Excessive "unable to read golang buildinfo error=not a Go executable file" warnings in versions after v0.62.1

[durera]

Please provide a set of steps on how to reproduce the issue
I'm not sure to be honest, we see this against every container image we build, and have locked the sfyt version to 0.62.1 now as the mass warnings were annoying developers, it doesn't seem to affect the eventual output of the tool from what I can tell. It could be something specific in our baseimage that syft fundamentally doesn't like I guess, but it seems like a problem in syft in that it's expecting everything it finds to be a go executable.

What happened:

In 0.62.3 there are over 2000 lines of warnings generated (unable to read golang buildinfo error / golang cataloger: bin parsing: number of builds and readers doesn't match)

[0000]  INFO syft version: 0.62.3
[0011]  INFO identified distro: Red Hat Enterprise Linux 8.7 (Ootpa)
[0011]  INFO cataloging image
[0017]  WARN unable to read golang buildinfo error=not a Go executable file=/usr/bin/bash
[0017]  WARN golang cataloger: bin parsing: number of builds and readers doesn't match
[0017]  WARN unable to read golang buildinfo error=not a Go executable file=/usr/bin/brotli
[0017]  WARN golang cataloger: bin parsing: number of builds and readers doesn't match
[0017]  WARN unable to read golang buildinfo error=not a Go executable file=/usr/bin/busctl
[0017]  WARN golang cataloger: bin parsing: number of builds and readers doesn't match
<snip ... another 2000 lines of the same 2 warnings for various files>

In 0.63 it's the same, with over 2k warnings when scanning the container image:

[0000]  INFO syft version: 0.63.0
[0012]  INFO identified distro: Red Hat Enterprise Linux 8.7 (Ootpa)
[0012]  INFO cataloging image
[0019]  WARN unable to read golang buildinfo error=not a Go executable file=/usr/bin/python3
[0019]  WARN golang cataloger: bin parsing: number of builds and readers doesn't match
[0019]  WARN unable to read golang buildinfo error=not a Go executable file=/usr/share/filebeat/bin/filebeat-god
[0019]  WARN golang cataloger: bin parsing: number of builds and readers doesn't match
[0019]  WARN unable to read golang buildinfo error=not a Go executable file=/usr/local/lib/python3.9/site-packages/clidriver/bin/db2cli
[0019]  WARN golang cataloger: bin parsing: number of builds and readers doesn't match
[0019]  WARN unable to read golang buildinfo error=not a Go executable file=/usr/local/lib/python3.9/site-packages/clidriver/bin/db2diag
[0019]  WARN golang cataloger: bin parsing: number of builds and readers doesn't match
[0019]  WARN unable to read golang buildinfo error=not a Go executable file=/usr/local/lib/python3.9/site-packages/clidriver/bin/db2drdat
[0019]  WARN golang cataloger: bin parsing: number of builds and readers doesn't match
<snip ... another 2000 lines of the same 2 warnings for various files>

What you expected to happen:
Exact same image, using 0.62.1 throws a couple of info messages only (this is the complete output)...

[0000]  INFO syft version: 0.62.1
[0010]  INFO identified distro: Red Hat Enterprise Linux 8.7 (Ootpa)
[0010]  INFO cataloging image
[0016]  INFO golang cataloger: unable to read buildinfo (file="/usr/local/lib/python3.9/site-packages/cassandra/io/libevwrapper.cpython-39-x86_64-linux-gnu.so"): EOF
[0016]  INFO golang cataloger: unable to read buildinfo (file="/usr/local/lib/python3.9/site-packages/cassandra_driver.libs/libev-aea52ade.so.4.0.0"): EOF
[0016]  INFO golang cataloger: unable to read buildinfo (file="/usr/local/lib/python3.9/site-packages/confluent_kafka.libs/librdkafka-ab776cb1.so.1"): EOF
[0016]  INFO golang cataloger: unable to read buildinfo (file="/usr/local/lib/python3.9/site-packages/confluent_kafka/cimpl.cpython-39-x86_64-linux-gnu.so"): EOF

Anything else we need to know?: I don't think so

Environment:

• Output of syft version:

syft version
Application:        syft
Version:            0.63.0
JsonSchemaVersion:  6.0.0
BuildDate:          2022-12-12T21:03:41Z
GitCommit:          23a3173c9f2461e5906d1b9e3ac20b4806d74777
GitDescription:     v0.63.0
Platform:           linux/amd64
GoVersion:          go1.18.8
Compiler:           gc

• OS (e.g: cat /etc/os-release or similar): This is when running on a Travis build engine (dist: bionic), but we see the same thing running syft locally too.

[ikcoil01]

I'm seeing this aswell same issue

[kzantow]

Hi and thanks for this report! Is there any public image you could reference that this happens with?

[ikcoil01]

I was unable to find a public example of this however I have a feeling it is in relation to multi stage builds and scratch images.

[kzantow]

Adding context from @wagoodman on anchore/grype#1039:

I agree the log output should not appear. The issue is here https://github.com/anchore/syft/blob/main/syft/pkg/cataloger/golang/scan_binary.go where we're making the assumption that any binary passed in is a go binary, however, that is not always the case since we select files by MIME type.

We should probably change the execution path to return an error and ignore the error in the context of the go binary cataloger.