fix: improve generated cpes for binaries with existing classifiers (#3169)

The existing syft binary classifiers already specify any known CPEs for
the defined binary; however, sometimes these end up getting suppressed
(such as when there are ELF notes extracted) and the CPE generator ends
up being used instead.  This adds enough detail to at least ensure the
correct ones get appended to the generation list for the currently
covered classifiers.

Signed-off-by: Weston Steimel <commits@weston.slmail.me>
This commit is contained in:
Weston Steimel 2024-08-28 16:46:35 +01:00 committed by GitHub
parent 04e3371cce
commit 2c25f81b68
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -21,6 +21,137 @@ type candidateRemovalComposite struct {
// select package information is discovered
var defaultCandidateAdditions = buildCandidateLookup(
[]candidateComposite{
// Binary packages
{
pkg.BinaryPkg,
candidateKey{PkgName: "curl"},
candidateAddition{AdditionalVendors: []string{"haxx"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "go"},
candidateAddition{AdditionalVendors: []string{"golang"}},
},
// Not including the various java ones for now since the raised
// binary package classifier name is the same but there are different CPEs
// for different distributions of OpenJDK. Also, it is unlikely this name will collide
// with whatever might be raised by an ELF notes section, so these are unlikely to
// be of much use here anyways
{
pkg.BinaryPkg,
candidateKey{PkgName: "julia"},
candidateAddition{AdditionalVendors: []string{"julialang"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "python"},
candidateAddition{AdditionalVendors: []string{"python_software_foundation"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "redis"},
candidateAddition{AdditionalVendors: []string{"redislabs"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "node"},
candidateAddition{AdditionalProducts: []string{"node.js"}, AdditionalVendors: []string{"nodejs"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "util-linux"},
candidateAddition{AdditionalVendors: []string{"kernel"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "composer"},
candidateAddition{AdditionalVendors: []string{"getcomposer"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "httpd"},
candidateAddition{AdditionalProducts: []string{"http_server"}, AdditionalVendors: []string{"apache"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "mysql"},
candidateAddition{AdditionalVendors: []string{"oracle"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "php-cli"},
candidateAddition{AdditionalProducts: []string{"php"}, AdditionalVendors: []string{"php"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "php-fpm"},
candidateAddition{AdditionalProducts: []string{"php"}, AdditionalVendors: []string{"php"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "libphp"},
candidateAddition{AdditionalProducts: []string{"php"}, AdditionalVendors: []string{"php"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "percona-server"},
candidateAddition{AdditionalProducts: []string{"percona_server", "mysql"}, AdditionalVendors: []string{"oracle", "percona"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "percona-xtradb-cluster"},
candidateAddition{AdditionalProducts: []string{"percona_server", "mysql", "xtradb_cluster"}, AdditionalVendors: []string{"oracle", "percona"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "percona-xtrabackup"},
candidateAddition{AdditionalProducts: []string{"xtrabackup"}, AdditionalVendors: []string{"percona"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "rust"},
candidateAddition{AdditionalVendors: []string{"rust-lang"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "ruby"},
candidateAddition{AdditionalVendors: []string{"ruby-lang"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "erlang"},
candidateAddition{AdditionalProducts: []string{"erlang/otp"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "swipl"},
candidateAddition{AdditionalProducts: []string{"erlang/otp"}, AdditionalVendors: []string{"erlang"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "consule"},
candidateAddition{AdditionalVendors: []string{"hashicorp"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "nginx"},
candidateAddition{AdditionalVendors: []string{"f5"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "bash"},
candidateAddition{AdditionalVendors: []string{"gnu"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "gcc"},
candidateAddition{AdditionalVendors: []string{"gnu"}},
},
{
pkg.BinaryPkg,
candidateKey{PkgName: "fluent-bit"},
candidateAddition{AdditionalProducts: []string{"fluent_bit"}, AdditionalVendors: []string{"treasuredata"}},
},
// Java packages
{
pkg.JavaPkg,