diff --git a/syft/pkg/cataloger/golang/parse_go_binary.go b/syft/pkg/cataloger/golang/parse_go_binary.go index bf3a6d722eb..91957f19d81 100644 --- a/syft/pkg/cataloger/golang/parse_go_binary.go +++ b/syft/pkg/cataloger/golang/parse_go_binary.go @@ -196,7 +196,7 @@ func (c *goBinaryCataloger) makeGoMainPackage(resolver file.Resolver, mod *exten // this is checking for (.L)? because at least one binary seems to have \xA0L preceding the version string, but for some reason // this is unable to be matched by the regex here as \x00\xA0L; // the only thing that seems to work is to just look for version strings following both \x00 and \x00.L for now -var semverPattern = regexp.MustCompile(`\x00(.L)?(?Pv?(\d+\.\d+\.\d+[-\w]*[+\w]*))\x00`) +var semverPattern = regexp.MustCompile(`(\x00|\x{FFFD})(.L)?(?Pv?(\d+\.\d+\.\d+[-\w]*[+\w]*))\x00`) func (c *goBinaryCataloger) findMainModuleVersion(metadata *pkg.GolangBinaryBuildinfoEntry, gbs pkg.KeyValues, reader io.ReadSeekCloser) string { vcsVersion, hasVersion := gbs.Get("vcs.revision") diff --git a/syft/pkg/cataloger/golang/parse_go_binary_test.go b/syft/pkg/cataloger/golang/parse_go_binary_test.go index 75659ae65da..b2af3ffca85 100644 --- a/syft/pkg/cataloger/golang/parse_go_binary_test.go +++ b/syft/pkg/cataloger/golang/parse_go_binary_test.go @@ -1305,6 +1305,14 @@ func Test_extractVersionFromContents(t *testing.T) { contents: strings.NewReader("\x0e\x74\x5a\x3b\x00\x00\xa0\x4cv1.9.5\x00\x00"), want: "v1.9.5", }, + { + // 06168a34: f98f b0be 332e 312e 3200 0000 636f 6d74 ....3.1.2...comt from /usr/local/bin/traefik + // in traefik:v3.1.2@sha256:3f92eba47bd4bfda91d47b72d16fef2d7ae15db61a92b2057cf0cb389f8938f6 + // TODO: eventually use something for managing snippets, similar to what's used with binary classifier tests + name: "parse traefik version", + contents: strings.NewReader("\xf9\x8f\xb0\xbe\x33\x2e\x31\x2e\x32\x00\x00\x00\x63\x6f\x6d\x74"), + want: "3.1.2", + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) {