mirror of
https://github.com/anchore/syft
synced 2024-11-13 23:57:07 +00:00
more permissive glob
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
This commit is contained in:
parent
7c617fd14e
commit
1629043d7a
1 changed files with 11 additions and 2 deletions
|
@ -12,6 +12,7 @@ import (
|
||||||
"github.com/mitchellh/mapstructure"
|
"github.com/mitchellh/mapstructure"
|
||||||
|
|
||||||
"github.com/anchore/packageurl-go"
|
"github.com/anchore/packageurl-go"
|
||||||
|
stereoFile "github.com/anchore/stereoscope/pkg/file"
|
||||||
"github.com/anchore/syft/internal/log"
|
"github.com/anchore/syft/internal/log"
|
||||||
"github.com/anchore/syft/syft/artifact"
|
"github.com/anchore/syft/syft/artifact"
|
||||||
"github.com/anchore/syft/syft/cpe"
|
"github.com/anchore/syft/syft/cpe"
|
||||||
|
@ -21,7 +22,10 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
jvmReleaseGlob = "**/{java,jvm}/*/release"
|
// this is a very permissive glob that will match more than just the JVM release file.
|
||||||
|
// we started with "**/{java,jvm}/*/release", but this prevents scanning JVM archive contents (e.g. jdk8u402.zip).
|
||||||
|
// this approach lets us check more files for JVM release info, but be rather silent about errors.
|
||||||
|
jvmReleaseGlob = "**/release"
|
||||||
oracleVendor = "oracle"
|
oracleVendor = "oracle"
|
||||||
openJdkProduct = "openjdk"
|
openJdkProduct = "openjdk"
|
||||||
jre = "jre"
|
jre = "jre"
|
||||||
|
@ -383,7 +387,7 @@ func parseJvmReleaseInfo(r io.ReadCloser) (*pkg.JavaVMRelease, error) {
|
||||||
defer r.Close()
|
defer r.Close()
|
||||||
|
|
||||||
data := make(map[string]any)
|
data := make(map[string]any)
|
||||||
scanner := bufio.NewScanner(r)
|
scanner := bufio.NewScanner(io.LimitReader(r, 500*stereoFile.KB))
|
||||||
|
|
||||||
for scanner.Scan() {
|
for scanner.Scan() {
|
||||||
line := scanner.Text()
|
line := scanner.Text()
|
||||||
|
@ -405,6 +409,11 @@ func parseJvmReleaseInfo(r io.ReadCloser) (*pkg.JavaVMRelease, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// if we're missing key fields, then we don't have a JVM release file
|
||||||
|
if data["JAVA_VERSION"] == nil && data["JAVA_RUNTIME_VERSION"] == nil {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
var ri pkg.JavaVMRelease
|
var ri pkg.JavaVMRelease
|
||||||
if err := mapstructure.Decode(data, &ri); err != nil {
|
if err := mapstructure.Decode(data, &ri); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
Loading…
Reference in a new issue