diff --git a/internal/capabilities/generate/merge.go b/internal/capabilities/generate/merge.go index cc9cfe906..015104e8a 100644 --- a/internal/capabilities/generate/merge.go +++ b/internal/capabilities/generate/merge.go @@ -478,18 +478,30 @@ func (e *EnrichmentData) EnrichWithBinaryClassifier(catalogerName string, entry // strip @version from PURL purlStr := stripPURLVersion(classifier.PURL.String()) + packages := []capabilities.DetectorPackageInfo{ + { + Class: classifier.Class, + Name: classifier.Package, + PURL: purlStr, + CPEs: cpeStrings, + Type: "BinaryPkg", + }, + } + + for _, o := range binaryClassifierOverrides[classifier.Class] { + packages = append(packages, capabilities.DetectorPackageInfo{ + Class: o.Class, + Name: o.Package, + PURL: o.PURL, + CPEs: o.CPEs, + Type: "BinaryPkg", + }) + } + detectors = append(detectors, capabilities.Detector{ Method: "glob", Criteria: []string{classifier.FileGlob}, - Packages: []capabilities.DetectorPackageInfo{ - { - Class: classifier.Class, - Name: classifier.Package, - PURL: purlStr, - CPEs: cpeStrings, - Type: "BinaryPkg", - }, - }, + Packages: packages, }) } entry.Detectors = detectors diff --git a/internal/capabilities/generate/overrides.go b/internal/capabilities/generate/overrides.go new file mode 100644 index 000000000..bf1afa47d --- /dev/null +++ b/internal/capabilities/generate/overrides.go @@ -0,0 +1,107 @@ +package main + +import ( + "github.com/anchore/syft/syft/cpe" +) + +// this is a hack to get some information in the output that is otherwise difficult to extract. +// it should be removed after we figure out how to extract it properly from the classifiers +type binaryClassifierOverride struct { + Class string + Package string + PURL string + CPEs []string +} + +var binaryClassifierOverrides = map[string][]binaryClassifierOverride{ + "java-binary": { + { + Class: "java-binary-graalvm", + Package: "graalvm", + PURL: mustPURL("pkg:generic/oracle/graalvm@version"), + CPEs: singleCPE("cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "java-binary-openjdk-zulu", + Package: "zulu", + PURL: mustPURL("pkg:generic/azul/zulu@version"), + CPEs: singleCPE("cpe:2.3:a:azul:zulu:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "java-binary-openjdk-with-update", + Package: "openjdk", + PURL: mustPURL("pkg:generic/oracle/openjdk@version"), + CPEs: singleCPE("cpe:2.3:a:oracle:openjdk:{{.primary}}:update{{.update}}:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "java-binary-openjdk", + Package: "openjdk", + PURL: mustPURL("pkg:generic/oracle/openjdk@version"), + CPEs: singleCPE("cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "java-binary-ibm", + Package: "java", + PURL: mustPURL("pkg:generic/ibm/java@version"), + CPEs: singleCPE("cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "java-binary-openjdk-fallthrough", + Package: "jre", + PURL: mustPURL("pkg:generic/oracle/jre@version"), + CPEs: singleCPE("cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "java-binary-oracle", + Package: "jre", + PURL: mustPURL("pkg:generic/oracle/jre@version"), + CPEs: singleCPE("cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + }, + "java-jdb-binary": { + { + Class: "java-binary-graalvm", + Package: "graalvm", + PURL: mustPURL("pkg:generic/oracle/graalvm@version"), + CPEs: singleCPE("cpe:2.3:a:oracle:graalvm_for_jdk:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "jdb-binary-openjdk-zulu", + Package: "zulu", + PURL: mustPURL("pkg:generic/azul/zulu@version"), + CPEs: singleCPE("cpe:2.3:a:azul:zulu:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "java-jdb-binary-openjdk", + Package: "openjdk", + PURL: mustPURL("pkg:generic/oracle/openjdk@version"), + CPEs: singleCPE("cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "java-sdk-binary-ibm", + Package: "java_sdk", + PURL: mustPURL("pkg:generic/ibm/java_sdk@version"), + CPEs: singleCPE("cpe:2.3:a:ibm:java_sdk:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "java-binary-openjdk-fallthrough", + Package: "openjdk", + PURL: mustPURL("pkg:generic/oracle/openjdk@version"), + CPEs: singleCPE("cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "java-binary-jdk", + Package: "jdk", + PURL: mustPURL("pkg:generic/oracle/jdk@version"), + CPEs: singleCPE("cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + }, +} + +func mustPURL(purl string) string { + return purl +} + +func singleCPE(cpeString string, _ ...any) []string { + return []string{cpeString} +} diff --git a/internal/capabilities/packages.yaml b/internal/capabilities/packages.yaml index 9b7e5c6b5..4bd4d94ea 100644 --- a/internal/capabilities/packages.yaml +++ b/internal/capabilities/packages.yaml @@ -994,6 +994,48 @@ catalogers: purl: pkg:/ cpes: [] type: BinaryPkg + - class: java-binary-graalvm + name: graalvm + purl: pkg:generic/oracle/graalvm@version + cpes: + - cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: java-binary-openjdk-zulu + name: zulu + purl: pkg:generic/azul/zulu@version + cpes: + - cpe:2.3:a:azul:zulu:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: java-binary-openjdk-with-update + name: openjdk + purl: pkg:generic/oracle/openjdk@version + cpes: + - cpe:2.3:a:oracle:openjdk:{{.primary}}:update{{.update}}:*:*:*:*:*:* + type: BinaryPkg + - class: java-binary-openjdk + name: openjdk + purl: pkg:generic/oracle/openjdk@version + cpes: + - cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: java-binary-ibm + name: java + purl: pkg:generic/ibm/java@version + cpes: + - cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: java-binary-openjdk-fallthrough + name: jre + purl: pkg:generic/oracle/jre@version + cpes: + - cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: java-binary-oracle + name: jre + purl: pkg:generic/oracle/jre@version + cpes: + - cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:* + type: BinaryPkg - method: glob criteria: - '**/jdb' @@ -1003,6 +1045,42 @@ catalogers: purl: pkg:/ cpes: [] type: BinaryPkg + - class: java-binary-graalvm + name: graalvm + purl: pkg:generic/oracle/graalvm@version + cpes: + - cpe:2.3:a:oracle:graalvm_for_jdk:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: jdb-binary-openjdk-zulu + name: zulu + purl: pkg:generic/azul/zulu@version + cpes: + - cpe:2.3:a:azul:zulu:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: java-jdb-binary-openjdk + name: openjdk + purl: pkg:generic/oracle/openjdk@version + cpes: + - cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: java-sdk-binary-ibm + name: java_sdk + purl: pkg:generic/ibm/java_sdk@version + cpes: + - cpe:2.3:a:ibm:java_sdk:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: java-binary-openjdk-fallthrough + name: openjdk + purl: pkg:generic/oracle/openjdk@version + cpes: + - cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:* + type: BinaryPkg + - class: java-binary-jdk + name: jdk + purl: pkg:generic/oracle/jdk@version + cpes: + - cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:* + type: BinaryPkg metadata_types: # AUTO-GENERATED - pkg.BinarySignature package_types: # AUTO-GENERATED