diff --git a/syft/pkg/cataloger/binary/classifier.go b/syft/pkg/cataloger/binary/classifier.go index d5e6a4418..4ca0e8556 100644 --- a/syft/pkg/cataloger/binary/classifier.go +++ b/syft/pkg/cataloger/binary/classifier.go @@ -153,6 +153,27 @@ func FileContentsVersionMatcher(pattern string) EvidenceMatcher { } } +// matchExcluding tests the provided regular expressions against the file, and if matched, DOES NOT return +// anything that the matcher would otherwise return +func matchExcluding(matcher EvidenceMatcher, contentPatternsToExclude ...string) EvidenceMatcher { + var nonMatchPatterns []*regexp.Regexp + for _, p := range contentPatternsToExclude { + nonMatchPatterns = append(nonMatchPatterns, regexp.MustCompile(p)) + } + return func(resolver file.Resolver, classifier Classifier, location file.Location) ([]pkg.Package, error) { + contents, err := getContents(resolver, location) + if err != nil { + return nil, fmt.Errorf("unable to get read contents for file: %w", err) + } + for _, nonMatch := range nonMatchPatterns { + if nonMatch.Match(contents) { + return nil, nil + } + } + return matcher(resolver, classifier, location) + } +} + //nolint:gocognit func sharedLibraryLookup(sharedLibraryPattern string, sharedLibraryMatcher EvidenceMatcher) EvidenceMatcher { pat := regexp.MustCompile(sharedLibraryPattern) diff --git a/syft/pkg/cataloger/binary/classifier_cataloger_test.go b/syft/pkg/cataloger/binary/classifier_cataloger_test.go index 669a4ae97..680faf08a 100644 --- a/syft/pkg/cataloger/binary/classifier_cataloger_test.go +++ b/syft/pkg/cataloger/binary/classifier_cataloger_test.go @@ -627,6 +627,28 @@ func Test_Cataloger_PositiveCases(t *testing.T) { Metadata: metadata("java-binary-openjdk", "java"), }, }, + { + logicalFixture: "java-jre-openjdk-eclipse/11.0.22/linux-amd64", + expected: pkg.Package{ + Name: "java/jre", + Version: "11.0.22+7", + Type: "binary", + PURL: "pkg:generic/java/jre@11.0.22%2B7", + Locations: locations("java"), + Metadata: metadata("java-binary-openjdk", "java"), + }, + }, + { + logicalFixture: "java-jre-openjdk-arm64-eclipse/11.0.22/linux-arm64", + expected: pkg.Package{ + Name: "java/jre", + Version: "11.0.22+7", + Type: "binary", + PURL: "pkg:generic/java/jre@11.0.22%2B7", + Locations: locations("java"), + Metadata: metadata("java-binary-openjdk", "java"), + }, + }, { logicalFixture: "java-graal-openjdk/17.0.3+7-jvmci-22.1-b06/linux-amd64", expected: pkg.Package{ diff --git a/syft/pkg/cataloger/binary/classifiers.go b/syft/pkg/cataloger/binary/classifiers.go index d99e16bdf..f1be7a6d3 100644 --- a/syft/pkg/cataloger/binary/classifiers.go +++ b/syft/pkg/cataloger/binary/classifiers.go @@ -87,17 +87,18 @@ func DefaultClassifiers() []Classifier { { Class: "java-binary-openjdk", FileGlob: "**/java", - EvidenceMatcher: evidenceMatchers( - FileContentsVersionMatcher( - // [NUL]openjdk[NUL]java[NUL]0.0[NUL]11.0.17+8-LTS[NUL] - // [NUL]openjdk[NUL]java[NUL]1.8[NUL]1.8.0_352-b08[NUL] - // Equivalent to the following regexp with lookahead support: - // (?m)\x00openjdk\x00java\x00(?P[0-9]+[.0-9]*)\x00(?P[0-9]+[.0-9]*) (?P[0-9]+[^-\x00]+(-(?!jvmci)[^-\x00]+)+) - `(?m)\x00openjdk\x00java\x00(?P[0-9]+[.0-9]*)\x00(?P[0-9]+[^-\s]+(-([^-j\x00][^-\x00]?|[^-\x00][^-v\x00][^-\x00]?|[^-\x00][^-\x00][^-m\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-c\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-\x00][^-i\s].?|[^-\x00]{6,}))+)\x00`, - ), - FileContentsVersionMatcher( - `(?m)\x00(?P[0-9]+[.0-9]*)\x00+(?P[0-9]+[^-\s]+(-([^-j\x00][^-\x00]?|[^-\x00][^-v\x00][^-\x00]?|[^-\x00][^-\x00][^-m\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-c\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-\x00][^-i\s].?|[^-\x00]{6,}))+)\x00+openjdk\x00java`, + EvidenceMatcher: matchExcluding( + evidenceMatchers( + FileContentsVersionMatcher( + // [NUL]openjdk[NUL]java[NUL]0.0[NUL]11.0.17+8-LTS[NUL] + // [NUL]openjdk[NUL]java[NUL]1.8[NUL]1.8.0_352-b08[NUL] + `(?m)\x00openjdk\x00java\x00(?P[0-9]+[.0-9]*)\x00(?P[0-9]+[^\x00]+)\x00`), + FileContentsVersionMatcher( + // arm64 versions: [NUL]0.0[NUL][NUL][NUL][NUL][NUL]11.0.22+7[NUL][NUL][NUL][NUL][NUL][NUL][NUL]openjdk[NUL]java[NUL] + `(?m)\x00(?P[0-9]+[.0-9]*)\x00+(?P[0-9]+[^\x00]+)\x00+openjdk\x00java`), ), + // don't match graalvm + "-jvmci-", ), Package: "java/jre", PURL: mustPURL("pkg:generic/java/jre@version"), @@ -117,9 +118,13 @@ func DefaultClassifiers() []Classifier { { Class: "java-binary-oracle", FileGlob: "**/java", - EvidenceMatcher: FileContentsVersionMatcher( - // [NUL]19.0.1+10-21[NUL] - `(?m)\x00(?P[0-9]+[.0-9]+[+][-0-9]+)\x00`), + EvidenceMatcher: matchExcluding( + FileContentsVersionMatcher( + // [NUL]19.0.1+10-21[NUL] + `(?m)\x00(?P[0-9]+[.0-9]+[+][-0-9]+)\x00`), + // don't match openjdk + `\x00openjdk\x00`, + ), Package: "java/jre", PURL: mustPURL("pkg:generic/java/jre@version"), CPEs: singleCPE("cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*"), diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/java-jre-openjdk-arm64-eclipse/11.0.22/linux-arm64/java b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/java-jre-openjdk-arm64-eclipse/11.0.22/linux-arm64/java new file mode 100644 index 000000000..411aa4706 Binary files /dev/null and b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/java-jre-openjdk-arm64-eclipse/11.0.22/linux-arm64/java differ diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/java-jre-openjdk-eclipse/11.0.22/linux-amd64/java b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/java-jre-openjdk-eclipse/11.0.22/linux-amd64/java new file mode 100644 index 000000000..292799f0d Binary files /dev/null and b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/java-jre-openjdk-eclipse/11.0.22/linux-amd64/java differ diff --git a/syft/pkg/cataloger/binary/test-fixtures/config.yaml b/syft/pkg/cataloger/binary/test-fixtures/config.yaml index 07f17882d..ec0f65808 100644 --- a/syft/pkg/cataloger/binary/test-fixtures/config.yaml +++ b/syft/pkg/cataloger/binary/test-fixtures/config.yaml @@ -203,6 +203,22 @@ from-images: paths: - /usr/lib/jvm/java-11-amazon-corretto/bin/java + - name: java-jre-openjdk-eclipse + version: 11.0.22 + images: + - ref: eclipse-temurin:11.0.22_7-jre@sha256:137960b9ec016cddeb366b7137546d37207d0f284f9492c23abf16a9c171dd51 + platform: linux/amd64 + paths: + - /opt/java/openjdk/bin/java + + - name: java-jre-openjdk-arm64-eclipse + version: 11.0.22 + images: + - ref: eclipse-temurin:11.0.22_7-jre@sha256:9bb82e8801e12e5377222fde83b5c91d87dc16f76c89e9f8affa678208f56797 + platform: linux/arm64 + paths: + - /opt/java/openjdk/bin/java + - name: java-graal-openjdk version: 17.0.3+7-jvmci-22.1-b06 images: