fix: Make the fileresolver Support Prefix Match of Files (#3820)

* fix the dpkg files pattern detection Signed-off-by: Yuntao Hu <victorhu493@gmail.com> * consider slash before the path is concatenated Signed-off-by: Yuntao Hu <victorhu493@gmail.com> * add test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Yuntao Hu <victorhu493@gmail.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-17 16:33:21 +01:00 · 2025-04-25 01:38:05 +08:00 · 2025-04-25 01:38:05 +08:00 · 9af087d213
commit 9af087d213
parent 5c6c6aa123
8 changed files with 91 additions and 3 deletions
--- a/syft/internal/fileresolver/chroot_context.go
+++ b/syft/internal/fileresolver/chroot_context.go
@ -169,7 +169,11 @@ func (r ChrootContext) ToNativeGlob(chrootPath string) (string, error) {
 		return "", err
 	}

-	parts[0] = strings.TrimRight(responsePath, "/") + "/"
+	hasSlash := strings.HasSuffix(parts[0], "/")
+	parts[0] = responsePath
+	if hasSlash {
+		parts[0] = strings.TrimRight(parts[0], "/") + "/"
+	}

 	return strings.Join(parts, "*"), nil
 }
--- a/syft/internal/fileresolver/chroot_context_test.go
+++ b/syft/internal/fileresolver/chroot_context_test.go
@ -558,6 +558,16 @@ func TestToNativeGlob(t *testing.T) {
 			expectedResult: "/cwd/relative/path/**/file*.txt",
 			expectedError:  nil,
 		},
+		{
+			name: "ending with glob",
+			chrootContext: ChrootContext{
+				root:              "/root",
+				cwdRelativeToRoot: "/cwd",
+			},
+			chrootPath:     "/var/lib/dpkg/info/name.*",
+			expectedResult: "/root/var/lib/dpkg/info/name.*",
+			expectedError:  nil,
+		},
 	}

 	for _, tt := range tests {
--- a/syft/pkg/cataloger/debian/cataloger_test.go
+++ b/syft/pkg/cataloger/debian/cataloger_test.go
@ -288,7 +288,6 @@ func TestDpkgArchiveCataloger(t *testing.T) {
 		})
 	}
 }
-
 func TestCataloger_Globs(t *testing.T) {
 	tests := []struct {
 		name     string
@ -305,6 +304,9 @@ func TestCataloger_Globs(t *testing.T) {
 				"var/lib/dpkg/status.d/pkg-1.0",
 				"usr/lib/opkg/info/pkg-1.0.control",
 				"usr/lib/opkg/status",
+				"usr/lib/dpkg/info/libpam-runtime.conffiles",
+				"usr/lib/dpkg/info/libpam-runtime.md5sums",
+				"usr/share/doc/libpam-runtime/copyright",
 			},
 		},
 	}
--- a/syft/pkg/cataloger/debian/test-fixtures/glob-paths/usr/lib/dpkg/info/libpam-runtime.conffiles
+++ b/syft/pkg/cataloger/debian/test-fixtures/glob-paths/usr/lib/dpkg/info/libpam-runtime.conffiles
@ -0,0 +1,2 @@
+/etc/pam.conf
+/etc/pam.d/other
--- a/syft/pkg/cataloger/debian/test-fixtures/glob-paths/usr/lib/dpkg/info/libpam-runtime.md5sums
+++ b/syft/pkg/cataloger/debian/test-fixtures/glob-paths/usr/lib/dpkg/info/libpam-runtime.md5sums
@ -0,0 +1,4 @@
+55f905631797551d4d936a34c7e73474  lib/x86_64-linux-gnu/libz.so.1.2.11
+cede84bda30d2380217f97753c8ccf3a  usr/share/doc/zlib1g/changelog.Debian.gz
+f3c9dafa6da7992c47328b4464f6d122  usr/share/doc/zlib1g/changelog.gz
+a4fae96070439a5209a62ae5b8017ab2  usr/share/doc/zlib1g/copyright
--- a/syft/pkg/cataloger/debian/test-fixtures/glob-paths/usr/lib/dpkg/info/libpam-runtime.preinst
+++ b/syft/pkg/cataloger/debian/test-fixtures/glob-paths/usr/lib/dpkg/info/libpam-runtime.preinst
@ -0,0 +1 @@
+# some shell script...
--- a/syft/pkg/cataloger/debian/test-fixtures/glob-paths/usr/lib/dpkg/status
+++ b/syft/pkg/cataloger/debian/test-fixtures/glob-paths/usr/lib/dpkg/status
@ -1 +1,23 @@
-bogus status
+Package:
+
+Package: libpam-runtime
+Status: install ok installed
+Priority: required
+Section: admin
+Installed-Size: 1016
+Maintainer: Steve Langasek <vorlon@debian.org>
+Architecture: all
+Multi-Arch: foreign
+Source: pam
+Version: 1.1.8-3.6
+Replaces: libpam0g-dev, libpam0g-util
+Depends: debconf (>= 0.5) | debconf-2.0, debconf (>= 1.5.19) | cdebconf, libpam-modules (>= 1.0.1-6)
+Conflicts: libpam0g-util
+Conffiles:
+ /etc/pam.conf 87fc76f18e98ee7d3848f6b81b3391e5
+ /etc/pam.d/other 31aa7f2181889ffb00b87df4126d1701
+Description: Runtime support for the PAM library
+ Contains configuration files and  directories required for
+ authentication  to work on Debian systems.  This package is required
+ on almost all installations.
+Homepage: http://www.linux-pam.org/
--- a/syft/pkg/cataloger/debian/test-fixtures/glob-paths/usr/share/doc/libpam-runtime/copyright
+++ b/syft/pkg/cataloger/debian/test-fixtures/glob-paths/usr/share/doc/libpam-runtime/copyright
@ -0,0 +1,43 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: auditd
+Source: https://people.redhat.com/sgrubb/audit/
+
+Files: *
+Copyright: 2012-2016 Steve Grubb <sgrubb@redhat.com>
+           2006-2012 Rik Faith
+License: GPL-2
+
+Files: src/libev/*
+Copyright: 2007-2009 Marc Alexamder Lehmann
+License: GPL-2
+
+Files: lib/*
+Copyright: 2005-2008 Steve Grubb <sgrubb@redhat.com>
+License: LGPL-2.1
+  The audit daemon's library libaudit.* is released under LGPL
+  so that it may be linked with 3rd party software.
+  .
+  On Debian systems, refer to /usr/share/common-licenses/LGPL-2.1
+  for the complete text of the GNU Lesser General Public License.
+
+Files: debian/*
+Copyright: 2007-2011 Philipp Matthias Hahn <pmhahn@debian.org>
+           2012-2016 Laurent Bigonville <bigon@debian.org>
+License: GPL-2
+
+License: GPL-2
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License version 2,
+ as published by the Free Software Foundation.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this package; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License can be found in `/usr/share/common-licenses/GPL-1'.