Add support for MIT and Heimdal Kerberos 5 library detection (#4781)

* Add support for MIT and Heimdal Kerberos 5 library detection

Signed-off-by: Nadim Zubidat <nadimz@users.noreply.github.com>

* support 2-component case

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Nadim Zubidat <nadimz@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Nadim Zubidat <nadimz@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
This commit is contained in:
nadimz 2026-06-29 17:54:44 +02:00 committed by GitHub
parent 1746e96ad3
commit e388b5249d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 105 additions and 0 deletions

View File

@ -846,6 +846,26 @@ catalogers:
cpes:
- cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/libkrb5.so*'
packages:
- class: krb5-library
name: krb5
purl: pkg:generic/krb5
cpes:
- cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/libkrb5.so*'
packages:
- class: heimdal-krb5-library
name: heimdal-krb5
purl: pkg:generic/heimdal-krb5
cpes:
- cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/java'

View File

@ -1620,6 +1620,40 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
Metadata: metadata("haskell-cabal-binary"),
},
},
{
logicalFixture: "krb5/1.18.4/linux-amd64",
expected: pkg.Package{
Name: "krb5",
Version: "1.18.4",
Type: "binary",
PURL: "pkg:generic/krb5@1.18.4",
Locations: locations("libkrb5.so.3.3"),
Metadata: metadata("krb5-library"),
},
},
{
// base releases brand with a 2-component version (e.g. "krb5-1.17-final 1.17")
logicalFixture: "krb5/1.17/linux-amd64",
expected: pkg.Package{
Name: "krb5",
Version: "1.17",
Type: "binary",
PURL: "pkg:generic/krb5@1.17",
Locations: locations("libkrb5.so.3.3"),
Metadata: metadata("krb5-library"),
},
},
{
logicalFixture: "heimdal-krb5/7.8.0/linux-amd64",
expected: pkg.Package{
Name: "heimdal-krb5",
Version: "7.8.0",
Type: "binary",
PURL: "pkg:generic/heimdal-krb5@7.8.0",
Locations: locations("libkrb5.so.26.0.0"),
Metadata: metadata("heimdal-krb5-library"),
},
},
{
logicalFixture: "nginx/1.25.1/linux-amd64",
expected: pkg.Package{

View File

@ -1191,6 +1191,32 @@ func DefaultClassifiers() []binutils.Classifier {
PURL: mustPURL("pkg:generic/elastic-agent@version"),
CPEs: singleCPE("cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
},
{
Class: "krb5-library",
FileGlob: "**/libkrb5.so*",
// [NUL]KRB5_BRAND: krb5-1.18.4-final 1.18.4 20210722
// [NUL]KRB5_BRAND: krb5-1.17-final 1.17 20190108 (base releases brand as 2-component)
EvidenceMatcher: m.FileContentsVersionMatcher(
`\x00KRB5_BRAND:\s+krb5-[^\s]+\s+(?P<version>[0-9]+(?:\.[0-9]+){1,2})(?:\s|$)`,
),
Package: "krb5",
PURL: mustPURL("pkg:generic/krb5@version"),
CPEs: singleCPE("cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
},
{
Class: "heimdal-krb5-library",
FileGlob: "**/libkrb5.so*",
// $Version: Heimdal 7.5.0
// $Version: Heimdal 7.8.0
// $Version: Heimdal 7.1
// $Version: Heimdal 7.0.3
EvidenceMatcher: m.FileContentsVersionMatcher(
`(?m)\$Version:\s+Heimdal\s+(?P<version>[0-9]+(?:\.[0-9]+){1,2})(?:\s|$)`,
),
Package: "heimdal-krb5",
PURL: mustPURL("pkg:generic/heimdal-krb5@version"),
CPEs: singleCPE("cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
},
}
return append(classifiers, defaultJavaClassifiers()...)

View File

@ -1433,6 +1433,31 @@ from-images:
platform: linux/amd64
paths:
- /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6
- name: krb5
version: 1.18.4
images:
- ref: apache/ozone-testkrb5:20230318-1@sha256:6a7eeac1ebd12e8968e34ab93fb8d21f2b92ae52bc0a85b662a2d41065f05d3a
platform: linux/amd64
paths:
- /usr/lib/libkrb5.so.3.3
- name: krb5
version: 1.17
images:
- ref: mongo:4.4@sha256:4be76f674fc4b27859816811b8baa3c51830eb1dbf4ca81a51e26b79edd662ef
platform: linux/amd64
paths:
- /usr/lib/x86_64-linux-gnu/libkrb5.so.3.3
- name: heimdal-krb5
version: 7.8.0
images:
- ref: nadimz/heimdal-krb5:7.8.0@sha256:23a5046493f3e97669353c18abcba6bd57fc9ddf53faa63b91b1a94f52f590e5
platform: linux/amd64
paths:
- /usr/lib/x86_64-linux-gnu/libkrb5.so.26.0.0
- version: 1.36.4
images:
- ref: envoyproxy/envoy:v1.36.4@sha256:ae31562b8cede20913a2d3d6a4f44c8479a50551e033cb8ef7bb8e38cec4b573