Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generic Binary Cataloger #1336

Merged
merged 16 commits into from
Nov 29, 2022
Merged

Generic Binary Cataloger #1336

merged 16 commits into from
Nov 29, 2022

Conversation

kzantow
Copy link
Contributor

@kzantow kzantow commented Nov 10, 2022
edited
Loading

This PR moves the file classifiers to a binary file cataloger, which surfaces packages based on binary files. This currently requires knowledge about a curated set of binaries including how to determine version information, which may mean scanning strings within the binary. This currently supports:

  • python
  • go
  • node (which was already being detected)
  • busybox

TODO:

  • get feedback from the team
  • clean up commented out catalogers
  • add new schema

@kzantow
feat: Generic binary/file cataloger
29208e6 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow
Copy link
Contributor Author

kzantow commented Nov 10, 2022

cc: @jedevc

@kzantow
chore: lint
0906ae5 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow kzantow marked this pull request as draft November 10, 2022 22:22
@kzantow
chore: update for failing tests
eeb1673 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow
chore: lint and update failing tests
fd2da42 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow
Merge remote-tracking branch 'upstream/main' into feat/file-cataloger
556435e
@kzantow
Merge remote-tracking branch 'upstream/main' into feat/file-cataloger
37012c8
@kzantow
chore: lint-fix
138fb8e 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow
chore: clean up catalogers
6cb76e3 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow
Merge remote-tracking branch 'upstream/main' into feat/file-cataloger
78e2f96
@kzantow
chore: use constructor for LocationReadCloser
4256f89 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow
Merge remote-tracking branch 'upstream/main' into feat/file-cataloger
b5a299b
@kzantow
Merge remote-tracking branch 'upstream/main' into feat/file-cataloger
e12b36e
@kzantow
Merge remote-tracking branch 'upstream/main' into feat/file-cataloger
f3662bd
@kzantow
chore: rename to BinaryCataloger
184eef9 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow kzantow changed the title Generic binary/file cataloger Generic Binary Cataloger Nov 29, 2022
@kzantow kzantow marked this pull request as ready for review November 29, 2022 16:19
@kzantow kzantow requested a review from a team November 29, 2022 16:22
wagoodman
wagoodman reviewed Nov 29, 2022
View reviewed changes
Copy link
Contributor

@wagoodman wagoodman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should probably unexport some of the resources within the binary package such as DefaultClassifiers and Classifier since the only thing we intend for users to leverage is the cataloger itself

@kzantow
chore: address PR feedback
3200dce 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow
chore: address PR feedback
20e5e0d 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow kzantow merged commit 4f39287 into anchore:main Nov 29, 2022
@kzantow kzantow deleted the feat/file-cataloger branch November 29, 2022 23:28
@wagoodman wagoodman added the enhancement New feature or request label Nov 30, 2022
This was referenced Nov 30, 2022
Closed
Closed
Closed
Closed
Closed
Closed
Closed
This was referenced Dec 13, 2022
Closed
Closed
Closed
Closed
Closed
Closed
spiffcs added a commit to raboof/syft that referenced this pull request Dec 20, 2022
@spiffcs
Merge branch 'main' into prefer-known-vendor
160c7fe 
* main: (87 commits)
  feat: Add license parsing for java (anchore#1385)
  fix: cyclonedx component type for binaries (anchore#1406)
  fix: openjdk detection pattern (anchore#1415)
  bug: spdx checksum empty array; allow syft to generate SHA1 for spdx-tag-value documents (anchore#1404)
  Add NetBSD support. (anchore#1412)
  feat: add catalog delete (anchore#1377)
  docs: remove file classifier (anchore#1397)
  chore: update latest cyclonedx library (anchore#1390)
  feat: Add Java binary catalogers (anchore#1392)
  chore: Update SPDX license list to 3.19 (anchore#1389)
  fix: add manual vendor/product removal to fix false flags (anchore#1070)
  Update Stereoscope to c5ff155d72f166e2332e160a75c3ff2b8e9c7e2e (anchore#1395)
  chore: fix test busybox image sha (anchore#1393)
  fix: go version not properly identified in binary (anchore#1384)
  Update Stereoscope to 3b80d983223f6e6fc2d33b0ffa003d30268418e9 (anchore#1376)
  fix: Update node binary package name (anchore#1375)
  feat: Generic Binary Cataloger (anchore#1336)
  recover from bad parsing of golang binary (anchore#1371)
  Fix parsing of apk databases with large entries (anchore#1365)
  Update syft bootstrap tools to latest versions. (anchore#1369)
  ...
spiffcs added a commit to cpendery/syft that referenced this pull request Dec 20, 2022
@spiffcs
Merge branch 'main' into feat-mix
5828268 
* main: (189 commits)
  feat: add h1digest when scanning go.mod (anchore#1405)
  feat: Add license parsing for java (anchore#1385)
  fix: cyclonedx component type for binaries (anchore#1406)
  fix: openjdk detection pattern (anchore#1415)
  bug: spdx checksum empty array; allow syft to generate SHA1 for spdx-tag-value documents (anchore#1404)
  Add NetBSD support. (anchore#1412)
  feat: add catalog delete (anchore#1377)
  docs: remove file classifier (anchore#1397)
  chore: update latest cyclonedx library (anchore#1390)
  feat: Add Java binary catalogers (anchore#1392)
  chore: Update SPDX license list to 3.19 (anchore#1389)
  fix: add manual vendor/product removal to fix false flags (anchore#1070)
  Update Stereoscope to c5ff155d72f166e2332e160a75c3ff2b8e9c7e2e (anchore#1395)
  chore: fix test busybox image sha (anchore#1393)
  fix: go version not properly identified in binary (anchore#1384)
  Update Stereoscope to 3b80d983223f6e6fc2d33b0ffa003d30268418e9 (anchore#1376)
  fix: Update node binary package name (anchore#1375)
  feat: Generic Binary Cataloger (anchore#1336)
  recover from bad parsing of golang binary (anchore#1371)
  Fix parsing of apk databases with large entries (anchore#1365)
  ...
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@kzantow
feat: Generic Binary Cataloger (anchore#1336)
08b0c9a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kzantow @wagoodman