fix: binary character in java version (anchore#2766)

Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>

syft/pkg/cataloger/binary/classifier.go

@@ -153,6 +153,27 @@ func FileContentsVersionMatcher(pattern string) EvidenceMatcher {
 	}
 }
 
+// matchExcluding tests the provided regular expressions against the file, and if matched, DOES NOT return
+// anything that the matcher would otherwise return
+func matchExcluding(matcher EvidenceMatcher, contentPatternsToExclude ...string) EvidenceMatcher {
+	var nonMatchPatterns []*regexp.Regexp
+	for _, p := range contentPatternsToExclude {
+		nonMatchPatterns = append(nonMatchPatterns, regexp.MustCompile(p))
+	}
+	return func(resolver file.Resolver, classifier Classifier, location file.Location) ([]pkg.Package, error) {
+		contents, err := getContents(resolver, location)
+		if err != nil {
+			return nil, fmt.Errorf("unable to get read contents for file: %w", err)
+		}
+		for _, nonMatch := range nonMatchPatterns {
+			if nonMatch.Match(contents) {
+				return nil, nil
+			}
+		}
+		return matcher(resolver, classifier, location)
+	}
+}
+
 //nolint:gocognit
 func sharedLibraryLookup(sharedLibraryPattern string, sharedLibraryMatcher EvidenceMatcher) EvidenceMatcher {
 	pat := regexp.MustCompile(sharedLibraryPattern)

syft/pkg/cataloger/binary/classifier_cataloger_test.go

@@ -627,6 +627,28 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 				Metadata:  metadata("java-binary-openjdk", "java"),
 			},
 		},
+		{
+			logicalFixture: "java-jre-openjdk-eclipse/11.0.22/linux-amd64",
+			expected: pkg.Package{
+				Name:      "java/jre",
+				Version:   "11.0.22+7",
+				Type:      "binary",
+				PURL:      "pkg:generic/java/jre@11.0.22%2B7",
+				Locations: locations("java"),
+				Metadata:  metadata("java-binary-openjdk", "java"),
+			},
+		},
+		{
+			logicalFixture: "java-jre-openjdk-arm64-eclipse/11.0.22/linux-arm64",
+			expected: pkg.Package{
+				Name:      "java/jre",
+				Version:   "11.0.22+7",
+				Type:      "binary",
+				PURL:      "pkg:generic/java/jre@11.0.22%2B7",
+				Locations: locations("java"),
+				Metadata:  metadata("java-binary-openjdk", "java"),
+			},
+		},
 		{
 			logicalFixture: "java-graal-openjdk/17.0.3+7-jvmci-22.1-b06/linux-amd64",
 			expected: pkg.Package{

syft/pkg/cataloger/binary/classifiers.go

@@ -87,17 +87,18 @@ func DefaultClassifiers() []Classifier {
 		{
 			Class:    "java-binary-openjdk",
 			FileGlob: "**/java",
-			EvidenceMatcher: evidenceMatchers(
-				FileContentsVersionMatcher(
-					// [NUL]openjdk[NUL]java[NUL]0.0[NUL]11.0.17+8-LTS[NUL]
-					// [NUL]openjdk[NUL]java[NUL]1.8[NUL]1.8.0_352-b08[NUL]
-					// Equivalent to the following regexp with lookahead support:
-					// (?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<release>[0-9]+[.0-9]*) (?P<version>[0-9]+[^-\x00]+(-(?!jvmci)[^-\x00]+)+)
-					`(?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<version>[0-9]+[^-\s]+(-([^-j\x00][^-\x00]?|[^-\x00][^-v\x00][^-\x00]?|[^-\x00][^-\x00][^-m\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-c\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-\x00][^-i\s].?|[^-\x00]{6,}))+)\x00`,
-				),
-				FileContentsVersionMatcher(
-					`(?m)\x00(?P<release>[0-9]+[.0-9]*)\x00+(?P<version>[0-9]+[^-\s]+(-([^-j\x00][^-\x00]?|[^-\x00][^-v\x00][^-\x00]?|[^-\x00][^-\x00][^-m\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-c\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-\x00][^-i\s].?|[^-\x00]{6,}))+)\x00+openjdk\x00java`,
+			EvidenceMatcher: matchExcluding(
+				evidenceMatchers(
+					FileContentsVersionMatcher(
+						// [NUL]openjdk[NUL]java[NUL]0.0[NUL]11.0.17+8-LTS[NUL]
+						// [NUL]openjdk[NUL]java[NUL]1.8[NUL]1.8.0_352-b08[NUL]
+						`(?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<version>[0-9]+[^\x00]+)\x00`),
+					FileContentsVersionMatcher(
+						// arm64 versions: [NUL]0.0[NUL][NUL][NUL][NUL][NUL]11.0.22+7[NUL][NUL][NUL][NUL][NUL][NUL][NUL]openjdk[NUL]java[NUL]
+						`(?m)\x00(?P<release>[0-9]+[.0-9]*)\x00+(?P<version>[0-9]+[^\x00]+)\x00+openjdk\x00java`),
 				),
+				// don't match graalvm
+				"-jvmci-",
 			),
 			Package: "java/jre",
 			PURL:    mustPURL("pkg:generic/java/jre@version"),
@@ -117,9 +118,13 @@ func DefaultClassifiers() []Classifier {
 		{
 			Class:    "java-binary-oracle",
 			FileGlob: "**/java",
-			EvidenceMatcher: FileContentsVersionMatcher(
-				// [NUL]19.0.1+10-21[NUL]
-				`(?m)\x00(?P<version>[0-9]+[.0-9]+[+][-0-9]+)\x00`),
+			EvidenceMatcher: matchExcluding(
+				FileContentsVersionMatcher(
+					// [NUL]19.0.1+10-21[NUL]
+					`(?m)\x00(?P<version>[0-9]+[.0-9]+[+][-0-9]+)\x00`),
+				// don't match openjdk
+				`\x00openjdk\x00`,
+			),
 			Package: "java/jre",
 			PURL:    mustPURL("pkg:generic/java/jre@version"),
 			CPEs:    singleCPE("cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*"),

syft/pkg/cataloger/binary/test-fixtures/config.yaml

@@ -203,6 +203,22 @@ from-images:
     paths:
       - /usr/lib/jvm/java-11-amazon-corretto/bin/java
 
+  - name: java-jre-openjdk-eclipse
+    version: 11.0.22
+    images:
+      - ref: eclipse-temurin:11.0.22_7-jre@sha256:137960b9ec016cddeb366b7137546d37207d0f284f9492c23abf16a9c171dd51
+        platform: linux/amd64
+    paths:
+      - /opt/java/openjdk/bin/java
+
+  - name: java-jre-openjdk-arm64-eclipse
+    version: 11.0.22
+    images:
+      - ref: eclipse-temurin:11.0.22_7-jre@sha256:9bb82e8801e12e5377222fde83b5c91d87dc16f76c89e9f8affa678208f56797
+        platform: linux/arm64
+    paths:
+      - /opt/java/openjdk/bin/java
+
   - name: java-graal-openjdk
     version: 17.0.3+7-jvmci-22.1-b06
     images: