feat: Add Java binary catalogers (#1392)

2025-11-17 16:33:21 +01:00 · 2022-12-08 10:50:28 -05:00 · 2022-12-08 10:50:28 -05:00 · 997fbdfcf3
commit 997fbdfcf3
parent 13ceed9336
7 changed files with 97 additions and 21 deletions
--- a/syft/pkg/cataloger/binary/cataloger_test.go
+++ b/syft/pkg/cataloger/binary/cataloger_test.go
@ -102,6 +102,62 @@ func TestClassifierCataloger_DefaultClassifiers_PositiveCases(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:       "positive-java-openjdk",
+			fixtureDir: "test-fixtures/classifiers/positive/openjdk",
+			expected: pkg.Package{
+				Name:      "java",
+				Version:   "1.8.0_352-b08",
+				Type:      "binary",
+				Locations: singleLocation("java"),
+				Metadata: pkg.BinaryMetadata{
+					Classifier:  "java-binary-openjdk",
+					VirtualPath: "java",
+				},
+			},
+		},
+		{
+			name:       "positive-java-oracle",
+			fixtureDir: "test-fixtures/classifiers/positive/oracle",
+			expected: pkg.Package{
+				Name:      "java",
+				Version:   "19.0.1+10-21",
+				Type:      "binary",
+				Locations: singleLocation("java"),
+				Metadata: pkg.BinaryMetadata{
+					Classifier:  "java-binary-oracle",
+					VirtualPath: "java",
+				},
+			},
+		},
+		{
+			name:       "positive-java-oracle-macos",
+			fixtureDir: "test-fixtures/classifiers/positive/oracle-macos",
+			expected: pkg.Package{
+				Name:      "java",
+				Version:   "19.0.1+10-21",
+				Type:      "binary",
+				Locations: singleLocation("java"),
+				Metadata: pkg.BinaryMetadata{
+					Classifier:  "java-binary-oracle",
+					VirtualPath: "java",
+				},
+			},
+		},
+		{
+			name:       "positive-java-ibm",
+			fixtureDir: "test-fixtures/classifiers/positive/ibm",
+			expected: pkg.Package{
+				Name:      "java",
+				Version:   "1.8.0-foreman_2022_09_22_15_30-b00",
+				Type:      "binary",
+				Locations: singleLocation("java"),
+				Metadata: pkg.BinaryMetadata{
+					Classifier:  "java-binary-ibm",
+					VirtualPath: "java",
+				},
+			},
+		},
 	}

 	for _, test := range tests {
--- a/syft/pkg/cataloger/binary/classifier.go
+++ b/syft/pkg/cataloger/binary/classifier.go
@ -81,20 +81,8 @@ func fileNameTemplateVersionMatcher(fileNamePattern string, contentTemplate stri
 		}

 		matchMetadata := internal.MatchNamedCaptureGroups(tmplPattern, string(contents))
-
-		version, ok := matchMetadata["version"]
-		if ok {
-			return singlePackage(classifier, reader, version), nil
+		return singlePackage(classifier, reader, matchMetadata), nil
 	}
-
-		return nil, nil
-	}
-}
-
-func patternEndingWithNull(pattern string) string {
-	bytes := []byte(pattern)
-	bytes = append(bytes, 0)
-	return string(bytes)
 }

 func fileContentsVersionMatcher(pattern string) evidenceMatcher {
@ -106,11 +94,7 @@ func fileContentsVersionMatcher(pattern string) evidenceMatcher {
 		}

 		matchMetadata := internal.MatchNamedCaptureGroups(pat, string(contents))
-		version, ok := matchMetadata["version"]
-		if ok {
-			return singlePackage(classifier, reader, version), nil
-		}
-		return nil, nil
+		return singlePackage(classifier, reader, matchMetadata), nil
 	}
 }

@ -122,10 +106,18 @@ func mustPURL(purl string) packageurl.PackageURL {
 	return p
 }

-func singlePackage(classifier classifier, reader source.LocationReadCloser, version string) []pkg.Package {
+func singlePackage(classifier classifier, reader source.LocationReadCloser, matchMetadata map[string]string) []pkg.Package {
+	version, ok := matchMetadata["version"]
+	if !ok {
+		return nil
+	}
+
+	update := matchMetadata["update"]
+
 	var cpes []pkg.CPE
 	for _, cpe := range classifier.CPEs {
 		cpe.Version = version
+		cpe.Update = update
 		cpes = append(cpes, cpe)
 	}

--- a/syft/pkg/cataloger/binary/default_classifiers.go
+++ b/syft/pkg/cataloger/binary/default_classifiers.go
@ -29,11 +29,39 @@ var defaultClassifiers = []classifier{
 	{
 		Class:    "go-binary",
 		FileGlob: "**/go",
-		EvidenceMatcher: fileContentsVersionMatcher(patternEndingWithNull(
-			`(?m)go(?P<version>[0-9]+\.[0-9]+(\.[0-9]+|beta[0-9]+|alpha[0-9]+|rc[0-9]+)?)`)),
+		EvidenceMatcher: fileContentsVersionMatcher(
+			`(?m)go(?P<version>[0-9]+\.[0-9]+(\.[0-9]+|beta[0-9]+|alpha[0-9]+|rc[0-9]+)?)\x00`),
 		Package: "go",
 		CPEs:    singleCPE("cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*"),
 	},
+	{
+		Class:    "java-binary-openjdk",
+		FileGlob: "**/java",
+		EvidenceMatcher: fileContentsVersionMatcher(
+			// [NUL]openjdk[NUL]java[NUL]1.8[NUL]1.8.0_352-b08[NUL]
+			`(?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]+)\x00(?P<version>[0-9]+[-._a-zA-Z0-9]+)\x00`),
+		Package: "java",
+		// TODO the updates might need to be part of the CPE, like: 1.8.0:update152
+		CPEs: singleCPE("cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*"),
+	},
+	{
+		Class:    "java-binary-ibm",
+		FileGlob: "**/java",
+		EvidenceMatcher: fileContentsVersionMatcher(
+			// [NUL]java[NUL]1.8[NUL][NUL][NUL][NUL]1.8.0-foreman_2022_09_22_15_30-b00[NUL]
+			`(?m)\x00java\x00(?P<release>[0-9]+[.0-9]+)\x00{4}(?P<version>[0-9]+[-._a-zA-Z0-9]+)\x00`),
+		Package: "java",
+		CPEs:    singleCPE("cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*"),
+	},
+	{
+		Class:    "java-binary-oracle",
+		FileGlob: "**/java",
+		EvidenceMatcher: fileContentsVersionMatcher(
+			// [NUL]19.0.1+10-21[NUL]
+			`(?m)\x00(?P<version>[0-9]+[.0-9]+[+][-0-9]+)\x00`),
+		Package: "java",
+		CPEs:    singleCPE("cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*"),
+	},
 	{
 		Class:    "nodejs-binary",
 		FileGlob: "**/node",
--- a/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/ibm/java
+++ b/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/ibm/java
--- a/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/openjdk/java
+++ b/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/openjdk/java
--- a/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/oracle-macos/java
+++ b/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/oracle-macos/java
--- a/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/oracle/java
+++ b/syft/pkg/cataloger/binary/test-fixtures/classifiers/positive/oracle/java