From ab570497b034187c0f5605f2f9a4463cd9fc3a5b Mon Sep 17 00:00:00 2001 From: VictorHuu <2151409@tongji.edu.cn> Date: Tue, 22 Apr 2025 02:06:52 +0800 Subject: [PATCH] fix:allow golang tip image detection regex pattern (#3757) * Modify the Regex version matcher for golang in the binary classifiers to make it compatible with golang tip images Signed-off-by: Victor Hu Signed-off-by: Yuntao Hu * Preliminary fix the regex matching for golang tip image and add the corresponding unit tests Signed-off-by: Yuntao Hu * consider VERSION.cache when it comes to golang tip images Signed-off-by: Yuntao Hu * consider VERSION.cache when it comes to golang tip images Signed-off-by: Yuntao Hu --------- Signed-off-by: Victor Hu Signed-off-by: Yuntao Hu --- .../pkg/cataloger/binary/classifier_cataloger_test.go | 11 +++++++++++ syft/pkg/cataloger/binary/classifiers.go | 4 ++-- .../snippets/go-version-hint/1.25/any/VERSION.cache | 2 ++ syft/pkg/cataloger/binary/test-fixtures/config.yaml | 6 ++++++ 4 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/go-version-hint/1.25/any/VERSION.cache diff --git a/syft/pkg/cataloger/binary/classifier_cataloger_test.go b/syft/pkg/cataloger/binary/classifier_cataloger_test.go index 2d6b7a4ea..f2e4fe207 100644 --- a/syft/pkg/cataloger/binary/classifier_cataloger_test.go +++ b/syft/pkg/cataloger/binary/classifier_cataloger_test.go @@ -699,6 +699,17 @@ func Test_Cataloger_PositiveCases(t *testing.T) { Metadata: metadata("go-binary-hint"), }, }, + { + // note: this is for compatability with dev version of golang tip image, which resolves the issue #3681 + logicalFixture: "go-version-hint/1.25/any", + expected: pkg.Package{ + Name: "go", + Version: "1.25-d524e1e", + PURL: "pkg:generic/go@1.25-d524e1e", + Locations: locations("VERSION.cache"), + Metadata: metadata("go-binary-hint"), + }, + }, { // note: this is testing BUSYBOX which is typically through a link to "[" (in this case a symlink but in // practice this is often a hard link). diff --git a/syft/pkg/cataloger/binary/classifiers.go b/syft/pkg/cataloger/binary/classifiers.go index f0fff7a85..dc3ff40f3 100644 --- a/syft/pkg/cataloger/binary/classifiers.go +++ b/syft/pkg/cataloger/binary/classifiers.go @@ -171,9 +171,9 @@ func DefaultClassifiers() []Classifier { }, { Class: "go-binary-hint", - FileGlob: "**/VERSION", + FileGlob: "**/VERSION*", EvidenceMatcher: FileContentsVersionMatcher( - `(?m)go(?P[0-9]+\.[0-9]+(\.[0-9]+|beta[0-9]+|alpha[0-9]+|rc[0-9]+)?)`), + `(?m)go(?P[0-9]+\.[0-9]+(\.[0-9]+|beta[0-9]+|alpha[0-9]+|rc[0-9]+)?(-[0-9a-f]{7})?)`), Package: "go", PURL: mustPURL("pkg:generic/go@version"), CPEs: singleCPE("cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/go-version-hint/1.25/any/VERSION.cache b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/go-version-hint/1.25/any/VERSION.cache new file mode 100644 index 000000000..5ac1e7aad --- /dev/null +++ b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/go-version-hint/1.25/any/VERSION.cache @@ -0,0 +1,2 @@ +devel go1.25-d524e1e Sun Feb 16 07:23:13 2025 -0800 +3devel go1.25-d524e1e Sun Feb 16 07:23:13 2025 -0800 \ No newline at end of file diff --git a/syft/pkg/cataloger/binary/test-fixtures/config.yaml b/syft/pkg/cataloger/binary/test-fixtures/config.yaml index f421cdfd3..b4a3bcc71 100644 --- a/syft/pkg/cataloger/binary/test-fixtures/config.yaml +++ b/syft/pkg/cataloger/binary/test-fixtures/config.yaml @@ -130,6 +130,12 @@ from-images: paths: - /usr/local/go/bin/go + - version: 1.25 + images: + - ref: golang:tip@sha256:319b219d4df413ef30123a7f69bdf00032d9841af58d7b0ef6971542b29875d5 + platform: linux/amd64 + paths: + - /usr/local/go/bin/go # TODO: this is no longer available from dockerhub! (the snippet is vital) - version: 1.5.14 images: