diff --git a/syft/pkg/cataloger/binary/cataloger_test.go b/syft/pkg/cataloger/binary/cataloger_test.go index e98a7da7a..057f81927 100644 --- a/syft/pkg/cataloger/binary/cataloger_test.go +++ b/syft/pkg/cataloger/binary/cataloger_test.go @@ -102,6 +102,62 @@ func TestClassifierCataloger_DefaultClassifiers_PositiveCases(t *testing.T) { }, }, }, + { + name: "positive-java-openjdk", + fixtureDir: "test-fixtures/classifiers/positive/openjdk", + expected: pkg.Package{ + Name: "java", + Version: "1.8.0_352-b08", + Type: "binary", + Locations: singleLocation("java"), + Metadata: pkg.BinaryMetadata{ + Classifier: "java-binary-openjdk", + VirtualPath: "java", + }, + }, + }, + { + name: "positive-java-oracle", + fixtureDir: "test-fixtures/classifiers/positive/oracle", + expected: pkg.Package{ + Name: "java", + Version: "19.0.1+10-21", + Type: "binary", + Locations: singleLocation("java"), + Metadata: pkg.BinaryMetadata{ + Classifier: "java-binary-oracle", + VirtualPath: "java", + }, + }, + }, + { + name: "positive-java-oracle-macos", + fixtureDir: "test-fixtures/classifiers/positive/oracle-macos", + expected: pkg.Package{ + Name: "java", + Version: "19.0.1+10-21", + Type: "binary", + Locations: singleLocation("java"), + Metadata: pkg.BinaryMetadata{ + Classifier: "java-binary-oracle", + VirtualPath: "java", + }, + }, + }, + { + name: "positive-java-ibm", + fixtureDir: "test-fixtures/classifiers/positive/ibm", + expected: pkg.Package{ + Name: "java", + Version: "1.8.0-foreman_2022_09_22_15_30-b00", + Type: "binary", + Locations: singleLocation("java"), + Metadata: pkg.BinaryMetadata{ + Classifier: "java-binary-ibm", + VirtualPath: "java", + }, + }, + }, } for _, test := range tests { diff --git a/syft/pkg/cataloger/binary/classifier.go b/syft/pkg/cataloger/binary/classifier.go index eddbccda4..2ce4c1255 100644 --- a/syft/pkg/cataloger/binary/classifier.go +++ b/syft/pkg/cataloger/binary/classifier.go @@ -81,22 +81,10 @@ func fileNameTemplateVersionMatcher(fileNamePattern string, contentTemplate stri } matchMetadata := internal.MatchNamedCaptureGroups(tmplPattern, string(contents)) - - version, ok := matchMetadata["version"] - if ok { - return singlePackage(classifier, reader, version), nil - } - - return nil, nil + return singlePackage(classifier, reader, matchMetadata), nil } } -func patternEndingWithNull(pattern string) string { - bytes := []byte(pattern) - bytes = append(bytes, 0) - return string(bytes) -} - func fileContentsVersionMatcher(pattern string) evidenceMatcher { pat := regexp.MustCompile(pattern) return func(classifier classifier, reader source.LocationReadCloser) ([]pkg.Package, error) { @@ -106,11 +94,7 @@ func fileContentsVersionMatcher(pattern string) evidenceMatcher { } matchMetadata := internal.MatchNamedCaptureGroups(pat, string(contents)) - version, ok := matchMetadata["version"] - if ok { - return singlePackage(classifier, reader, version), nil - } - return nil, nil + return singlePackage(classifier, reader, matchMetadata), nil } } @@ -122,10 +106,18 @@ func mustPURL(purl string) packageurl.PackageURL { return p } -func singlePackage(classifier classifier, reader source.LocationReadCloser, version string) []pkg.Package { +func singlePackage(classifier classifier, reader source.LocationReadCloser, matchMetadata map[string]string) []pkg.Package { + version, ok := matchMetadata["version"] + if !ok { + return nil + } + + update := matchMetadata["update"] + var cpes []pkg.CPE for _, cpe := range classifier.CPEs { cpe.Version = version + cpe.Update = update cpes = append(cpes, cpe) } diff --git a/syft/pkg/cataloger/binary/default_classifiers.go b/syft/pkg/cataloger/binary/default_classifiers.go index dbc7d9a07..01066663a 100644 --- a/syft/pkg/cataloger/binary/default_classifiers.go +++ b/syft/pkg/cataloger/binary/default_classifiers.go @@ -29,11 +29,39 @@ var defaultClassifiers = []classifier{ { Class: "go-binary", FileGlob: "**/go", - EvidenceMatcher: fileContentsVersionMatcher(patternEndingWithNull( - `(?m)go(?P[0-9]+\.[0-9]+(\.[0-9]+|beta[0-9]+|alpha[0-9]+|rc[0-9]+)?)`)), + EvidenceMatcher: fileContentsVersionMatcher( + `(?m)go(?P[0-9]+\.[0-9]+(\.[0-9]+|beta[0-9]+|alpha[0-9]+|rc[0-9]+)?)\x00`), Package: "go", CPEs: singleCPE("cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*"), }, + { + Class: "java-binary-openjdk", + FileGlob: "**/java", + EvidenceMatcher: fileContentsVersionMatcher( + // [NUL]openjdk[NUL]java[NUL]1.8[NUL]1.8.0_352-b08[NUL] + `(?m)\x00openjdk\x00java\x00(?P[0-9]+[.0-9]+)\x00(?P[0-9]+[-._a-zA-Z0-9]+)\x00`), + Package: "java", + // TODO the updates might need to be part of the CPE, like: 1.8.0:update152 + CPEs: singleCPE("cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*"), + }, + { + Class: "java-binary-ibm", + FileGlob: "**/java", + EvidenceMatcher: fileContentsVersionMatcher( + // [NUL]java[NUL]1.8[NUL][NUL][NUL][NUL]1.8.0-foreman_2022_09_22_15_30-b00[NUL] + `(?m)\x00java\x00(?P[0-9]+[.0-9]+)\x00{4}(?P[0-9]+[-._a-zA-Z0-9]+)\x00`), + Package: "java", + CPEs: singleCPE("cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*"), + }, + { + Class: "java-binary-oracle", + FileGlob: "**/java", + EvidenceMatcher: fileContentsVersionMatcher( + // [NUL]19.0.1+10-21[NUL] + `(?m)\x00(?P[0-9]+[.0-9]+[+][-0-9]+)\x00`), + Package: "java", + CPEs: singleCPE("cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*"), + }, { Class: "nodejs-binary", FileGlob: "**/node", diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/ibm/java b/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/ibm/java new file mode 100644 index 000000000..07debda62 Binary files /dev/null and b/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/ibm/java differ diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/openjdk/java b/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/openjdk/java new file mode 100644 index 000000000..1193a1ef5 Binary files /dev/null and b/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/openjdk/java differ diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/oracle-macos/java b/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/oracle-macos/java new file mode 100644 index 000000000..fe7ff897d Binary files /dev/null and b/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/oracle-macos/java differ diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/oracle/java b/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/oracle/java new file mode 100644 index 000000000..5e26ad1d1 Binary files /dev/null and b/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/oracle/java differ