oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2026-02-13 19:16:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(dotnet): prefer portable executable product version when semantically greater than file version (#2600)

Browse Source 
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
This commit is contained in:
Weston Steimel 2024-02-07 13:28:37 +00:00 committed by GitHub
parent c61f59e7b7
commit bbd34f61fd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 105 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
syft/pkg/cataloger/dotnet/parse_dotnet_portable_executable.go
View File

@ -9,6 +9,7 @@ import (
"github.com/saferwall/pe" "github.com/saferwall/pe"
version "github.com/anchore/go-version"
"github.com/anchore/packageurl-go" "github.com/anchore/packageurl-go"
"github.com/anchore/syft/internal/log" "github.com/anchore/syft/internal/log"
"github.com/anchore/syft/syft/artifact" "github.com/anchore/syft/syft/artifact"
@ -127,12 +128,42 @@ func extractVersion(version string) string {
return out return out
} }
func keepGreaterSemanticVersion(productVersion string, fileVersion string) string {
semanticProductVersion, err := version.NewVersion(productVersion)
if err != nil || semanticProductVersion == nil {
log.Tracef("Unable to create semantic version from portable executable product version %s", productVersion)
return ""
}
semanticFileVersion, err := version.NewVersion(fileVersion)
if err != nil || semanticFileVersion == nil {
log.Tracef("Unable to create semantic version from portable executable file version %s", fileVersion)
return productVersion
}
// Make no choice when they are semantically equal so that it falls
// through to the other comparison cases
if semanticProductVersion.Equal(semanticFileVersion) {
return ""
}
if semanticFileVersion.GreaterThan(semanticProductVersion) {
return fileVersion
}
return productVersion
}
func findVersion(versionResources map[string]string) string { func findVersion(versionResources map[string]string) string {
productVersion := extractVersion(versionResources["ProductVersion"]) productVersion := extractVersion(versionResources["ProductVersion"])
fileVersion := extractVersion(versionResources["FileVersion"]) fileVersion := extractVersion(versionResources["FileVersion"])
if productVersion == "" { semanticVersionCompareResult := keepGreaterSemanticVersion(productVersion, fileVersion)
return fileVersion
if semanticVersionCompareResult != "" {
return semanticVersionCompareResult
} }
productVersionDetail := punctuationCount(productVersion) productVersionDetail := punctuationCount(productVersion)

72
syft/pkg/cataloger/dotnet/parse_dotnet_portable_executable_test.go
View File

@ -193,6 +193,78 @@ func TestParseDotnetPortableExecutable(t *testing.T) {
Version: "80.1.7.92", Version: "80.1.7.92",
}, },
}, },
{
name: "Higher semantic version Product Version",
versionResources: map[string]string{
"FileDescription": "Higher semantic version Product Version",
"FileVersion": "3.0.0.0",
"ProductVersion": "3.0.1+b86b61bf676163639795b163d8d753b20aad6207",
},
expectedPackage: pkg.Package{
Name: "Higher semantic version Product Version",
Version: "3.0.1+b86b61bf676163639795b163d8d753b20aad6207",
},
},
{
name: "Higher semantic version File Version",
versionResources: map[string]string{
"FileDescription": "Higher semantic version File Version",
"FileVersion": "3.0.1+b86b61bf676163639795b163d8d753b20aad6207",
"ProductVersion": "3.0.0",
},
expectedPackage: pkg.Package{
Name: "Higher semantic version File Version",
Version: "3.0.1+b86b61bf676163639795b163d8d753b20aad6207",
},
},
{
name: "Invalid semantic version File Version",
versionResources: map[string]string{
"FileDescription": "Invalid semantic version File Version",
"FileVersion": "A",
"ProductVersion": "3.0.1+b86b61bf676163639795b163d8d753b20aad6207",
},
expectedPackage: pkg.Package{
Name: "Invalid semantic version File Version",
Version: "3.0.1+b86b61bf676163639795b163d8d753b20aad6207",
},
},
{
name: "Invalid semantic version File Version",
versionResources: map[string]string{
"FileDescription": "Invalid semantic version File Version",
"FileVersion": "A",
"ProductVersion": "3.0.1+b86b61bf676163639795b163d8d753b20aad6207",
},
expectedPackage: pkg.Package{
Name: "Invalid semantic version File Version",
Version: "3.0.1+b86b61bf676163639795b163d8d753b20aad6207",
},
},
{
name: "Invalid semantic version Product Version",
versionResources: map[string]string{
"FileDescription": "Invalid semantic version Product Version",
"FileVersion": "3.0.1+b86b61bf676163639795b163d8d753b20aad6207",
"ProductVersion": "A",
},
expectedPackage: pkg.Package{
Name: "Invalid semantic version Product Version",
Version: "3.0.1+b86b61bf676163639795b163d8d753b20aad6207",
},
},
{
name: "Semantically equal falls through, chooses File Version with more components",
versionResources: map[string]string{
"FileDescription": "Semantically equal falls through, chooses File Version with more components",
"FileVersion": "3.0.0.0",
"ProductVersion": "3.0.0",
},
expectedPackage: pkg.Package{
Name: "Semantically equal falls through, chooses File Version with more components",
Version: "3.0.0.0",
},
},
} }
for _, tc := range tests { for _, tc := range tests {