Skip to content

Commit

Permalink
fix: binary character in java version (anchore#2766)
Browse files Browse the repository at this point in the history
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
  • Loading branch information
2 people authored and brian-ebarb committed Apr 17, 2024
1 parent 1fd5b9d commit 7c2d2e5
Show file tree
Hide file tree
Showing 6 changed files with 77 additions and 13 deletions.
21 changes: 21 additions & 0 deletions syft/pkg/cataloger/binary/classifier.go
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,27 @@ func FileContentsVersionMatcher(pattern string) EvidenceMatcher {
}
}

// matchExcluding tests the provided regular expressions against the file, and if matched, DOES NOT return
// anything that the matcher would otherwise return
func matchExcluding(matcher EvidenceMatcher, contentPatternsToExclude ...string) EvidenceMatcher {
var nonMatchPatterns []*regexp.Regexp
for _, p := range contentPatternsToExclude {
nonMatchPatterns = append(nonMatchPatterns, regexp.MustCompile(p))
}
return func(resolver file.Resolver, classifier Classifier, location file.Location) ([]pkg.Package, error) {
contents, err := getContents(resolver, location)
if err != nil {
return nil, fmt.Errorf("unable to get read contents for file: %w", err)
}
for _, nonMatch := range nonMatchPatterns {
if nonMatch.Match(contents) {
return nil, nil
}
}
return matcher(resolver, classifier, location)
}
}

//nolint:gocognit
func sharedLibraryLookup(sharedLibraryPattern string, sharedLibraryMatcher EvidenceMatcher) EvidenceMatcher {
pat := regexp.MustCompile(sharedLibraryPattern)
Expand Down
22 changes: 22 additions & 0 deletions syft/pkg/cataloger/binary/classifier_cataloger_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -627,6 +627,28 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
Metadata: metadata("java-binary-openjdk", "java"),
},
},
{
logicalFixture: "java-jre-openjdk-eclipse/11.0.22/linux-amd64",
expected: pkg.Package{
Name: "java/jre",
Version: "11.0.22+7",
Type: "binary",
PURL: "pkg:generic/java/jre@11.0.22%2B7",
Locations: locations("java"),
Metadata: metadata("java-binary-openjdk", "java"),
},
},
{
logicalFixture: "java-jre-openjdk-arm64-eclipse/11.0.22/linux-arm64",
expected: pkg.Package{
Name: "java/jre",
Version: "11.0.22+7",
Type: "binary",
PURL: "pkg:generic/java/jre@11.0.22%2B7",
Locations: locations("java"),
Metadata: metadata("java-binary-openjdk", "java"),
},
},
{
logicalFixture: "java-graal-openjdk/17.0.3+7-jvmci-22.1-b06/linux-amd64",
expected: pkg.Package{
Expand Down
31 changes: 18 additions & 13 deletions syft/pkg/cataloger/binary/classifiers.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,17 +87,18 @@ func DefaultClassifiers() []Classifier {
{
Class: "java-binary-openjdk",
FileGlob: "**/java",
EvidenceMatcher: evidenceMatchers(
FileContentsVersionMatcher(
// [NUL]openjdk[NUL]java[NUL]0.0[NUL]11.0.17+8-LTS[NUL]
// [NUL]openjdk[NUL]java[NUL]1.8[NUL]1.8.0_352-b08[NUL]
// Equivalent to the following regexp with lookahead support:
// (?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<release>[0-9]+[.0-9]*) (?P<version>[0-9]+[^-\x00]+(-(?!jvmci)[^-\x00]+)+)
`(?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<version>[0-9]+[^-\s]+(-([^-j\x00][^-\x00]?|[^-\x00][^-v\x00][^-\x00]?|[^-\x00][^-\x00][^-m\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-c\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-\x00][^-i\s].?|[^-\x00]{6,}))+)\x00`,
),
FileContentsVersionMatcher(
`(?m)\x00(?P<release>[0-9]+[.0-9]*)\x00+(?P<version>[0-9]+[^-\s]+(-([^-j\x00][^-\x00]?|[^-\x00][^-v\x00][^-\x00]?|[^-\x00][^-\x00][^-m\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-c\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-\x00][^-i\s].?|[^-\x00]{6,}))+)\x00+openjdk\x00java`,
EvidenceMatcher: matchExcluding(
evidenceMatchers(
FileContentsVersionMatcher(
// [NUL]openjdk[NUL]java[NUL]0.0[NUL]11.0.17+8-LTS[NUL]
// [NUL]openjdk[NUL]java[NUL]1.8[NUL]1.8.0_352-b08[NUL]
`(?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<version>[0-9]+[^\x00]+)\x00`),
FileContentsVersionMatcher(
// arm64 versions: [NUL]0.0[NUL][NUL][NUL][NUL][NUL]11.0.22+7[NUL][NUL][NUL][NUL][NUL][NUL][NUL]openjdk[NUL]java[NUL]
`(?m)\x00(?P<release>[0-9]+[.0-9]*)\x00+(?P<version>[0-9]+[^\x00]+)\x00+openjdk\x00java`),
),
// don't match graalvm
"-jvmci-",
),
Package: "java/jre",
PURL: mustPURL("pkg:generic/java/jre@version"),
Expand All @@ -117,9 +118,13 @@ func DefaultClassifiers() []Classifier {
{
Class: "java-binary-oracle",
FileGlob: "**/java",
EvidenceMatcher: FileContentsVersionMatcher(
// [NUL]19.0.1+10-21[NUL]
`(?m)\x00(?P<version>[0-9]+[.0-9]+[+][-0-9]+)\x00`),
EvidenceMatcher: matchExcluding(
FileContentsVersionMatcher(
// [NUL]19.0.1+10-21[NUL]
`(?m)\x00(?P<version>[0-9]+[.0-9]+[+][-0-9]+)\x00`),
// don't match openjdk
`\x00openjdk\x00`,
),
Package: "java/jre",
PURL: mustPURL("pkg:generic/java/jre@version"),
CPEs: singleCPE("cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*"),
Expand Down
Binary file not shown.
Binary file not shown.
16 changes: 16 additions & 0 deletions syft/pkg/cataloger/binary/test-fixtures/config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,22 @@ from-images:
paths:
- /usr/lib/jvm/java-11-amazon-corretto/bin/java

- name: java-jre-openjdk-eclipse
version: 11.0.22
images:
- ref: eclipse-temurin:11.0.22_7-jre@sha256:137960b9ec016cddeb366b7137546d37207d0f284f9492c23abf16a9c171dd51
platform: linux/amd64
paths:
- /opt/java/openjdk/bin/java

- name: java-jre-openjdk-arm64-eclipse
version: 11.0.22
images:
- ref: eclipse-temurin:11.0.22_7-jre@sha256:9bb82e8801e12e5377222fde83b5c91d87dc16f76c89e9f8affa678208f56797
platform: linux/arm64
paths:
- /opt/java/openjdk/bin/java

- name: java-graal-openjdk
version: 17.0.3+7-jvmci-22.1-b06
images:
Expand Down

0 comments on commit 7c2d2e5

Please sign in to comment.