From d188c8d4dd499c4b66c447b0825a9d57923c6333 Mon Sep 17 00:00:00 2001
From: Will Murphy <willmurphyscode@users.noreply.github.com>
Date: Mon, 14 Oct 2024 12:42:30 -0400
Subject: [PATCH 1/2] chore: don't try to parse empty string as CPE

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---
 syft/pkg/cataloger/binary/elf_package.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/syft/pkg/cataloger/binary/elf_package.go b/syft/pkg/cataloger/binary/elf_package.go
index 99a989752df..765c224f25c 100644
--- a/syft/pkg/cataloger/binary/elf_package.go
+++ b/syft/pkg/cataloger/binary/elf_package.go
@@ -31,9 +31,12 @@ func packageURL(metadata elfBinaryPackageNotes) string {
 	osVersion := metadata.OSVersion
 
 	var atts cpe.Attributes
-	atts, err := cpe.NewAttributes(metadata.OSCPE)
-	if err != nil {
-		log.WithFields("error", err).Warn("unable to parse cpe attributes for elf binary package")
+	if metadata.OSCPE != "" {
+		var cpeErr error
+		atts, cpeErr = cpe.NewAttributes(metadata.OSCPE)
+		if cpeErr != nil {
+			log.WithFields("error", cpeErr).Warn("unable to parse cpe attributes for elf binary package")
+		}
 	}
 	// only "upgrade" the OS information if there is something more specific to use in it's place
 	if os == "" && osVersion == "" || os == "" && atts.Version != "" || atts.Product != "" && osVersion == "" {

From f78e2b7838966468960fd5e015e5944e98fe2db7 Mon Sep 17 00:00:00 2001
From: Will Murphy <willmurphyscode@users.noreply.github.com>
Date: Mon, 14 Oct 2024 13:52:43 -0400
Subject: [PATCH 2/2] chore: improve OS name and version extraction from ELF
 metadata

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---
 syft/pkg/cataloger/binary/elf_package.go | 37 ++++++++++++++----------
 1 file changed, 21 insertions(+), 16 deletions(-)

diff --git a/syft/pkg/cataloger/binary/elf_package.go b/syft/pkg/cataloger/binary/elf_package.go
index 765c224f25c..81e4384d1c3 100644
--- a/syft/pkg/cataloger/binary/elf_package.go
+++ b/syft/pkg/cataloger/binary/elf_package.go
@@ -27,22 +27,7 @@ func newELFPackage(metadata elfBinaryPackageNotes, locations file.LocationSet) p
 func packageURL(metadata elfBinaryPackageNotes) string {
 	var qualifiers []packageurl.Qualifier
 
-	os := metadata.OS
-	osVersion := metadata.OSVersion
-
-	var atts cpe.Attributes
-	if metadata.OSCPE != "" {
-		var cpeErr error
-		atts, cpeErr = cpe.NewAttributes(metadata.OSCPE)
-		if cpeErr != nil {
-			log.WithFields("error", cpeErr).Warn("unable to parse cpe attributes for elf binary package")
-		}
-	}
-	// only "upgrade" the OS information if there is something more specific to use in it's place
-	if os == "" && osVersion == "" || os == "" && atts.Version != "" || atts.Product != "" && osVersion == "" {
-		os = atts.Product
-		osVersion = atts.Version
-	}
+	os, osVersion := osNameAndVersionFromMetadata(metadata)
 
 	if os != "" {
 		osQualifier := os
@@ -73,6 +58,26 @@ func packageURL(metadata elfBinaryPackageNotes) string {
 	).ToString()
 }
 
+func osNameAndVersionFromMetadata(metadata elfBinaryPackageNotes) (string, string) {
+	os := metadata.OS
+	osVersion := metadata.OSVersion
+
+	if os != "" && osVersion != "" {
+		return os, osVersion
+	}
+
+	if metadata.OSCPE == "" {
+		return "", ""
+	}
+
+	attrs, err := cpe.NewAttributes(metadata.OSCPE)
+	if err != nil {
+		log.WithFields("error", err).Trace("unable to parse cpe attributes for elf binary package")
+		return "", ""
+	}
+	return attrs.Product, attrs.Version
+}
+
 const alpmType = "alpm"
 
 func purlDistroType(ty string) string {