From 14c0fe7d843abdd97c55ddb1ac87497062cf5542 Mon Sep 17 00:00:00 2001 From: Weston Steimel Date: Mon, 14 Oct 2024 11:01:22 +0100 Subject: [PATCH] fix: improve go binary semver extraction for traefik Improves the go cataloger semver extraction logic to include getting the release version of traefik. This is based off of the regex pattern that already existed in the traefik binary classifier. Signed-off-by: Weston Steimel --- syft/pkg/cataloger/golang/parse_go_binary.go | 2 +- syft/pkg/cataloger/golang/parse_go_binary_test.go | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/syft/pkg/cataloger/golang/parse_go_binary.go b/syft/pkg/cataloger/golang/parse_go_binary.go index bf3a6d722eb0..91957f19d816 100644 --- a/syft/pkg/cataloger/golang/parse_go_binary.go +++ b/syft/pkg/cataloger/golang/parse_go_binary.go @@ -196,7 +196,7 @@ func (c *goBinaryCataloger) makeGoMainPackage(resolver file.Resolver, mod *exten // this is checking for (.L)? because at least one binary seems to have \xA0L preceding the version string, but for some reason // this is unable to be matched by the regex here as \x00\xA0L; // the only thing that seems to work is to just look for version strings following both \x00 and \x00.L for now -var semverPattern = regexp.MustCompile(`\x00(.L)?(?Pv?(\d+\.\d+\.\d+[-\w]*[+\w]*))\x00`) +var semverPattern = regexp.MustCompile(`(\x00|\x{FFFD})(.L)?(?Pv?(\d+\.\d+\.\d+[-\w]*[+\w]*))\x00`) func (c *goBinaryCataloger) findMainModuleVersion(metadata *pkg.GolangBinaryBuildinfoEntry, gbs pkg.KeyValues, reader io.ReadSeekCloser) string { vcsVersion, hasVersion := gbs.Get("vcs.revision") diff --git a/syft/pkg/cataloger/golang/parse_go_binary_test.go b/syft/pkg/cataloger/golang/parse_go_binary_test.go index 75659ae65daf..b2af3ffca851 100644 --- a/syft/pkg/cataloger/golang/parse_go_binary_test.go +++ b/syft/pkg/cataloger/golang/parse_go_binary_test.go @@ -1305,6 +1305,14 @@ func Test_extractVersionFromContents(t *testing.T) { contents: strings.NewReader("\x0e\x74\x5a\x3b\x00\x00\xa0\x4cv1.9.5\x00\x00"), want: "v1.9.5", }, + { + // 06168a34: f98f b0be 332e 312e 3200 0000 636f 6d74 ....3.1.2...comt from /usr/local/bin/traefik + // in traefik:v3.1.2@sha256:3f92eba47bd4bfda91d47b72d16fef2d7ae15db61a92b2057cf0cb389f8938f6 + // TODO: eventually use something for managing snippets, similar to what's used with binary classifier tests + name: "parse traefik version", + contents: strings.NewReader("\xf9\x8f\xb0\xbe\x33\x2e\x31\x2e\x32\x00\x00\x00\x63\x6f\x6d\x74"), + want: "3.1.2", + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) {