Differentiate between JRE and JDK (#2748)

Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2025-11-17 16:33:21 +01:00 · 2024-04-05 15:10:58 -04:00 · 2024-04-05 15:10:58 -04:00 · 619ace65c3
commit 619ace65c3
parent 3e4e3bb1d4
4 changed files with 60 additions and 26 deletions
--- a/syft/pkg/cataloger/binary/classifier_cataloger_test.go
+++ b/syft/pkg/cataloger/binary/classifier_cataloger_test.go
@ -608,10 +608,10 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 		{
 			logicalFixture: "java-jre-openjdk/1.8.0_352-b08/linux-amd64",
 			expected: pkg.Package{
-				Name:      "java",
+				Name:      "java/jre",
 				Version:   "1.8.0_352-b08",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@1.8.0_352-b08",
+				PURL:      "pkg:generic/java/jre@1.8.0_352-b08",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-openjdk", "java"),
 			},
@ -619,10 +619,10 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 		{
 			logicalFixture: "java-jre-openjdk/11.0.17/linux-amd64",
 			expected: pkg.Package{
-				Name:      "java",
+				Name:      "java/jre",
 				Version:   "11.0.17+8-LTS",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@11.0.17%2B8-LTS",
+				PURL:      "pkg:generic/java/jre@11.0.17%2B8-LTS",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-openjdk", "java"),
 			},
@ -630,10 +630,10 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 		{
 			logicalFixture: "java-graal-openjdk/17.0.3+7-jvmci-22.1-b06/linux-amd64",
 			expected: pkg.Package{
-				Name:      "java",
+				Name:      "java/graalvm",
 				Version:   "17.0.3+7-jvmci-22.1-b06",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@17.0.3%2B7-jvmci-22.1-b06",
+				PURL:      "pkg:generic/java/graalvm@17.0.3%2B7-jvmci-22.1-b06",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-graalvm", "java"),
 			},
@ -643,10 +643,10 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 			// note: cannot find the original binary, using a custom snippet based on the original snippet in the repo
 			logicalFixture: "java-jre-oracle/19.0.1/linux-amd64",
 			expected: pkg.Package{
-				Name:      "java",
+				Name:      "java/jre",
 				Version:   "19.0.1+10-21",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@19.0.1%2B10-21",
+				PURL:      "pkg:generic/java/jre@19.0.1%2B10-21",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-oracle", "java"),
 			},
@ -656,10 +656,10 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 			// note: cannot find the original binary, using a custom snippet based on the original snippet in the repo
 			logicalFixture: "java-jre-oracle/19.0.1/darwin",
 			expected: pkg.Package{
-				Name:      "java",
+				Name:      "java/jre",
 				Version:   "19.0.1+10-21",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@19.0.1%2B10-21",
+				PURL:      "pkg:generic/java/jre@19.0.1%2B10-21",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-oracle", "java"),
 			},
@ -667,14 +667,25 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 		{
 			logicalFixture: "java-jre-ibm/1.8.0_391/linux-amd64",
 			expected: pkg.Package{
-				Name:      "java",
+				Name:      "java/jre",
 				Version:   "1.8.0-foreman_2023_10_12_13_27-b00",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@1.8.0-foreman_2023_10_12_13_27-b00",
+				PURL:      "pkg:generic/java/jre@1.8.0-foreman_2023_10_12_13_27-b00",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-ibm", "java"),
 			},
 		},
+		{
+			logicalFixture: "java-jdk-openjdk/21.0.2+13-LTS/linux-amd64",
+			expected: pkg.Package{
+				Name:      "java/jdk",
+				Version:   "21.0.2+13-LTS",
+				Type:      "binary",
+				PURL:      "pkg:generic/java/jdk@21.0.2%2B13-LTS",
+				Locations: locations("jdb"),
+				Metadata:  metadata("java-binary-jdk", "java"),
+			},
+		},
 		{
 			logicalFixture: "rust-libstd/1.50.0/linux-amd64",
 			expected: pkg.Package{
--- a/syft/pkg/cataloger/binary/classifiers.go
+++ b/syft/pkg/cataloger/binary/classifiers.go
@ -87,14 +87,20 @@ func DefaultClassifiers() []Classifier {
 		{
 			Class:    "java-binary-openjdk",
 			FileGlob: "**/java",
-			EvidenceMatcher: FileContentsVersionMatcher(
-				// [NUL]openjdk[NUL]java[NUL]0.0[NUL]11.0.17+8-LTS[NUL]
-				// [NUL]openjdk[NUL]java[NUL]1.8[NUL]1.8.0_352-b08[NUL]
-				// Equivalent to the following regexp with lookahead support:
-				// (?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<release>[0-9]+[.0-9]*) (?P<version>[0-9]+[^-\x00]+(-(?!jvmci)[^-\x00]+)+)
-				`(?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<version>[0-9]+[^-\s]+(-([^-j\x00][^-\x00]?|[^-\x00][^-v\x00][^-\x00]?|[^-\x00][^-\x00][^-m\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-c\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-\x00][^-i\s].?|[^-\x00]{6,}))+)\x00`),
-			Package: "java",
-			PURL:    mustPURL("pkg:generic/java@version"),
+			EvidenceMatcher: evidenceMatchers(
+				FileContentsVersionMatcher(
+					// [NUL]openjdk[NUL]java[NUL]0.0[NUL]11.0.17+8-LTS[NUL]
+					// [NUL]openjdk[NUL]java[NUL]1.8[NUL]1.8.0_352-b08[NUL]
+					// Equivalent to the following regexp with lookahead support:
+					// (?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<release>[0-9]+[.0-9]*) (?P<version>[0-9]+[^-\x00]+(-(?!jvmci)[^-\x00]+)+)
+					`(?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<version>[0-9]+[^-\s]+(-([^-j\x00][^-\x00]?|[^-\x00][^-v\x00][^-\x00]?|[^-\x00][^-\x00][^-m\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-c\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-\x00][^-i\s].?|[^-\x00]{6,}))+)\x00`,
+				),
+				FileContentsVersionMatcher(
+					`(?m)\x00(?P<release>[0-9]+[.0-9]*)\x00+(?P<version>[0-9]+[^-\s]+(-([^-j\x00][^-\x00]?|[^-\x00][^-v\x00][^-\x00]?|[^-\x00][^-\x00][^-m\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-c\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-\x00][^-i\s].?|[^-\x00]{6,}))+)\x00+openjdk\x00java`,
+				),
+			),
+			Package: "java/jre",
+			PURL:    mustPURL("pkg:generic/java/jre@version"),
 			// TODO the updates might need to be part of the CPE Attributes, like: 1.8.0:update152
 			CPEs: singleCPE("cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*"),
 		},
@ -104,8 +110,8 @@ func DefaultClassifiers() []Classifier {
 			EvidenceMatcher: FileContentsVersionMatcher(
 				// [NUL]java[NUL]1.8[NUL][NUL][NUL][NUL]1.8.0-foreman_2022_09_22_15_30-b00[NUL]
 				`(?m)\x00java\x00(?P<release>[0-9]+[.0-9]+)\x00{4}(?P<version>[0-9]+[-._a-zA-Z0-9]+)\x00`),
-			Package: "java",
-			PURL:    mustPURL("pkg:generic/java@version"),
+			Package: "java/jre",
+			PURL:    mustPURL("pkg:generic/java/jre@version"),
 			CPEs:    singleCPE("cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*"),
 		},
 		{
@ -114,8 +120,8 @@ func DefaultClassifiers() []Classifier {
 			EvidenceMatcher: FileContentsVersionMatcher(
 				// [NUL]19.0.1+10-21[NUL]
 				`(?m)\x00(?P<version>[0-9]+[.0-9]+[+][-0-9]+)\x00`),
-			Package: "java",
-			PURL:    mustPURL("pkg:generic/java@version"),
+			Package: "java/jre",
+			PURL:    mustPURL("pkg:generic/java/jre@version"),
 			CPEs:    singleCPE("cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*"),
 		},
 		{
@ -123,10 +129,19 @@ func DefaultClassifiers() []Classifier {
 			FileGlob: "**/java",
 			EvidenceMatcher: FileContentsVersionMatcher(
 				`(?m)\x00(?P<version>[0-9]+[.0-9]+[.0-9]+\+[0-9]+-jvmci-[0-9]+[.0-9]+-b[0-9]+)\x00`),
-			Package: "java",
-			PURL:    mustPURL("pkg:generic/java@version"),
+			Package: "java/graalvm",
+			PURL:    mustPURL("pkg:generic/java/graalvm@version"),
 			CPEs:    singleCPE("cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:*"),
 		},
+		{
+			Class:    "java-binary-jdk",
+			FileGlob: "**/jdb",
+			EvidenceMatcher: FileContentsVersionMatcher(
+				`(?m)\x00(?P<version>[0-9]+\.[0-9]+\.[0-9]+(\+[0-9]+)?([-._a-zA-Z0-9]+)?)\x00`),
+			Package: "java/jdk",
+			PURL:    mustPURL("pkg:generic/java/jdk@version"),
+			CPEs:    singleCPE("cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*"),
+		},
 		{
 			Class:    "nodejs-binary",
 			FileGlob: "**/node",
--- a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/java-jdk-openjdk/21.0.2+13-LTS/linux-amd64/jdb
+++ b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/java-jdk-openjdk/21.0.2+13-LTS/linux-amd64/jdb
--- a/syft/pkg/cataloger/binary/test-fixtures/config.yaml
+++ b/syft/pkg/cataloger/binary/test-fixtures/config.yaml
@ -211,6 +211,14 @@ from-images:
    paths:
      - /opt/java/bin/java

+  - name: java-jdk-openjdk
+    version: 21.0.2+13-LTS
+    images:
+      - ref: eclipse-temurin:21.0.2_13-jdk-alpine@sha256:b5d37df8ee5bb964bb340acca83957f9a09291d07768fba1881f6bfc8048e4f5
+        platform: linux/amd64
+    paths:
+      - opt/java/openjdk/bin/jdb
+

 # TODO: this is not the original binary used in the test fixture
 #  - version: 5.12.5