oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 08:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix:allow golang tip image detection regex pattern (#3757)

Browse Source 
* Modify the Regex version matcher for golang in the binary classifiers to make it compatible with golang tip images

Signed-off-by: Victor Hu <victorhu493@gmail.com>
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>

* Preliminary fix the regex matching for golang tip image and add the corresponding unit tests

Signed-off-by: Yuntao Hu <victorhu493@gmail.com>

* consider VERSION.cache when it comes to golang tip images

Signed-off-by: Yuntao Hu <victorhu493@gmail.com>

* consider VERSION.cache when it comes to golang tip images

Signed-off-by: Yuntao Hu <victorhu493@gmail.com>

---------

Signed-off-by: Victor Hu <victorhu493@gmail.com>
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
This commit is contained in:
VictorHuu 2025-04-22 02:06:52 +08:00 committed by GitHub
parent ea7e9e696b
commit ab570497b0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
syft/pkg/cataloger/binary/classifier_cataloger_test.go
View File

@ -699,6 +699,17 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
Metadata: metadata("go-binary-hint"), Metadata: metadata("go-binary-hint"),
}, },
}, },
{
// note: this is for compatability with dev version of golang tip image, which resolves the issue #3681
logicalFixture: "go-version-hint/1.25/any",
expected: pkg.Package{
Name: "go",
Version: "1.25-d524e1e",
PURL: "pkg:generic/go@1.25-d524e1e",
Locations: locations("VERSION.cache"),
Metadata: metadata("go-binary-hint"),
},
},
{ {
// note: this is testing BUSYBOX which is typically through a link to "[" (in this case a symlink but in // note: this is testing BUSYBOX which is typically through a link to "[" (in this case a symlink but in
// practice this is often a hard link). // practice this is often a hard link).

4
syft/pkg/cataloger/binary/classifiers.go
View File

@ -171,9 +171,9 @@ func DefaultClassifiers() []Classifier {
}, },
{ {
Class: "go-binary-hint", Class: "go-binary-hint",
FileGlob: "**/VERSION", FileGlob: "**/VERSION*",
EvidenceMatcher: FileContentsVersionMatcher( EvidenceMatcher: FileContentsVersionMatcher(
`(?m)go(?P<version>[0-9]+\.[0-9]+(\.[0-9]+|beta[0-9]+|alpha[0-9]+|rc[0-9]+)?)`), `(?m)go(?P<version>[0-9]+\.[0-9]+(\.[0-9]+|beta[0-9]+|alpha[0-9]+|rc[0-9]+)?(-[0-9a-f]{7})?)`),
Package: "go", Package: "go",
PURL: mustPURL("pkg:generic/go@version"), PURL: mustPURL("pkg:generic/go@version"),
CPEs: singleCPE("cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), CPEs: singleCPE("cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),

2
syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/go-version-hint/1.25/any/VERSION.cache Normal file
View File

@ -0,0 +1,2 @@
devel go1.25-d524e1e Sun Feb 16 07:23:13 2025 -0800
3devel go1.25-d524e1e Sun Feb 16 07:23:13 2025 -0800

6
syft/pkg/cataloger/binary/test-fixtures/config.yaml
View File

@ -130,6 +130,12 @@ from-images:
paths: paths:
- /usr/local/go/bin/go - /usr/local/go/bin/go
- version: 1.25
images:
- ref: golang:tip@sha256:319b219d4df413ef30123a7f69bdf00032d9841af58d7b0ef6971542b29875d5
platform: linux/amd64
paths:
- /usr/local/go/bin/go
# TODO: this is no longer available from dockerhub! (the snippet is vital) # TODO: this is no longer available from dockerhub! (the snippet is vital)
- version: 1.5.14 - version: 1.5.14
images: images: