Merge branch 'main' into bump-stereoscope

* main: chore(deps): update bootstrap tools to latest versions (#1744) chore(deps): bump github.com/docker/docker (#1746) Create consul binary classifier (#1738) chore(deps): update bootstrap tools to latest versions (#1740)
anchore · Apr 18, 2023 · 5671761 · 5671761
2 parents 6893f6d + 52b54bb
commit 5671761
Show file tree

Hide file tree

Showing 6 changed files with 36 additions and 5 deletions.
diff --git a/Makefile b/Makefile
@@ -14,7 +14,7 @@ GOLANGCILINT_VERSION := v1.52.2
 GOSIMPORTS_VERSION := v0.3.8
 BOUNCER_VERSION := v0.4.0
 CHRONICLE_VERSION := v0.6.0
-GORELEASER_VERSION := v1.17.0
+GORELEASER_VERSION := v1.17.2
 YAJSV_VERSION := v1.4.1
 COSIGN_VERSION := v1.13.1
 QUILL_VERSION := v0.2.0

diff --git a/go.mod b/go.mod
@@ -54,7 +54,7 @@ require (
 	github.com/anchore/go-logger v0.0.0-20220728155337-03b66a5207d8
 	github.com/anchore/stereoscope v0.0.0-20230412183729-8602f1afc574
 	github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da
-	github.com/docker/docker v23.0.3+incompatible
+	github.com/docker/docker v23.0.4+incompatible
 	github.com/go-git/go-billy/v5 v5.4.1
 	github.com/go-git/go-git/v5 v5.6.1
 	github.com/google/go-containerregistry v0.14.0

diff --git a/go.sum b/go.sum
@@ -165,8 +165,8 @@ github.com/docker/cli v23.0.1+incompatible h1:LRyWITpGzl2C9e9uGxzisptnxAn1zfZKXy
 github.com/docker/cli v23.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v23.0.3+incompatible h1:9GhVsShNWz1hO//9BNg/dpMnZW25KydO4wtVxWAIbho=
-github.com/docker/docker v23.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v23.0.4+incompatible h1:Kd3Bh9V/rO+XpTP/BLqM+gx8z7+Yb0AA2Ibj+nNo4ek=
+github.com/docker/docker v23.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
 github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=

diff --git a/syft/pkg/cataloger/binary/cataloger_test.go b/syft/pkg/cataloger/binary/cataloger_test.go
@@ -714,6 +714,18 @@ func Test_Cataloger_DefaultClassifiers_PositiveCases(t *testing.T) {
 				Metadata:  metadata("ruby-binary"),
 			},
 		},
+		{
+			name:       "positive-consul-1.15.2",
+			fixtureDir: "test-fixtures/classifiers/dynamic/consul-1.15.2",
+			expected: pkg.Package{
+				Name:      "consul",
+				Version:   "1.15.2",
+				Type:      "binary",
+				PURL:      "pkg:golang/github.com/hashicorp/consul@1.15.2",
+				Locations: locations("consul"),
+				Metadata:  metadata("consul-binary"),
+			},
+		},
 	}
 
 	for _, test := range tests {

diff --git a/syft/pkg/cataloger/binary/default_classifiers.go b/syft/pkg/cataloger/binary/default_classifiers.go
@@ -270,6 +270,17 @@ var defaultClassifiers = []classifier{
 		PURL:    mustPURL("pkg:generic/ruby@version"),
 		CPEs:    singleCPE("cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"),
 	},
+	{
+		Class:    "consul-binary",
+		FileGlob: "**/consul",
+		EvidenceMatcher: fileContentsVersionMatcher(
+			// NOTE: This is brittle and may not work for past or future versions
+			`CONSUL_VERSION: (?P<version>\d+\.\d+\.\d+)`,
+		),
+		Package: "consul",
+		PURL:    mustPURL("pkg:golang/github.com/hashicorp/consul@version"),
+		CPEs:    singleCPE("cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:*"),
+	},
 }
 
 // in both binaries and shared libraries, the version pattern is [NUL]3.11.2[NUL]

diff --git a/syft/pkg/cataloger/binary/test-fixtures/Makefile b/syft/pkg/cataloger/binary/test-fixtures/Makefile
@@ -15,7 +15,9 @@ all: \
 	classifiers/dynamic/kubectl-1.25.7 \
 	classifiers/dynamic/kubectl-1.26.2 \
 	classifiers/dynamic/kustomize-4.5.7 \
-	classifiers/dynamic/kustomize-5.0.0
+	classifiers/dynamic/kustomize-5.0.0 \
+	classifiers/dynamic/consul-1.15.2
+
 
 
 classifiers/dynamic/python-binary-shared-lib-3.11:
@@ -141,6 +143,12 @@ classifiers/dynamic/kustomize-5.0.0:
 		/usr/local/bin/kustomize \
 		$@/kustomize
 
+classifiers/dynamic/consul-1.15.2:
+	$(eval $@_image := "hashicorp/consul:1.15.2@sha256:c2169f3bb18dd947ae8eb5f6766896695c71fb439f050a3343e0007d895615b8")
+	./get-image-file.sh $($@_image) \
+		/bin/consul \
+		$@/consul
+
 .PHONY: clean
 clean:
 	rm -rf classifiers/dynamic