chore: java binary data

Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-11-17 08:23:15 +01:00 · 2025-11-14 15:44:38 -05:00 · 2025-11-14 15:44:38 -05:00 · 725b0dfda2
commit 725b0dfda2
parent 891499685a
3 changed files with 206 additions and 9 deletions
--- a/internal/capabilities/generate/merge.go
+++ b/internal/capabilities/generate/merge.go
@ -478,10 +478,7 @@ func (e *EnrichmentData) EnrichWithBinaryClassifier(catalogerName string, entry
 			// strip @version from PURL
 			purlStr := stripPURLVersion(classifier.PURL.String())

-			detectors = append(detectors, capabilities.Detector{
-				Method:   "glob",
-				Criteria: []string{classifier.FileGlob},
-				Packages: []capabilities.DetectorPackageInfo{
+			packages := []capabilities.DetectorPackageInfo{
 				{
 					Class: classifier.Class,
 					Name:  classifier.Package,
@ -489,7 +486,22 @@ func (e *EnrichmentData) EnrichWithBinaryClassifier(catalogerName string, entry
 					CPEs:  cpeStrings,
 					Type:  "BinaryPkg",
 				},
-				},
+			}
+
+			for _, o := range binaryClassifierOverrides[classifier.Class] {
+				packages = append(packages, capabilities.DetectorPackageInfo{
+					Class: o.Class,
+					Name:  o.Package,
+					PURL:  o.PURL,
+					CPEs:  o.CPEs,
+					Type:  "BinaryPkg",
+				})
+			}
+
+			detectors = append(detectors, capabilities.Detector{
+				Method:   "glob",
+				Criteria: []string{classifier.FileGlob},
+				Packages: packages,
 			})
 		}
 		entry.Detectors = detectors
--- a/internal/capabilities/generate/overrides.go
+++ b/internal/capabilities/generate/overrides.go
@ -0,0 +1,107 @@
+package main
+
+import (
+	"github.com/anchore/syft/syft/cpe"
+)
+
+// this is a hack to get some information in the output that is otherwise difficult to extract.
+// it should be removed after we figure out how to extract it properly from the classifiers
+type binaryClassifierOverride struct {
+	Class   string
+	Package string
+	PURL    string
+	CPEs    []string
+}
+
+var binaryClassifierOverrides = map[string][]binaryClassifierOverride{
+	"java-binary": {
+		{
+			Class:   "java-binary-graalvm",
+			Package: "graalvm",
+			PURL:    mustPURL("pkg:generic/oracle/graalvm@version"),
+			CPEs:    singleCPE("cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
+		{
+			Class:   "java-binary-openjdk-zulu",
+			Package: "zulu",
+			PURL:    mustPURL("pkg:generic/azul/zulu@version"),
+			CPEs:    singleCPE("cpe:2.3:a:azul:zulu:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
+		{
+			Class:   "java-binary-openjdk-with-update",
+			Package: "openjdk",
+			PURL:    mustPURL("pkg:generic/oracle/openjdk@version"),
+			CPEs:    singleCPE("cpe:2.3:a:oracle:openjdk:{{.primary}}:update{{.update}}:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
+		{
+			Class:   "java-binary-openjdk",
+			Package: "openjdk",
+			PURL:    mustPURL("pkg:generic/oracle/openjdk@version"),
+			CPEs:    singleCPE("cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
+		{
+			Class:   "java-binary-ibm",
+			Package: "java",
+			PURL:    mustPURL("pkg:generic/ibm/java@version"),
+			CPEs:    singleCPE("cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
+		{
+			Class:   "java-binary-openjdk-fallthrough",
+			Package: "jre",
+			PURL:    mustPURL("pkg:generic/oracle/jre@version"),
+			CPEs:    singleCPE("cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
+		{
+			Class:   "java-binary-oracle",
+			Package: "jre",
+			PURL:    mustPURL("pkg:generic/oracle/jre@version"),
+			CPEs:    singleCPE("cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
+	},
+	"java-jdb-binary": {
+		{
+			Class:   "java-binary-graalvm",
+			Package: "graalvm",
+			PURL:    mustPURL("pkg:generic/oracle/graalvm@version"),
+			CPEs:    singleCPE("cpe:2.3:a:oracle:graalvm_for_jdk:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
+		{
+			Class:   "jdb-binary-openjdk-zulu",
+			Package: "zulu",
+			PURL:    mustPURL("pkg:generic/azul/zulu@version"),
+			CPEs:    singleCPE("cpe:2.3:a:azul:zulu:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
+		{
+			Class:   "java-jdb-binary-openjdk",
+			Package: "openjdk",
+			PURL:    mustPURL("pkg:generic/oracle/openjdk@version"),
+			CPEs:    singleCPE("cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
+		{
+			Class:   "java-sdk-binary-ibm",
+			Package: "java_sdk",
+			PURL:    mustPURL("pkg:generic/ibm/java_sdk@version"),
+			CPEs:    singleCPE("cpe:2.3:a:ibm:java_sdk:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
+		{
+			Class:   "java-binary-openjdk-fallthrough",
+			Package: "openjdk",
+			PURL:    mustPURL("pkg:generic/oracle/openjdk@version"),
+			CPEs:    singleCPE("cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
+		{
+			Class:   "java-binary-jdk",
+			Package: "jdk",
+			PURL:    mustPURL("pkg:generic/oracle/jdk@version"),
+			CPEs:    singleCPE("cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
+	},
+}
+
+func mustPURL(purl string) string {
+	return purl
+}
+
+func singleCPE(cpeString string, _ ...any) []string {
+	return []string{cpeString}
+}
--- a/internal/capabilities/packages.yaml
+++ b/internal/capabilities/packages.yaml
@ -994,6 +994,48 @@ catalogers:
            purl: pkg:/
            cpes: []
            type: BinaryPkg
+          - class: java-binary-graalvm
+            name: graalvm
+            purl: pkg:generic/oracle/graalvm@version
+            cpes:
+              - cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:*
+            type: BinaryPkg
+          - class: java-binary-openjdk-zulu
+            name: zulu
+            purl: pkg:generic/azul/zulu@version
+            cpes:
+              - cpe:2.3:a:azul:zulu:*:*:*:*:*:*:*:*
+            type: BinaryPkg
+          - class: java-binary-openjdk-with-update
+            name: openjdk
+            purl: pkg:generic/oracle/openjdk@version
+            cpes:
+              - cpe:2.3:a:oracle:openjdk:{{.primary}}:update{{.update}}:*:*:*:*:*:*
+            type: BinaryPkg
+          - class: java-binary-openjdk
+            name: openjdk
+            purl: pkg:generic/oracle/openjdk@version
+            cpes:
+              - cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*
+            type: BinaryPkg
+          - class: java-binary-ibm
+            name: java
+            purl: pkg:generic/ibm/java@version
+            cpes:
+              - cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
+            type: BinaryPkg
+          - class: java-binary-openjdk-fallthrough
+            name: jre
+            purl: pkg:generic/oracle/jre@version
+            cpes:
+              - cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*
+            type: BinaryPkg
+          - class: java-binary-oracle
+            name: jre
+            purl: pkg:generic/oracle/jre@version
+            cpes:
+              - cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*
+            type: BinaryPkg
      - method: glob
        criteria:
          - '**/jdb'
@ -1003,6 +1045,42 @@ catalogers:
            purl: pkg:/
            cpes: []
            type: BinaryPkg
+          - class: java-binary-graalvm
+            name: graalvm
+            purl: pkg:generic/oracle/graalvm@version
+            cpes:
+              - cpe:2.3:a:oracle:graalvm_for_jdk:*:*:*:*:*:*:*:*
+            type: BinaryPkg
+          - class: jdb-binary-openjdk-zulu
+            name: zulu
+            purl: pkg:generic/azul/zulu@version
+            cpes:
+              - cpe:2.3:a:azul:zulu:*:*:*:*:*:*:*:*
+            type: BinaryPkg
+          - class: java-jdb-binary-openjdk
+            name: openjdk
+            purl: pkg:generic/oracle/openjdk@version
+            cpes:
+              - cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*
+            type: BinaryPkg
+          - class: java-sdk-binary-ibm
+            name: java_sdk
+            purl: pkg:generic/ibm/java_sdk@version
+            cpes:
+              - cpe:2.3:a:ibm:java_sdk:*:*:*:*:*:*:*:*
+            type: BinaryPkg
+          - class: java-binary-openjdk-fallthrough
+            name: openjdk
+            purl: pkg:generic/oracle/openjdk@version
+            cpes:
+              - cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*
+            type: BinaryPkg
+          - class: java-binary-jdk
+            name: jdk
+            purl: pkg:generic/oracle/jdk@version
+            cpes:
+              - cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*
+            type: BinaryPkg
    metadata_types: # AUTO-GENERATED
      - pkg.BinarySignature
    package_types: # AUTO-GENERATED