From 619ace65c3d803445d3069c732eae53402542d8c Mon Sep 17 00:00:00 2001
From: Laurent Goderre <laurent.goderre@docker.com>
Date: Fri, 5 Apr 2024 15:10:58 -0400
Subject: [PATCH] Differentiate between JRE and JDK (#2748)

Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
---
 .../binary/classifier_cataloger_test.go       |  35 +++++++++-----
 syft/pkg/cataloger/binary/classifiers.go      |  43 ++++++++++++------
 .../21.0.2+13-LTS/linux-amd64/jdb             | Bin 0 -> 344 bytes
 .../binary/test-fixtures/config.yaml          |   8 ++++
 4 files changed, 60 insertions(+), 26 deletions(-)
 create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/java-jdk-openjdk/21.0.2+13-LTS/linux-amd64/jdb

diff --git a/syft/pkg/cataloger/binary/classifier_cataloger_test.go b/syft/pkg/cataloger/binary/classifier_cataloger_test.go
index 6257be611..669a4ae97 100644
--- a/syft/pkg/cataloger/binary/classifier_cataloger_test.go
+++ b/syft/pkg/cataloger/binary/classifier_cataloger_test.go
@@ -608,10 +608,10 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 		{
 			logicalFixture: "java-jre-openjdk/1.8.0_352-b08/linux-amd64",
 			expected: pkg.Package{
-				Name:      "java",
+				Name:      "java/jre",
 				Version:   "1.8.0_352-b08",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@1.8.0_352-b08",
+				PURL:      "pkg:generic/java/jre@1.8.0_352-b08",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-openjdk", "java"),
 			},
@@ -619,10 +619,10 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 		{
 			logicalFixture: "java-jre-openjdk/11.0.17/linux-amd64",
 			expected: pkg.Package{
-				Name:      "java",
+				Name:      "java/jre",
 				Version:   "11.0.17+8-LTS",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@11.0.17%2B8-LTS",
+				PURL:      "pkg:generic/java/jre@11.0.17%2B8-LTS",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-openjdk", "java"),
 			},
@@ -630,10 +630,10 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 		{
 			logicalFixture: "java-graal-openjdk/17.0.3+7-jvmci-22.1-b06/linux-amd64",
 			expected: pkg.Package{
-				Name:      "java",
+				Name:      "java/graalvm",
 				Version:   "17.0.3+7-jvmci-22.1-b06",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@17.0.3%2B7-jvmci-22.1-b06",
+				PURL:      "pkg:generic/java/graalvm@17.0.3%2B7-jvmci-22.1-b06",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-graalvm", "java"),
 			},
@@ -643,10 +643,10 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 			// note: cannot find the original binary, using a custom snippet based on the original snippet in the repo
 			logicalFixture: "java-jre-oracle/19.0.1/linux-amd64",
 			expected: pkg.Package{
-				Name:      "java",
+				Name:      "java/jre",
 				Version:   "19.0.1+10-21",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@19.0.1%2B10-21",
+				PURL:      "pkg:generic/java/jre@19.0.1%2B10-21",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-oracle", "java"),
 			},
@@ -656,10 +656,10 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 			// note: cannot find the original binary, using a custom snippet based on the original snippet in the repo
 			logicalFixture: "java-jre-oracle/19.0.1/darwin",
 			expected: pkg.Package{
-				Name:      "java",
+				Name:      "java/jre",
 				Version:   "19.0.1+10-21",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@19.0.1%2B10-21",
+				PURL:      "pkg:generic/java/jre@19.0.1%2B10-21",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-oracle", "java"),
 			},
@@ -667,14 +667,25 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 		{
 			logicalFixture: "java-jre-ibm/1.8.0_391/linux-amd64",
 			expected: pkg.Package{
-				Name:      "java",
+				Name:      "java/jre",
 				Version:   "1.8.0-foreman_2023_10_12_13_27-b00",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@1.8.0-foreman_2023_10_12_13_27-b00",
+				PURL:      "pkg:generic/java/jre@1.8.0-foreman_2023_10_12_13_27-b00",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-ibm", "java"),
 			},
 		},
+		{
+			logicalFixture: "java-jdk-openjdk/21.0.2+13-LTS/linux-amd64",
+			expected: pkg.Package{
+				Name:      "java/jdk",
+				Version:   "21.0.2+13-LTS",
+				Type:      "binary",
+				PURL:      "pkg:generic/java/jdk@21.0.2%2B13-LTS",
+				Locations: locations("jdb"),
+				Metadata:  metadata("java-binary-jdk", "java"),
+			},
+		},
 		{
 			logicalFixture: "rust-libstd/1.50.0/linux-amd64",
 			expected: pkg.Package{
diff --git a/syft/pkg/cataloger/binary/classifiers.go b/syft/pkg/cataloger/binary/classifiers.go
index 8d05e7c82..d99e16bdf 100644
--- a/syft/pkg/cataloger/binary/classifiers.go
+++ b/syft/pkg/cataloger/binary/classifiers.go
@@ -87,14 +87,20 @@ func DefaultClassifiers() []Classifier {
 		{
 			Class:    "java-binary-openjdk",
 			FileGlob: "**/java",
-			EvidenceMatcher: FileContentsVersionMatcher(
-				// [NUL]openjdk[NUL]java[NUL]0.0[NUL]11.0.17+8-LTS[NUL]
-				// [NUL]openjdk[NUL]java[NUL]1.8[NUL]1.8.0_352-b08[NUL]
-				// Equivalent to the following regexp with lookahead support:
-				// (?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<release>[0-9]+[.0-9]*) (?P<version>[0-9]+[^-\x00]+(-(?!jvmci)[^-\x00]+)+)
-				`(?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<version>[0-9]+[^-\s]+(-([^-j\x00][^-\x00]?|[^-\x00][^-v\x00][^-\x00]?|[^-\x00][^-\x00][^-m\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-c\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-\x00][^-i\s].?|[^-\x00]{6,}))+)\x00`),
-			Package: "java",
-			PURL:    mustPURL("pkg:generic/java@version"),
+			EvidenceMatcher: evidenceMatchers(
+				FileContentsVersionMatcher(
+					// [NUL]openjdk[NUL]java[NUL]0.0[NUL]11.0.17+8-LTS[NUL]
+					// [NUL]openjdk[NUL]java[NUL]1.8[NUL]1.8.0_352-b08[NUL]
+					// Equivalent to the following regexp with lookahead support:
+					// (?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<release>[0-9]+[.0-9]*) (?P<version>[0-9]+[^-\x00]+(-(?!jvmci)[^-\x00]+)+)
+					`(?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<version>[0-9]+[^-\s]+(-([^-j\x00][^-\x00]?|[^-\x00][^-v\x00][^-\x00]?|[^-\x00][^-\x00][^-m\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-c\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-\x00][^-i\s].?|[^-\x00]{6,}))+)\x00`,
+				),
+				FileContentsVersionMatcher(
+					`(?m)\x00(?P<release>[0-9]+[.0-9]*)\x00+(?P<version>[0-9]+[^-\s]+(-([^-j\x00][^-\x00]?|[^-\x00][^-v\x00][^-\x00]?|[^-\x00][^-\x00][^-m\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-c\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-\x00][^-i\s].?|[^-\x00]{6,}))+)\x00+openjdk\x00java`,
+				),
+			),
+			Package: "java/jre",
+			PURL:    mustPURL("pkg:generic/java/jre@version"),
 			// TODO the updates might need to be part of the CPE Attributes, like: 1.8.0:update152
 			CPEs: singleCPE("cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*"),
 		},
@@ -104,8 +110,8 @@ func DefaultClassifiers() []Classifier {
 			EvidenceMatcher: FileContentsVersionMatcher(
 				// [NUL]java[NUL]1.8[NUL][NUL][NUL][NUL]1.8.0-foreman_2022_09_22_15_30-b00[NUL]
 				`(?m)\x00java\x00(?P<release>[0-9]+[.0-9]+)\x00{4}(?P<version>[0-9]+[-._a-zA-Z0-9]+)\x00`),
-			Package: "java",
-			PURL:    mustPURL("pkg:generic/java@version"),
+			Package: "java/jre",
+			PURL:    mustPURL("pkg:generic/java/jre@version"),
 			CPEs:    singleCPE("cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*"),
 		},
 		{
@@ -114,8 +120,8 @@ func DefaultClassifiers() []Classifier {
 			EvidenceMatcher: FileContentsVersionMatcher(
 				// [NUL]19.0.1+10-21[NUL]
 				`(?m)\x00(?P<version>[0-9]+[.0-9]+[+][-0-9]+)\x00`),
-			Package: "java",
-			PURL:    mustPURL("pkg:generic/java@version"),
+			Package: "java/jre",
+			PURL:    mustPURL("pkg:generic/java/jre@version"),
 			CPEs:    singleCPE("cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*"),
 		},
 		{
@@ -123,10 +129,19 @@ func DefaultClassifiers() []Classifier {
 			FileGlob: "**/java",
 			EvidenceMatcher: FileContentsVersionMatcher(
 				`(?m)\x00(?P<version>[0-9]+[.0-9]+[.0-9]+\+[0-9]+-jvmci-[0-9]+[.0-9]+-b[0-9]+)\x00`),
-			Package: "java",
-			PURL:    mustPURL("pkg:generic/java@version"),
+			Package: "java/graalvm",
+			PURL:    mustPURL("pkg:generic/java/graalvm@version"),
 			CPEs:    singleCPE("cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:*"),
 		},
+		{
+			Class:    "java-binary-jdk",
+			FileGlob: "**/jdb",
+			EvidenceMatcher: FileContentsVersionMatcher(
+				`(?m)\x00(?P<version>[0-9]+\.[0-9]+\.[0-9]+(\+[0-9]+)?([-._a-zA-Z0-9]+)?)\x00`),
+			Package: "java/jdk",
+			PURL:    mustPURL("pkg:generic/java/jdk@version"),
+			CPEs:    singleCPE("cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*"),
+		},
 		{
 			Class:    "nodejs-binary",
 			FileGlob: "**/node",
diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/java-jdk-openjdk/21.0.2+13-LTS/linux-amd64/jdb b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/java-jdk-openjdk/21.0.2+13-LTS/linux-amd64/jdb
new file mode 100644
index 0000000000000000000000000000000000000000..bfcc4e4ea7fe7d2c3a97a7dcaa9a238d5dc963da
GIT binary patch
literal 344
zcmXv}J5Izf6g1k-SD>-9qCzqLuO0RTh;Fw*qOs%W{Uvdvcm*qQXShLd0maM|GxPLj
z^aHfy90SfN%}`omg>txu@lcK};ez3LJWUgn-O&qeS`s`YE!{>jri1dn6Iv*3T#N#Y
z4Ms!<EQrW7=hh1qyjF=D<xFxQJBQP$hyP=q0Z7|9?<J^Br6iO};7zv?DKf>PV%E8s
ztddd~t3U#m-X{)PabOs)*J~1P1<2o<q-2tE-{%ifEleI}lqVR^@q+3~#3)08Q%1!j
zm(A;bhnkmWnC*a?0ihbX&~rRJb$Oukb)+Tdex~s0hp7h|AzTl%lpEde-_YIt>Y3Ee
Ss^aT=S+-TTKg$xUzW)M_G-E0N

literal 0
HcmV?d00001

diff --git a/syft/pkg/cataloger/binary/test-fixtures/config.yaml b/syft/pkg/cataloger/binary/test-fixtures/config.yaml
index e2c35f3d7..07f17882d 100644
--- a/syft/pkg/cataloger/binary/test-fixtures/config.yaml
+++ b/syft/pkg/cataloger/binary/test-fixtures/config.yaml
@@ -211,6 +211,14 @@ from-images:
     paths:
       - /opt/java/bin/java
 
+  - name: java-jdk-openjdk
+    version: 21.0.2+13-LTS
+    images:
+      - ref: eclipse-temurin:21.0.2_13-jdk-alpine@sha256:b5d37df8ee5bb964bb340acca83957f9a09291d07768fba1881f6bfc8048e4f5
+        platform: linux/amd64
+    paths:
+      - opt/java/openjdk/bin/jdb
+
 
 # TODO: this is not the original binary used in the test fixture
 #  - version: 5.12.5