Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

update redis classifier #3281

Merged
merged 2 commits into from
Sep 30, 2024

Conversation

witchcraze
Copy link
Contributor

This PR updates a binary cataloger for redis
Fixes #3279

t$ go run cmd/syft/main.go -q --platform=linux/arm/v5 redis:7.2 | grep redis
redis                     7.2.5                  binary

$ go run cmd/syft/main.go -q --platform=linux/arm/v7 redis:7.2 | grep redis
redis                     7.2.5                  binary

$ go run cmd/syft/main.go -q --platform=linux/386 redis:7.2 | grep redis
redis                     7.2.5                  binary
$ go run cmd/syft/main.go -q --platform=linux/arm/v5 redis:7.4 | grep redis
redis                     7.4.0                  binary

$ go run cmd/syft/main.go -q --platform=linux/arm/v7 redis:7.4 | grep redis
redis                     7.4.0                  binary

$ go run cmd/syft/main.go -q --platform=linux/386 redis:7.4 | grep redis
redis                     7.4.0                  binary

Signed-off-by: witchcraze <witchcraze@gmail.com>
In this case, 9000 byte was required...
Signed-off-by: witchcraze <witchcraze@gmail.com>
@willmurphyscode willmurphyscode self-assigned this Sep 26, 2024
@@ -78,7 +78,7 @@ func DefaultClassifiers() []Classifier {
FileGlob: "**/redis-server",
EvidenceMatcher: evidenceMatchers(
FileContentsVersionMatcher(`(?s)payload %5.*?(?P<version>\d.\d\.\d\d*)[a-z0-9]{12,15}-[0-9]{19}`),
FileContentsVersionMatcher(`(?s)\x00(?P<version>\d.\d\.\d\d*)[a-z0-9]{12}-[0-9]{19}\x00.*?payload %5`),
FileContentsVersionMatcher(`(?s)\x00(?P<version>\d.\d\.\d\d*)[a-z0-9]{12,15}-[0-9]{19}\x00.*?payload %5`),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This regex can match a large segment of the file (large enough that a snippet can't be added to the PR and still pass the "no big binaries" lint).

I spent a little time trying to work out regex that still performed as well at matching redis server binaries but didn't have this drawback, and gave up for not having enough time. But it would be a nice follow up if someone can figure out how.

Discussed with @wagoodman offline and decided to approve as-is, since I couldn't make the regex shorter within the time box.

@willmurphyscode willmurphyscode merged commit f5f8005 into anchore:main Sep 30, 2024
12 checks passed
@witchcraze witchcraze deleted the 3279_update_redis_classifier branch October 1, 2024 10:54
spiffcs added a commit that referenced this pull request Oct 2, 2024
* main: (343 commits)
  feat: update haproxy classifier (#3277)
  chore(deps): update tools to latest versions (#3291)
  fix: don't use builtin scanner in licensecheck (#3290)
  chore(deps): update CPE dictionary index (#3288)
  chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10 (#3289)
  update redis classifier (#3281)
  fix: improve node classifier version matching (#3284)
  fix: update ruby classifier for -rc, -dev, etc. versions (#3285)
  chore(deps): update CPE dictionary index (#3262)
  chore(deps): bump github.com/docker/docker (#3264)
  chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9 (#3275)
  chore(deps): update stereoscope to dc10ea61fd18efa45b516eda4de8bc19d8322429 (#3280)
  chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#3283)
  add awaiting response management (#3272)
  fix: correct excluded mount point comparison to file paths (#3269)
  Add JVM cataloger (#3217)
  feat: classifier for Dart lang binaries (#3265)
  Add compliance policy for empty name and version (#3257)
  chore(deps): bump github.com/github/go-spdx/v2 from 2.3.1 to 2.3.2 (#3254)
  chore(deps): bump peter-evans/create-pull-request from 7.0.3 to 7.0.5 (#3255)
  ...
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support Redis arm/v5, arm/v7, 386 in 7.2, 7.4, 8.0
2 participants