Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Catalog Apache HTTP binary #1440

Closed
witchcraze opened this issue Jan 8, 2023 · 1 comment · Fixed by #1448
Closed

Catalog Apache HTTP binary #1440

witchcraze opened this issue Jan 8, 2023 · 1 comment · Fixed by #1448
Labels
enhancement New feature or request

Comments

@witchcraze
Copy link
Contributor

What would you like to be added:

An additional file classifier which finds Apache HTTP Server binary.

Why is this needed:

Apache HTTP Server is still widely used httpd

pullCount : 1B+
starCount : 4.3K
From : https://hub.docker.com/_/httpd

Apache HTTP Server will be installed without a package manger in container env with official image.
We want to be able to catalog this.

$ syft -q httpd:latest | grep -e apache -e httpd
$ docker run -it --rm httpd:latest httpd -v
Server version: Apache/2.4.54 (Unix)
Server built:   Dec 21 2022 11:26:04

Additional context:

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* is used in NVD
https://nvd.nist.gov/vuln/detail/CVE-2022-26377

DOCKER OFFICIAL IMAGE : httpd:latest

# which httpd
/usr/local/apache2/bin/httpd

# /usr/local/apache2/bin/httpd -v
Server version: Apache/2.4.54 (Unix)
Server built:   Dec 21 2022 11:26:04

# strings /usr/local/apache2/bin/httpd | grep "2.4.54"
Apache/2.4.54
Apache/2.4.54 (Unix)

DOCKER OFFICIAL IMAGE : httpd:alpine

# which httpd
/usr/local/apache2/bin/httpd

# /usr/local/apache2/bin/httpd -v
Server version: Apache/2.4.54 (Unix)
Server built:   Nov 30 2022 21:28:45

# strings /usr/local/apache2/bin/httpd | grep "2.4.54"
Apache/2.4.54 (Unix)
Apache/2.4.54

Ubuntu 22.04 + OS Package (This will be shown as package installed apache2)

# which apache2
/usr/sbin/apache2

# /usr/sbin/apache2 -v
Server version: Apache/2.4.52 (Ubuntu)
Server built:   2022-09-30T04:09:50

# strings /usr/sbin/apache2 | grep "2.4.52"
Apache/2.4.52 (Ubuntu)
Apache/2.4.52

RHEL8 + OS Package (This will be shown as package installed httpd)

# which httpd
/usr/sbin/httpd

# /usr/sbin/httpd -v
Server version: Apache/2.4.37 (Red Hat Enterprise Linux)
Server built:   Jul 28 2022 23:43:33

# strings /usr/sbin/httpd | grep "2.4.37"
Apache/2.4.37
Apache/2.4.37 (Red Hat Enterprise Linux)
Apache/2.4.37 (Red Hat Enterprise Linux) (Release 51.module+el8.7.0+16050+02173b8e)
httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.debug
@witchcraze witchcraze added the enhancement New feature or request label Jan 8, 2023
@kzantow
Copy link
Contributor

kzantow commented Jan 9, 2023

This sounds like something we would probably like to add -- I'll add it to our backlog, but PRs are always welcome, too! 👍

@witchcraze witchcraze mentioned this issue Jan 12, 2023
Merged
This was referenced Jan 13, 2023
Closed
Closed
Closed
Closed
Closed
Merged
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
OSS
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add httpd classifier witchcraze/syft
2 participants
@kzantow @witchcraze