Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: more python matching support #1667

Merged
merged 2 commits into from
Mar 13, 2023
Merged

fix: more python matching support #1667

merged 2 commits into from
Mar 13, 2023

Conversation

kzantow
Copy link
Contributor

@kzantow kzantow commented Mar 13, 2023

@noqcks pointed out a few more python matching cases in the comment here. This PR corrects an issue where fileNameTemplateVersionMatcher was causing versions with . to be treated as a regex dot, which matched any character. Additionally, it adds support for libpython named with a letter following the version number, e.g. libpython3.4m.so.1.0.

@kzantow
fix: more python matching support
cbcf9bc 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow kzantow added the bug Something isn't working label Mar 13, 2023
@kzantow kzantow mentioned this pull request Mar 13, 2023
Merged
spiffcs
spiffcs reviewed Mar 13, 2023
View reviewed changes
Copy link
Contributor

@spiffcs spiffcs left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like there is a quality gate failure:

Summary: 
   Baseline Packages: 175
   New Packages:      176
   Baseline Packages Matched: 88.00 % (154/175 packages)
   Baseline Metadata Matched: 0.57 % (1/175 metadata)
   Quality Gate: FAILED (requires exact name & version match)

And same thing appears for AC Tests:

Summary: 
   Baseline Packages: 175
   New Packages:      176
   Baseline Packages Matched: 88.00 % (154/175 packages)
   Baseline Metadata Matched: 0.57 % (1/175 metadata)
   Quality Gate: FAILED (requires exact name & version match)

Also added some comments to help me understand the PR better. Sorry for the confusion on reviewing this one, just wanted to make sure I'm caught up and fully understand the updates. It looks like the main change is to escape the dots so they don't match on any and then truncate as illustrated in the linked comment. That looks good! Just had small questions about the other changes.

syft/pkg/cataloger/binary/cataloger_test.go Show resolved Hide resolved
syft/pkg/cataloger/binary/cataloger_test.go Show resolved Hide resolved
syft/pkg/cataloger/binary/classifier.go Show resolved Hide resolved
syft/pkg/cataloger/binary/default_classifiers.go Show resolved Hide resolved
@kzantow
chore: update comparison file & add makefile target to generate it
bef3186 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
spiffcs
spiffcs approved these changes Mar 13, 2023
View reviewed changes
Copy link
Contributor

@spiffcs spiffcs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved!

@kzantow kzantow merged commit cc0a376 into anchore:main Mar 13, 2023
@kzantow kzantow deleted the fix/python-binary-3.4 branch March 13, 2023 17:29
@kzantow kzantow removed the bug Something isn't working label Mar 13, 2023
This was referenced Mar 14, 2023
Closed
Merged
Merged
Closed
spiffcs added a commit to deitch/syft that referenced this pull request Mar 21, 2023
@spiffcs
Merge branch 'main' into proper-license-expression
fef61e1 
* main: (47 commits)
  Deprecate config.yaml as valid config source; Add unit regression for correct config paths (anchore#1640)
  chore: Update syft bootstrap tools to latest versions. (anchore#1682)
  Update documentation: (anchore#1680)
  chore: Update Stereoscope to 7928713c391e20abaede6a029f4ce37b628a4c8b (anchore#1681)
  fix: reduce logging for bad dpkg lines (anchore#1675)
  fix ruby classifier (anchore#1678)
  feat: add shared dir for easier cleanup (anchore#1676)
  chore(deps): bump github.com/google/go-containerregistry (anchore#1672)
  chore(deps): bump actions/setup-go from 3 to 4 (anchore#1671)
  fix: move defer after error to protect panic case (anchore#1670)
  feat: add argocd, helm, kustomize and kubectl binary classifiers (anchore#1663)
  defer closing file (anchore#1668)
  fix: remove author contributing to javascript CPEs (anchore#1669)
  fix: more python matching support (anchore#1667)
  Update syft bootstrap tools to latest versions. (anchore#1666)
  feat: add ruby classifier (anchore#1665)
  Update syft bootstrap tools to latest versions. (anchore#1658)
  fix: improved Python binary detection (anchore#1648)
  fix: suppress some known incorrect vendor candidates for npm CPEs (anchore#1659)
  fix: sanitize SPDX LicenseRefs (anchore#1657)
  ...

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
This was referenced Apr 3, 2023
Closed
Closed
@noqcks noqcks mentioned this pull request Sep 19, 2023
Closed
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@kzantow
fix: more python matching support (anchore#1667)
7a0cac5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spiffcs spiffcs spiffcs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kzantow @spiffcs