Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve Python binary scanning #1643

Closed
kzantow opened this issue Mar 2, 2023 · 2 comments · Fixed by #1648
Closed

Improve Python binary scanning #1643

kzantow opened this issue Mar 2, 2023 · 2 comments · Fixed by #1648
Assignees
@kzantow
Labels
bug Something isn't working

Comments

@kzantow
Copy link
Contributor

kzantow commented Mar 2, 2023

What would you like to be added:
Use shared libraries to determine python binary versions and remove patchlevel.h scanning.

Why is this needed:
Python binary files are not currently being detected when they reference shared libraries, because there is nothing in the binary bytes that contains the version.

Additional context:
Python binary scanning today is split up into 3 separate classifiers:

  • python binary
  • python binary library
  • cpython source

Often the python binary library classifier finds appropriate python binary information, but this does not have any reference to the actual python executable because the binary itself is just loading the shared library. Additionally, Syft sometimes surfaces the patchlevel.h files from the cpython source, without any location of the actual binary. We need to examine the shared libraries referenced in python binaries and look up the contents of the shared library to determine the version of python installed.

This is related to: #661
@kzantow kzantow added the enhancement New feature or request label Mar 2, 2023
@kzantow kzantow self-assigned this Mar 2, 2023
@witchcraze
Copy link
Contributor

Maybe, that will also useful fot ruby

Docker official image ruby:latest

# which ruby
/usr/local/bin/ruby
# ruby -v
ruby 3.2.1 (2023-02-08 revision 31819e82c8) [x86_64-linux]

# strings /usr/local/bin/ruby | grep '3\.2'
libruby.so.3.2

# ls -al /usr/local/lib/libruby*
lrwxrwxrwx 1 root root       16 Mar  1 17:14 /usr/local/lib/libruby.so -> libruby.so.3.2.1
lrwxrwxrwx 1 root root       16 Mar  1 17:14 /usr/local/lib/libruby.so.3.2 -> libruby.so.3.2.1
-rwxr-xr-x 1 root root 18327896 Mar  1 17:13 /usr/local/lib/libruby.so.3.2.1

# strings /usr/local/lib/libruby.so.3.2 | grep '3\.2\.1'
/usr/local/include/ruby-3.2.0/x86_64-linux/rb_mjit_min_header-3.2.1.h
ruby 3.2.1 (2023-02-08 revision 31819e82c8) +YJIT [x86_64-linux]
ruby 3.2.1 (2023-02-08 revision 31819e82c8) +MJIT [x86_64-linux]
ruby 3.2.1 (2023-02-08 revision 31819e82c8) [x86_64-linux]
3.2.1

related PR
#1580

@kzantow kzantow mentioned this issue Mar 3, 2023
Merged
@kzantow
Copy link
Contributor Author

kzantow commented Mar 3, 2023

@witchcraze I think you're right:

# ldd /usr/local/bin/ruby 
	libruby.so.3.2 => /usr/local/lib/libruby.so.3.2 (0x00007fa8e0965000)

Do you mind opening a separate ticket for similarly improving ruby scanning?

@witchcraze witchcraze mentioned this issue Mar 4, 2023
Closed
@kzantow kzantow closed this as not planned Won't fix, can't repro, duplicate, stale Mar 9, 2023
@kzantow kzantow closed this as completed Mar 9, 2023
@kzantow kzantow added bug Something isn't working and removed enhancement New feature or request labels Mar 9, 2023
This was referenced Mar 9, 2023
Open
Open
Closed
Closed
Merged
Closed
Closed
Merged
@dependabot dependabot bot mentioned this issue Mar 20, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kzantow kzantow

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: improved Python binary detection kzantow-anchore/syft
2 participants
@kzantow @witchcraze