// Ideally in syft 2.0 this field should be replaced with the pkg.ELFBinaryPackageNoteJSONPayload.OSCPE field directly (with the struct tag corrected).
+	CorrectOSCPE string        `json:"osCpe,omitempty"`
+	Location     file.Location `json:"-"`
 }

 type elfPackageKey struct {
@ -164,9 +167,9 @@ func getELFNotes(r file.LocationReadCloser) (*elfBinaryPackageNotes, error) {
 	}

 	{
-		var metadata elfBinaryPackageNotes
-		if err := json.Unmarshal(notes, &metadata); err == nil {
-			return &metadata, nil
+		var metadata *elfBinaryPackageNotes
+		if metadata, err = unmarshalELFPackageNotesPayload(notes); err == nil {
+			return metadata, nil
 		}
 	}

@ -174,10 +177,10 @@ func getELFNotes(r file.LocationReadCloser) (*elfBinaryPackageNotes, error) {
 		var header elf64SectionHeader
 		headerSize := binary.Size(header) / 4
 		if len(notes) > headerSize {
-			var metadata elfBinaryPackageNotes
+			var metadata *elfBinaryPackageNotes
 			newPayload := bytes.TrimRight(notes[headerSize:], "\x00")
-			if err = json.Unmarshal(newPayload, &metadata); err == nil {
-				return &metadata, nil
+			if metadata, err = unmarshalELFPackageNotesPayload(newPayload); err == nil {
+				return metadata, nil
 			}
 			log.WithFields("file", r.Location.Path(), "error", err).Trace("unable to unmarshal ELF package notes as JSON")
 		}
@ -186,6 +189,21 @@ func getELFNotes(r file.LocationReadCloser) (*elfBinaryPackageNotes, error) {
 	return nil, err
 }

+func unmarshalELFPackageNotesPayload(data []byte) (*elfBinaryPackageNotes, error) {
+	var metadata elfBinaryPackageNotes
+	if err := json.Unmarshal(data, &metadata); err != nil {
+		return nil, fmt.Errorf("unable to unmarshal ELF package notes payload: %w", err)
+	}
+
+	// normalize the os CPE field
+	if metadata.OSCPE == "" { //nolint:staticcheck
+		// ensure the public field is populated for backwards compatibility
+		metadata.OSCPE = metadata.CorrectOSCPE //nolint:staticcheck
+	}
+
+	return &metadata, nil
+}
+
 type elf64SectionHeader struct {
 	ShName      uint32
 	ShType      uint32
--- a/syft/pkg/cataloger/binary/elf_package_cataloger_test.go
+++ b/syft/pkg/cataloger/binary/elf_package_cataloger_test.go
@ -5,6 +5,7 @@ import (

 	"github.com/stretchr/testify/require"

+	extFile "github.com/anchore/stereoscope/pkg/file"
 	"github.com/anchore/syft/syft/file"
 	"github.com/anchore/syft/syft/pkg"
 	"github.com/anchore/syft/syft/pkg/cataloger/internal/pkgtest"
@ -112,6 +113,29 @@ func Test_ELFPackageCataloger(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:    "Debian 64 bit binaries w/o os version",
+			fixture: "image-wolfi-64bit-without-version",
+			expected: []pkg.Package{
+				{
+					Name:    "glibc",
+					Version: "2.42-r4",
+					PURL:    "pkg:apk/wolfi/glibc@2.42-r4?distro=wolfi",
+					Locations: file.NewLocationSet(
+						file.NewLocationFromDirectory("/lib/libBrokenLocale.so.1",
+							"sha256:559eaef4e501b8e7a150661a94ee8b9ebc63bfca3256953a703f9f82053346f2",
+							*extFile.NewFileReference("/lib/libBrokenLocale.so.1")).WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
+					),
+					Licenses: pkg.NewLicenseSet(),
+					Type:     pkg.ApkPkg,
+					Metadata: pkg.ELFBinaryPackageNoteJSONPayload{
+						Type:         "apk",
+						Architecture: "x86_64",
+						OS:           "wolfi",
+					},
+				},
+			},
+		},
 	}

 	for _, v := range cases {
@ -126,3 +150,61 @@ func Test_ELFPackageCataloger(t *testing.T) {
 	}

 }
+
+func Test_unmarshalELFPackageNotesPayload(t *testing.T) {
+	tests := []struct {
+		name        string
+		payload     string
+		wantOSCPE   string
+		wantCorrect string
+		wantErr     require.ErrorAssertionFunc
+	}{
+		{
+			name:        "only osCPE (incorrect) provided",
+			payload:     `{"name":"test","version":"1.0","osCPE":"cpe:/o:fedoraproject:fedora:40"}`,
+			wantOSCPE:   "cpe:/o:fedoraproject:fedora:40",
+			wantCorrect: "",
+		},
+		{
+			name:        "only osCpe (correct) provided",
+			payload:     `{"name":"test","version":"1.0","osCpe":"cpe:/o:fedoraproject:fedora:40"}`,
+			wantOSCPE:   "cpe:/o:fedoraproject:fedora:40",
+			wantCorrect: "cpe:/o:fedoraproject:fedora:40",
+		},
+		{
+			name:        "both osCPE and osCpe provided uses osCPE",
+			payload:     `{"name":"test","version":"1.0","osCPE":"cpe:/o:fedoraproject:fedora:40","osCpe":"cpe:/o:redhat:rhel:9"}`,
+			wantOSCPE:   "cpe:/o:fedoraproject:fedora:40",
+			wantCorrect: "cpe:/o:redhat:rhel:9",
+		},
+		{
+			name:        "neither osCPE nor osCpe provided",
+			payload:     `{"name":"test","version":"1.0"}`,
+			wantOSCPE:   "",
+			wantCorrect: "",
+		},
+		{
+			name:    "invalid JSON",
+			payload: `{invalid}`,
+			wantErr: require.Error,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.wantErr == nil {
+				tt.wantErr = require.NoError
+			}
+
+			got, err := unmarshalELFPackageNotesPayload([]byte(tt.payload))
+			tt.wantErr(t, err)
+
+			if err != nil {
+				return
+			}
+
+			require.Equal(t, tt.wantOSCPE, got.OSCPE)
+			require.Equal(t, tt.wantCorrect, got.CorrectOSCPE)
+		})
+	}
+}
--- a/syft/pkg/cataloger/binary/test-fixtures/image-wolfi-64bit-without-version/Dockerfile
+++ b/syft/pkg/cataloger/binary/test-fixtures/image-wolfi-64bit-without-version/Dockerfile
@ -0,0 +1,7 @@
+FROM --platform=linux/amd64 cgr.dev/chainguard/wolfi-base AS build
+
+FROM scratch
+COPY --from=build /lib/libBrokenLocale.so.1 /lib/libBrokenLocale.so.1
+
+CMD ["/bin/sh"]
+