From c9aab4863be9b8c84c0378fc75517497ee182a2c Mon Sep 17 00:00:00 2001 From: Laurent Goderre Date: Thu, 11 Apr 2024 10:32:24 -0400 Subject: [PATCH] fix: binary character in java version (#2766) Signed-off-by: Laurent Goderre Signed-off-by: Keith Zantow Co-authored-by: Keith Zantow --- syft/pkg/cataloger/binary/classifier.go | 21 ++++++++++++ .../binary/classifier_cataloger_test.go | 22 +++++++++++++ syft/pkg/cataloger/binary/classifiers.go | 31 ++++++++++-------- .../11.0.22/linux-arm64/java | Bin 0 -> 345 bytes .../11.0.22/linux-amd64/java | Bin 0 -> 345 bytes .../binary/test-fixtures/config.yaml | 16 +++++++++ 6 files changed, 77 insertions(+), 13 deletions(-) create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/java-jre-openjdk-arm64-eclipse/11.0.22/linux-arm64/java create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/java-jre-openjdk-eclipse/11.0.22/linux-amd64/java diff --git a/syft/pkg/cataloger/binary/classifier.go b/syft/pkg/cataloger/binary/classifier.go index d5e6a4418..4ca0e8556 100644 --- a/syft/pkg/cataloger/binary/classifier.go +++ b/syft/pkg/cataloger/binary/classifier.go @@ -153,6 +153,27 @@ func FileContentsVersionMatcher(pattern string) EvidenceMatcher { } } +// matchExcluding tests the provided regular expressions against the file, and if matched, DOES NOT return +// anything that the matcher would otherwise return +func matchExcluding(matcher EvidenceMatcher, contentPatternsToExclude ...string) EvidenceMatcher { + var nonMatchPatterns []*regexp.Regexp + for _, p := range contentPatternsToExclude { + nonMatchPatterns = append(nonMatchPatterns, regexp.MustCompile(p)) + } + return func(resolver file.Resolver, classifier Classifier, location file.Location) ([]pkg.Package, error) { + contents, err := getContents(resolver, location) + if err != nil { + return nil, fmt.Errorf("unable to get read contents for file: %w", err) + } + for _, nonMatch := range nonMatchPatterns { + if nonMatch.Match(contents) { + return nil, nil + } + } + return matcher(resolver, classifier, location) + } +} + //nolint:gocognit func sharedLibraryLookup(sharedLibraryPattern string, sharedLibraryMatcher EvidenceMatcher) EvidenceMatcher { pat := regexp.MustCompile(sharedLibraryPattern) diff --git a/syft/pkg/cataloger/binary/classifier_cataloger_test.go b/syft/pkg/cataloger/binary/classifier_cataloger_test.go index 669a4ae97..680faf08a 100644 --- a/syft/pkg/cataloger/binary/classifier_cataloger_test.go +++ b/syft/pkg/cataloger/binary/classifier_cataloger_test.go @@ -627,6 +627,28 @@ func Test_Cataloger_PositiveCases(t *testing.T) { Metadata: metadata("java-binary-openjdk", "java"), }, }, + { + logicalFixture: "java-jre-openjdk-eclipse/11.0.22/linux-amd64", + expected: pkg.Package{ + Name: "java/jre", + Version: "11.0.22+7", + Type: "binary", + PURL: "pkg:generic/java/jre@11.0.22%2B7", + Locations: locations("java"), + Metadata: metadata("java-binary-openjdk", "java"), + }, + }, + { + logicalFixture: "java-jre-openjdk-arm64-eclipse/11.0.22/linux-arm64", + expected: pkg.Package{ + Name: "java/jre", + Version: "11.0.22+7", + Type: "binary", + PURL: "pkg:generic/java/jre@11.0.22%2B7", + Locations: locations("java"), + Metadata: metadata("java-binary-openjdk", "java"), + }, + }, { logicalFixture: "java-graal-openjdk/17.0.3+7-jvmci-22.1-b06/linux-amd64", expected: pkg.Package{ diff --git a/syft/pkg/cataloger/binary/classifiers.go b/syft/pkg/cataloger/binary/classifiers.go index d99e16bdf..f1be7a6d3 100644 --- a/syft/pkg/cataloger/binary/classifiers.go +++ b/syft/pkg/cataloger/binary/classifiers.go @@ -87,17 +87,18 @@ func DefaultClassifiers() []Classifier { { Class: "java-binary-openjdk", FileGlob: "**/java", - EvidenceMatcher: evidenceMatchers( - FileContentsVersionMatcher( - // [NUL]openjdk[NUL]java[NUL]0.0[NUL]11.0.17+8-LTS[NUL] - // [NUL]openjdk[NUL]java[NUL]1.8[NUL]1.8.0_352-b08[NUL] - // Equivalent to the following regexp with lookahead support: - // (?m)\x00openjdk\x00java\x00(?P[0-9]+[.0-9]*)\x00(?P[0-9]+[.0-9]*) (?P[0-9]+[^-\x00]+(-(?!jvmci)[^-\x00]+)+) - `(?m)\x00openjdk\x00java\x00(?P[0-9]+[.0-9]*)\x00(?P[0-9]+[^-\s]+(-([^-j\x00][^-\x00]?|[^-\x00][^-v\x00][^-\x00]?|[^-\x00][^-\x00][^-m\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-c\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-\x00][^-i\s].?|[^-\x00]{6,}))+)\x00`, - ), - FileContentsVersionMatcher( - `(?m)\x00(?P[0-9]+[.0-9]*)\x00+(?P[0-9]+[^-\s]+(-([^-j\x00][^-\x00]?|[^-\x00][^-v\x00][^-\x00]?|[^-\x00][^-\x00][^-m\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-c\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-\x00][^-i\s].?|[^-\x00]{6,}))+)\x00+openjdk\x00java`, + EvidenceMatcher: matchExcluding( + evidenceMatchers( + FileContentsVersionMatcher( + // [NUL]openjdk[NUL]java[NUL]0.0[NUL]11.0.17+8-LTS[NUL] + // [NUL]openjdk[NUL]java[NUL]1.8[NUL]1.8.0_352-b08[NUL] + `(?m)\x00openjdk\x00java\x00(?P[0-9]+[.0-9]*)\x00(?P[0-9]+[^\x00]+)\x00`), + FileContentsVersionMatcher( + // arm64 versions: [NUL]0.0[NUL][NUL][NUL][NUL][NUL]11.0.22+7[NUL][NUL][NUL][NUL][NUL][NUL][NUL]openjdk[NUL]java[NUL] + `(?m)\x00(?P[0-9]+[.0-9]*)\x00+(?P[0-9]+[^\x00]+)\x00+openjdk\x00java`), ), + // don't match graalvm + "-jvmci-", ), Package: "java/jre", PURL: mustPURL("pkg:generic/java/jre@version"), @@ -117,9 +118,13 @@ func DefaultClassifiers() []Classifier { { Class: "java-binary-oracle", FileGlob: "**/java", - EvidenceMatcher: FileContentsVersionMatcher( - // [NUL]19.0.1+10-21[NUL] - `(?m)\x00(?P[0-9]+[.0-9]+[+][-0-9]+)\x00`), + EvidenceMatcher: matchExcluding( + FileContentsVersionMatcher( + // [NUL]19.0.1+10-21[NUL] + `(?m)\x00(?P[0-9]+[.0-9]+[+][-0-9]+)\x00`), + // don't match openjdk + `\x00openjdk\x00`, + ), Package: "java/jre", PURL: mustPURL("pkg:generic/java/jre@version"), CPEs: singleCPE("cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*"), diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/java-jre-openjdk-arm64-eclipse/11.0.22/linux-arm64/java b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/java-jre-openjdk-arm64-eclipse/11.0.22/linux-arm64/java new file mode 100644 index 0000000000000000000000000000000000000000..411aa4706efbebb2bb480cbe824a32b14dadd196 GIT binary patch literal 345 zcmXv~%TB{E5Ojf)#gSVPSgJT7DtjHj!XI#iD;Gc3v?Wa}s^y z*6*=qJOAowm-B#Q&7^~hHrPImo0@Q3|sCOD1!e?Y zX&VIR(OD&ob>0Odos3a{RaG)PdE*1k+Xnx`ppunS86+xgOM3zoyn!px6IB09;$$W;gGNu0rAP1xEGM{N2Fa!eH>~gl{U1A?fo#X85cnNcClW^;ckvXmo*Ehqf1@| zWla!VD-=G;DIAb zh6l3ylE4fI=QEfIaZ!=W>&sPdR-~BhT`5Aye$Ml+alFZz>?Zq~-Dcmu$MGZkp8d@3 X;^Y@nyxfvvb6iZ04i2{kA*bXA8Vh0a literal 0 HcmV?d00001 diff --git a/syft/pkg/cataloger/binary/test-fixtures/config.yaml b/syft/pkg/cataloger/binary/test-fixtures/config.yaml index 07f17882d..ec0f65808 100644 --- a/syft/pkg/cataloger/binary/test-fixtures/config.yaml +++ b/syft/pkg/cataloger/binary/test-fixtures/config.yaml @@ -203,6 +203,22 @@ from-images: paths: - /usr/lib/jvm/java-11-amazon-corretto/bin/java + - name: java-jre-openjdk-eclipse + version: 11.0.22 + images: + - ref: eclipse-temurin:11.0.22_7-jre@sha256:137960b9ec016cddeb366b7137546d37207d0f284f9492c23abf16a9c171dd51 + platform: linux/amd64 + paths: + - /opt/java/openjdk/bin/java + + - name: java-jre-openjdk-arm64-eclipse + version: 11.0.22 + images: + - ref: eclipse-temurin:11.0.22_7-jre@sha256:9bb82e8801e12e5377222fde83b5c91d87dc16f76c89e9f8affa678208f56797 + platform: linux/arm64 + paths: + - /opt/java/openjdk/bin/java + - name: java-graal-openjdk version: 17.0.3+7-jvmci-22.1-b06 images: