Catalog ruby binary

[witchcraze]

What would you like to be added:

An additional file classifier which finds ruby binary.

Why is this needed:

pullCount : 500M+
starCount : 2.2K
from https://hub.docker.com/_/ruby

ruby will be installed without a package manger in container env with official image.
We want to be able to catalog this.

$ syft -q ruby | grep ruby
ruby2_keywords                0.0.5                           gem
$ docker run -it --rm ruby ruby -v
ruby 3.2.1 (2023-02-08 revision 31819e82c8) [x86_64-linux]

related comment
#1643 (comment)

Additional context:

cpe:2.3:a:ruby-lang:ruby is used in NVD.
https://nvd.nist.gov/vuln/detail/CVE-2022-28738

Sometimes more detaild cpe:2.3:a:ruby-lang:cgi is used...
https://nvd.nist.gov/vuln/detail/CVE-2021-41819
https://nvd.nist.gov/vuln/detail/CVE-2021-33621

---

Docker official image ruby:latest

# which ruby
/usr/local/bin/ruby
# ruby -v
ruby 3.2.1 (2023-02-08 revision 31819e82c8) [x86_64-linux]

# strings /usr/local/bin/ruby | grep '3\.2'
libruby.so.3.2

# ls -al /usr/local/lib/libruby*
lrwxrwxrwx 1 root root       16 Mar  1 17:14 /usr/local/lib/libruby.so -> libruby.so.3.2.1
lrwxrwxrwx 1 root root       16 Mar  1 17:14 /usr/local/lib/libruby.so.3.2 -> libruby.so.3.2.1
-rwxr-xr-x 1 root root 18327896 Mar  1 17:13 /usr/local/lib/libruby.so.3.2.1

# strings /usr/local/lib/libruby.so.3.2 | grep '3\.2\.1'
/usr/local/include/ruby-3.2.0/x86_64-linux/rb_mjit_min_header-3.2.1.h
ruby 3.2.1 (2023-02-08 revision 31819e82c8) +YJIT [x86_64-linux]
ruby 3.2.1 (2023-02-08 revision 31819e82c8) +MJIT [x86_64-linux]
ruby 3.2.1 (2023-02-08 revision 31819e82c8) [x86_64-linux]
3.2.1

Docker official image ruby:2

# which ruby
/usr/local/bin/ruby

# ruby -v
ruby 2.7.7p221 (2022-11-24 revision 168ec2b1e5) [x86_64-linux]

# strings /usr/local/bin/ruby | grep '2\.7'
libruby.so.2.7

# ldd /usr/local/bin/ruby | grep libruby
        libruby.so.2.7 => /usr/local/lib/libruby.so.2.7 (0x00007f57a3eea000)

# strings /usr/local/lib/libruby.so.2.7 | grep '2\.7\.7'
/usr/local/include/ruby-2.7.0/x86_64-linux/rb_mjit_min_header-2.7.7.h
ruby 2.7.7p221 (2022-11-24 revision 168ec2b1e5) +JIT [x86_64-linux]
ruby 2.7.7p221 (2022-11-24 revision 168ec2b1e5) [x86_64-linux]
2.7.7

Docker official image ruby:1

# which rubywhich ruby
/usr/local/bin/ruby

# ruby -v
ruby 1.9.3p551 (2014-11-13 revision 48407) [x86_64-linux]

# strings /usr/local/bin/ruby | grep '1\.9'
super from singleton method that is defined to multiple classes is not supported; this will be fixed in 1.9.3 or later
/usr/local/lib/ruby/site_ruby/1.9.1
/usr/local/lib/ruby/site_ruby/1.9.1/x86_64-linux
/usr/local/lib/ruby/vendor_ruby/1.9.1
/usr/local/lib/ruby/vendor_ruby/1.9.1/x86_64-linux
/usr/local/lib/ruby/1.9.1
/usr/local/lib/ruby/1.9.1/x86_64-linux
ruby 1.9.3p551 (2014-11-13 revision 48407) [x86_64-linux]
1.9.3

# ldd /usr/local/bin/ruby | grep libruby
#

Ubuntu 22.04 + OS Package (This will be shown as package)

# which rubywhich ruby
/usr/bin/ruby

# ruby -v
ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux-gnu]

# strings /usr/bin/ruby | grep '3\.0'
libruby-3.0.so.3.0

# ldd /usr/bin/ruby | grep libruby
        libruby-3.0.so.3.0 => /lib/x86_64-linux-gnu/libruby-3.0.so.3.0 (0x00007f2fb43c3000)

#  strings /lib/x86_64-linux-gnu/libruby-3.0.so.3.0 | grep '3\.0\.2'
/usr/include/x86_64-linux-gnu/ruby-3.0.0/rb_mjit_min_header-3.0.2.h
ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) +JIT [x86_64-linux-gnu]
ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux-gnu]
3.0.2

Rocky Linux8 + OS Package (This will be shown as package)

# which ruby
/usr/bin/ruby

# ruby -v
ruby 2.5.9p229 (2021-04-05 revision 67939) [x86_64-linux]

# strings /usr/bin/ruby | grep '2\.5'
libruby.so.2.5
GLIBC_2.2.5
ruby-2.5.9-110.module+el8.6.0+992+fc951c18.x86_64.debug

# ldd /usr/bin/ruby | grep libruby
        libruby.so.2.5 => /lib64/libruby.so.2.5 (0x00007f0cc3761000)

# strings /lib64/libruby.so.2.5 | grep '2\.5\.9'
ruby 2.5.9p229 (2021-04-05 revision 67939) [x86_64-linux]
2.5.9
libruby.so.2.5.9-2.5.9-110.module+el8.6.0+992+fc951c18.x86_64.debug