From 41f12648a009bd30b60c9d855d743b310a7fd637 Mon Sep 17 00:00:00 2001 From: Weston Steimel Date: Mon, 14 Oct 2024 13:41:34 +0000 Subject: [PATCH] fix: improve go binary semver extraction for traefik (#3325) Improves the go cataloger semver extraction logic to include getting the release version of traefik. This is based off of the regex pattern that already existed in the traefik binary classifier. Signed-off-by: Weston Steimel Signed-off-by: HeyeOpenSource --- syft/pkg/cataloger/golang/parse_go_binary.go | 2 +- syft/pkg/cataloger/golang/parse_go_binary_test.go | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/syft/pkg/cataloger/golang/parse_go_binary.go b/syft/pkg/cataloger/golang/parse_go_binary.go index bf3a6d722eb..91957f19d81 100644 --- a/syft/pkg/cataloger/golang/parse_go_binary.go +++ b/syft/pkg/cataloger/golang/parse_go_binary.go @@ -196,7 +196,7 @@ func (c *goBinaryCataloger) makeGoMainPackage(resolver file.Resolver, mod *exten // this is checking for (.L)? because at least one binary seems to have \xA0L preceding the version string, but for some reason // this is unable to be matched by the regex here as \x00\xA0L; // the only thing that seems to work is to just look for version strings following both \x00 and \x00.L for now -var semverPattern = regexp.MustCompile(`\x00(.L)?(?Pv?(\d+\.\d+\.\d+[-\w]*[+\w]*))\x00`) +var semverPattern = regexp.MustCompile(`(\x00|\x{FFFD})(.L)?(?Pv?(\d+\.\d+\.\d+[-\w]*[+\w]*))\x00`) func (c *goBinaryCataloger) findMainModuleVersion(metadata *pkg.GolangBinaryBuildinfoEntry, gbs pkg.KeyValues, reader io.ReadSeekCloser) string { vcsVersion, hasVersion := gbs.Get("vcs.revision") diff --git a/syft/pkg/cataloger/golang/parse_go_binary_test.go b/syft/pkg/cataloger/golang/parse_go_binary_test.go index 75659ae65da..b2af3ffca85 100644 --- a/syft/pkg/cataloger/golang/parse_go_binary_test.go +++ b/syft/pkg/cataloger/golang/parse_go_binary_test.go @@ -1305,6 +1305,14 @@ func Test_extractVersionFromContents(t *testing.T) { contents: strings.NewReader("\x0e\x74\x5a\x3b\x00\x00\xa0\x4cv1.9.5\x00\x00"), want: "v1.9.5", }, + { + // 06168a34: f98f b0be 332e 312e 3200 0000 636f 6d74 ....3.1.2...comt from /usr/local/bin/traefik + // in traefik:v3.1.2@sha256:3f92eba47bd4bfda91d47b72d16fef2d7ae15db61a92b2057cf0cb389f8938f6 + // TODO: eventually use something for managing snippets, similar to what's used with binary classifier tests + name: "parse traefik version", + contents: strings.NewReader("\xf9\x8f\xb0\xbe\x33\x2e\x31\x2e\x32\x00\x00\x00\x63\x6f\x6d\x74"), + want: "3.1.2", + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) {