Add detection for Oracle GraalVM (#2705)

Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>

syft/pkg/cataloger/binary/classifier_cataloger_test.go

@@ -627,6 +627,17 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 				Metadata:  metadata("java-binary-openjdk", "java"),
 			},
 		},
+		{
+			logicalFixture: "java-graal-openjdk/17.0.3+7-jvmci-22.1-b06/linux-amd64",
+			expected: pkg.Package{
+				Name:      "java",
+				Version:   "17.0.3+7-jvmci-22.1-b06",
+				Type:      "binary",
+				PURL:      "pkg:generic/java@17.0.3+7-jvmci-22.1-b06",
+				Locations: locations("java"),
+				Metadata:  metadata("java-binary-graalvm", "java"),
+			},
+		},
 		{
 			// TODO: find original binary...
 			// note: cannot find the original binary, using a custom snippet based on the original snippet in the repo

syft/pkg/cataloger/binary/classifiers.go

@@ -90,7 +90,9 @@ func DefaultClassifiers() []Classifier {
 			EvidenceMatcher: FileContentsVersionMatcher(
 				// [NUL]openjdk[NUL]java[NUL]0.0[NUL]11.0.17+8-LTS[NUL]
 				// [NUL]openjdk[NUL]java[NUL]1.8[NUL]1.8.0_352-b08[NUL]
-				`(?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<version>[0-9]+[^\x00]+)\x00`),
+				// Equivalent to the following regexp with lookahead support:
+				// (?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<release>[0-9]+[.0-9]*) (?P<version>[0-9]+[^-\x00]+(-(?!jvmci)[^-\x00]+)+)
+				`(?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<version>[0-9]+[^-\s]+(-([^-j\x00][^-\x00]?|[^-\x00][^-v\x00][^-\x00]?|[^-\x00][^-\x00][^-m\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-c\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-\x00][^-i\s].?|[^-\x00]{6,}))+)\x00`),
 			Package: "java",
 			PURL:    mustPURL("pkg:generic/java@version"),
 			// TODO the updates might need to be part of the CPE Attributes, like: 1.8.0:update152
@@ -116,6 +118,15 @@ func DefaultClassifiers() []Classifier {
 			PURL:    mustPURL("pkg:generic/java@version"),
 			CPEs:    singleCPE("cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*"),
 		},
+		{
+			Class:    "java-binary-graalvm",
+			FileGlob: "**/java",
+			EvidenceMatcher: FileContentsVersionMatcher(
+				`(?m)\x00(?P<version>[0-9]+[.0-9]+[.0-9]+\+[0-9]+-jvmci-[0-9]+[.0-9]+-b[0-9]+)\x00`),
+			Package: "java",
+			PURL:    mustPURL("pkg:generic/java@version"),
+			CPEs:    singleCPE("cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:*"),
+		},
 		{
 			Class:    "nodejs-binary",
 			FileGlob: "**/node",

syft/pkg/cataloger/binary/test-fixtures/config.yaml

@@ -203,6 +203,15 @@ from-images:
     paths:
       - /usr/lib/jvm/java-11-amazon-corretto/bin/java
 
+  - name: java-graal-openjdk
+    version: 17.0.3+7-jvmci-22.1-b06
+    images:
+      - ref: springci/graalvm-ce:java17-0.12.x@sha256:110bf78b81e4e29c9217b565f10a1f11bb2ec0486d7336c047d803428e09685d
+        platform: linux/amd64
+    paths:
+      - /opt/java/bin/java
+
+
 # TODO: this is not the original binary used in the test fixture
 #  - version: 5.12.5
 #    images:

syft/pkg/cataloger/binary/test-fixtures/manager/internal/download_from_image.go

@@ -6,6 +6,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"strings"
 
 	"github.com/google/uuid"
 
@@ -147,7 +148,7 @@ func copyBinariesFromDockerImages(config config.BinaryFromImage, destination str
 }
 
 func copyBinariesFromDockerImage(config config.BinaryFromImage, destination string, image config.Image) (err error) {
-	containerName := fmt.Sprintf("%s-%s-%s", config.Name(), config.Version, uuid.New().String())
+	containerName := fmt.Sprintf("%s-%s-%s", config.Name(), strings.ReplaceAll(config.Version, "+", "-"), uuid.New().String())
 
 	cmd := exec.Command("docker", "create", "--name", containerName, image.Reference)
 	if err = cmd.Run(); err != nil {