Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Find version numbers from jars with different naming conventions #1174

Merged
merged 1 commit into from
Aug 24, 2022
Merged

Find version numbers from jars with different naming conventions #1174

merged 1 commit into from
Aug 24, 2022

Conversation

kzantow
Copy link
Contributor

@kzantow kzantow commented Aug 24, 2022

This PR adds support for different JAR naming conventions -- specifically <name>.<version> and <name>_<version>.

Closes #466

@kzantow
Find version numbers from jars with different naming conventions
03d51c6 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
kzantow
kzantow commented Aug 24, 2022
View reviewed changes
syft/pkg/cataloger/java/archive_filename.go
var nameAndVersionPattern = regexp.MustCompile(`(?Ui)^(?P<name>(?:[[:alpha:]][[:word:].]*(?:\.[[:alpha:]][[:word:].]*)*-?)+)(?:-(?P<version>(?:\d.*|(?:build\d*.*)|(?:rc?\d+(?:^[[:alpha:]].*)?))))?$`)
var nameAndVersionPattern = regexp.MustCompile(`(?Ui)^(?P<name>(?:[[:alpha:]][[:word:].]*(?:\.[[:alpha:]][[:word:].]*)*-?)+)(?:-(?P<version>(\d.*|(build\d*.*)|(rc?\d+(?:^[[:alpha:]].*)?))))?$`)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NOTE: this gets rid of warnings for ignored capture groups (?:, which were already ignored.

kzantow
kzantow commented Aug 24, 2022
View reviewed changes
syft/pkg/cataloger/java/archive_filename.go
@@ -48,7 +48,8 @@ import (
// my-http2-server-5 --> name="my-http2-server", version="5"
// jetpack-build235-rc5 --> name="jetpack", version="build2.0-rc5"
// ironman-r4-2009 --> name="ironman", version="r4-2009"
var nameAndVersionPattern = regexp.MustCompile(`(?Ui)^(?P<name>(?:[[:alpha:]][[:word:].]*(?:\.[[:alpha:]][[:word:].]*)*-?)+)(?:-(?P<version>(?:\d.*|(?:build\d*.*)|(?:rc?\d+(?:^[[:alpha:]].*)?))))?$`)
var nameAndVersionPattern = regexp.MustCompile(`(?Ui)^(?P<name>(?:[[:alpha:]][[:word:].]*(?:\.[[:alpha:]][[:word:].]*)*-?)+)(?:-(?P<version>(\d.*|(build\d*.*)|(rc?\d+(?:^[[:alpha:]].*)?))))?$`)
var secondaryVersionPattern = regexp.MustCompile(`(?:[._-](?P<version>(\d.*|(build\d*.*)|(rc?\d+(?:^[[:alpha:]].*)?))))?$`)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implemented as a secondary match due to difficulty making a reasonable regex that would support these alternate jar conventions AND ones like jboss-saaj-api_1.4_spec-1.0.2.Final.jar

@kzantow kzantow requested a review from a team August 24, 2022 16:38
@kzantow kzantow merged commit 57c5413 into anchore:main Aug 24, 2022
@kzantow kzantow deleted the support-more-jar-patterns branch August 24, 2022 16:56
spiffcs added a commit that referenced this pull request Aug 25, 2022
@spiffcs
Merge branch 'main' into 1095-convert-option-error
ca445f8 
* main:
  Update syft bootstrap tools to latest versions. (#1176)
  enhance development support on macOS ARM (#1163)
  Capture if a node module is private (#1161)
  Find version numbers from jars with different naming conventions (#1174)
  Update syft bootstrap tools to latest versions. (#1171)
  Fix update-bootstrap-tools workflow (#1170)
  workflow to create automated PRs to update bootstrap tools (#1167)
  feat: add support for licenses in package-lock json v2 (#1164)
  External sources configuration (#1158)
  feat: add support for pnpm (#1166)
  Prevent symlinks causing duplicate package-file relationships (#1168)
  Associate node package licenses from node_modules (#1152)
cpendery pushed a commit to cpendery/syft that referenced this pull request Sep 11, 2022
@kzantow @cpendery
Find version numbers from jars with different naming conventions (anc…
0894a61 
…hore#1174)
aiwantaozi pushed a commit to aiwantaozi/syft that referenced this pull request Oct 20, 2022
@kzantow @aiwantaozi
Find version numbers from jars with different naming conventions (anc…
8b655b1 
…hore#1174)
spiffcs pushed a commit that referenced this pull request Oct 21, 2022
@kzantow @spiffcs
Find version numbers from jars with different naming conventions (#1174)
079561e 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
spiffcs pushed a commit that referenced this pull request Oct 21, 2022
@kzantow @spiffcs
Find version numbers from jars with different naming conventions (#1174)
9acfbba 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@kzantow
Find version numbers from jars with different naming conventions (anc…
9ea0490 
…hore#1174)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spiffcs spiffcs spiffcs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Java-Cataloger produces empty entries for cyclonedx output
2 participants
@kzantow @spiffcs